Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/BBx8hUvUBmQTf5aYcxJ2041LNuA.roa
File:                     BBx8hUvUBmQTf5aYcxJ2041LNuA.roa (raw, json)
Hash identifier:          XUl1WK/yoViExJquNve611uF5XcubNM8pJ+5R881YxY=
Subject key identifier:   04:1C:7C:85:4B:D4:06:64:13:7F:96:98:73:12:76:D3:8D:4B:36:E0
Certificate issuer:       /CN=6d39ce4c29ab3f802f9de933f4495026c4d0ee4a
Certificate serial:       071CF7BE
Authority key identifier: 6D:39:CE:4C:29:AB:3F:80:2F:9D:E9:33:F4:49:50:26:C4:D0:EE:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bTnOTCmrP4Avnekz9ElQJsTQ7ko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/BBx8hUvUBmQTf5aYcxJ2041LNuA.roa
Signing time:             Thu 17 Mar 2022 20:40:42 +0000
ROA not before:           Thu 17 Mar 2022 20:40:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     52000
IP address blocks:        194.213.24.0/24 maxlen: 24
                          185.142.34.0/23 maxlen: 23
                          185.15.209.0/24 maxlen: 24
                          185.15.208.0/24 maxlen: 24
                          185.142.32.0/24 maxlen: 24
                          185.15.211.0/24 maxlen: 24
                          185.142.35.0/24 maxlen: 24
                          185.15.210.0/24 maxlen: 24
                          194.242.38.0/24 maxlen: 24
                          194.242.33.0/24 maxlen: 24
                          194.242.45.0/24 maxlen: 24
                          2a03:afc0:5::/48 maxlen: 48
                          2a03:afc0:3::/48 maxlen: 48
                          2a03:afc0:4::/48 maxlen: 48
                          2a03:afc0:7::/48 maxlen: 48
                          2a03:afc0:2::/48 maxlen: 48
                          2a03:afc0:8::/48 maxlen: 48
                          2a03:afc0:6::/48 maxlen: 48
                          2a03:afc0:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 119338942 (0x71cf7be)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d39ce4c29ab3f802f9de933f4495026c4d0ee4a
        Validity
            Not Before: Mar 17 20:40:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=041c7c854bd40664137f9698731276d38d4b36e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f2:27:01:c7:aa:ed:db:0a:60:43:76:6b:a4:
                    85:e7:f8:7f:07:eb:e2:64:d2:bb:6c:f6:8d:b3:5f:
                    34:f7:15:16:1f:12:aa:dc:ff:3b:42:25:56:21:e7:
                    e3:f3:93:31:d6:6e:01:d4:4b:c9:69:02:c8:c6:dd:
                    ea:8e:b7:da:99:9c:13:2d:e5:71:de:42:13:74:0e:
                    50:b5:c2:6c:8e:3d:c2:19:28:dc:82:17:f3:f8:b2:
                    75:37:ae:ce:3b:1d:49:af:f4:29:11:26:97:72:ce:
                    47:f6:73:96:3a:e4:87:e1:9d:d9:93:9e:a3:8f:72:
                    3e:67:7e:a3:40:88:1f:6b:ea:52:28:e7:c2:b9:d9:
                    ed:5e:b2:74:7d:ef:dd:5c:3c:15:95:48:13:6a:ea:
                    fb:6b:24:a0:ee:c1:db:8d:c7:49:de:14:63:08:09:
                    02:98:b5:47:1e:c7:02:f0:47:83:7c:21:f3:9c:a7:
                    0d:67:92:22:d5:ac:27:a2:1a:08:d5:35:64:f2:18:
                    60:ce:9a:8a:0a:d4:b5:7e:99:97:97:ac:76:41:35:
                    2c:09:c4:65:d4:40:d1:19:83:25:4b:9c:77:c7:5f:
                    0f:9f:9b:f5:25:72:d3:71:b4:8b:e0:bc:e3:ba:23:
                    fc:da:1c:40:99:cb:fc:de:4d:03:6d:90:87:af:54:
                    53:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:1C:7C:85:4B:D4:06:64:13:7F:96:98:73:12:76:D3:8D:4B:36:E0
            X509v3 Authority Key Identifier:
                keyid:6D:39:CE:4C:29:AB:3F:80:2F:9D:E9:33:F4:49:50:26:C4:D0:EE:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bTnOTCmrP4Avnekz9ElQJsTQ7ko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/BBx8hUvUBmQTf5aYcxJ2041LNuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/bTnOTCmrP4Avnekz9ElQJsTQ7ko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.208.0/22
                  185.142.32.0/24
                  185.142.34.0/23
                  194.213.24.0/24
                  194.242.33.0/24
                  194.242.38.0/24
                  194.242.45.0/24
                IPv6:
                  2a03:afc0:1::-2a03:afc0:8:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         46:82:5e:65:97:64:eb:0c:1d:0b:da:66:bc:55:66:99:76:8f:
         f9:e5:6b:45:03:60:27:0d:d0:9a:49:c4:b1:35:89:41:4f:5a:
         70:61:8b:40:99:fd:e8:7b:54:40:b3:01:de:c2:f0:34:f0:36:
         63:49:74:6f:63:32:14:bd:fe:d1:c2:73:60:e3:ce:85:8a:41:
         0a:f5:48:9a:33:9c:2b:05:eb:41:e1:cb:ed:6b:d4:b6:73:b6:
         29:aa:30:d8:0d:5a:d3:93:12:35:f9:4c:29:de:4e:bc:08:53:
         39:e6:22:5e:71:52:28:3a:f5:aa:a4:d8:fa:eb:2e:bd:cd:f5:
         06:1c:5a:3d:55:4c:dd:77:ee:a3:a0:6e:c7:8d:71:02:0c:bd:
         6c:9b:11:ed:3d:ce:a7:4d:95:33:4b:f3:7e:8d:2e:21:7a:00:
         5f:3e:a2:9b:28:96:11:30:d6:5e:0e:75:44:37:dc:da:7a:06:
         ee:e9:7f:3b:19:56:0a:86:9f:38:2b:49:92:86:3a:3d:1d:a1:
         3d:22:53:95:a6:02:b3:4b:36:a4:5e:f0:ea:bc:3f:84:ca:24:
         6c:a2:bd:3e:7b:ad:d9:bf:e2:24:82:1e:b6:90:86:9d:29:40:
         2f:70:57:05:e6:c8:c5:e4:cb:1b:1b:96:df:ac:de:84:7f:e1:
         7b:f5:54:d1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEBxz3vjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDM5Y2U0YzI5YWIzZjgwMmY5ZGU5MzNmNDQ5NTAyNmM0ZDBlZTRhMB4XDTIyMDMx
NzIwNDA0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDQxYzdjODU0YmQ0
MDY2NDEzN2Y5Njk4NzMxMjc2ZDM4ZDRiMzZlMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANPyJwHHqu3bCmBDdmukhef4fwfr4mTSu2z2jbNfNPcVFh8S
qtz/O0IlViHn4/OTMdZuAdRLyWkCyMbd6o632pmcEy3lcd5CE3QOULXCbI49whko
3IIX8/iydTeuzjsdSa/0KREml3LOR/Zzljrkh+Gd2ZOeo49yPmd+o0CIH2vqUijn
wrnZ7V6ydH3v3Vw8FZVIE2rq+2skoO7B243HSd4UYwgJApi1Rx7HAvBHg3wh85yn
DWeSItWsJ6IaCNU1ZPIYYM6aigrUtX6Zl5esdkE1LAnEZdRA0RmDJUucd8dfD5+b
9SVy03G0i+C847oj/NocQJnL/N5NA22Qh69UUzkCAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBQEHHyFS9QGZBN/lphzEnbTjUs24DAfBgNVHSMEGDAWgBRtOc5MKas/gC+d
6TP0SVAmxNDuSjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JUbk9UQ21yUDRBdm5la3o5RWxRSnNUUTdrby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDkvNDRlOGY1LTM1ODQtNDkwZS05OTc5LWNkYzMxZDVmYjhhNC8x
L0JCeDhoVXZVQm1RVGY1YVljeEoyMDQxTE51QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDkv
NDRlOGY1LTM1ODQtNDkwZS05OTc5LWNkYzMxZDVmYjhhNC8xL2JUbk9UQ21yUDRB
dm5la3o5RWxRSnNUUTdrby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wMAQCAAEwKgMEArkP0AMEALmOIAMEAbmOIgMEAMLV
GAMEAMLyIQMEAMLyJgMEAMLyLTAaBAIAAjAUMBIDBwAqA6/AAAEDBwAqA6/AAAgw
DQYJKoZIhvcNAQELBQADggEBAEaCXmWXZOsMHQvaZrxVZpl2j/nla0UDYCcN0JpJ
xLE1iUFPWnBhi0CZ/eh7VECzAd7C8DTwNmNJdG9jMhS9/tHCc2DjzoWKQQr1SJoz
nCsF60Hhy+1r1LZztimqMNgNWtOTEjX5TCneTrwIUznmIl5xUig69aqk2PrrLr3N
9QYcWj1VTN137qOgbseNcQIMvWybEe09zqdNlTNL836NLiF6AF8+opsolhEw1l4O
dUQ33Np6Bu7pfzsZVgqGnzgrSZKGOj0doT0iU5WmArNLNqRe8Oq8P4TKJGyivT57
rdm/4iSCHraQhp0pQC9wVwXmyMXkyxsblt+s3oR/4Xv1VNE=
-----END CERTIFICATE-----