Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/217bee-cab6-422f-88cc-c2664e37c327/1/vA40-h3cQ9WF538qVA_C-ly24hY.roa
File:                     vA40-h3cQ9WF538qVA_C-ly24hY.roa (raw, json)
Hash identifier:          uJAYxHzHPmn2g0FjdzLqV10XPb72TjRu/Sn5aEkVWbU=
Subject key identifier:   BC:0E:34:FA:1D:DC:43:D5:85:E7:7F:2A:54:0F:C2:FA:5C:B6:E2:16
Certificate issuer:       /CN=591a0fef1efbaeedb3d28d439f3d5ccfadfd8873
Certificate serial:       36C8201F
Authority key identifier: 59:1A:0F:EF:1E:FB:AE:ED:B3:D2:8D:43:9F:3D:5C:CF:AD:FD:88:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WRoP7x77ru2z0o1Dnz1cz639iHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/217bee-cab6-422f-88cc-c2664e37c327/1/vA40-h3cQ9WF538qVA_C-ly24hY.roa
Signing time:             Sat 01 Jan 2022 03:52:46 +0000
ROA not before:           Sat 01 Jan 2022 03:52:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44869
IP address blocks:        5.103.0.0/16 maxlen: 16
                          80.208.0.0/17 maxlen: 17
                          37.122.240.0/21 maxlen: 21
                          46.21.32.0/20 maxlen: 20
                          212.178.160.0/19 maxlen: 19
                          78.143.64.0/18 maxlen: 18
                          80.209.0.0/17 maxlen: 17
                          77.33.0.0/16 maxlen: 16
                          5.186.0.0/16 maxlen: 16
                          185.202.8.0/22 maxlen: 22
                          87.104.0.0/18 maxlen: 18
                          80.71.64.0/19 maxlen: 19
                          89.239.192.0/18 maxlen: 18
                          2a02:17c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 919085087 (0x36c8201f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=591a0fef1efbaeedb3d28d439f3d5ccfadfd8873
        Validity
            Not Before: Jan  1 03:52:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bc0e34fa1ddc43d585e77f2a540fc2fa5cb6e216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a9:10:7b:22:a9:a5:76:e4:e3:43:2f:ca:b5:
                    33:9e:58:f6:6e:0c:4d:f0:49:87:27:0a:c2:0d:93:
                    7c:74:45:e6:6c:d8:99:d9:14:48:8f:13:64:1e:14:
                    7d:36:39:72:de:85:17:79:96:3f:c9:49:53:4c:fb:
                    65:de:43:b6:af:87:31:8d:86:83:81:92:88:5b:64:
                    e1:5f:6e:91:1e:e2:af:47:88:5a:9f:c1:0d:94:77:
                    0b:ab:65:7f:81:0e:55:30:f6:67:87:aa:f3:04:5a:
                    e6:92:68:85:6a:aa:35:b7:d4:be:da:bf:5c:2c:b5:
                    39:60:0b:02:fe:1b:1f:d0:35:b3:ac:46:96:14:7b:
                    87:fc:bd:78:f8:ba:ad:3e:2c:d6:40:1d:3f:6a:88:
                    81:5e:3d:36:5f:d4:47:18:4c:cf:97:c4:3b:5b:0e:
                    20:a1:78:0f:7c:b4:a7:79:6a:f3:5b:a0:b1:e2:65:
                    4a:86:ba:ce:c8:d6:3a:f3:ab:33:f9:54:2e:66:f7:
                    9e:07:4c:f0:da:59:7b:23:9e:ec:0e:1f:66:e2:5e:
                    a9:a8:79:de:da:0e:90:ce:60:c8:e1:1d:75:5c:82:
                    1e:01:4d:40:e2:9c:a8:6a:3c:9a:70:25:51:d0:e3:
                    8f:94:88:0d:86:67:f8:20:0a:93:11:9d:f3:86:ac:
                    46:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:0E:34:FA:1D:DC:43:D5:85:E7:7F:2A:54:0F:C2:FA:5C:B6:E2:16
            X509v3 Authority Key Identifier:
                keyid:59:1A:0F:EF:1E:FB:AE:ED:B3:D2:8D:43:9F:3D:5C:CF:AD:FD:88:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WRoP7x77ru2z0o1Dnz1cz639iHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/217bee-cab6-422f-88cc-c2664e37c327/1/vA40-h3cQ9WF538qVA_C-ly24hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/217bee-cab6-422f-88cc-c2664e37c327/1/WRoP7x77ru2z0o1Dnz1cz639iHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.103.0.0/16
                  5.186.0.0/16
                  37.122.240.0/21
                  46.21.32.0/20
                  77.33.0.0/16
                  78.143.64.0/18
                  80.71.64.0/19
                  80.208.0.0/17
                  80.209.0.0/17
                  87.104.0.0/18
                  89.239.192.0/18
                  185.202.8.0/22
                  212.178.160.0/19
                IPv6:
                  2a02:17c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:ff:95:74:8a:56:f0:31:13:18:e8:6a:b1:40:cc:70:0f:9a:
         49:ce:4d:5a:55:c3:60:77:1e:cf:3f:63:0d:ab:5b:d8:3b:47:
         2e:48:14:c9:83:d6:3e:b9:27:c8:b2:0e:74:0c:32:e3:49:c3:
         78:9e:f1:be:bc:40:9e:a9:d0:81:3b:0b:e3:41:5f:ce:b8:86:
         fc:04:f0:c6:07:10:21:e9:17:89:8c:8e:91:6c:e1:71:9e:fe:
         f7:60:65:77:0d:ed:59:a1:e3:b4:b6:61:91:c3:3d:91:3c:e2:
         4e:a2:4b:35:db:3a:c6:09:f4:35:94:cc:e9:e3:54:b5:8e:8f:
         f2:0f:65:ef:42:f1:d4:c3:e8:b6:33:a2:03:38:57:c4:4d:e2:
         44:58:26:8c:79:4f:24:a8:eb:ba:f4:cf:54:44:eb:2f:8d:ea:
         6f:b5:5b:7c:bf:93:14:11:ad:3d:70:47:df:a3:1c:63:4f:9d:
         e4:0c:c2:c2:53:85:09:43:73:24:ac:c9:34:b0:51:a6:0d:f1:
         f7:92:56:1b:f6:f1:b5:52:62:d0:ef:d0:ac:92:64:2e:ef:33:
         36:eb:c5:d0:82:14:0d:d2:58:3d:1c:9a:5d:ff:1a:29:6f:45:
         1e:f7:e4:96:7e:5b:e2:7c:1f:fe:9b:dc:bc:c6:ab:21:cd:90:
         e0:ef:0c:dc
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgIENsggHzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
OTFhMGZlZjFlZmJhZWVkYjNkMjhkNDM5ZjNkNWNjZmFkZmQ4ODczMB4XDTIyMDEw
MTAzNTI0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmMwZTM0ZmExZGRj
NDNkNTg1ZTc3ZjJhNTQwZmMyZmE1Y2I2ZTIxNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJypEHsiqaV25ONDL8q1M55Y9m4MTfBJhycKwg2TfHRF5mzY
mdkUSI8TZB4UfTY5ct6FF3mWP8lJU0z7Zd5Dtq+HMY2Gg4GSiFtk4V9ukR7ir0eI
Wp/BDZR3C6tlf4EOVTD2Z4eq8wRa5pJohWqqNbfUvtq/XCy1OWALAv4bH9A1s6xG
lhR7h/y9ePi6rT4s1kAdP2qIgV49Nl/URxhMz5fEO1sOIKF4D3y0p3lq81ugseJl
Soa6zsjWOvOrM/lULmb3ngdM8NpZeyOe7A4fZuJeqah53toOkM5gyOEddVyCHgFN
QOKcqGo8mnAlUdDjj5SIDYZn+CAKkxGd84asRi8CAwEAAaOCAl0wggJZMB0GA1Ud
DgQWBBS8DjT6HdxD1YXnfypUD8L6XLbiFjAfBgNVHSMEGDAWgBRZGg/vHvuu7bPS
jUOfPVzPrf2IczAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1dSb1A3eDc3cnUyejBvMURuejFjejYzOWlITS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGMvMjE3YmVlLWNhYjYtNDIyZi04OGNjLWMyNjY0ZTM3YzMyNy8x
L3ZBNDAtaDNjUTlXRjUzOHFWQV9DLWx5MjRoWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGMv
MjE3YmVlLWNhYjYtNDIyZi04OGNjLWMyNjY0ZTM3YzMyNy8xL1dSb1A3eDc3cnUy
ejBvMURuejFjejYzOWlITS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBz
BggrBgEFBQcBBwEB/wRkMGIwUQQCAAEwSwMDAAVnAwMABboDBAMlevADBAQuFSAD
AwBNIQMEBk6PQAMEBVBHQAMEB1DQAAMEB1DRAAMEBldoAAMEBlnvwAMEArnKCAME
BdSyoDANBAIAAjAHAwUAKgIXwDANBgkqhkiG9w0BAQsFAAOCAQEAFf+VdIpW8DET
GOhqsUDMcA+aSc5NWlXDYHcezz9jDatb2DtHLkgUyYPWPrknyLIOdAwy40nDeJ7x
vrxAnqnQgTsL40FfzriG/ATwxgcQIekXiYyOkWzhcZ7+92Bldw3tWaHjtLZhkcM9
kTziTqJLNds6xgn0NZTM6eNUtY6P8g9l70Lx1MPotjOiAzhXxE3iRFgmjHlPJKjr
uvTPVETrL43qb7VbfL+TFBGtPXBH36McY0+d5AzCwlOFCUNzJKzJNLBRpg3x95JW
G/bxtVJi0O/QrJJkLu8zNuvF0IIUDdJYPRyaXf8aKW9FHvfkln5b4nwf/pvcvMar
Ic2Q4O8M3A==
-----END CERTIFICATE-----