Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/cfda05-190d-4142-bd4f-b6a8f8e80f7b/1/XAOpn_W_mGJKjeF2F-lMjkbtZWc.roa
File:                     XAOpn_W_mGJKjeF2F-lMjkbtZWc.roa (raw, json)
Hash identifier:          e+AAoNMCqQPDTsSVJ6tR/r+S7DOJVBEd2pPW9/bClgU=
Subject key identifier:   5C:03:A9:9F:F5:BF:98:62:4A:8D:E1:76:17:E9:4C:8E:46:ED:65:67
Certificate issuer:       /CN=6f10d8e1564e40312c9ddf21ba2aa03ba559ead6
Certificate serial:       0AF794B5
Authority key identifier: 6F:10:D8:E1:56:4E:40:31:2C:9D:DF:21:BA:2A:A0:3B:A5:59:EA:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bxDY4VZOQDEsnd8huiqgO6VZ6tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/cfda05-190d-4142-bd4f-b6a8f8e80f7b/1/XAOpn_W_mGJKjeF2F-lMjkbtZWc.roa
Signing time:             Wed 09 Feb 2022 13:33:00 +0000
ROA not before:           Wed 09 Feb 2022 13:33:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     64476
IP address blocks:        185.253.168.0/22 maxlen: 22
                          185.253.168.0/24 maxlen: 24
                          85.190.64.0/20 maxlen: 20
                          46.247.136.0/23 maxlen: 23
                          185.161.168.0/22 maxlen: 22
                          185.231.8.0/22 maxlen: 24
                          85.190.84.0/22 maxlen: 22
                          85.190.80.0/22 maxlen: 22
                          85.190.81.0/24 maxlen: 24
                          85.190.79.0/24 maxlen: 24
                          85.190.88.0/21 maxlen: 21
                          2a0a:e800::/32 maxlen: 32
                          2a0a:e806::/32 maxlen: 32
                          2a0a:e804::/32 maxlen: 32
                          2a0a:e805:500::/40 maxlen: 40
                          2a0a:e805:100::/40 maxlen: 40
                          2a0a:e805:400::/40 maxlen: 40
                          2a0a:e805:300::/40 maxlen: 40
                          2a0a:e805::/32 maxlen: 32
                          2a0a:e803::/32 maxlen: 32
                          2a0a:e807::/32 maxlen: 32
                          2a0a:e801::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 183997621 (0xaf794b5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f10d8e1564e40312c9ddf21ba2aa03ba559ead6
        Validity
            Not Before: Feb  9 13:33:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5c03a99ff5bf98624a8de17617e94c8e46ed6567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e8:46:89:92:28:ca:dc:7d:ff:de:a9:23:80:
                    b9:05:9d:89:ee:98:8b:74:c9:00:86:dc:df:4c:bf:
                    25:39:d4:68:6f:e0:8f:f9:d8:02:21:e9:3d:db:c5:
                    da:a1:9e:8d:dc:67:04:87:2e:65:2a:32:19:e7:81:
                    c7:91:c2:23:2a:0b:15:e1:5d:0f:f1:61:d1:af:35:
                    b5:c9:13:8d:36:a3:75:17:fe:a2:ef:04:0b:f9:da:
                    8c:48:e6:9a:b0:5e:2b:2e:27:b3:51:43:13:a0:94:
                    1e:40:c0:1d:5d:64:c6:7e:a8:16:93:7b:cb:2e:4c:
                    4f:79:5c:b6:be:f8:b3:69:1f:89:28:08:37:e5:09:
                    33:cc:1b:94:48:5b:c5:5b:b2:b2:fd:ee:fc:6b:26:
                    b4:74:ed:8d:6f:22:94:c7:af:c4:38:60:19:b8:29:
                    0c:fe:2a:d8:02:69:5d:d8:ac:b5:2e:94:36:28:e4:
                    74:2f:12:36:3f:4f:ba:78:9d:f3:7d:55:35:9a:c8:
                    74:dc:6c:a4:22:95:07:3d:5b:48:a7:38:a8:fb:3d:
                    2c:51:e7:1f:2e:36:d4:87:30:63:64:4f:f2:2f:63:
                    a0:ae:a7:c1:5c:c4:c2:f7:b5:1e:d8:9b:c2:69:26:
                    97:77:5c:65:f7:fe:cf:87:0f:a4:72:f0:ac:7e:9a:
                    fa:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:03:A9:9F:F5:BF:98:62:4A:8D:E1:76:17:E9:4C:8E:46:ED:65:67
            X509v3 Authority Key Identifier:
                keyid:6F:10:D8:E1:56:4E:40:31:2C:9D:DF:21:BA:2A:A0:3B:A5:59:EA:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bxDY4VZOQDEsnd8huiqgO6VZ6tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfda05-190d-4142-bd4f-b6a8f8e80f7b/1/XAOpn_W_mGJKjeF2F-lMjkbtZWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfda05-190d-4142-bd4f-b6a8f8e80f7b/1/bxDY4VZOQDEsnd8huiqgO6VZ6tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.247.136.0/23
                  85.190.64.0/19
                  185.161.168.0/22
                  185.231.8.0/22
                  185.253.168.0/22
                IPv6:
                  2a0a:e800::/31
                  2a0a:e803::-2a0a:e807:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         23:ad:df:cf:51:80:a5:08:3e:d8:55:a8:f4:6e:04:5e:cb:cd:
         05:30:03:55:cc:4a:58:52:bd:a7:a1:4f:aa:c5:26:20:c7:1b:
         4f:68:1a:29:16:66:e0:9d:3b:9e:e2:43:83:e5:bf:61:b2:e1:
         7e:1f:d8:d4:2b:ce:95:53:fc:8d:16:4b:ec:21:4e:b3:8a:a0:
         f6:5b:6d:87:c2:4c:9c:a2:88:1a:e1:78:69:a9:c3:92:61:df:
         cf:75:78:47:fc:dd:fa:81:3e:d8:07:1d:0d:55:94:c5:6b:1c:
         54:b0:80:ad:06:06:fb:82:88:65:1e:ab:20:c6:07:d3:f9:07:
         62:4b:8c:b6:bf:5d:13:03:22:e0:65:38:96:23:c4:ae:34:fb:
         dd:8c:2f:65:f6:61:c6:3e:de:44:14:1e:b4:30:1c:9c:5e:97:
         db:8c:52:60:22:e6:f6:3e:6f:79:03:22:d6:60:dd:29:a4:19:
         5e:a1:1c:f2:39:f6:a0:71:86:b3:e0:79:58:b5:ab:f6:93:5f:
         cd:ba:27:9f:99:3a:8d:34:4a:93:f2:1b:7a:b1:d0:b8:10:72:
         c2:71:dc:76:1f:ea:3e:9f:a9:eb:d0:b1:92:20:d3:5e:02:56:
         f3:b4:37:29:a0:45:5c:50:cc:3d:c5:b7:c8:f1:cf:b7:b2:be:
         30:4d:ad:83
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIECveUtTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZjEwZDhlMTU2NGU0MDMxMmM5ZGRmMjFiYTJhYTAzYmE1NTllYWQ2MB4XDTIyMDIw
OTEzMzMwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWMwM2E5OWZmNWJm
OTg2MjRhOGRlMTc2MTdlOTRjOGU0NmVkNjU2NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI/oRomSKMrcff/eqSOAuQWdie6Yi3TJAIbc30y/JTnUaG/g
j/nYAiHpPdvF2qGejdxnBIcuZSoyGeeBx5HCIyoLFeFdD/Fh0a81tckTjTajdRf+
ou8EC/najEjmmrBeKy4ns1FDE6CUHkDAHV1kxn6oFpN7yy5MT3lctr74s2kfiSgI
N+UJM8wblEhbxVuysv3u/GsmtHTtjW8ilMevxDhgGbgpDP4q2AJpXdistS6UNijk
dC8SNj9Punid831VNZrIdNxspCKVBz1bSKc4qPs9LFHnHy421IcwY2RP8i9joK6n
wVzEwve1Htibwmkml3dcZff+z4cPpHLwrH6a+vkCAwEAAaOCAkAwggI8MB0GA1Ud
DgQWBBRcA6mf9b+YYkqN4XYX6UyORu1lZzAfBgNVHSMEGDAWgBRvENjhVk5AMSyd
3yG6KqA7pVnq1jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2J4RFk0VlpPUURFc25kOGh1aXFnTzZWWjZ0WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGYvY2ZkYTA1LTE5MGQtNDE0Mi1iZDRmLWI2YThmOGU4MGY3Yi8x
L1hBT3BuX1dfbUdKS2plRjJGLWxNamtidFpXYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYv
Y2ZkYTA1LTE5MGQtNDE0Mi1iZDRmLWI2YThmOGU4MGY3Yi8xL2J4RFk0VlpPUURF
c25kOGh1aXFnTzZWWjZ0WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBW
BggrBgEFBQcBBwEB/wRHMEUwJAQCAAEwHgMEAS73iAMEBVW+QAMEArmhqAMEArnn
CAMEArn9qDAdBAIAAjAXAwUBKgroADAOAwUAKgroAwMFAyoK6AAwDQYJKoZIhvcN
AQELBQADggEBACOt389RgKUIPthVqPRuBF7LzQUwA1XMSlhSvaehT6rFJiDHG09o
GikWZuCdO57iQ4Plv2Gy4X4f2NQrzpVT/I0WS+whTrOKoPZbbYfCTJyiiBrheGmp
w5Jh3891eEf83fqBPtgHHQ1VlMVrHFSwgK0GBvuCiGUeqyDGB9P5B2JLjLa/XRMD
IuBlOJYjxK40+92ML2X2YcY+3kQUHrQwHJxel9uMUmAi5vY+b3kDItZg3SmkGV6h
HPI59qBxhrPgeVi1q/aTX826J5+ZOo00SpPyG3qx0LgQcsJx3HYf6j6fqevQsZIg
014CVvO0NymgRVxQzD3Ft8jxz7eyvjBNrYM=
-----END CERTIFICATE-----