Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/4m82nTPqNefH8bNkfZbkAJLVRE0.roa
File:                     4m82nTPqNefH8bNkfZbkAJLVRE0.roa (raw, json)
Hash identifier:          7/vZmK9GdVqTd/qAP7UH89TpNaDGDdc7OutzepXtQ08=
Subject key identifier:   E2:6F:36:9D:33:EA:35:E7:C7:F1:B3:64:7D:96:E4:00:92:D5:44:4D
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       01824374C88A3AED27091A392087EE24AE72
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/4m82nTPqNefH8bNkfZbkAJLVRE0.roa
Signing time:             Thu 28 Jul 2022 06:18:23 +0000
ROA not before:           Thu 28 Jul 2022 06:18:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3339
IP address blocks:        213.181.68.0/23 maxlen: 23
                          213.181.66.0/23 maxlen: 23
                          89.29.186.0/23 maxlen: 23
                          213.181.82.0/23 maxlen: 23
                          89.29.188.0/23 maxlen: 23
                          213.181.95.0/24 maxlen: 24
                          89.29.212.0/22 maxlen: 22
                          89.29.208.0/22 maxlen: 22
                          89.29.216.0/22 maxlen: 22
                          89.29.220.0/22 maxlen: 22
                          185.64.241.0/24 maxlen: 24
                          176.57.102.0/23 maxlen: 23
                          176.57.100.0/23 maxlen: 23
                          213.181.64.0/24 maxlen: 24
                          89.29.230.0/24 maxlen: 24
                          89.29.240.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:43:74:c8:8a:3a:ed:27:09:1a:39:20:87:ee:24:ae:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jul 28 06:18:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e26f369d33ea35e7c7f1b3647d96e40092d5444d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d1:ec:91:23:11:50:ea:ed:70:47:ac:23:ab:
                    cd:c0:fc:44:f5:f6:b4:79:71:7e:ea:f2:6a:05:5e:
                    d4:76:b3:10:2e:4e:a3:c1:41:73:9a:90:7f:ec:a9:
                    0d:43:44:39:b8:d6:49:ab:7b:72:37:99:5d:af:c2:
                    28:33:39:4e:ec:14:3b:ce:6e:ce:98:66:19:42:a1:
                    6c:92:82:35:fc:08:39:95:3c:62:2a:9a:6d:79:4f:
                    48:8c:da:07:23:87:ff:ce:5d:70:c6:9f:29:99:9e:
                    1e:89:f5:5c:53:46:8f:42:32:6e:f9:74:31:8b:cc:
                    5c:42:2b:a0:04:29:6e:d4:bb:bd:a9:5a:95:18:52:
                    c5:a2:04:93:c8:38:e0:cf:97:4c:01:e2:47:9f:8d:
                    2c:a5:23:6d:0a:96:c9:52:af:88:fc:40:d0:d2:ff:
                    83:6a:a5:bd:32:4b:6d:94:ba:58:0b:01:d7:dd:a5:
                    f1:2d:1a:89:57:dc:2a:82:1d:23:62:b7:f2:a4:27:
                    7c:40:d2:38:49:a2:f9:99:ec:9c:c5:dd:ba:62:02:
                    75:92:76:65:5b:2b:b7:c5:b6:7b:62:77:4a:71:0e:
                    bc:08:2b:57:ee:82:6c:0c:94:ec:65:16:7c:9e:c0:
                    a0:a3:82:dc:55:dd:2d:68:dc:e8:f1:23:56:19:d1:
                    7c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:6F:36:9D:33:EA:35:E7:C7:F1:B3:64:7D:96:E4:00:92:D5:44:4D
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/4m82nTPqNefH8bNkfZbkAJLVRE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.186.0-89.29.189.255
                  89.29.208.0/20
                  89.29.230.0/24
                  89.29.240.0/22
                  176.57.100.0/22
                  185.64.241.0/24
                  213.181.64.0/24
                  213.181.66.0-213.181.69.255
                  213.181.82.0/23
                  213.181.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:3d:96:b0:05:69:15:f6:0f:40:fa:8c:80:6f:99:23:bf:42:
         33:20:5c:49:58:46:29:89:9b:9a:7c:49:69:55:1a:9f:6d:36:
         88:d2:5b:7c:b5:79:d2:f9:2c:91:c0:dd:49:d5:14:39:61:4e:
         01:46:81:8f:1f:b4:58:54:4e:0d:4e:24:0b:fc:62:58:25:c3:
         71:bf:c3:10:20:55:ab:39:1f:64:13:33:df:c8:d8:43:2a:44:
         d3:7f:71:86:a8:c3:86:01:81:58:a5:1d:95:32:9e:12:7b:39:
         85:6b:1d:d0:b4:88:d2:9f:6e:b5:e3:05:cd:47:65:ea:e0:28:
         e8:64:12:9f:71:28:6e:ae:11:5c:db:00:18:db:13:97:9f:8b:
         6c:ce:38:d7:4e:97:d3:ac:69:6d:5f:52:69:4f:a0:48:e1:f0:
         5d:19:90:98:fa:84:7d:2c:ab:6b:e1:8f:42:f1:6a:a4:2d:6e:
         a0:85:f7:3b:dd:97:a5:0a:f4:3f:d0:19:d5:de:a4:fc:89:99:
         a3:8f:c9:05:51:e6:79:9f:df:7c:ea:68:e8:3e:c0:62:7a:35:
         bd:c9:64:e0:be:bd:ee:50:4e:87:0c:2b:9d:60:cf:09:84:cd:
         04:33:9f:e1:bb:2e:5c:96:d6:29:11:fe:03:be:52:bd:ea:68:
         75:17:7a:f6
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYJDdMiKOu0nCRo5IIfuJK5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjIwNzI4MDYxODIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjZmMzY5ZDMzZWEzNWU3YzdmMWIzNjQ3ZDk2ZTQwMDkyZDU0NDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutHskSMRUOrtcEesI6vNwPxE9fa0
eXF+6vJqBV7UdrMQLk6jwUFzmpB/7KkNQ0Q5uNZJq3tyN5ldr8IoMzlO7BQ7zm7O
mGYZQqFskoI1/Ag5lTxiKppteU9IjNoHI4f/zl1wxp8pmZ4eifVcU0aPQjJu+XQx
i8xcQiugBClu1Lu9qVqVGFLFogSTyDjgz5dMAeJHn40spSNtCpbJUq+I/EDQ0v+D
aqW9MkttlLpYCwHX3aXxLRqJV9wqgh0jYrfypCd8QNI4SaL5meycxd26YgJ1knZl
Wyu3xbZ7YndKcQ68CCtX7oJsDJTsZRZ8nsCgo4LcVd0taNzo8SNWGdF86wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFOJvNp0z6jXnx/GzZH2W5ACS1URNMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvNG04Mm5UUHFOZWZIOGJOa2ZaYmtBSkxWUkUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBAFZHboD
BAFZHbwDBARZHdADBABZHeYDBAJZHfADBAKwOWQDBAC5QPEDBADVtUAwDAMEAdW1
QgMEAdW1RAMEAdW1UgMEANW1XzANBgkqhkiG9w0BAQsFAAOCAQEAJT2WsAVpFfYP
QPqMgG+ZI79CMyBcSVhGKYmbmnxJaVUan202iNJbfLV50vkskcDdSdUUOWFOAUaB
jx+0WFRODU4kC/xiWCXDcb/DECBVqzkfZBMz38jYQypE039xhqjDhgGBWKUdlTKe
Ens5hWsd0LSI0p9uteMFzUdl6uAo6GQSn3Eobq4RXNsAGNsTl5+LbM44106X06xp
bV9SaU+gSOHwXRmQmPqEfSyra+GPQvFqpC1uoIX3O92XpQr0P9AZ1d6k/ImZo4/J
BVHmeZ/ffOpo6D7AYno1vclk4L697lBOhwwrnWDPCYTNBDOf4bsuXJbWKRH+A75S
vepodRd69g==
-----END CERTIFICATE-----