Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3mJLW9P-pZBScV1xJoVZ-uE8RX0.roa
File:                     3mJLW9P-pZBScV1xJoVZ-uE8RX0.roa (raw, json)
Hash identifier:          ws5DDjOnTThBRcFHOuOSSuFXN6IswcUb8WO9ensuk5Q=
Subject key identifier:   DE:62:4B:5B:D3:FE:A5:90:52:71:5D:71:26:85:59:FA:E1:3C:45:7D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018316B37B439416E591C2745BFA8ADF8CDA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3mJLW9P-pZBScV1xJoVZ-uE8RX0.roa
Signing time:             Wed 07 Sep 2022 06:46:44 +0000
ROA not before:           Wed 07 Sep 2022 06:46:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:97c6:4000::/34 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:16:b3:7b:43:94:16:e5:91:c2:74:5b:fa:8a:df:8c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep  7 06:46:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=de624b5bd3fea59052715d71268559fae13c457d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:43:c7:77:98:c6:81:77:db:51:bc:e3:16:88:
                    ab:d1:4d:b2:9e:74:77:4a:db:6d:0f:e6:20:e2:47:
                    47:4d:f0:fb:32:50:c6:75:67:0a:be:ab:cb:5e:4a:
                    4f:af:2a:6c:49:35:7f:c1:22:9e:c0:5f:bd:79:5a:
                    e1:1f:34:d8:5e:a6:ff:74:55:7b:53:99:b4:9e:4c:
                    c8:1f:69:88:88:75:fd:c0:fa:bb:e7:9a:03:39:57:
                    ab:1d:c5:ad:c1:5f:06:9d:68:f9:93:8c:ff:73:e4:
                    83:31:3e:c8:d7:96:9a:0d:39:40:d4:a8:1c:42:03:
                    ef:84:f3:b2:e2:e9:30:22:6e:d7:69:96:3e:fa:75:
                    2a:e1:6e:d0:59:ed:8a:92:32:aa:51:c1:54:13:40:
                    cf:6f:0f:e2:77:78:ca:34:c8:ac:6c:7c:c2:23:40:
                    a0:5d:49:87:b5:ab:91:d0:4e:0f:7d:9f:ca:b4:fc:
                    97:26:71:2e:a0:95:fb:7c:f1:22:af:3d:28:3c:ab:
                    12:9e:c2:e7:29:c9:91:c5:17:ec:63:5c:6a:44:5e:
                    70:d4:52:30:19:21:32:90:0c:23:52:c2:7a:1d:53:
                    5a:91:54:7f:3b:96:95:8f:ce:33:a1:5c:eb:be:66:
                    2b:6c:ba:a5:cd:d7:a0:59:a9:70:7d:30:bc:13:cf:
                    21:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:62:4B:5B:D3:FE:A5:90:52:71:5D:71:26:85:59:FA:E1:3C:45:7D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3mJLW9P-pZBScV1xJoVZ-uE8RX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:97c6:4000::/34
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:03:4a:f9:a9:90:31:bf:73:c0:67:3e:dd:be:cf:12:81:76:
         0f:fe:0d:e0:17:8e:0c:06:82:ba:30:40:a4:7c:64:08:6d:49:
         6e:3e:dd:65:bf:a3:bc:bd:97:ee:d0:11:72:be:4b:60:d6:46:
         73:26:55:67:d9:fd:99:c5:bc:39:e8:1d:86:fd:28:d9:38:7c:
         2e:6a:6a:6b:b9:c4:18:5c:1f:f4:0d:95:8d:9c:2a:42:2d:04:
         bc:55:a7:3e:2e:67:fe:45:4c:10:12:19:ca:e1:d0:75:3d:78:
         70:8e:f1:bb:07:46:12:63:58:26:8a:3c:b7:1f:6b:3f:09:06:
         20:44:f4:02:cc:d7:0b:a0:d0:0f:87:6d:4c:00:56:6f:39:52:
         d6:1d:44:14:94:8a:15:13:17:20:19:a1:41:bb:fe:24:93:0e:
         5e:42:74:bf:fb:22:12:04:bd:2b:8a:42:a9:fb:c6:d6:7c:5a:
         74:58:75:42:73:0b:eb:07:fe:01:21:59:1c:79:23:1b:70:a4:
         98:1e:6f:44:46:03:76:02:42:d0:19:21:a0:3b:00:3d:7d:71:
         9f:b0:13:8c:32:ce:8f:43:dd:06:c6:55:2a:51:60:f2:75:c2:
         02:18:72:e5:5e:99:91:0c:7e:a8:b0:c5:de:94:d6:cf:3c:98:
         ac:a2:48:19
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYMWs3tDlBblkcJ0W/qK34zaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIwOTA3MDY0NjQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTYyNGI1YmQzZmVhNTkwNTI3MTVkNzEyNjg1NTlmYWUxM2M0NTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EPHd5jGgXfbUbzjFoir0U2ynnR3
StttD+Yg4kdHTfD7MlDGdWcKvqvLXkpPrypsSTV/wSKewF+9eVrhHzTYXqb/dFV7
U5m0nkzIH2mIiHX9wPq755oDOVerHcWtwV8GnWj5k4z/c+SDMT7I15aaDTlA1Kgc
QgPvhPOy4ukwIm7XaZY++nUq4W7QWe2KkjKqUcFUE0DPbw/id3jKNMisbHzCI0Cg
XUmHtauR0E4PfZ/KtPyXJnEuoJX7fPEirz0oPKsSnsLnKcmRxRfsY1xqRF5w1FIw
GSEykAwjUsJ6HVNakVR/O5aVj84zoVzrvmYrbLqlzdegWalwfTC8E88h4QIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFN5iS1vT/qWQUnFdcSaFWfrhPEV9MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM21KTFc5UC1wWkJTY1YxeEpvVlotdUU4UlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgACMHYDBwAqDpfA
BzYDBwAqDpfABz8DBwAqDpfAB1ADBwAqDpfAB28DBgYqDpfGQAMHACoOsQIBLzAS
AwcEKg6xBwXQAwcEKg6xBwXgAwcEKg6xBwkAAwcAKg6xBwn0AwcAKg6xBwn2AwcA
Kg6xBw3yAwcAKg6xBxhwMA0GCSqGSIb3DQEBCwUAA4IBAQA+A0r5qZAxv3PAZz7d
vs8SgXYP/g3gF44MBoK6MECkfGQIbUluPt1lv6O8vZfu0BFyvktg1kZzJlVn2f2Z
xbw56B2G/SjZOHwuamprucQYXB/0DZWNnCpCLQS8Vac+Lmf+RUwQEhnK4dB1PXhw
jvG7B0YSY1gmijy3H2s/CQYgRPQCzNcLoNAPh21MAFZvOVLWHUQUlIoVExcgGaFB
u/4kkw5eQnS/+yISBL0rikKp+8bWfFp0WHVCcwvrB/4BIVkceSMbcKSYHm9ERgN2
AkLQGSGgOwA9fXGfsBOMMs6PQ90GxlUqUWDydcICGHLlXpmRDH6osMXelNbPPJis
okgZ
-----END CERTIFICATE-----