Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/73jsC_V91LMr0fW6UCRkQVVDtRs.roa
File:                     73jsC_V91LMr0fW6UCRkQVVDtRs.roa (raw, json)
Hash identifier:          Cd77A0TIhbrRa7xh6Eb8clfElSlvIJyALfuWfd0TYNM=
Subject key identifier:   EF:78:EC:0B:F5:7D:D4:B3:2B:D1:F5:BA:50:24:64:41:55:43:B5:1B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0184525544C231E9387B0DBE38500BDFB78D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/73jsC_V91LMr0fW6UCRkQVVDtRs.roa
Signing time:             Mon 07 Nov 2022 13:43:50 +0000
ROA not before:           Mon 07 Nov 2022 13:43:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:52:55:44:c2:31:e9:38:7b:0d:be:38:50:0b:df:b7:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov  7 13:43:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ef78ec0bf57dd4b32bd1f5ba502464415543b51b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:25:b6:8d:96:74:cc:48:b7:14:83:38:1a:ff:
                    81:62:c6:01:aa:32:04:09:be:9b:38:8a:20:40:1a:
                    06:d4:f4:c6:8a:de:fa:48:16:94:d5:8e:24:01:20:
                    2a:23:07:2c:48:bc:26:cf:c3:3a:05:1d:e0:65:af:
                    87:10:98:3d:f1:93:a0:38:bb:ec:d4:df:51:46:24:
                    68:c9:da:af:b3:24:a2:70:4d:d7:83:7b:ee:61:a8:
                    b5:73:24:a8:71:11:eb:d7:1a:0c:93:8b:ba:a0:75:
                    9c:ff:b7:f2:d6:48:82:37:cf:a4:73:b0:ba:5a:36:
                    95:87:3e:db:52:81:9a:21:62:dc:31:9f:3d:2a:3f:
                    f2:22:32:5d:04:40:e7:87:e5:72:47:b7:a6:ce:d1:
                    0a:97:ec:39:50:51:30:b0:70:a3:f8:4a:e2:4d:d9:
                    c1:56:52:10:43:a8:d5:84:a3:bb:0e:ca:52:9a:64:
                    6e:06:39:2b:11:db:8e:67:60:47:eb:ea:50:56:3b:
                    f4:b2:8c:81:e5:36:cd:20:54:f1:a2:90:f7:d4:30:
                    1d:bc:62:97:ea:aa:ee:69:b9:f9:9c:ff:92:8b:14:
                    2a:f0:50:68:02:3f:08:b5:2f:c3:4f:f6:aa:29:1e:
                    a5:42:34:93:df:39:2c:83:82:5e:ea:a2:b7:76:c0:
                    3c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:78:EC:0B:F5:7D:D4:B3:2B:D1:F5:BA:50:24:64:41:55:43:B5:1B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/73jsC_V91LMr0fW6UCRkQVVDtRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:23:86:7c:e7:e1:63:a8:af:fd:c0:71:ae:21:14:67:83:45:
         f8:6d:8b:a4:7d:36:7a:07:3b:ba:8d:dc:5d:fc:1e:be:85:71:
         a8:f3:46:25:f2:2f:78:f5:a0:78:85:5d:79:49:a3:62:af:b0:
         47:5e:7c:da:63:8a:73:85:9f:50:19:d5:c0:14:67:fa:31:18:
         40:03:ce:15:56:92:7c:98:a8:de:68:e9:b3:c6:c4:65:41:ae:
         a4:9a:50:e5:84:8a:0e:c6:f4:72:fa:3b:7b:14:24:ab:ec:e7:
         cb:55:1d:7e:6f:76:77:30:5f:6a:04:47:88:8d:3d:fc:df:d0:
         40:4d:a5:66:e3:c4:f4:ac:e3:4c:e6:52:21:94:75:f7:95:6b:
         4d:ba:7d:1b:b1:29:c7:01:72:c0:0a:99:b0:0c:87:d0:36:65:
         7c:f8:6c:4b:5c:33:3f:f5:58:fc:b2:b9:84:7f:10:24:95:01:
         dc:2d:78:d0:2f:52:0b:50:e1:43:87:e7:4f:4e:28:7f:87:0c:
         5e:7c:01:a4:31:fb:52:ba:51:a1:a1:04:40:c2:e9:cc:e9:0d:
         63:06:5f:41:30:42:aa:e7:70:b7:21:e5:ad:37:e6:62:39:5e:
         56:9d:56:b7:d6:1f:02:61:0c:9f:ca:f5:6a:13:af:52:ae:d2:
         5c:ea:38:00
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAYRSVUTCMek4ew2+OFAL37eNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMTA3MTM0MzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjc4ZWMwYmY1N2RkNGIzMmJkMWY1YmE1MDI0NjQ0MTU1NDNiNTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiW2jZZ0zEi3FIM4Gv+BYsYBqjIE
Cb6bOIogQBoG1PTGit76SBaU1Y4kASAqIwcsSLwmz8M6BR3gZa+HEJg98ZOgOLvs
1N9RRiRoydqvsySicE3Xg3vuYai1cySocRHr1xoMk4u6oHWc/7fy1kiCN8+kc7C6
WjaVhz7bUoGaIWLcMZ89Kj/yIjJdBEDnh+VyR7emztEKl+w5UFEwsHCj+EriTdnB
VlIQQ6jVhKO7DspSmmRuBjkrEduOZ2BH6+pQVjv0soyB5TbNIFTxopD31DAdvGKX
6qruabn5nP+SixQq8FBoAj8ItS/DT/aqKR6lQjST3zksg4Je6qK3dsA8PQIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFO947Av1fdSzK9H1ulAkZEFVQ7UbMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNzNqc0NfVjkxTE1yMGZXNlVDUmtRVlZEdFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwdAQCAAIwbgMHACoOl8AH
NgMHACoOl8AHPwMHACoOl8AHUAMHACoOl8AHbwMHACoOsQIBLzASAwcEKg6xBwXQ
AwcEKg6xBwXgAwcEKg6xBwkAAwcAKg6xBwn0AwcAKg6xBwn2AwcAKg6xBw3yAwcA
Kg6xBxhwMA0GCSqGSIb3DQEBCwUAA4IBAQCMI4Z85+FjqK/9wHGuIRRng0X4bYuk
fTZ6Bzu6jdxd/B6+hXGo80Yl8i949aB4hV15SaNir7BHXnzaY4pzhZ9QGdXAFGf6
MRhAA84VVpJ8mKjeaOmzxsRlQa6kmlDlhIoOxvRy+jt7FCSr7OfLVR1+b3Z3MF9q
BEeIjT3839BATaVm48T0rONM5lIhlHX3lWtNun0bsSnHAXLACpmwDIfQNmV8+GxL
XDM/9Vj8srmEfxAklQHcLXjQL1ILUOFDh+dPTih/hwxefAGkMftSulGhoQRAwunM
6Q1jBl9BMEKq53C3IeWtN+ZiOV5WnVa31h8CYQyfyvVqE69SrtJc6jgA
-----END CERTIFICATE-----