Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GKEcPM6uYpgF0quuKQgdoEnP8p8.roa
File:                     GKEcPM6uYpgF0quuKQgdoEnP8p8.roa (raw, json)
Hash identifier:          OYJEDqp5hXHgNu1eDh4gtlIPR1DxkohGvlgZjohVJhU=
Subject key identifier:   18:A1:1C:3C:CE:AE:62:98:05:D2:AB:AE:29:08:1D:A0:49:CF:F2:9F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0183B7B16F23D7D2B68B963F84F8ABF7155C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GKEcPM6uYpgF0quuKQgdoEnP8p8.roa
Signing time:             Sat 08 Oct 2022 13:03:22 +0000
ROA not before:           Sat 08 Oct 2022 13:03:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:97c6:4000::/34 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b7:b1:6f:23:d7:d2:b6:8b:96:3f:84:f8:ab:f7:15:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct  8 13:03:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=18a11c3cceae629805d2abae29081da049cff29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7b:43:87:cb:2b:7d:59:9c:ca:3f:02:4c:9f:
                    e2:06:d7:fd:92:69:b7:de:a5:c5:c0:f7:86:75:9e:
                    5b:fb:68:32:dd:00:37:d2:47:73:d5:b5:31:20:63:
                    ba:1f:cd:c8:fd:d7:96:e9:f1:44:56:20:ee:39:b6:
                    e2:e9:5f:64:5d:27:2a:73:b0:27:d3:f1:0c:30:a2:
                    98:87:45:8c:c0:d5:79:44:6b:09:ab:d5:fe:41:ea:
                    00:59:32:93:83:68:7c:b3:ee:c4:dd:2d:d0:8e:89:
                    bb:72:f2:5b:18:4c:80:f2:f6:60:13:31:b8:e3:2b:
                    78:e8:ac:68:fe:43:84:de:b1:1a:0a:cf:88:04:d3:
                    31:c8:c1:7b:98:0e:5b:47:f3:d0:50:67:6c:7d:03:
                    f5:1b:75:70:b4:09:81:29:79:71:a8:35:78:6f:81:
                    9b:72:d2:e7:e3:a5:ac:9e:33:d9:44:bb:02:b9:69:
                    cb:3b:e3:d0:2b:f9:e7:22:a3:5c:5d:e6:3b:08:b1:
                    5f:65:8e:aa:68:4a:fc:ac:62:b8:87:2e:ee:0a:ea:
                    89:e9:03:f9:6f:7d:a1:d1:47:b6:78:26:e0:c1:55:
                    6e:b1:b0:86:81:12:9f:ad:47:81:d3:7d:7b:d1:55:
                    93:35:6c:55:06:c1:a3:fa:d1:79:40:86:87:2b:0f:
                    af:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:A1:1C:3C:CE:AE:62:98:05:D2:AB:AE:29:08:1D:A0:49:CF:F2:9F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GKEcPM6uYpgF0quuKQgdoEnP8p8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:97c6:4000::/34
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:12:b7:7b:5a:ae:2a:f2:f9:e2:0d:c9:3c:d1:e1:fc:08:89:
         1e:36:a0:b5:f5:2b:a9:b4:f6:f9:69:0a:f4:03:d8:10:73:51:
         88:99:52:5e:5e:3d:22:bf:13:73:d3:c0:f3:74:53:2c:31:fb:
         fb:4a:c7:f3:86:a3:c5:86:6d:d3:9e:3f:04:57:db:f7:0e:08:
         4e:cd:64:d3:fd:ee:46:ca:3f:68:15:73:05:83:28:04:4e:a7:
         18:22:93:23:62:e6:7d:b4:46:ee:18:ee:6a:3d:37:9c:b3:bb:
         63:fb:e3:35:81:7d:5c:49:3d:71:66:12:16:d7:6f:69:8a:86:
         b0:b2:1c:bf:2d:8a:31:e3:4a:3b:3a:67:5d:a5:78:1b:2b:07:
         78:c0:6d:2b:9e:5a:a8:96:fe:a1:33:b8:85:2c:16:ea:33:80:
         47:ee:6a:9e:29:15:a0:49:62:e4:97:da:e1:97:03:d5:a2:7d:
         2f:06:fa:3e:31:49:e8:58:32:2b:75:7e:f4:fd:40:b6:e2:1f:
         51:bd:ca:db:ea:6c:4a:11:23:39:ea:c6:0e:9e:78:36:58:7c:
         e0:79:28:c0:c6:47:52:7f:fc:cc:25:3f:dc:31:ca:33:08:8d:
         06:c1:35:0e:66:04:f2:a0:d0:fe:e9:3a:a6:50:34:17:48:ea:
         fd:40:ce:ce
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYO3sW8j19K2i5Y/hPir9xVcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMDA4MTMwMzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGExMWMzY2NlYWU2Mjk4MDVkMmFiYWUyOTA4MWRhMDQ5Y2ZmMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsntDh8srfVmcyj8CTJ/iBtf9kmm3
3qXFwPeGdZ5b+2gy3QA30kdz1bUxIGO6H83I/deW6fFEViDuObbi6V9kXScqc7An
0/EMMKKYh0WMwNV5RGsJq9X+QeoAWTKTg2h8s+7E3S3Qjom7cvJbGEyA8vZgEzG4
4yt46Kxo/kOE3rEaCs+IBNMxyMF7mA5bR/PQUGdsfQP1G3VwtAmBKXlxqDV4b4Gb
ctLn46WsnjPZRLsCuWnLO+PQK/nnIqNcXeY7CLFfZY6qaEr8rGK4hy7uCuqJ6QP5
b32h0Ue2eCbgwVVusbCGgRKfrUeB03170VWTNWxVBsGj+tF5QIaHKw+vWwIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFBihHDzOrmKYBdKrrikIHaBJz/KfMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR0tFY1BNNnVZcGdGMHF1dUtRZ2RvRW5QOHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgACMHYDBwAqDpfA
BzYDBwAqDpfABz8DBwAqDpfAB1ADBwAqDpfAB28DBgYqDpfGQAMHACoOsQIBLzAS
AwcEKg6xBwXQAwcEKg6xBwXgAwcEKg6xBwkAAwcAKg6xBwn0AwcAKg6xBwn2AwcA
Kg6xBw3yAwcAKg6xBxhwMA0GCSqGSIb3DQEBCwUAA4IBAQClErd7Wq4q8vniDck8
0eH8CIkeNqC19SuptPb5aQr0A9gQc1GImVJeXj0ivxNz08DzdFMsMfv7SsfzhqPF
hm3Tnj8EV9v3DghOzWTT/e5Gyj9oFXMFgygETqcYIpMjYuZ9tEbuGO5qPTecs7tj
++M1gX1cST1xZhIW129pioawshy/LYox40o7OmddpXgbKwd4wG0rnlqolv6hM7iF
LBbqM4BH7mqeKRWgSWLkl9rhlwPVon0vBvo+MUnoWDIrdX70/UC24h9Rvcrb6mxK
ESM56sYOnng2WHzgeSjAxkdSf/zMJT/cMcozCI0GwTUOZgTyoND+6TqmUDQXSOr9
QM7O
-----END CERTIFICATE-----