Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JXBgPLqwgKhC8IN-jsqq_bw_Rlc.roa
File:                     JXBgPLqwgKhC8IN-jsqq_bw_Rlc.roa (raw, json)
Hash identifier:          CwFC1Z4LopU1eNNFou+Ka3Osn3gMsWv6KGJ3v4qFQLc=
Subject key identifier:   25:70:60:3C:BA:B0:80:A8:42:F0:83:7E:8E:CA:AA:FD:BC:3F:46:57
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01848AFAB302275ABF75426C08AE4840ECF7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JXBgPLqwgKhC8IN-jsqq_bw_Rlc.roa
Signing time:             Fri 18 Nov 2022 13:43:16 +0000
ROA not before:           Fri 18 Nov 2022 13:43:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209391
IP address blocks:        2a0e:b107:1c90::/48 maxlen: 48
                          2a10:cc40:1cf::/48 maxlen: 48
                          2a10:cc40:1ca::/48 maxlen: 48
                          2a10:cc40:1c5::/48 maxlen: 48
                          2a10:cc40:1c0::/48 maxlen: 48
                          2a10:cc40:1c3::/48 maxlen: 48
                          2a10:cc40:1ce::/48 maxlen: 48
                          2a10:cc40:1c9::/48 maxlen: 48
                          2a10:cc40:1c4::/48 maxlen: 48
                          2a10:cc40:1c7::/48 maxlen: 48
                          2a10:cc40:1c2::/48 maxlen: 48
                          2a10:cc40:1cd::/48 maxlen: 48
                          2a10:cc40:1c8::/48 maxlen: 48
                          2a10:cc40:1cb::/48 maxlen: 48
                          2a10:cc40:1c6::/48 maxlen: 48
                          2a10:cc40:1c1::/48 maxlen: 48
                          2a10:cc40:1cc::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:8a:fa:b3:02:27:5a:bf:75:42:6c:08:ae:48:40:ec:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 18 13:43:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2570603cbab080a842f0837e8ecaaafdbc3f4657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5d:cb:d5:0e:c2:17:d4:51:60:24:a5:93:24:
                    4b:c3:26:3f:de:99:df:99:8f:5d:79:7d:31:60:25:
                    cc:95:80:f7:20:40:b5:61:51:c8:29:07:cd:45:a5:
                    77:97:e4:a1:e0:7f:44:16:e3:07:9c:17:2a:9e:df:
                    03:1e:d1:b0:39:58:0f:40:7d:f0:bf:50:3c:ef:81:
                    1a:fa:40:38:3a:f0:09:71:3f:40:ec:a2:a2:55:a4:
                    e3:18:4a:f9:60:ad:25:01:ed:f9:14:a2:5f:e5:09:
                    8d:3b:0f:c4:79:fe:b1:c6:77:b1:77:ac:2e:35:85:
                    95:48:4f:f1:f2:4b:43:2e:ed:6b:49:0a:b3:a8:2d:
                    7f:b5:76:c0:4d:25:9e:4d:08:73:66:70:ef:fb:91:
                    20:56:0c:94:b1:6c:82:56:89:40:e5:f8:bc:6c:35:
                    2f:57:96:c7:ee:a7:b5:91:01:a0:0b:bb:54:0d:ec:
                    0f:28:6a:22:b4:e0:b9:40:52:95:03:10:c6:17:a9:
                    5a:49:8e:b0:14:74:86:eb:45:52:50:7f:10:9b:e6:
                    f5:fa:7e:3c:95:b3:99:ce:f3:5b:d1:73:2f:50:c9:
                    94:01:4f:e4:bb:63:b7:d3:18:e8:af:c0:9c:c3:88:
                    ac:a2:6a:6e:d3:d8:4c:fb:96:0e:d4:e4:0b:15:a9:
                    75:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:70:60:3C:BA:B0:80:A8:42:F0:83:7E:8E:CA:AA:FD:BC:3F:46:57
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JXBgPLqwgKhC8IN-jsqq_bw_Rlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1c90::/48
                  2a10:cc40:1c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         66:73:e7:e9:d0:ff:c3:4b:e0:55:0a:ce:51:8d:47:1b:f0:ca:
         12:a3:5c:92:43:52:e3:e2:ce:22:f9:45:91:b7:5f:92:6c:4c:
         69:04:4a:af:51:91:19:aa:19:fe:31:f6:36:08:cb:8d:6e:4f:
         f4:c6:fb:c0:fc:3f:34:3f:9c:bb:38:53:d9:34:7f:1f:25:38:
         6a:6d:b1:6c:90:e2:f2:1b:70:10:40:13:02:01:89:82:88:3f:
         5f:2e:38:fb:cb:e7:cf:0e:4e:3a:35:27:c9:27:b8:b2:e5:22:
         39:9f:e1:9e:c1:81:ae:3c:32:7b:7e:99:c8:ea:57:46:ce:aa:
         5b:f9:d5:df:70:7e:08:a9:0a:c2:c1:3a:52:97:a8:7c:34:ac:
         8c:17:31:b9:3c:42:77:cf:83:50:cf:fc:22:69:95:cf:39:56:
         6a:00:22:d7:ec:ab:e8:01:a9:47:ea:f8:04:19:e4:23:24:c1:
         15:cf:8d:ca:18:45:f5:25:cb:91:fe:f6:fd:dc:ae:d4:41:71:
         eb:36:97:47:66:ed:cf:e5:ca:3a:61:9b:04:3e:5e:04:87:b7:
         d4:46:05:39:49:0f:9b:6d:13:0b:32:c7:30:f6:7c:12:8d:ac:
         e7:53:79:7a:61:52:77:8a:86:c5:6a:5a:1f:1f:ee:a0:5f:83:
         89:fc:14:99
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYSK+rMCJ1q/dUJsCK5IQOz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMTE4MTM0MzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTcwNjAzY2JhYjA4MGE4NDJmMDgzN2U4ZWNhYWFmZGJjM2Y0NjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql3L1Q7CF9RRYCSlkyRLwyY/3pnf
mY9deX0xYCXMlYD3IEC1YVHIKQfNRaV3l+Sh4H9EFuMHnBcqnt8DHtGwOVgPQH3w
v1A874Ea+kA4OvAJcT9A7KKiVaTjGEr5YK0lAe35FKJf5QmNOw/Eef6xxnexd6wu
NYWVSE/x8ktDLu1rSQqzqC1/tXbATSWeTQhzZnDv+5EgVgyUsWyCVolA5fi8bDUv
V5bH7qe1kQGgC7tUDewPKGoitOC5QFKVAxDGF6laSY6wFHSG60VSUH8Qm+b1+n48
lbOZzvNb0XMvUMmUAU/ku2O30xjor8Ccw4isompu09hM+5YO1OQLFal1ewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCVwYDy6sICoQvCDfo7Kqv28P0ZXMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSlhCZ1BMcXdnS2hDOElOLWpzcXFfYndfUmxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBxyQ
AwcEKhDMQAHAMA0GCSqGSIb3DQEBCwUAA4IBAQBmc+fp0P/DS+BVCs5RjUcb8MoS
o1ySQ1Lj4s4i+UWRt1+SbExpBEqvUZEZqhn+MfY2CMuNbk/0xvvA/D80P5y7OFPZ
NH8fJThqbbFskOLyG3AQQBMCAYmCiD9fLjj7y+fPDk46NSfJJ7iy5SI5n+GewYGu
PDJ7fpnI6ldGzqpb+dXfcH4IqQrCwTpSl6h8NKyMFzG5PEJ3z4NQz/wiaZXPOVZq
ACLX7KvoAalH6vgEGeQjJMEVz43KGEX1JcuR/vb93K7UQXHrNpdHZu3P5co6YZsE
Pl4Eh7fURgU5SQ+bbRMLMscw9nwSjaznU3l6YVJ3iobFalofH+6gX4OJ/BSZ
-----END CERTIFICATE-----