Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OYyyPi56WV56sRkk4pm4LITAre8.roa
File:                     OYyyPi56WV56sRkk4pm4LITAre8.roa (raw, json)
Hash identifier:          shlSEwEUhQ+ztzQURQDaSkr+SJLS5G6N0C30BKodbWg=
Subject key identifier:   39:8C:B2:3E:2E:7A:59:5E:7A:B1:19:24:E2:99:B8:2C:84:C0:AD:EF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0183C3C8246395456A7869E2F46CEEC9688F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OYyyPi56WV56sRkk4pm4LITAre8.roa
Signing time:             Mon 10 Oct 2022 21:23:37 +0000
ROA not before:           Mon 10 Oct 2022 21:23:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:97c6:4000::/34 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c3:c8:24:63:95:45:6a:78:69:e2:f4:6c:ee:c9:68:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 10 21:23:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=398cb23e2e7a595e7ab11924e299b82c84c0adef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:54:d4:ca:0a:44:90:b4:1d:46:0a:e3:19:45:
                    41:5d:76:2d:dd:78:c7:85:ee:4c:59:1f:aa:a0:62:
                    bc:0f:df:75:5b:24:fa:ff:96:9c:14:25:ec:de:5c:
                    1d:d4:8f:ed:e4:f3:4a:a1:e8:7e:5f:5e:25:e5:b3:
                    32:bb:f7:1d:2b:ae:c6:87:98:c5:c9:1a:70:66:0e:
                    92:a8:6f:cb:a2:77:53:cf:5b:a8:4a:b6:dc:89:38:
                    72:65:be:58:1d:78:e6:2b:cc:94:a6:ed:50:c6:98:
                    c3:fb:a3:13:ae:96:9a:03:58:6c:98:34:0c:44:7f:
                    9b:b9:a3:d6:4e:ff:b3:a6:80:37:90:b9:78:76:f2:
                    f5:1f:39:95:15:b5:c8:1f:ee:2b:03:2d:04:7e:65:
                    bb:b0:39:60:cd:98:5e:a4:70:12:c1:70:af:f3:22:
                    68:40:d3:b1:17:ae:4b:ae:35:f1:99:93:3b:96:b0:
                    c7:21:50:af:9a:52:07:67:6e:e8:40:16:cd:80:74:
                    53:a7:c7:9b:36:38:06:eb:6a:b4:61:b2:d5:a7:e2:
                    1e:78:d9:d9:8d:5f:ee:f2:f4:c8:38:25:39:fb:a4:
                    c4:05:2a:d9:d9:be:6c:ea:20:50:10:6c:71:4d:8d:
                    c0:38:47:d8:0d:1d:5c:5b:eb:39:13:ee:7f:c5:d4:
                    c5:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:8C:B2:3E:2E:7A:59:5E:7A:B1:19:24:E2:99:B8:2C:84:C0:AD:EF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OYyyPi56WV56sRkk4pm4LITAre8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:97c6:4000::/34
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:d7:51:98:46:99:d3:1a:d5:28:ef:c4:da:e1:51:e5:3f:ed:
         16:36:0c:d8:d0:6f:69:a0:72:56:c1:90:44:d0:27:c7:41:3f:
         69:77:43:02:21:c6:d2:41:19:b7:a8:ce:e7:63:bc:2f:72:d5:
         33:e9:a1:c8:2a:e5:a9:02:dd:07:37:33:72:a8:31:71:8f:c0:
         42:bf:ca:00:fd:86:29:ac:cc:02:f3:c2:13:5b:e2:31:d1:69:
         dd:c6:6a:bb:08:69:99:a7:f2:0b:c1:39:a9:ba:03:df:5a:ae:
         40:c6:5c:0f:62:fd:84:c2:e8:7b:57:c7:73:6c:e5:bd:82:d0:
         86:a5:0f:cb:71:7b:3b:ee:fe:71:2b:d7:e0:84:8e:7f:96:6b:
         17:b9:02:4f:e5:47:a7:93:75:3d:0e:f5:66:d0:bd:ea:57:1a:
         28:73:d4:18:ba:7c:02:e2:93:85:40:6f:ee:ae:9c:8f:21:b5:
         ac:e8:e0:da:36:20:13:42:ec:7d:fb:c8:4f:55:ef:11:5a:da:
         c2:c7:ab:78:e2:c8:76:32:93:8b:e8:1a:fb:bd:ba:68:50:91:
         3d:41:6e:83:7a:61:e7:87:37:ea:d5:76:eb:58:32:7d:ec:86:
         a5:ea:48:77:ff:5d:43:57:92:93:16:de:c6:70:47:a8:f4:b7:
         e8:4b:dc:f1
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYPDyCRjlUVqeGni9GzuyWiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMDEwMjEyMzM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOThjYjIzZTJlN2E1OTVlN2FiMTE5MjRlMjk5YjgyYzg0YzBhZGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFTUygpEkLQdRgrjGUVBXXYt3XjH
he5MWR+qoGK8D991WyT6/5acFCXs3lwd1I/t5PNKoeh+X14l5bMyu/cdK67Gh5jF
yRpwZg6SqG/LondTz1uoSrbciThyZb5YHXjmK8yUpu1QxpjD+6MTrpaaA1hsmDQM
RH+buaPWTv+zpoA3kLl4dvL1HzmVFbXIH+4rAy0EfmW7sDlgzZhepHASwXCv8yJo
QNOxF65LrjXxmZM7lrDHIVCvmlIHZ27oQBbNgHRTp8ebNjgG62q0YbLVp+IeeNnZ
jV/u8vTIOCU5+6TEBSrZ2b5s6iBQEGxxTY3AOEfYDR1cW+s5E+5/xdTFawIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFDmMsj4uelleerEZJOKZuCyEwK3vMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT1l5eVBpNTZXVjU2c1JrazRwbTRMSVRBcmU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgACMHYDBwAqDpfA
BzYDBwAqDpfABz8DBwAqDpfAB1ADBwAqDpfAB28DBgYqDpfGQAMHACoOsQIBLzAS
AwcEKg6xBwXQAwcEKg6xBwXgAwcEKg6xBwkAAwcAKg6xBwn0AwcAKg6xBwn2AwcA
Kg6xBw3yAwcAKg6xBxhwMA0GCSqGSIb3DQEBCwUAA4IBAQBn11GYRpnTGtUo78Ta
4VHlP+0WNgzY0G9poHJWwZBE0CfHQT9pd0MCIcbSQRm3qM7nY7wvctUz6aHIKuWp
At0HNzNyqDFxj8BCv8oA/YYprMwC88ITW+Ix0Wndxmq7CGmZp/ILwTmpugPfWq5A
xlwPYv2Ewuh7V8dzbOW9gtCGpQ/LcXs77v5xK9fghI5/lmsXuQJP5Uenk3U9DvVm
0L3qVxooc9QYunwC4pOFQG/urpyPIbWs6ODaNiATQux9+8hPVe8RWtrCx6t44sh2
MpOL6Br7vbpoUJE9QW6DemHnhzfq1XbrWDJ97Ial6kh3/11DV5KTFt7GcEeo9Lfo
S9zx
-----END CERTIFICATE-----