Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZJztgQlibXShWBDVeOgwud6EDzY.roa
File:                     ZJztgQlibXShWBDVeOgwud6EDzY.roa (raw, json)
Hash identifier:          k5NNnEzj7dC/0MHNlGofEqxyLPzm+VEEJac0LStLPWU=
Subject key identifier:   64:9C:ED:81:09:62:6D:74:A1:58:10:D5:78:E8:30:B9:DE:84:0F:36
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018417C2194D58FF36AD99C2D0030E52D9C4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZJztgQlibXShWBDVeOgwud6EDzY.roa
Signing time:             Thu 27 Oct 2022 04:45:07 +0000
ROA not before:           Thu 27 Oct 2022 04:45:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a10:cc44:800::/37 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:17:c2:19:4d:58:ff:36:ad:99:c2:d0:03:0e:52:d9:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 27 04:45:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=649ced8109626d74a15810d578e830b9de840f36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:80:cc:1f:7c:a9:f1:ec:f6:40:7d:6d:92:3f:
                    4e:d3:e7:13:8d:8b:fe:46:aa:6d:1c:e5:5a:f6:b0:
                    b9:64:32:0a:35:74:a5:8b:bf:36:61:56:08:c6:be:
                    ae:29:07:69:92:ff:c5:49:a9:77:bf:f2:84:be:0a:
                    b8:30:fd:53:38:75:e3:67:ae:02:66:81:b7:f5:f7:
                    d4:ab:f0:16:19:b2:6b:56:4c:7b:81:c9:10:fd:8d:
                    aa:24:b9:03:06:39:23:86:fc:e8:d1:5e:69:80:91:
                    ec:21:65:00:e6:87:c5:8e:dc:a8:49:10:31:8b:53:
                    42:eb:ef:48:b2:ee:27:12:64:9f:0b:64:34:56:6b:
                    19:58:59:fc:ee:24:9a:ce:c2:d9:48:db:f3:4c:19:
                    e2:d7:c2:ba:db:00:3c:d9:dc:da:57:2b:bc:d4:e6:
                    86:43:8b:57:ca:b6:08:bc:e5:04:99:bb:63:4b:b4:
                    94:48:52:d8:14:b2:b2:ef:c4:18:47:c5:c5:37:cb:
                    dd:4a:83:3d:7c:fb:91:13:1d:09:07:c7:47:c9:c8:
                    51:b4:ee:53:6b:bd:51:72:49:bb:89:a3:05:7f:7c:
                    86:10:d2:52:ce:64:3f:6c:ff:cd:25:4e:cc:db:83:
                    8a:5c:9f:6a:80:24:9f:19:48:f8:e3:a4:dc:c2:33:
                    85:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:9C:ED:81:09:62:6D:74:A1:58:10:D5:78:E8:30:B9:DE:84:0F:36
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZJztgQlibXShWBDVeOgwud6EDzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a10:cc44:800::/37

    Signature Algorithm: sha256WithRSAEncryption
         67:01:87:d1:d5:7f:e3:c9:18:2b:54:d4:cb:c3:4e:f1:98:68:
         f2:34:3a:2c:d1:63:68:3e:2b:23:6d:b7:f4:a7:46:57:e4:c9:
         7c:43:a6:35:e0:a5:7d:54:9a:3a:0c:97:ab:bb:78:21:55:65:
         63:0e:6c:52:f9:3a:8b:37:f3:01:6e:1f:5f:7f:e0:11:8d:28:
         b2:15:93:ff:90:6d:84:20:0c:59:ab:ec:ae:9a:c7:05:fc:ce:
         68:80:69:18:03:b7:22:be:94:b2:b6:1e:11:f8:47:ac:4f:7a:
         f9:d3:b1:83:48:75:05:61:76:90:c2:8c:e0:09:8e:aa:c8:9e:
         7c:95:b4:57:7d:6a:05:9a:62:64:f2:bf:51:b2:fd:dc:c1:cc:
         fd:41:67:7f:78:01:5e:f2:68:02:f0:5b:1e:8c:6c:e8:3c:63:
         ee:97:c0:4d:74:98:f1:8c:16:56:38:04:11:ca:aa:d1:e9:a2:
         c9:3e:3c:61:a1:bd:45:6f:65:8d:57:3a:8f:8e:e1:88:98:a6:
         20:84:3c:01:de:87:51:46:1b:82:b7:46:f4:5a:27:51:f6:de:
         8d:34:f9:44:a4:6c:bb:ae:37:6d:70:1d:c9:56:e2:4d:6d:ec:
         d5:9f:09:03:8e:0e:8a:92:46:04:80:00:aa:ab:73:57:c4:ca:
         69:a9:87:62
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYQXwhlNWP82rZnC0AMOUtnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMDI3MDQ0NTA3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDljZWQ4MTA5NjI2ZDc0YTE1ODEwZDU3OGU4MzBiOWRlODQwZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4DMH3yp8ez2QH1tkj9O0+cTjYv+
RqptHOVa9rC5ZDIKNXSli782YVYIxr6uKQdpkv/FSal3v/KEvgq4MP1TOHXjZ64C
ZoG39ffUq/AWGbJrVkx7gckQ/Y2qJLkDBjkjhvzo0V5pgJHsIWUA5ofFjtyoSRAx
i1NC6+9Isu4nEmSfC2Q0VmsZWFn87iSazsLZSNvzTBni18K62wA82dzaVyu81OaG
Q4tXyrYIvOUEmbtjS7SUSFLYFLKy78QYR8XFN8vdSoM9fPuREx0JB8dHychRtO5T
a71Rckm7iaMFf3yGENJSzmQ/bP/NJU7M24OKXJ9qgCSfGUj446TcwjOFhwIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFGSc7YEJYm10oVgQ1XjoMLnehA82MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWkp6dGdRbGliWFNoV0JEVmVPZ3d1ZDZFRHpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgACMHYDBwAqDpfA
BzYDBwAqDpfABz8DBwAqDpfAB1ADBwAqDpfAB28DBwAqDrECAS8wEgMHBCoOsQcF
0AMHBCoOsQcF4AMHBCoOsQcJAAMHACoOsQcJ9AMHACoOsQcJ9gMHACoOsQcN8gMH
ACoOsQcYcAMGAyoQzEQIMA0GCSqGSIb3DQEBCwUAA4IBAQBnAYfR1X/jyRgrVNTL
w07xmGjyNDos0WNoPisjbbf0p0ZX5Ml8Q6Y14KV9VJo6DJeru3ghVWVjDmxS+TqL
N/MBbh9ff+ARjSiyFZP/kG2EIAxZq+yumscF/M5ogGkYA7civpSyth4R+EesT3r5
07GDSHUFYXaQwozgCY6qyJ58lbRXfWoFmmJk8r9Rsv3cwcz9QWd/eAFe8mgC8Fse
jGzoPGPul8BNdJjxjBZWOAQRyqrR6aLJPjxhob1Fb2WNVzqPjuGImKYghDwB3odR
RhuCt0b0WidR9t6NNPlEpGy7rjdtcB3JVuJNbezVnwkDjg6KkkYEgACqq3NXxMpp
qYdi
-----END CERTIFICATE-----