Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ju0V1JT9PlICd_pQC6F_2jxg8iA.roa
File:                     ju0V1JT9PlICd_pQC6F_2jxg8iA.roa (raw, json)
Hash identifier:          Z4gIdlQ1FqIzsGFpqZGv/hKAT++WXek29TiYZyDW6TE=
Subject key identifier:   8E:ED:15:D4:94:FD:3E:52:02:77:FA:50:0B:A1:7F:DA:3C:60:F2:20
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0184898B653348614EC00552AE228196CACF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ju0V1JT9PlICd_pQC6F_2jxg8iA.roa
Signing time:             Fri 18 Nov 2022 07:02:04 +0000
ROA not before:           Fri 18 Nov 2022 07:02:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:1b9e::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:89:8b:65:33:48:61:4e:c0:05:52:ae:22:81:96:ca:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 18 07:02:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8eed15d494fd3e520277fa500ba17fda3c60f220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2e:52:7d:d0:0e:ff:7b:06:13:ed:76:03:1e:
                    b3:ad:cf:63:68:43:03:5a:11:05:4b:b5:40:3b:65:
                    cc:c7:9c:19:46:3a:b3:18:5d:2e:52:fd:4a:41:c1:
                    41:8e:59:11:ad:c8:e8:ae:f3:47:bc:a5:de:b4:a1:
                    87:e4:da:de:38:c5:e3:63:13:4f:eb:f8:58:d9:47:
                    63:91:f5:41:24:b6:1c:8f:eb:22:9e:8b:c7:f8:f1:
                    8c:56:0f:ac:a4:90:d2:e1:95:f0:e0:75:11:c6:83:
                    13:c6:0e:f8:c0:9e:57:9b:9c:8a:ff:39:b8:e9:62:
                    24:fd:0a:93:55:9e:dc:59:bb:45:62:3c:28:96:e2:
                    c3:08:f2:92:77:1c:38:dc:61:ec:6d:f7:06:2b:66:
                    9d:d8:ca:fc:f6:3f:f7:5e:89:72:a6:5f:d5:f6:92:
                    a0:79:c6:bd:1f:72:1a:87:5b:94:72:26:11:75:5f:
                    4f:fd:64:10:ca:7b:3b:49:59:49:2a:03:2a:99:ab:
                    25:eb:b1:84:88:dc:2a:3a:31:77:f4:3f:99:eb:36:
                    83:a4:3a:0b:b8:d3:68:09:80:03:09:d5:ce:16:ea:
                    16:b0:34:7f:d9:5d:c2:6d:9f:b7:1b:85:15:48:e4:
                    ee:5b:df:5b:08:7a:f0:60:26:8e:20:cc:d7:35:dd:
                    6d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:ED:15:D4:94:FD:3E:52:02:77:FA:50:0B:A1:7F:DA:3C:60:F2:20
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ju0V1JT9PlICd_pQC6F_2jxg8iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a0e:b107:1b9e::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:cb:3b:f1:8d:63:81:93:0d:90:31:bf:98:6f:44:ca:99:aa:
         2d:f3:e5:ae:40:54:7f:3d:a0:b6:d0:9c:4e:40:a5:d8:b5:9c:
         32:93:5a:fe:df:c7:ca:5f:1f:6d:0f:6c:15:9a:65:f3:46:a5:
         52:76:19:95:15:26:ff:a9:e8:0e:0b:2c:74:3c:bb:c2:62:3b:
         a1:7e:5c:4c:3e:9a:99:c8:e4:0c:c3:23:af:c4:17:f6:61:eb:
         4f:e6:e3:7e:a9:e3:47:aa:87:5d:f3:c0:3f:09:ee:40:8d:4b:
         61:03:78:33:75:42:2a:2f:77:e2:fd:fb:81:22:32:6d:c7:dd:
         87:93:d4:46:30:cb:99:b6:3e:ff:ff:0a:8e:ff:a7:d4:70:93:
         f5:c9:fb:99:85:cc:0c:a0:2b:1e:b1:d1:3f:53:db:13:0c:02:
         cf:2e:a8:23:88:b9:55:4d:17:d6:df:1a:f8:71:71:34:b8:7e:
         ef:cf:94:82:6d:4d:b9:df:69:ee:20:64:d4:71:28:05:56:5c:
         93:e6:16:82:21:3f:4b:30:d1:6d:40:79:f7:21:ef:0f:af:f2:
         45:1f:40:70:af:99:fe:d8:b3:e3:5c:54:c4:cc:03:8e:23:37:
         8a:97:45:37:6b:ba:5d:83:ed:a2:38:1d:1f:fd:42:6d:d5:4f:
         72:a4:7a:9f
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAYSJi2UzSGFOwAVSriKBlsrPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMTE4MDcwMjA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWVkMTVkNDk0ZmQzZTUyMDI3N2ZhNTAwYmExN2ZkYTNjNjBmMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjS5SfdAO/3sGE+12Ax6zrc9jaEMD
WhEFS7VAO2XMx5wZRjqzGF0uUv1KQcFBjlkRrcjorvNHvKXetKGH5NreOMXjYxNP
6/hY2UdjkfVBJLYcj+sinovH+PGMVg+spJDS4ZXw4HURxoMTxg74wJ5Xm5yK/zm4
6WIk/QqTVZ7cWbtFYjwoluLDCPKSdxw43GHsbfcGK2ad2Mr89j/3Xolypl/V9pKg
eca9H3Iah1uUciYRdV9P/WQQyns7SVlJKgMqmasl67GEiNwqOjF39D+Z6zaDpDoL
uNNoCYADCdXOFuoWsDR/2V3CbZ+3G4UVSOTuW99bCHrwYCaOIMzXNd1tlQIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFI7tFdSU/T5SAnf6UAuhf9o8YPIgMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvanUwVjFKVDlQbElDZF9wUUM2Rl8yanhnOGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MH0EAgACMHcDBwAqDpfA
BzYDBwAqDpfABz8DBwAqDpfAB1ADBwAqDpfAB28DBwAqDrECAS8wEgMHBCoOsQcF
0AMHBCoOsQcF4AMHBCoOsQcJAAMHACoOsQcJ9AMHACoOsQcJ9gMHACoOsQcN8gMH
ACoOsQcYcAMHACoOsQcbnjANBgkqhkiG9w0BAQsFAAOCAQEAncs78Y1jgZMNkDG/
mG9EypmqLfPlrkBUfz2gttCcTkCl2LWcMpNa/t/Hyl8fbQ9sFZpl80alUnYZlRUm
/6noDgssdDy7wmI7oX5cTD6amcjkDMMjr8QX9mHrT+bjfqnjR6qHXfPAPwnuQI1L
YQN4M3VCKi934v37gSIybcfdh5PURjDLmbY+//8Kjv+n1HCT9cn7mYXMDKArHrHR
P1PbEwwCzy6oI4i5VU0X1t8a+HFxNLh+78+Ugm1Nud9p7iBk1HEoBVZck+YWgiE/
SzDRbUB59yHvD6/yRR9AcK+Z/tiz41xUxMwDjiM3ipdFN2u6XYPtojgdH/1CbdVP
cqR6nw==
-----END CERTIFICATE-----