Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kKwBP3VnveJdWYJu7AiOS5LHsns.roa
File:                     kKwBP3VnveJdWYJu7AiOS5LHsns.roa (raw, json)
Hash identifier:          uOkwcQK52jRD8rH5sC2ty+q2ayRNd++FvYKFFT4vXIY=
Subject key identifier:   90:AC:01:3F:75:67:BD:E2:5D:59:82:6E:EC:08:8E:4B:92:C7:B2:7B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0183EF29BB05D9443E0C50B328BB20D7372F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kKwBP3VnveJdWYJu7AiOS5LHsns.roa
Signing time:             Wed 19 Oct 2022 07:33:52 +0000
ROA not before:           Wed 19 Oct 2022 07:33:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211946
IP address blocks:        2a0e:b107:1c35::/48 maxlen: 48
                          2a0e:b107:1c3a::/48 maxlen: 48
                          2a0e:97c0:143::/48 maxlen: 48
                          2a0e:b107:1c3f::/48 maxlen: 48
                          2a0e:b107:1c34::/48 maxlen: 48
                          2a0e:97c0:141::/48 maxlen: 48
                          2a0e:b107:1c39::/48 maxlen: 48
                          2a0e:b107:1c3e::/48 maxlen: 48
                          2a0e:b107:1c33::/48 maxlen: 48
                          2a0e:97c0:142::/48 maxlen: 48
                          2a0e:b107:1c38::/48 maxlen: 48
                          2a0e:97c0:145::/48 maxlen: 48
                          2a0e:b107:1c3d::/48 maxlen: 48
                          2a0e:b107:1c32::/48 maxlen: 48
                          2a0e:b107:1c37::/48 maxlen: 48
                          2a0e:97c0:146::/48 maxlen: 48
                          2a0e:b107:1c3c::/48 maxlen: 48
                          2a0e:b107:1c31::/48 maxlen: 48
                          2a0e:97c0:144::/48 maxlen: 48
                          2a0e:b107:1c36::/48 maxlen: 48
                          2a0e:b107:1c3b::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ef:29:bb:05:d9:44:3e:0c:50:b3:28:bb:20:d7:37:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 19 07:33:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=90ac013f7567bde25d59826eec088e4b92c7b27b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6f:21:85:07:63:69:b4:16:83:f4:ca:b5:03:
                    dc:64:ae:e2:32:ed:cf:48:da:47:9f:c7:f4:e3:52:
                    9b:b7:9a:ca:84:de:4c:71:75:a0:ea:e8:b7:91:dd:
                    7d:ff:2c:02:53:05:7a:be:5f:da:29:c7:4a:d8:21:
                    e7:f1:46:fb:93:12:60:b8:84:ab:41:93:04:c2:5a:
                    71:39:28:6f:f8:ba:b0:1e:58:23:5b:f5:c1:85:d3:
                    ea:f1:bf:57:07:64:e4:4e:2a:6e:83:3e:d3:dc:db:
                    b5:b3:d9:f6:50:01:a7:cf:a5:c2:90:39:41:e7:93:
                    be:76:39:2e:08:a2:37:e5:a5:54:b3:75:9d:d7:f0:
                    70:81:7a:84:26:99:46:a2:31:f6:09:88:18:57:8e:
                    65:14:18:d0:7c:90:b7:ef:64:2c:00:70:d9:d9:04:
                    b3:af:7f:c0:e5:e1:cd:71:6c:8f:48:c4:c1:db:ac:
                    61:9a:2a:9f:46:95:b3:bd:a8:61:8b:d8:4f:c5:39:
                    c6:60:be:4a:09:2c:f6:37:33:a4:ba:df:91:4a:78:
                    32:ef:eb:de:e3:21:2c:03:d7:80:a8:7b:89:66:67:
                    95:26:6b:6b:66:7d:61:81:62:36:81:98:6d:11:dd:
                    e4:2b:11:75:80:d0:0f:3a:e7:69:49:96:cc:b1:46:
                    fb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:AC:01:3F:75:67:BD:E2:5D:59:82:6E:EC:08:8E:4B:92:C7:B2:7B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kKwBP3VnveJdWYJu7AiOS5LHsns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:141::-2a0e:97c0:146:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:1c31::-2a0e:b107:1c3f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         37:76:29:bc:90:a0:6d:4a:2d:4e:a9:0f:4f:38:41:5b:1c:88:
         04:b9:1c:06:5e:8f:79:6c:04:7c:be:17:94:31:20:c0:6f:23:
         45:7d:da:ed:a1:1a:1c:65:1c:a4:4d:bc:d3:9f:1b:e0:b0:e3:
         42:52:c4:61:8a:87:54:6e:0a:49:21:f8:bc:f1:f3:33:b1:1e:
         fb:48:ea:9d:3f:55:3b:8b:df:87:92:2d:1a:c9:5a:e3:32:e7:
         4b:98:4b:17:5a:81:6a:4d:86:c0:6b:9a:98:8b:4c:71:76:f8:
         cf:50:21:c5:06:48:03:db:d2:fc:50:fa:a0:a8:61:57:72:fd:
         ee:66:70:a6:db:ae:7e:92:33:4f:fb:8b:d7:56:24:a7:a7:2a:
         05:67:1f:f5:72:b7:17:86:1e:50:5c:a9:bd:4d:a3:fe:26:f2:
         15:2a:12:a8:6d:4c:0c:40:24:8d:12:c8:1d:43:04:06:bf:e7:
         92:8f:2c:7d:c3:30:bd:23:eb:ea:c9:be:7e:e0:0e:c6:e6:91:
         38:51:63:45:42:1a:32:4b:a5:26:25:16:34:af:87:cb:b3:3e:
         70:c4:d5:37:f7:2d:02:b1:5c:5e:e3:13:39:95:4a:33:fe:d1:
         a5:56:25:74:39:a7:a0:c8:52:1f:48:3d:a6:2c:8a:26:22:ac:
         19:11:c7:36
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYPvKbsF2UQ+DFCzKLsg1zcvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMDE5MDczMzUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGFjMDEzZjc1NjdiZGUyNWQ1OTgyNmVlYzA4OGU0YjkyYzdiMjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp28hhQdjabQWg/TKtQPcZK7iMu3P
SNpHn8f041Kbt5rKhN5McXWg6ui3kd19/ywCUwV6vl/aKcdK2CHn8Ub7kxJguISr
QZMEwlpxOShv+LqwHlgjW/XBhdPq8b9XB2TkTipugz7T3Nu1s9n2UAGnz6XCkDlB
55O+djkuCKI35aVUs3Wd1/BwgXqEJplGojH2CYgYV45lFBjQfJC372QsAHDZ2QSz
r3/A5eHNcWyPSMTB26xhmiqfRpWzvahhi9hPxTnGYL5KCSz2NzOkut+RSngy7+ve
4yEsA9eAqHuJZmeVJmtrZn1hgWI2gZhtEd3kKxF1gNAPOudpSZbMsUb7UwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFJCsAT91Z73iXVmCbuwIjkuSx7J7MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEva0t3QlAzVm52ZUpkV1lKdTdBaU9TNUxIc25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAAjAoMBIDBwAqDpfA
AUEDBwAqDpfAAUYwEgMHACoOsQccMQMHBioOsQccADANBgkqhkiG9w0BAQsFAAOC
AQEAN3YpvJCgbUotTqkPTzhBWxyIBLkcBl6PeWwEfL4XlDEgwG8jRX3a7aEaHGUc
pE28058b4LDjQlLEYYqHVG4KSSH4vPHzM7Ee+0jqnT9VO4vfh5ItGsla4zLnS5hL
F1qBak2GwGuamItMcXb4z1AhxQZIA9vS/FD6oKhhV3L97mZwptuufpIzT/uL11Yk
p6cqBWcf9XK3F4YeUFypvU2j/ibyFSoSqG1MDEAkjRLIHUMEBr/nko8sfcMwvSPr
6sm+fuAOxuaROFFjRUIaMkulJiUWNK+Hy7M+cMTVN/ctArFcXuMTOZVKM/7RpVYl
dDmnoMhSH0g9piyKJiKsGRHHNg==
-----END CERTIFICATE-----