Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lNnzwxQCQ3MEQgvON5k41X2IR60.roa
File:                     lNnzwxQCQ3MEQgvON5k41X2IR60.roa (raw, json)
Hash identifier:          hrsYWLkdUFvqyexRncqMhzuDLNMPXhbgyPEfFKrnznU=
Subject key identifier:   94:D9:F3:C3:14:02:43:73:04:42:0B:CE:37:99:38:D5:7D:88:47:AD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01848F15BA39E23814CB5402E99E5FD4A24D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lNnzwxQCQ3MEQgvON5k41X2IR60.roa
Signing time:             Sat 19 Nov 2022 08:51:16 +0000
ROA not before:           Sat 19 Nov 2022 08:51:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209391
IP address blocks:        2a0e:b107:1c90::/48 maxlen: 48
                          2a10:cc40:1cf::/48 maxlen: 48
                          2a10:cc40:1ca::/48 maxlen: 48
                          2a10:cc40:1c5::/48 maxlen: 48
                          2a10:cc40:1c0::/48 maxlen: 48
                          2a10:cc40:1c3::/48 maxlen: 48
                          2a10:cc40:1ce::/48 maxlen: 48
                          2a10:cc40:1c9::/48 maxlen: 48
                          2a10:cc40:1c4::/48 maxlen: 48
                          2a10:cc40:1c7::/48 maxlen: 48
                          2a10:cc40:1c2::/48 maxlen: 48
                          2a10:cc40:1cd::/48 maxlen: 48
                          2a10:cc40:1c8::/48 maxlen: 48
                          2a10:cc40:1cb::/48 maxlen: 48
                          2a10:cc40:1c6::/48 maxlen: 48
                          2a10:cc40:1c1::/48 maxlen: 48
                          2a10:cc40:1cc::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:8f:15:ba:39:e2:38:14:cb:54:02:e9:9e:5f:d4:a2:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 19 08:51:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=94d9f3c31402437304420bce379938d57d8847ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e7:3c:01:1c:ba:a2:d4:44:bb:d6:69:e3:a7:
                    d4:c3:22:7b:4e:49:e0:18:3d:6f:c6:c5:2f:71:2d:
                    51:64:6c:c2:6b:29:3d:ac:13:6d:89:fd:7b:d3:56:
                    2e:5c:c6:f8:60:a2:8e:2c:ae:a7:04:04:84:fc:6f:
                    80:ed:dd:99:a2:d0:9c:69:29:fb:11:cb:c6:ec:ee:
                    90:a8:56:9a:0b:3d:27:6c:26:4a:c9:2d:f1:9d:c1:
                    f4:ad:20:15:2d:a8:e7:41:30:02:86:f9:c0:e3:a7:
                    45:a6:f1:ed:e6:c8:28:5c:a9:2d:a0:fe:22:c2:fd:
                    81:0a:2e:22:e8:2b:37:bf:aa:03:4d:de:88:89:67:
                    13:a5:e4:79:4d:63:63:6d:83:4d:98:6c:06:61:5c:
                    4b:e5:bf:95:45:a4:21:6c:15:24:c5:74:7e:57:0a:
                    1c:55:d5:fb:6a:97:57:f9:ce:1b:89:ca:75:24:19:
                    74:ce:3d:f0:02:60:de:d2:23:c1:ce:3f:c1:51:dd:
                    3a:ce:e2:a2:ab:96:85:fc:68:4e:e3:58:1c:f0:88:
                    7c:85:3b:82:23:81:2e:41:99:25:c5:52:9d:ff:64:
                    92:8e:ff:42:a7:9c:f7:ef:68:b9:1c:07:12:61:b8:
                    49:c2:cc:d6:0a:ec:e2:44:d8:60:6f:51:2b:ff:dc:
                    fe:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D9:F3:C3:14:02:43:73:04:42:0B:CE:37:99:38:D5:7D:88:47:AD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lNnzwxQCQ3MEQgvON5k41X2IR60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1c90::/48
                  2a10:cc40:1c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1f:aa:61:51:01:57:b2:7d:df:1c:7a:b5:58:95:dc:d1:75:56:
         7b:6f:63:9a:64:b0:8d:80:3f:1a:5c:b1:5b:db:7b:85:e0:ea:
         ad:d7:96:fb:2f:39:1c:ad:ca:23:37:1c:d8:61:cd:3e:8d:2d:
         c6:67:49:e7:73:db:a9:5d:22:6d:d5:da:dc:db:f7:78:0e:96:
         88:57:ca:7c:8d:be:3b:4a:a1:42:4a:d0:79:43:af:ed:7e:34:
         63:62:47:a2:26:ac:10:f8:2f:62:92:e0:b4:00:07:c9:0e:b2:
         52:52:b3:98:75:b7:0c:64:52:96:ce:84:a3:ae:88:42:4f:d3:
         41:75:36:aa:0e:6b:8f:68:e2:89:d2:d0:ec:55:ee:ca:9e:a7:
         e5:0f:50:3a:00:12:75:ab:bd:61:98:ca:24:53:cf:0b:b6:bf:
         af:10:11:fb:86:7b:1d:56:af:c6:eb:32:7d:25:66:c3:8f:79:
         d4:08:c1:25:8d:e0:f1:66:9c:b9:c8:b7:05:07:65:b4:63:e6:
         89:a0:2a:41:ce:db:3f:05:02:86:f4:ed:6d:33:ee:8a:c2:38:
         e0:e5:ee:fe:f6:14:03:ed:74:06:b4:05:4a:60:e5:7a:2f:18:
         e5:54:f0:2e:fd:3b:26:b9:0d:5e:a2:a1:a8:f1:e1:22:ab:fa:
         3e:fe:89:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYSPFbo54jgUy1QC6Z5f1KJNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMTE5MDg1MTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGQ5ZjNjMzE0MDI0MzczMDQ0MjBiY2UzNzk5MzhkNTdkODg0N2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguc8ARy6otREu9Zp46fUwyJ7Tkng
GD1vxsUvcS1RZGzCayk9rBNtif1701YuXMb4YKKOLK6nBASE/G+A7d2ZotCcaSn7
EcvG7O6QqFaaCz0nbCZKyS3xncH0rSAVLajnQTAChvnA46dFpvHt5sgoXKktoP4i
wv2BCi4i6Cs3v6oDTd6IiWcTpeR5TWNjbYNNmGwGYVxL5b+VRaQhbBUkxXR+Vwoc
VdX7apdX+c4bicp1JBl0zj3wAmDe0iPBzj/BUd06zuKiq5aF/GhO41gc8Ih8hTuC
I4EuQZklxVKd/2SSjv9Cp5z372i5HAcSYbhJwszWCuziRNhgb1Er/9z+RwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJTZ88MUAkNzBEILzjeZONV9iEetMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbE5uend4UUNRM01FUWd2T041azQxWDJJUjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBxyQ
AwcEKhDMQAHAMA0GCSqGSIb3DQEBCwUAA4IBAQAfqmFRAVeyfd8cerVYldzRdVZ7
b2OaZLCNgD8aXLFb23uF4Oqt15b7LzkcrcojNxzYYc0+jS3GZ0nnc9upXSJt1drc
2/d4DpaIV8p8jb47SqFCStB5Q6/tfjRjYkeiJqwQ+C9ikuC0AAfJDrJSUrOYdbcM
ZFKWzoSjrohCT9NBdTaqDmuPaOKJ0tDsVe7KnqflD1A6ABJ1q71hmMokU88Ltr+v
EBH7hnsdVq/G6zJ9JWbDj3nUCMEljeDxZpy5yLcFB2W0Y+aJoCpBzts/BQKG9O1t
M+6Kwjjg5e7+9hQD7XQGtAVKYOV6LxjlVPAu/TsmuQ1eoqGo8eEiq/o+/omh
-----END CERTIFICATE-----