Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ud35Z1n3oOk8JH02kv8lQFcDQbA.roa
File:                     ud35Z1n3oOk8JH02kv8lQFcDQbA.roa (raw, json)
Hash identifier:          gfTkm3TX8UmjGtz2nm2BrD6yie8Tkl3WFyy+YJZp8ho=
Subject key identifier:   B9:DD:F9:67:59:F7:A0:E9:3C:24:7D:36:92:FF:25:40:57:03:41:B0
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01848F9F103783CB94081167A0E987A96500
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ud35Z1n3oOk8JH02kv8lQFcDQbA.roa
Signing time:             Sat 19 Nov 2022 11:21:17 +0000
ROA not before:           Sat 19 Nov 2022 11:21:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:1b9e::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b102:12f::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:8f:9f:10:37:83:cb:94:08:11:67:a0:e9:87:a9:65:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 19 11:21:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b9ddf96759f7a0e93c247d3692ff2540570341b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2e:7d:04:c7:5b:36:9c:51:4e:63:c6:ad:91:
                    19:ea:49:b0:ab:be:e2:5f:f9:51:50:e8:01:1b:af:
                    95:6b:71:95:70:bb:e1:09:a7:6f:4f:1e:5f:91:cd:
                    9b:8b:66:6c:87:ab:9c:66:9f:dc:d8:2b:1e:f7:54:
                    b4:3d:97:0c:06:40:0e:4d:7d:bb:a4:a5:64:7b:19:
                    14:c3:e0:a8:60:e4:9b:71:9b:dd:fa:d9:12:66:34:
                    d0:3e:da:0a:f6:e9:f2:de:0a:37:c1:ec:34:66:1f:
                    d3:4b:f7:c9:d6:f5:f0:0d:e5:ae:1f:03:5d:d9:c8:
                    a7:e3:02:9f:71:3e:58:c7:9d:ba:a0:34:ac:73:b9:
                    81:f0:7f:03:13:f6:fe:ae:00:85:c5:98:12:f5:f4:
                    d8:59:67:b5:c3:c2:8c:dd:66:25:e7:46:a6:21:c8:
                    cc:25:00:6f:63:ed:a2:2e:66:27:60:c1:2c:bc:44:
                    67:2b:29:b6:7a:fd:f8:7a:25:47:77:0d:bb:3d:58:
                    09:fd:1c:25:fe:36:08:23:31:92:5f:9e:98:0f:58:
                    6c:0a:8b:0c:69:ac:7b:7c:72:ae:63:af:13:7d:74:
                    47:f3:e0:07:1a:99:57:ba:9c:79:1b:10:56:9b:53:
                    71:08:97:7c:08:62:3d:f8:0a:45:36:39:52:6d:d5:
                    23:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:DD:F9:67:59:F7:A0:E9:3C:24:7D:36:92:FF:25:40:57:03:41:B0
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ud35Z1n3oOk8JH02kv8lQFcDQbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:b102:12f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a0e:b107:1b9e::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:a8:19:ff:7c:e9:8a:8a:de:b3:cb:03:89:e8:dd:5c:d0:b1:
         d0:4a:b6:f6:0b:d3:9a:e3:0e:b3:d6:d8:b4:4b:73:63:5c:f2:
         34:d3:16:a9:33:5e:74:42:dc:86:cd:88:48:94:15:3a:65:6d:
         a8:16:d8:ba:da:1b:11:d4:a3:ce:94:69:cd:8a:9b:56:4f:18:
         de:90:c9:70:27:ea:78:0f:41:85:96:2e:d7:ca:f2:36:35:bb:
         ba:dc:15:ad:e9:a0:57:24:15:2a:84:0c:db:5e:c1:f6:7e:b9:
         a7:00:76:e3:a4:11:00:f8:2c:2d:23:af:15:10:7f:72:90:da:
         fc:83:36:fa:7b:dd:67:fc:1a:87:86:93:38:03:08:8f:56:e6:
         86:df:4b:cf:45:d1:ea:e8:c6:05:db:cf:c7:63:ef:0c:78:cb:
         1a:3b:8b:ed:f5:90:05:85:14:35:c8:40:64:d8:97:71:95:f2:
         33:56:39:0f:e0:8b:88:df:b2:9a:e1:ad:ae:f3:f6:00:82:0c:
         43:57:3f:0c:b8:9d:47:df:f5:54:5b:8e:98:49:30:ed:4e:3b:
         4e:71:58:5e:8c:2e:5a:f2:68:a8:4c:97:cc:4f:44:05:9e:89:
         76:c5:d4:7c:77:9b:80:59:b3:87:d3:be:59:1f:c2:10:24:8f:
         4b:13:80:59
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISAYSPnxA3g8uUCBFnoOmHqWUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMTE5MTEyMTE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWRkZjk2NzU5ZjdhMGU5M2MyNDdkMzY5MmZmMjU0MDU3MDM0MWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmC59BMdbNpxRTmPGrZEZ6kmwq77i
X/lRUOgBG6+Va3GVcLvhCadvTx5fkc2bi2Zsh6ucZp/c2Cse91S0PZcMBkAOTX27
pKVkexkUw+CoYOSbcZvd+tkSZjTQPtoK9uny3go3wew0Zh/TS/fJ1vXwDeWuHwNd
2cin4wKfcT5Yx526oDSsc7mB8H8DE/b+rgCFxZgS9fTYWWe1w8KM3WYl50amIcjM
JQBvY+2iLmYnYMEsvERnKym2ev34eiVHdw27PVgJ/Rwl/jYIIzGSX56YD1hsCosM
aax7fHKuY68TfXRH8+AHGplXupx5GxBWm1NxCJd8CGI9+ApFNjlSbdUj1wIDAQAB
o4ICfDCCAngwHQYDVR0OBBYEFLnd+WdZ96DpPCR9NpL/JUBXA0GwMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdWQzNVoxbjNvT2s4SkgwMmt2OGxRRmNEUWJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGRBggrBgEFBQcBBwEB/wSBgTB/MH0EAgACMHcDBwAqDpfA
BzYDBwAqDpfABz8DBwAqDpfAB1ADBwAqDpfAB28DBwAqDrECAS8wEgMHBCoOsQcF
0AMHBCoOsQcF4AMHBCoOsQcJAAMHACoOsQcJ9AMHACoOsQcJ9gMHACoOsQcN8gMH
ACoOsQcYcAMHACoOsQcbnjANBgkqhkiG9w0BAQsFAAOCAQEAragZ/3zpiores8sD
iejdXNCx0Eq29gvTmuMOs9bYtEtzY1zyNNMWqTNedELchs2ISJQVOmVtqBbYutob
EdSjzpRpzYqbVk8Y3pDJcCfqeA9BhZYu18ryNjW7utwVremgVyQVKoQM217B9n65
pwB246QRAPgsLSOvFRB/cpDa/IM2+nvdZ/wah4aTOAMIj1bmht9Lz0XR6ujGBdvP
x2PvDHjLGjuL7fWQBYUUNchAZNiXcZXyM1Y5D+CLiN+ymuGtrvP2AIIMQ1c/DLid
R9/1VFuOmEkw7U47TnFYXowuWvJoqEyXzE9EBZ6JdsXUfHebgFmzh9O+WR/CECSP
SxOAWQ==
-----END CERTIFICATE-----