Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/z6xkHvx8bywBa-0woDWLqPi7Zy4.roa
File:                     z6xkHvx8bywBa-0woDWLqPi7Zy4.roa (raw, json)
Hash identifier:          nbDf4hPvJj/wONWlTT33TMgkkwhNC4lkSgp0v74sQbQ=
Subject key identifier:   CF:AC:64:1E:FC:7C:6F:2C:01:6B:ED:30:A0:35:8B:A8:F8:BB:67:2E
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       03D8DD68
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/z6xkHvx8bywBa-0woDWLqPi7Zy4.roa
Signing time:             Sat 01 Jan 2022 13:04:04 +0000
ROA not before:           Sat 01 Jan 2022 13:04:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200845
IP address blocks:        89.190.152.0/24 maxlen: 24
                          89.190.152.0/22 maxlen: 22
                          89.190.154.0/24 maxlen: 24
                          89.190.153.0/24 maxlen: 24
                          89.190.155.0/24 maxlen: 24
                          185.28.51.0/24 maxlen: 24
                          185.231.186.0/24 maxlen: 24
                          185.231.187.0/24 maxlen: 24
                          185.246.15.0/24 maxlen: 24
                          185.246.14.0/24 maxlen: 24
                          185.246.13.0/24 maxlen: 24
                          185.246.12.0/24 maxlen: 24
                          185.244.231.0/24 maxlen: 24
                          185.244.230.0/24 maxlen: 24
                          185.244.229.0/24 maxlen: 24
                          185.244.228.0/24 maxlen: 24
                          31.15.7.0/24 maxlen: 24
                          31.15.6.0/24 maxlen: 24
                          31.15.5.0/24 maxlen: 24
                          80.66.122.0/24 maxlen: 24
                          194.32.112.0/24 maxlen: 24
                          194.32.115.0/24 maxlen: 24
                          194.32.114.0/24 maxlen: 24
                          194.32.113.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64544104 (0x3d8dd68)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 13:04:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cfac641efc7c6f2c016bed30a0358ba8f8bb672e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cc:77:f1:b6:39:83:ef:3e:65:61:a0:d1:bf:
                    7c:b0:3c:5a:c1:c7:90:fe:c3:e5:ed:3a:82:e7:1a:
                    d6:e4:1a:9c:71:7d:2c:4c:cf:d3:51:08:c8:e5:c2:
                    96:66:e3:40:f4:02:ee:cc:00:88:f6:bc:83:d1:7e:
                    c1:2c:81:d6:37:75:51:5b:9d:44:b8:f5:52:60:90:
                    f4:12:c3:b3:dc:22:73:34:07:d8:6e:dd:04:a3:4a:
                    8e:1c:50:01:a0:e2:99:27:56:2c:82:62:6b:14:29:
                    70:da:f9:d1:d4:25:a2:b9:d3:6b:71:47:ff:74:21:
                    bc:2e:03:81:68:82:33:8f:e6:40:a2:34:53:9a:09:
                    49:fb:fc:61:1f:33:9e:71:ec:63:5c:85:76:00:8d:
                    74:17:1c:65:5c:9f:02:51:85:c8:e2:3c:e2:2a:53:
                    9a:5c:1f:ad:6d:77:4a:65:3c:c0:48:64:db:bf:d3:
                    52:4f:41:ac:ca:a9:94:bd:ba:92:bb:f8:61:f8:cc:
                    9b:94:6f:73:9d:ae:91:07:43:a0:fc:d5:6d:30:c0:
                    79:4a:69:69:b1:36:fb:d3:c8:4c:8e:8c:18:9e:2d:
                    1b:0f:d7:d2:ac:8c:c9:90:d8:9e:4e:67:9f:27:63:
                    b9:bb:0f:7c:6f:45:ca:6a:3e:ad:9c:6e:73:c3:f9:
                    56:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:AC:64:1E:FC:7C:6F:2C:01:6B:ED:30:A0:35:8B:A8:F8:BB:67:2E
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/z6xkHvx8bywBa-0woDWLqPi7Zy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.5.0-31.15.7.255
                  80.66.122.0/24
                  89.190.152.0/22
                  185.28.51.0/24
                  185.231.186.0/23
                  185.244.228.0/22
                  185.246.12.0/22
                  194.32.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:f0:0c:94:c8:3c:9f:fd:dd:5d:be:23:ef:86:ed:57:4b:e5:
         e0:3c:a1:55:09:28:67:a0:db:a9:22:50:8a:24:66:b7:c2:d6:
         bc:ac:49:d6:12:b2:8a:56:27:aa:e3:cb:99:73:a6:f6:8e:85:
         59:f2:82:d4:cd:33:0c:bf:29:18:a2:3c:fd:c1:69:16:78:94:
         5d:81:2e:aa:72:a5:92:ed:77:c4:d3:c3:c4:bd:0b:be:22:f2:
         fb:2d:2a:7d:83:c0:83:cb:4d:f6:eb:06:60:8e:45:da:64:37:
         e0:1c:d9:2e:98:db:3b:d1:29:15:67:8f:84:66:17:da:f1:8f:
         ec:6f:b3:2d:ec:46:bc:bc:56:31:62:21:a0:bd:ae:18:bd:e8:
         a5:f1:0a:51:50:bf:87:59:0f:60:d5:64:64:6e:b9:92:36:da:
         51:20:e3:67:01:59:2b:86:87:7e:14:e7:40:92:7d:7d:7d:c0:
         d9:d5:05:d7:2d:fd:4e:0f:93:a1:7d:40:5c:7a:00:56:a1:db:
         2d:49:4a:be:de:52:33:c5:ed:72:c4:8e:55:a0:8a:c2:2b:0c:
         57:6a:8f:60:63:04:8d:90:61:4d:a8:19:14:fb:f4:74:dc:25:
         b9:20:3a:9a:33:84:df:cc:bb:d4:3b:96:92:93:c5:ed:a0:06:
         41:9d:cb:a4
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEA9jdaDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NTM0YzQ5ZmNmYThhNDUwNDFkOTVlZDRkOGQ0ZmM2OWM3MjdhNDY3MB4XDTIyMDEw
MTEzMDQwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2ZhYzY0MWVmYzdj
NmYyYzAxNmJlZDMwYTAzNThiYThmOGJiNjcyZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALzMd/G2OYPvPmVhoNG/fLA8WsHHkP7D5e06guca1uQanHF9
LEzP01EIyOXClmbjQPQC7swAiPa8g9F+wSyB1jd1UVudRLj1UmCQ9BLDs9wiczQH
2G7dBKNKjhxQAaDimSdWLIJiaxQpcNr50dQlornTa3FH/3QhvC4DgWiCM4/mQKI0
U5oJSfv8YR8znnHsY1yFdgCNdBccZVyfAlGFyOI84ipTmlwfrW13SmU8wEhk27/T
Uk9BrMqplL26krv4YfjMm5Rvc52ukQdDoPzVbTDAeUppabE2+9PITI6MGJ4tGw/X
0qyMyZDYnk5nnydjubsPfG9Fymo+rZxuc8P5VkcCAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBTPrGQe/HxvLAFr7TCgNYuo+LtnLjAfBgNVHSMEGDAWgBQFNMSfz6ikUEHZ
XtTY1PxpxyekZzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JUVEVuOC1vcEZCQjJWN1UyTlQ4YWNjbnBHYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWEvMGNjYmRhLWQ2ZjEtNDUyNy04MTA2LWNkN2UwNmNiYjUzMS8x
L3o2eGtIdng4Ynl3QmEtMHdvRFdMcVBpN1p5NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWEv
MGNjYmRhLWQ2ZjEtNDUyNy04MTA2LWNkN2UwNmNiYjUzMS8xL0JUVEVuOC1vcEZC
QjJWN1UyTlQ4YWNjbnBHYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwODAMAwQAHw8FAwQDHw8AAwQAUEJ6AwQC
Wb6YAwQAuRwzAwQBuee6AwQCufTkAwQCufYMAwQCwiBwMA0GCSqGSIb3DQEBCwUA
A4IBAQAi8AyUyDyf/d1dviPvhu1XS+XgPKFVCShnoNupIlCKJGa3wta8rEnWErKK
Vieq48uZc6b2joVZ8oLUzTMMvykYojz9wWkWeJRdgS6qcqWS7XfE08PEvQu+IvL7
LSp9g8CDy0326wZgjkXaZDfgHNkumNs70SkVZ4+EZhfa8Y/sb7Mt7Ea8vFYxYiGg
va4Yveil8QpRUL+HWQ9g1WRkbrmSNtpRIONnAVkrhod+FOdAkn19fcDZ1QXXLf1O
D5OhfUBcegBWodstSUq+3lIzxe1yxI5VoIrCKwxXao9gYwSNkGFNqBkU+/R03CW5
IDqaM4TfzLvUO5aSk8XtoAZBncuk
-----END CERTIFICATE-----