Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/HFSUJQtkxWvHCf94HK5RTCe9SIA.roa
File:                     HFSUJQtkxWvHCf94HK5RTCe9SIA.roa (raw, json)
Hash identifier:          qfhz4dwhmuVm/goKeuf7NpY6lMzwGO8aONbjVtiBjZ0=
Subject key identifier:   1C:54:94:25:0B:64:C5:6B:C7:09:FF:78:1C:AE:51:4C:27:BD:48:80
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       0183EAEEA48C5B636998178E8AEA0D617A3D
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/HFSUJQtkxWvHCf94HK5RTCe9SIA.roa
Signing time:             Tue 18 Oct 2022 11:50:51 +0000
ROA not before:           Tue 18 Oct 2022 11:50:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39150
IP address blocks:        95.85.85.0/24 maxlen: 24
                          95.85.83.0/24 maxlen: 24
                          91.196.139.0/24 maxlen: 24
                          91.196.138.0/24 maxlen: 24
                          91.196.137.0/24 maxlen: 24
                          91.196.136.0/24 maxlen: 24
                          109.196.133.0/24 maxlen: 24
                          93.179.121.0/24 maxlen: 24
                          195.182.8.0/24 maxlen: 24
                          93.179.68.0/23 maxlen: 23
                          93.179.66.0/24 maxlen: 24
                          95.181.212.0/23 maxlen: 23
                          2a04:8680::/32 maxlen: 32
                          2a09:d5c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ea:ee:a4:8c:5b:63:69:98:17:8e:8a:ea:0d:61:7a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Oct 18 11:50:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1c5494250b64c56bc709ff781cae514c27bd4880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:dd:c9:6f:bf:c3:e3:04:f7:37:30:62:1d:07:
                    09:26:37:b7:48:79:db:43:d9:1f:84:c7:7c:45:ea:
                    a6:ea:f2:68:e4:69:67:17:06:33:81:7b:d6:9a:61:
                    af:cc:47:28:c7:59:a5:47:c4:bc:fa:8d:26:17:01:
                    6d:ec:2f:ac:b7:61:90:3b:54:44:7e:99:e0:ef:af:
                    c0:3e:1d:b1:68:5a:c7:bf:44:50:55:29:c5:d8:fa:
                    69:d0:8b:04:e7:7b:83:52:c5:cd:1a:2f:c4:72:39:
                    33:18:1f:02:73:e1:30:ae:ee:10:25:26:03:db:fc:
                    68:27:ff:67:07:b5:bc:99:c5:45:1f:c5:3c:91:65:
                    ad:f1:9d:34:3a:e5:c2:33:da:ad:4d:c8:70:75:1a:
                    2a:39:5d:5b:6e:64:4e:8b:e3:d4:cb:10:1b:01:25:
                    f3:c5:87:d0:be:58:c2:42:19:e4:72:cc:ce:5c:f1:
                    99:a9:e7:bf:bf:6e:26:dd:36:f1:8e:71:00:dc:8c:
                    75:86:71:7d:ab:f6:66:66:4c:97:c2:d4:36:d2:51:
                    5f:1b:84:2d:c0:01:4a:99:c9:b0:5b:4c:ba:3a:b5:
                    cb:e2:68:9a:26:d9:f2:93:a5:5c:66:51:c3:88:03:
                    62:38:1a:3a:21:0f:ce:4c:9d:71:cd:cf:be:f1:56:
                    12:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:54:94:25:0B:64:C5:6B:C7:09:FF:78:1C:AE:51:4C:27:BD:48:80
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/HFSUJQtkxWvHCf94HK5RTCe9SIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.136.0/22
                  93.179.66.0/24
                  93.179.68.0/23
                  93.179.121.0/24
                  95.85.83.0/24
                  95.85.85.0/24
                  95.181.212.0/23
                  109.196.133.0/24
                  195.182.8.0/24
                IPv6:
                  2a04:8680::/32
                  2a09:d5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:aa:7d:55:4b:f2:f2:3c:16:a8:ad:11:b6:04:16:07:bf:e8:
         3f:0a:e9:0a:54:24:eb:cb:d3:d5:9e:31:47:7a:d8:97:cc:3d:
         25:92:26:75:13:52:ba:10:db:e6:08:78:37:4b:cf:a8:f1:e6:
         9a:c5:e9:ba:5e:40:75:6b:35:58:e2:5e:2e:0b:35:2d:15:11:
         b1:19:e4:f5:18:7e:6c:a4:67:7f:60:b3:34:89:fe:ae:39:ef:
         da:31:2e:20:af:d4:18:19:0c:3d:bf:06:1e:5b:67:a2:32:a6:
         e7:5a:e7:31:46:c8:38:1a:06:3f:23:31:a6:a3:ad:ff:6e:7b:
         05:02:df:f3:5e:04:85:84:6b:ce:40:c2:78:10:17:62:32:59:
         8c:23:17:d5:c7:42:33:72:78:b2:7a:40:3d:65:06:4a:96:20:
         01:f6:f2:49:69:2a:f5:5e:c1:73:6c:83:4f:4e:da:7e:98:16:
         be:ba:5e:e2:df:b9:6e:09:23:d7:e8:62:80:ab:a8:fc:08:c4:
         55:39:c0:c4:99:86:52:60:cc:c8:d9:ae:19:97:76:47:76:45:
         05:5c:cc:c8:ef:6e:1c:e5:dd:a6:c7:87:37:2d:50:3c:d6:2c:
         f2:ed:7b:09:55:2c:66:03:f9:22:a6:1b:b8:a5:9a:6d:09:14:
         01:44:98:ab
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYPq7qSMW2NpmBeOiuoNYXo9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjIxMDE4MTE1MDUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzU0OTQyNTBiNjRjNTZiYzcwOWZmNzgxY2FlNTE0YzI3YmQ0ODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3N3Jb7/D4wT3NzBiHQcJJje3SHnb
Q9kfhMd8Reqm6vJo5GlnFwYzgXvWmmGvzEcox1mlR8S8+o0mFwFt7C+st2GQO1RE
fpng76/APh2xaFrHv0RQVSnF2Ppp0IsE53uDUsXNGi/EcjkzGB8Cc+Ewru4QJSYD
2/xoJ/9nB7W8mcVFH8U8kWWt8Z00OuXCM9qtTchwdRoqOV1bbmROi+PUyxAbASXz
xYfQvljCQhnkcszOXPGZqee/v24m3TbxjnEA3Ix1hnF9q/ZmZkyXwtQ20lFfG4Qt
wAFKmcmwW0y6OrXL4miaJtnyk6VcZlHDiANiOBo6IQ/OTJ1xzc++8VYSawIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFBxUlCULZMVrxwn/eByuUUwnvUiAMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvSEZTVUpRdGt4V3ZIQ2Y5NEhLNVJUQ2U5U0lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQCW8SIAwQA
XbNCAwQBXbNEAwQAXbN5AwQAX1VTAwQAX1VVAwQBX7XUAwQAbcSFAwQAw7YIMBQE
AgACMA4DBQAqBIaAAwUAKgnVwDANBgkqhkiG9w0BAQsFAAOCAQEACqp9VUvy8jwW
qK0RtgQWB7/oPwrpClQk68vT1Z4xR3rYl8w9JZImdRNSuhDb5gh4N0vPqPHmmsXp
ul5AdWs1WOJeLgs1LRURsRnk9Rh+bKRnf2CzNIn+rjnv2jEuIK/UGBkMPb8GHltn
ojKm51rnMUbIOBoGPyMxpqOt/257BQLf814EhYRrzkDCeBAXYjJZjCMX1cdCM3J4
snpAPWUGSpYgAfbySWkq9V7Bc2yDT07afpgWvrpe4t+5bgkj1+higKuo/AjEVTnA
xJmGUmDMyNmuGZd2R3ZFBVzMyO9uHOXdpseHNy1QPNYs8u17CVUsZgP5IqYbuKWa
bQkUAUSYqw==
-----END CERTIFICATE-----