Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/f_Wkv7_taS7q8-sq30abTepH1po.roa
File:                     f_Wkv7_taS7q8-sq30abTepH1po.roa (raw, json)
Hash identifier:          1Ik3CxUcZ+zBVqzR5AMAyZRqGOByDQpNmPYGveWdBnk=
Subject key identifier:   7F:F5:A4:BF:BF:ED:69:2E:EA:F3:EB:2A:DF:46:9B:4D:EA:47:D6:9A
Certificate issuer:       /CN=e842a46658c1d01bac8d43961c6b49e788e3ccc3
Certificate serial:       0184E6EBC05F801EE39354187A843E439BE3
Authority key identifier: E8:42:A4:66:58:C1:D0:1B:AC:8D:43:96:1C:6B:49:E7:88:E3:CC:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EKkZljB0BusjUOWHGtJ54jjzMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/f_Wkv7_taS7q8-sq30abTepH1po.roa
Signing time:             Tue 06 Dec 2022 10:12:00 +0000
ROA not before:           Tue 06 Dec 2022 10:12:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200148
IP address blocks:        185.52.112.0/22 maxlen: 24
                          185.53.192.0/22 maxlen: 24
                          185.36.128.0/22 maxlen: 24
                          5.180.236.0/22 maxlen: 24
                          185.138.216.0/22 maxlen: 24
                          185.127.36.0/22 maxlen: 24
                          194.55.148.0/22 maxlen: 24
                          188.94.80.0/22 maxlen: 24
                          185.100.176.0/22 maxlen: 24
                          2.59.16.0/22 maxlen: 24
                          212.102.110.0/24 maxlen: 24
                          185.251.136.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e6:eb:c0:5f:80:1e:e3:93:54:18:7a:84:3e:43:9b:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e842a46658c1d01bac8d43961c6b49e788e3ccc3
        Validity
            Not Before: Dec  6 10:12:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7ff5a4bfbfed692eeaf3eb2adf469b4dea47d69a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7f:d1:44:ca:81:bd:05:db:21:54:fb:f2:10:
                    72:84:90:07:c8:79:f1:26:9e:3b:02:02:9d:74:68:
                    cd:f1:f7:cb:a7:f3:5c:60:fe:73:7a:cb:97:44:9e:
                    2f:a4:bf:f7:43:4e:99:82:77:f9:52:ca:1c:6b:d2:
                    83:49:75:fc:75:da:da:b6:81:76:34:ed:10:25:b6:
                    80:6f:b4:ea:55:cd:65:9d:d6:0b:58:5b:7c:b4:ec:
                    62:65:6b:b2:45:94:65:11:af:b4:89:46:73:3b:1c:
                    6a:1b:c4:b1:08:0e:84:83:21:33:7d:cc:bc:de:95:
                    f9:54:e5:79:ba:55:b5:e8:b4:f8:8c:19:1d:27:c1:
                    b4:f4:83:df:35:73:17:3c:51:34:66:3a:41:a1:c8:
                    12:40:2a:56:6e:61:75:ab:ba:83:f5:94:de:3c:38:
                    e4:63:16:96:dc:cf:5e:5a:3b:bf:11:d0:88:74:99:
                    86:94:b7:0d:18:b3:1b:78:d2:4f:71:ef:3f:ad:ae:
                    e3:d1:d5:c0:94:d7:d7:67:1b:a0:75:b3:a3:96:a7:
                    f6:40:da:47:03:47:86:57:f1:60:da:2a:04:c0:0c:
                    47:bf:11:f4:dc:8f:43:0b:2e:a8:a6:36:87:c9:bb:
                    ba:e8:6a:99:68:b5:f9:33:12:8b:f5:52:56:27:47:
                    8c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F5:A4:BF:BF:ED:69:2E:EA:F3:EB:2A:DF:46:9B:4D:EA:47:D6:9A
            X509v3 Authority Key Identifier:
                keyid:E8:42:A4:66:58:C1:D0:1B:AC:8D:43:96:1C:6B:49:E7:88:E3:CC:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EKkZljB0BusjUOWHGtJ54jjzMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/f_Wkv7_taS7q8-sq30abTepH1po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/6EKkZljB0BusjUOWHGtJ54jjzMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.16.0/22
                  5.180.236.0/22
                  185.36.128.0/22
                  185.52.112.0/22
                  185.53.192.0/22
                  185.100.176.0/22
                  185.127.36.0/22
                  185.138.216.0/22
                  185.251.136.0/22
                  188.94.80.0/22
                  194.55.148.0/22
                  212.102.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:17:53:15:4b:59:57:ed:82:a4:f3:13:50:96:2b:69:25:0e:
         e6:0e:8f:2a:d3:4e:22:d6:fa:41:fc:c3:e1:2a:85:e8:9c:fa:
         0a:89:b5:c4:0a:f6:d7:5f:df:2f:8c:ec:f4:50:dc:74:a0:99:
         95:21:c0:b8:55:7a:3b:59:53:20:8b:4b:02:cc:44:c7:2b:e7:
         ee:9b:57:53:e2:8e:d2:4a:9e:48:3d:2f:d1:7e:e4:9f:a7:ff:
         70:a8:f5:f8:b9:0a:dd:f9:76:89:44:25:bd:ea:dd:66:6e:d7:
         20:b2:5b:56:c4:ef:f8:cf:42:02:24:cc:4e:94:e3:0b:23:9a:
         78:d0:5a:91:04:4a:2f:85:13:9b:25:a6:72:87:07:e1:e2:2c:
         9e:79:fb:e4:04:7e:e2:8c:cc:55:9a:ac:96:b3:b0:e1:9f:53:
         7f:ec:a5:eb:93:52:6d:b1:54:50:07:3f:7f:ef:49:f5:bc:2f:
         df:05:72:e8:a8:4f:9a:82:74:a6:80:c7:23:ef:c0:cc:5e:bc:
         0b:0b:1c:cc:dd:7a:c8:6d:c5:27:dc:55:37:50:bd:0c:8a:ea:
         66:b1:7a:b4:31:9f:b6:28:98:82:f2:c6:24:3f:ac:ea:e8:07:
         cd:95:3e:4b:d8:1c:a6:90:d1:02:58:a7:77:c8:16:bd:f2:1b:
         5c:73:37:5c
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYTm68BfgB7jk1QYeoQ+Q5vjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDJhNDY2NThjMWQwMWJhYzhkNDM5NjFjNmI0OWU3ODhl
M2NjYzMwHhcNMjIxMjA2MTAxMjAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmY1YTRiZmJmZWQ2OTJlZWFmM2ViMmFkZjQ2OWI0ZGVhNDdkNjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsH/RRMqBvQXbIVT78hByhJAHyHnx
Jp47AgKddGjN8ffLp/NcYP5zesuXRJ4vpL/3Q06Zgnf5Usoca9KDSXX8ddratoF2
NO0QJbaAb7TqVc1lndYLWFt8tOxiZWuyRZRlEa+0iUZzOxxqG8SxCA6EgyEzfcy8
3pX5VOV5ulW16LT4jBkdJ8G09IPfNXMXPFE0ZjpBocgSQCpWbmF1q7qD9ZTePDjk
YxaW3M9eWju/EdCIdJmGlLcNGLMbeNJPce8/ra7j0dXAlNfXZxugdbOjlqf2QNpH
A0eGV/Fg2ioEwAxHvxH03I9DCy6opjaHybu66GqZaLX5MxKL9VJWJ0eMgQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFH/1pL+/7Wku6vPrKt9Gm03qR9aaMB8GA1UdIwQY
MBaAFOhCpGZYwdAbrI1DlhxrSeeI48zDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVLa1psakIwQnVzalVPV0hHdEo1NGpqek1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9jZDA5MmUtNmJlYi00MDM3LThhNWEt
ZmFlOGQ0MmFlNWU1LzEvZl9Xa3Y3X3RhUzdxOC1zcTMwYWJUZXBIMXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9jZDA5MmUtNmJlYi00MDM3LThhNWEtZmFlOGQ0MmFlNWU1
LzEvNkVLa1psakIwQnVzalVPV0hHdEo1NGpqek1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCAjsQAwQC
BbTsAwQCuSSAAwQCuTRwAwQCuTXAAwQCuWSwAwQCuX8kAwQCuYrYAwQCufuIAwQC
vF5QAwQCwjeUAwQA1GZuMA0GCSqGSIb3DQEBCwUAA4IBAQCbF1MVS1lX7YKk8xNQ
litpJQ7mDo8q004i1vpB/MPhKoXonPoKibXECvbXX98vjOz0UNx0oJmVIcC4VXo7
WVMgi0sCzETHK+fum1dT4o7SSp5IPS/RfuSfp/9wqPX4uQrd+XaJRCW96t1mbtcg
sltWxO/4z0ICJMxOlOMLI5p40FqRBEovhRObJaZyhwfh4iyeefvkBH7ijMxVmqyW
s7Dhn1N/7KXrk1JtsVRQBz9/70n1vC/fBXLoqE+agnSmgMcj78DMXrwLCxzM3XrI
bcUn3FU3UL0MiupmsXq0MZ+2KJiC8sYkP6zq6AfNlT5L2BymkNECWKd3yBa98htc
czdc
-----END CERTIFICATE-----