Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/GsAm6deGUo8XtCzJ8ZSmYFjWpM0.roa
File:                     GsAm6deGUo8XtCzJ8ZSmYFjWpM0.roa (raw, json)
Hash identifier:          E4LNOVXCUewTFVjZT7AVF7mIAqRjOMXTOGMapxCRIUM=
Subject key identifier:   1A:C0:26:E9:D7:86:52:8F:17:B4:2C:C9:F1:94:A6:60:58:D6:A4:CD
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       E048A8
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/GsAm6deGUo8XtCzJ8ZSmYFjWpM0.roa
Signing time:             Fri 01 Apr 2022 01:11:38 +0000
ROA not before:           Fri 01 Apr 2022 01:11:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211398
IP address blocks:        2001:678:f30::/48 maxlen: 48
                          2a12:4940::/32 maxlen: 48
                          2a12:4946:46::/48 maxlen: 48
                          2a12:4942::/31 maxlen: 48
                          2a12:4946:1655::/48 maxlen: 48
                          2a12:4946:3005::/48 maxlen: 48
                          2a12:4946:6960::/44 maxlen: 48
                          2a12:4946:1600::/48 maxlen: 48
                          2a12:4946:1700::/48 maxlen: 48
                          2a12:4946:1800::/48 maxlen: 48
                          2a12:4946:1900::/48 maxlen: 48
                          2a12:4946:1650::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14698664 (0xe048a8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Apr  1 01:11:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1ac026e9d786528f17b42cc9f194a66058d6a4cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:70:25:9a:90:87:cf:cf:f0:22:e8:27:3c:59:
                    66:db:86:19:31:3f:68:88:19:98:0b:96:f0:6b:bb:
                    8f:55:40:9a:ff:ee:88:3b:a9:f4:9e:ed:aa:ab:23:
                    e3:9c:c7:8c:3f:d6:45:9a:46:08:90:6a:74:c3:3a:
                    22:cf:18:ab:40:05:d3:a9:ff:b0:bd:80:23:01:a4:
                    0a:09:b6:48:06:dc:cb:4e:6b:8b:0a:16:1d:e6:80:
                    8d:75:13:c0:99:10:6d:31:e3:1a:e5:9f:c1:93:11:
                    ab:fc:a8:17:e5:18:2f:3d:90:65:47:b4:50:8f:30:
                    70:f2:00:54:28:4e:09:a4:40:e2:68:fd:25:70:f1:
                    5d:52:30:8f:34:83:46:2c:ad:e6:1c:c8:89:af:ac:
                    d9:14:16:14:d8:1a:1d:52:df:e7:76:91:7f:ea:9e:
                    86:16:59:66:33:28:39:05:6e:a8:d2:c4:61:a9:c9:
                    fe:98:9e:23:62:fc:79:4e:cb:3a:78:d4:65:a4:31:
                    38:a5:0a:73:58:a9:38:01:79:19:e7:be:ce:bf:39:
                    4b:be:73:bf:4d:78:b9:d0:34:9d:c3:a6:08:fe:55:
                    25:ec:3c:41:cc:f5:03:ff:b5:2f:8f:8f:e6:9b:8a:
                    05:55:75:f8:fd:54:62:27:e5:32:2e:a1:4e:a3:ea:
                    0d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:C0:26:E9:D7:86:52:8F:17:B4:2C:C9:F1:94:A6:60:58:D6:A4:CD
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/GsAm6deGUo8XtCzJ8ZSmYFjWpM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f30::/48
                  2a12:4940::/32
                  2a12:4942::/31
                  2a12:4946:46::/48
                  2a12:4946:1600::/48
                  2a12:4946:1650::/48
                  2a12:4946:1655::/48
                  2a12:4946:1700::/48
                  2a12:4946:1800::/48
                  2a12:4946:1900::/48
                  2a12:4946:3005::/48
                  2a12:4946:6960::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:a3:5a:53:92:d3:75:62:db:a2:a8:0a:8b:e3:01:25:f6:0f:
         f1:ed:47:2c:bc:e1:11:2a:99:2a:4d:f8:db:da:4e:43:de:40:
         ef:9f:44:63:5e:f8:04:dc:67:3c:f6:18:a9:8a:90:e4:3a:0f:
         c7:b3:ce:64:ae:32:41:c4:74:9b:c0:9e:f6:65:7c:ed:8d:8e:
         e4:df:ec:b9:4a:40:c6:6d:01:f6:12:25:bb:72:83:15:d4:13:
         06:63:15:ce:c7:f3:57:3f:95:89:97:bb:85:28:68:a4:3e:c1:
         23:4f:61:a4:1d:2f:91:13:55:7b:fc:4b:e1:4d:04:7f:77:92:
         79:e8:94:b2:8d:16:74:6b:3b:99:e3:66:55:35:1b:86:65:c1:
         d5:98:91:ad:f3:da:3d:76:b9:08:62:dd:ac:58:5b:ab:6d:14:
         3c:a4:eb:cc:f8:aa:13:e7:4d:2c:1c:38:1a:1d:0f:cc:58:83:
         1f:fd:37:58:7b:fd:ce:7a:42:6c:6f:da:a7:0a:29:8d:71:95:
         fa:74:46:6a:16:e2:a4:13:35:08:c3:51:58:e6:9c:20:af:66:
         75:05:4e:92:28:df:40:0e:da:e1:f3:73:39:26:db:3c:ae:cf:
         6c:27:33:62:98:87:39:0f:f7:47:be:cb:fd:c9:27:1a:16:11:
         8e:67:03:7b
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgIEAOBIqDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
NDYzOTVjMTI2NzJhZDk1ODkyMWI2MmI5ZGM5YjJiY2Q4YTY4YTlmMB4XDTIyMDQw
MTAxMTEzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWFjMDI2ZTlkNzg2
NTI4ZjE3YjQyY2M5ZjE5NGE2NjA1OGQ2YTRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMZwJZqQh8/P8CLoJzxZZtuGGTE/aIgZmAuW8Gu7j1VAmv/u
iDup9J7tqqsj45zHjD/WRZpGCJBqdMM6Is8Yq0AF06n/sL2AIwGkCgm2SAbcy05r
iwoWHeaAjXUTwJkQbTHjGuWfwZMRq/yoF+UYLz2QZUe0UI8wcPIAVChOCaRA4mj9
JXDxXVIwjzSDRiyt5hzIia+s2RQWFNgaHVLf53aRf+qehhZZZjMoOQVuqNLEYanJ
/pieI2L8eU7LOnjUZaQxOKUKc1ipOAF5Gee+zr85S75zv014udA0ncOmCP5VJew8
Qcz1A/+1L4+P5puKBVV1+P1UYiflMi6hTqPqDcUCAwEAAaOCAmwwggJoMB0GA1Ud
DgQWBBQawCbp14ZSjxe0LMnxlKZgWNakzTAfBgNVHSMEGDAWgBR0Y5XBJnKtlYkh
tiudybK82KaKnzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2RHT1Z3U1p5clpXSkliWXJuY215dk5pbWlwOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvOWUyMzUxLThkZDAtNGI3MC1hNWZjLWZiNzc0YWJkZmFjMi8x
L0dzQW02ZGVHVW84WHRDeko4WlNtWUZqV3BNMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
OWUyMzUxLThkZDAtNGI3MC1hNWZjLWZiNzc0YWJkZmFjMi8xL2RHT1Z3U1p5clpX
SkliWXJuY215dk5pbWlwOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
gQYIKwYBBQUHAQcBAf8EcjBwMG4EAgACMGgDBwAgAQZ4DzADBQAqEklAAwUBKhJJ
QgMHACoSSUYARgMHACoSSUYWAAMHACoSSUYWUAMHACoSSUYWVQMHACoSSUYXAAMH
ACoSSUYYAAMHACoSSUYZAAMHACoSSUYwBQMHBCoSSUZpYDANBgkqhkiG9w0BAQsF
AAOCAQEAWKNaU5LTdWLboqgKi+MBJfYP8e1HLLzhESqZKk3429pOQ95A759EY174
BNxnPPYYqYqQ5DoPx7POZK4yQcR0m8Ce9mV87Y2O5N/suUpAxm0B9hIlu3KDFdQT
BmMVzsfzVz+ViZe7hShopD7BI09hpB0vkRNVe/xL4U0Ef3eSeeiUso0WdGs7meNm
VTUbhmXB1ZiRrfPaPXa5CGLdrFhbq20UPKTrzPiqE+dNLBw4Gh0PzFiDH/03WHv9
znpCbG/apwopjXGV+nRGahbipBM1CMNRWOacIK9mdQVOkijfQA7a4fNzOSbbPK7P
bCczYpiHOQ/3R77L/cknGhYRjmcDew==
-----END CERTIFICATE-----