Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/FoPRtlGleT735Ved54s6IoVR6zQ.roa
File:                     FoPRtlGleT735Ved54s6IoVR6zQ.roa (raw, json)
Hash identifier:          LbsQA20EQMbdCWhxi4SgAMU08BcGiYtx6bDzikYRdBA=
Subject key identifier:   16:83:D1:B6:51:A5:79:3E:F7:E5:57:9D:E7:8B:3A:22:85:51:EB:34
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       01847CED678CC327B5EC49A711F474ED3251
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/FoPRtlGleT735Ved54s6IoVR6zQ.roa
Signing time:             Tue 15 Nov 2022 20:14:04 +0000
ROA not before:           Tue 15 Nov 2022 20:14:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51295
IP address blocks:        185.179.156.0/22 maxlen: 22
                          185.248.196.0/22 maxlen: 22
                          194.165.26.0/24 maxlen: 24
                          2a0a:8880:1::/48 maxlen: 48
                          2a0a:8880:2::/48 maxlen: 48
                          2a0a:8880:aaaa::/48 maxlen: 48
                          2a0f:4440:aaaa::/48 maxlen: 48
                          2a0f:4440:abcd::/48 maxlen: 48
                          2a0a:8880::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:7c:ed:67:8c:c3:27:b5:ec:49:a7:11:f4:74:ed:32:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: Nov 15 20:14:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1683d1b651a5793ef7e5579de78b3a228551eb34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5d:16:92:47:10:a7:38:ca:7e:7c:74:46:c2:
                    7c:d5:a5:c5:fd:12:b1:d8:85:89:dc:84:f1:9d:e6:
                    07:da:85:d7:fa:79:b9:d0:ac:64:d8:64:34:55:d2:
                    51:06:0f:2b:84:07:81:a5:39:fa:56:68:59:4a:9d:
                    b9:02:7a:25:46:b5:34:55:58:94:ff:f9:53:10:9b:
                    f5:ec:57:1d:b8:05:cb:a2:92:d3:71:4e:ce:1b:e0:
                    ca:0d:44:68:cf:08:43:41:d4:85:89:74:ed:71:9d:
                    2d:4a:6d:16:ca:8a:ed:6d:c0:a2:c9:a1:d2:4d:56:
                    d7:82:67:59:87:fc:65:54:65:02:0e:88:af:d9:0c:
                    ce:86:0f:43:60:b9:74:2a:81:cf:e0:de:aa:3d:15:
                    d8:2b:8e:ae:ff:71:ba:79:13:44:3e:a0:a0:bb:f4:
                    c8:2e:19:da:d7:3a:ac:75:11:46:57:38:9f:70:bf:
                    57:18:ff:e6:96:28:0d:5a:72:34:d6:f6:05:91:87:
                    ab:ce:99:0b:bb:c2:66:05:c6:80:b3:1f:7b:0a:73:
                    3c:02:45:02:bd:1f:07:b0:95:e0:1e:83:06:12:65:
                    03:36:da:ef:2f:96:35:c6:f3:ee:58:58:af:c1:66:
                    14:82:94:49:15:cf:2b:23:a9:aa:73:9f:17:a5:74:
                    10:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:83:D1:B6:51:A5:79:3E:F7:E5:57:9D:E7:8B:3A:22:85:51:EB:34
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/FoPRtlGleT735Ved54s6IoVR6zQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.156.0/22
                  185.248.196.0/22
                  194.165.26.0/24
                IPv6:
                  2a0a:8880::-2a0a:8880:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:8880:aaaa::/48
                  2a0f:4440:aaaa::/48
                  2a0f:4440:abcd::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:2b:84:c6:b7:f8:bd:4b:fa:ed:9a:35:9d:0b:b4:f9:80:dc:
         6f:a4:78:03:8e:a6:7f:d0:74:1e:3e:9f:41:19:fd:4d:a4:15:
         ea:2c:07:5a:87:b5:6f:df:6e:ee:a2:34:2f:b8:e9:c7:7b:27:
         63:5a:81:53:44:ba:27:31:84:d3:fe:e8:8e:c3:fa:05:83:82:
         7b:b0:88:6f:f2:e0:a3:8e:26:6b:69:05:b9:c7:42:e9:b3:4b:
         cc:2c:75:23:b9:16:2d:cb:49:24:17:5f:55:c0:78:23:6c:a6:
         6b:a2:96:7c:8b:e7:02:2a:d7:77:6c:57:68:bb:72:5e:bb:79:
         83:a8:e6:05:22:a7:57:5f:ea:85:7a:fa:50:e7:df:39:f3:07:
         61:e4:bc:31:96:81:70:e4:98:6d:41:17:7a:41:3d:92:a5:5d:
         89:a2:e8:ec:7c:49:d9:e1:96:7a:4e:75:b2:51:6d:99:23:16:
         12:e0:06:e2:28:9c:09:3f:f4:0f:c4:38:4d:da:a2:8e:83:00:
         07:50:f7:c1:ce:5e:13:66:a1:0e:44:fc:ba:b3:e2:98:ee:3b:
         3f:73:b4:ee:e5:56:fc:a6:52:22:5d:93:c5:af:4b:6a:ea:17:
         f3:fd:a3:49:0e:8a:86:a5:76:d4:64:41:63:4c:29:f3:e9:54:
         e3:44:53:4e
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYR87WeMwye17EmnEfR07TJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjIxMTE1MjAxNDA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjgzZDFiNjUxYTU3OTNlZjdlNTU3OWRlNzhiM2EyMjg1NTFlYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF0WkkcQpzjKfnx0RsJ81aXF/RKx
2IWJ3ITxneYH2oXX+nm50Kxk2GQ0VdJRBg8rhAeBpTn6VmhZSp25AnolRrU0VViU
//lTEJv17FcduAXLopLTcU7OG+DKDURozwhDQdSFiXTtcZ0tSm0WyortbcCiyaHS
TVbXgmdZh/xlVGUCDoiv2QzOhg9DYLl0KoHP4N6qPRXYK46u/3G6eRNEPqCgu/TI
Lhna1zqsdRFGVzifcL9XGP/mligNWnI01vYFkYerzpkLu8JmBcaAsx97CnM8AkUC
vR8HsJXgHoMGEmUDNtrvL5Y1xvPuWFivwWYUgpRJFc8rI6mqc58XpXQQHwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBaD0bZRpXk+9+VXneeLOiKFUes0MB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEvRm9QUnRsR2xlVDczNVZlZDU0czZJb1ZSNnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAYBAIAATASAwQCubOcAwQC
ufjEAwQAwqUaMDMEAgACMC0wEAMFByoKiIADBwAqCoiAAAIDBwAqCoiAqqoDBwAq
D0RAqqoDBwAqD0RAq80wDQYJKoZIhvcNAQELBQADggEBADwrhMa3+L1L+u2aNZ0L
tPmA3G+keAOOpn/QdB4+n0EZ/U2kFeosB1qHtW/fbu6iNC+46cd7J2NagVNEuicx
hNP+6I7D+gWDgnuwiG/y4KOOJmtpBbnHQumzS8wsdSO5Fi3LSSQXX1XAeCNspmui
lnyL5wIq13dsV2i7cl67eYOo5gUip1df6oV6+lDn3znzB2HkvDGWgXDkmG1BF3pB
PZKlXYmi6Ox8SdnhlnpOdbJRbZkjFhLgBuIonAk/9A/EOE3aoo6DAAdQ98HOXhNm
oQ5E/Lqz4pjuOz9ztO7lVvymUiJdk8WvS2rqF/P9o0kOioaldtRkQWNMKfPpVONE
U04=
-----END CERTIFICATE-----