Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/68-J8U7blYZrg-Kwdjn6INAs6dY.roa
File:                     68-J8U7blYZrg-Kwdjn6INAs6dY.roa (raw, json)
Hash identifier:          rpscA86gmjLYmAgeOdF6d9PB4SkHvovDxG08tv6HluA=
Subject key identifier:   EB:CF:89:F1:4E:DB:95:86:6B:83:E2:B0:76:39:FA:20:D0:2C:E9:D6
Certificate issuer:       /CN=49e44eeea26569d0ddbd0e8637f12cf505a4ede9
Certificate serial:       018267DB051A5FADAA2261A2A97173788D05
Authority key identifier: 49:E4:4E:EE:A2:65:69:D0:DD:BD:0E:86:37:F1:2C:F5:05:A4:ED:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeRO7qJladDdvQ6GN_Es9QWk7ek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/68-J8U7blYZrg-Kwdjn6INAs6dY.roa
Signing time:             Thu 04 Aug 2022 07:56:23 +0000
ROA not before:           Thu 04 Aug 2022 07:56:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35676
IP address blocks:        178.213.66.0/23 maxlen: 23
                          178.213.68.0/22 maxlen: 22
                          194.5.88.0/23 maxlen: 23
                          195.234.36.0/24 maxlen: 24
                          185.16.252.0/23 maxlen: 23
                          185.16.252.0/22 maxlen: 22
                          185.16.254.0/23 maxlen: 23
                          178.213.64.0/23 maxlen: 23
                          178.213.64.0/22 maxlen: 22
                          193.105.186.0/24 maxlen: 24
                          2a03:6f82::/32 maxlen: 32
                          2a03:6f81::/32 maxlen: 33
                          2a03:6f81::/33 maxlen: 33
                          2a03:6f80::/33 maxlen: 33
                          2a03:6f80::/32 maxlen: 33

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:67:db:05:1a:5f:ad:aa:22:61:a2:a9:71:73:78:8d:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e44eeea26569d0ddbd0e8637f12cf505a4ede9
        Validity
            Not Before: Aug  4 07:56:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ebcf89f14edb95866b83e2b07639fa20d02ce9d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:93:4b:c6:44:cb:7f:76:cf:36:6e:fe:6f:be:
                    b3:8a:f5:7c:d1:64:8f:bd:88:01:90:62:86:01:ae:
                    37:41:59:9d:11:71:87:b3:ff:82:37:e7:5c:40:f2:
                    f2:2e:e6:c8:0d:4d:ca:ca:89:c0:d2:67:01:f6:b0:
                    50:9d:fc:c3:67:14:90:e4:0a:b8:1f:18:8a:7f:29:
                    53:a5:a8:18:ff:37:94:e9:5d:e4:43:20:6b:bd:83:
                    64:02:2c:a2:fa:59:ae:02:c6:0f:e8:63:5a:a8:ee:
                    50:1b:1e:2d:80:6a:05:99:09:b6:33:4c:91:e7:d2:
                    09:a0:6f:44:f0:20:4a:75:5b:a7:16:38:f8:3e:1e:
                    15:2b:51:a4:ec:34:51:18:ad:d3:25:72:f4:64:cd:
                    ae:8e:45:66:3a:8e:44:83:ff:78:36:0c:d5:6b:37:
                    02:81:eb:31:61:41:0a:62:2e:f9:7b:60:fd:7e:8a:
                    d1:a8:be:60:ff:70:d2:b3:6d:03:51:0e:3f:ac:89:
                    14:a3:88:29:23:43:f0:dd:e2:17:d5:98:e2:65:a1:
                    aa:d3:33:32:9e:29:86:06:79:76:72:74:d1:2d:68:
                    bb:4b:01:4d:4d:47:d1:cd:53:6a:37:16:3e:0c:c3:
                    bd:e8:31:e2:0a:2a:dc:74:49:37:3d:54:ce:92:6a:
                    2a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:CF:89:F1:4E:DB:95:86:6B:83:E2:B0:76:39:FA:20:D0:2C:E9:D6
            X509v3 Authority Key Identifier:
                keyid:49:E4:4E:EE:A2:65:69:D0:DD:BD:0E:86:37:F1:2C:F5:05:A4:ED:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeRO7qJladDdvQ6GN_Es9QWk7ek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/68-J8U7blYZrg-Kwdjn6INAs6dY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c3dc1b-d1ee-4ff2-a5aa-f0c4be8e240a/1/SeRO7qJladDdvQ6GN_Es9QWk7ek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.64.0/21
                  185.16.252.0/22
                  193.105.186.0/24
                  194.5.88.0/23
                  195.234.36.0/24
                IPv6:
                  2a03:6f80::-2a03:6f82:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         7a:d5:d4:9f:9e:6f:a3:52:e6:ea:39:8a:c9:dc:e7:d3:e3:f0:
         85:68:52:43:e5:17:1d:f2:e0:24:f7:46:08:c4:fc:ca:48:f4:
         f3:dc:dd:ab:c7:a5:36:17:ec:f5:0d:0c:59:f1:17:6d:3c:54:
         f8:02:a7:27:fd:42:2f:5e:56:9e:ad:a2:e5:36:96:c1:3f:ad:
         f5:68:b8:70:8b:9b:7f:df:90:92:60:bc:1f:60:3c:09:ee:5e:
         12:42:34:e9:7a:33:fb:48:60:67:8c:20:12:29:4e:44:55:6a:
         46:f3:cd:ac:4b:2d:9d:2c:f2:e8:44:44:df:28:e0:17:f8:47:
         7c:10:c2:36:10:81:58:4a:0c:1f:44:4c:4d:c2:2f:45:ad:e3:
         9d:04:d8:c5:4a:38:a6:e7:46:66:4b:e5:60:80:e3:fe:51:6a:
         b8:db:dd:7e:9c:86:f3:ab:f5:a7:c4:79:a9:c1:1a:3b:c1:64:
         73:85:21:25:e7:36:76:37:f1:d5:e5:19:1b:c2:c3:0a:59:dc:
         9e:1b:10:5b:74:8f:29:bb:81:9b:77:45:cb:f5:cf:99:4e:38:
         79:51:b4:d6:c0:6f:72:ce:cb:7e:aa:02:01:05:89:f5:a6:46:
         5d:02:d2:6c:66:01:3e:6f:31:d2:14:01:c3:70:dd:45:03:54:
         98:95:cc:11
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYJn2wUaX62qImGiqXFzeI0FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTQ0ZWVlYTI2NTY5ZDBkZGJkMGU4NjM3ZjEyY2Y1MDVh
NGVkZTkwHhcNMjIwODA0MDc1NjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmNmODlmMTRlZGI5NTg2NmI4M2UyYjA3NjM5ZmEyMGQwMmNlOWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8JNLxkTLf3bPNm7+b76zivV80WSP
vYgBkGKGAa43QVmdEXGHs/+CN+dcQPLyLubIDU3KyonA0mcB9rBQnfzDZxSQ5Aq4
HxiKfylTpagY/zeU6V3kQyBrvYNkAiyi+lmuAsYP6GNaqO5QGx4tgGoFmQm2M0yR
59IJoG9E8CBKdVunFjj4Ph4VK1Gk7DRRGK3TJXL0ZM2ujkVmOo5Eg/94NgzVazcC
gesxYUEKYi75e2D9forRqL5g/3DSs20DUQ4/rIkUo4gpI0Pw3eIX1ZjiZaGq0zMy
nimGBnl2cnTRLWi7SwFNTUfRzVNqNxY+DMO96DHiCircdEk3PVTOkmoqYwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFOvPifFO25WGa4PisHY5+iDQLOnWMB8GA1UdIwQY
MBaAFEnkTu6iZWnQ3b0OhjfxLPUFpO3pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VSTzdxSmxhZERkdlE2R05fRXM5UVdrN2VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jM2RjMWItZDFlZS00ZmYyLWE1YWEt
ZjBjNGJlOGUyNDBhLzEvNjgtSjhVN2JsWVpyZy1Ld2RqbjZJTkFzNmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jM2RjMWItZDFlZS00ZmYyLWE1YWEtZjBjNGJlOGUyNDBh
LzEvU2VSTzdxSmxhZERkdlE2R05fRXM5UVdrN2VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQDstVAAwQC
uRD8AwQAwWm6AwQBwgVYAwQAw+okMBYEAgACMBAwDgMFByoDb4ADBQAqA2+CMA0G
CSqGSIb3DQEBCwUAA4IBAQB61dSfnm+jUubqOYrJ3OfT4/CFaFJD5Rcd8uAk90YI
xPzKSPTz3N2rx6U2F+z1DQxZ8RdtPFT4Aqcn/UIvXlaeraLlNpbBP631aLhwi5t/
35CSYLwfYDwJ7l4SQjTpejP7SGBnjCASKU5EVWpG882sSy2dLPLoRETfKOAX+Ed8
EMI2EIFYSgwfRExNwi9FreOdBNjFSjim50ZmS+VggOP+UWq4291+nIbzq/WnxHmp
wRo7wWRzhSEl5zZ2N/HV5RkbwsMKWdyeGxBbdI8pu4Gbd0XL9c+ZTjh5UbTWwG9y
zst+qgIBBYn1pkZdAtJsZgE+bzHSFAHDcN1FA1SYlcwR
-----END CERTIFICATE-----