Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2391ed-f285-4286-af2f-d2551cdde4af/1/Xlz9ZK2MISho1B9iBn2VOdwTTRI.roa
File:                     Xlz9ZK2MISho1B9iBn2VOdwTTRI.roa (raw, json)
Hash identifier:          5KkRqqBjgNoQm/oQsHulnJTIwAeRxgATBhJEGLCsIA4=
Subject key identifier:   5E:5C:FD:64:AD:8C:21:28:68:D4:1F:62:06:7D:95:39:DC:13:4D:12
Certificate issuer:       /CN=18e2aed9af3a4be560aa19b92846c5fbe11c9b19
Certificate serial:       0184CFA530FB82094ECF320999A0F0B0FBAB
Authority key identifier: 18:E2:AE:D9:AF:3A:4B:E5:60:AA:19:B9:28:46:C5:FB:E1:1C:9B:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GOKu2a86S-Vgqhm5KEbF--Ecmxk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2391ed-f285-4286-af2f-d2551cdde4af/1/Xlz9ZK2MISho1B9iBn2VOdwTTRI.roa
Signing time:             Thu 01 Dec 2022 21:43:40 +0000
ROA not before:           Thu 01 Dec 2022 21:43:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41230
IP address blocks:        78.109.176.0/20 maxlen: 20
                          31.205.192.0/18 maxlen: 18
                          31.205.0.0/18 maxlen: 18
                          31.205.0.0/16 maxlen: 16
                          31.205.128.0/18 maxlen: 18
                          45.154.248.0/22 maxlen: 22
                          185.198.228.0/22 maxlen: 23
                          185.134.138.0/24 maxlen: 24
                          185.134.136.0/23 maxlen: 23
                          45.81.120.0/22 maxlen: 22
                          185.134.139.0/24 maxlen: 24
                          31.205.64.0/18 maxlen: 18
                          185.134.144.0/22 maxlen: 22
                          213.143.0.0/19 maxlen: 19
                          176.119.145.0/24 maxlen: 24
                          81.23.48.0/20 maxlen: 20
                          185.134.128.0/22 maxlen: 22
                          2a00:1a10::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:cf:a5:30:fb:82:09:4e:cf:32:09:99:a0:f0:b0:fb:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18e2aed9af3a4be560aa19b92846c5fbe11c9b19
        Validity
            Not Before: Dec  1 21:43:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5e5cfd64ad8c212868d41f62067d9539dc134d12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b7:60:2c:ce:c7:2a:1a:19:42:52:e9:49:7b:
                    d1:4d:39:f3:44:07:70:7b:41:f9:98:37:3c:29:8c:
                    96:54:4c:e5:cf:e5:02:9b:d5:08:d8:63:44:42:b4:
                    f4:33:bc:3e:6f:bb:b8:67:cb:23:37:3e:da:34:75:
                    01:c7:28:45:14:44:02:ac:cd:66:9e:34:96:bb:a3:
                    84:e2:51:ac:f4:6c:4d:aa:28:99:1f:52:38:a4:c6:
                    80:09:03:ec:6a:c6:25:a7:52:69:f3:f3:29:30:62:
                    bf:e6:63:34:7c:6a:68:61:8f:98:bc:a4:25:d8:5c:
                    14:d9:64:53:ab:57:df:0b:bb:b4:11:d2:d2:93:05:
                    09:3e:19:3c:ee:de:83:30:b5:b7:9b:29:71:8c:19:
                    5e:ee:4e:fb:40:7e:2a:4c:03:bf:c3:a0:d9:e6:a3:
                    33:45:f6:65:41:2e:8c:62:fd:95:c1:8e:a4:dd:05:
                    ab:95:ea:f3:e3:49:35:75:1c:64:4d:8c:9a:50:5e:
                    fe:36:58:39:01:89:ac:bb:be:59:33:62:0b:3c:7c:
                    08:d5:32:90:e6:3d:10:6f:27:aa:ff:3d:61:d0:b9:
                    46:3e:97:40:bc:c4:01:f8:7f:ab:f3:98:90:fc:d3:
                    5c:33:16:5c:ca:38:51:1a:eb:75:77:bb:fe:2e:b5:
                    47:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:5C:FD:64:AD:8C:21:28:68:D4:1F:62:06:7D:95:39:DC:13:4D:12
            X509v3 Authority Key Identifier:
                keyid:18:E2:AE:D9:AF:3A:4B:E5:60:AA:19:B9:28:46:C5:FB:E1:1C:9B:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GOKu2a86S-Vgqhm5KEbF--Ecmxk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2391ed-f285-4286-af2f-d2551cdde4af/1/Xlz9ZK2MISho1B9iBn2VOdwTTRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2391ed-f285-4286-af2f-d2551cdde4af/1/GOKu2a86S-Vgqhm5KEbF--Ecmxk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.205.0.0/16
                  45.81.120.0/22
                  45.154.248.0/22
                  78.109.176.0/20
                  81.23.48.0/20
                  176.119.145.0/24
                  185.134.128.0/22
                  185.134.136.0/22
                  185.134.144.0/22
                  185.198.228.0/22
                  213.143.0.0/19
                IPv6:
                  2a00:1a10::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:c4:77:b5:47:18:59:d3:91:42:28:76:2d:46:c9:f3:d1:27:
         67:89:10:3d:db:b5:d1:33:01:2a:40:e3:3e:ac:1b:49:5e:54:
         cc:c2:c2:c3:3b:d4:c0:0a:ff:24:1f:23:52:cf:32:74:ba:e2:
         fd:f3:f3:e6:e0:95:32:df:bd:0b:ad:94:48:e6:d8:98:cd:b5:
         10:9f:4c:97:e0:d8:e3:2a:77:ba:fd:7f:5b:39:b4:c8:23:41:
         db:cd:94:9e:94:4e:08:aa:de:4f:b8:af:fd:ac:1f:49:fd:a2:
         64:74:36:35:88:9a:67:5b:fb:a9:e6:4c:48:a5:20:6b:c5:bf:
         e3:56:02:c8:4c:63:90:13:e6:5c:83:ce:07:75:9c:91:1e:97:
         48:1a:bd:e9:18:20:88:a2:b1:ba:35:2a:0a:0f:e1:66:0b:c5:
         4c:37:2d:01:ff:bc:a3:6f:db:30:5e:ea:88:66:0e:57:98:9e:
         6f:45:99:58:63:f7:53:b5:71:f1:6a:06:fd:86:cb:d6:e2:8e:
         3a:62:b0:59:96:51:b3:1f:13:66:db:92:72:6b:2d:6f:d6:84:
         e6:e9:22:34:63:a9:c4:e5:06:f5:81:21:f0:16:55:7d:0c:98:
         59:69:ed:f1:fa:03:ab:43:dd:2e:2b:34:48:c9:74:6b:55:8f:
         16:4d:5e:dd
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYTPpTD7gglOzzIJmaDwsPurMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZTJhZWQ5YWYzYTRiZTU2MGFhMTliOTI4NDZjNWZiZTEx
YzliMTkwHhcNMjIxMjAxMjE0MzQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTVjZmQ2NGFkOGMyMTI4NjhkNDFmNjIwNjdkOTUzOWRjMTM0ZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLdgLM7HKhoZQlLpSXvRTTnzRAdw
e0H5mDc8KYyWVEzlz+UCm9UI2GNEQrT0M7w+b7u4Z8sjNz7aNHUBxyhFFEQCrM1m
njSWu6OE4lGs9GxNqiiZH1I4pMaACQPsasYlp1Jp8/MpMGK/5mM0fGpoYY+YvKQl
2FwU2WRTq1ffC7u0EdLSkwUJPhk87t6DMLW3mylxjBle7k77QH4qTAO/w6DZ5qMz
RfZlQS6MYv2VwY6k3QWrlerz40k1dRxkTYyaUF7+Nlg5AYmsu75ZM2ILPHwI1TKQ
5j0Qbyeq/z1h0LlGPpdAvMQB+H+r85iQ/NNcMxZcyjhRGut1d7v+LrVHXwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFF5c/WStjCEoaNQfYgZ9lTncE00SMB8GA1UdIwQY
MBaAFBjirtmvOkvlYKoZuShGxfvhHJsZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR09LdTJhODZTLVZncWhtNUtFYkYtLUVjbXhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yMzkxZWQtZjI4NS00Mjg2LWFmMmYt
ZDI1NTFjZGRlNGFmLzEvWGx6OVpLMk1JU2hvMUI5aUJuMlZPZHdUVFJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yMzkxZWQtZjI4NS00Mjg2LWFmMmYtZDI1NTFjZGRlNGFm
LzEvR09LdTJhODZTLVZncWhtNUtFYkYtLUVjbXhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBHBAIAATBBAwMAH80DBAIt
UXgDBAItmvgDBARObbADBARRFzADBACwd5EDBAK5hoADBAK5hogDBAK5hpADBAK5
xuQDBAXVjwAwDQQCAAIwBwMFAyoAGhAwDQYJKoZIhvcNAQELBQADggEBAHrEd7VH
GFnTkUIodi1GyfPRJ2eJED3btdEzASpA4z6sG0leVMzCwsM71MAK/yQfI1LPMnS6
4v3z8+bglTLfvQutlEjm2JjNtRCfTJfg2OMqd7r9f1s5tMgjQdvNlJ6UTgiq3k+4
r/2sH0n9omR0NjWImmdb+6nmTEilIGvFv+NWAshMY5AT5lyDzgd1nJEel0gavekY
IIiisbo1KgoP4WYLxUw3LQH/vKNv2zBe6ohmDleYnm9FmVhj91O1cfFqBv2Gy9bi
jjpisFmWUbMfE2bbknJrLW/WhObpIjRjqcTlBvWBIfAWVX0MmFlp7fH6A6tD3S4r
NEjJdGtVjxZNXt0=
-----END CERTIFICATE-----