Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/4Mzj0iwSIOteoHg9I33OeSSYb7c.roa
File:                     4Mzj0iwSIOteoHg9I33OeSSYb7c.roa (raw, json)
Hash identifier:          vCjfPzqK0CyE5p2pGlfeLnqEfkuFJ/MWeioDwN9i4/c=
Subject key identifier:   E0:CC:E3:D2:2C:12:20:EB:5E:A0:78:3D:23:7D:CE:79:24:98:6F:B7
Certificate issuer:       /CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Certificate serial:       0181ED43A2C5CBC7BD6B63C90CACF2F2654C
Authority key identifier: BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/4Mzj0iwSIOteoHg9I33OeSSYb7c.roa
Signing time:             Mon 11 Jul 2022 12:37:21 +0000
ROA not before:           Mon 11 Jul 2022 12:37:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20904
IP address blocks:        84.240.64.0/19 maxlen: 19
                          149.126.176.0/21 maxlen: 21
                          84.240.96.0/19 maxlen: 19
                          188.64.0.0/21 maxlen: 21
                          185.25.76.0/22 maxlen: 22
                          5.61.88.0/21 maxlen: 24
                          185.67.80.0/22 maxlen: 22
                          37.35.80.0/21 maxlen: 21
                          80.75.96.0/20 maxlen: 20
                          93.174.192.0/21 maxlen: 22
                          80.75.106.0/24 maxlen: 24
                          46.254.208.0/21 maxlen: 21
                          2a00:74a0::/32 maxlen: 32
                          2a00:1a58::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:ed:43:a2:c5:cb:c7:bd:6b:63:c9:0c:ac:f2:f2:65:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
        Validity
            Not Before: Jul 11 12:37:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e0cce3d22c1220eb5ea0783d237dce7924986fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:dc:9a:0f:ba:84:a8:28:bb:0c:0e:09:3f:45:
                    df:c3:91:34:4a:4e:d4:2d:6d:90:9f:5c:fa:16:53:
                    c5:39:38:64:8d:8e:6a:6a:58:9a:ab:46:54:e3:81:
                    fa:0f:75:24:ed:aa:68:7d:72:b5:32:46:c7:f8:34:
                    37:80:17:ce:8a:48:f8:a5:51:83:9c:22:8d:45:20:
                    80:1c:16:22:f3:2a:ba:8e:04:4a:a2:fa:d9:df:96:
                    59:6d:59:10:c8:17:45:3d:a9:bd:8f:d9:e9:98:5e:
                    60:d8:62:1b:f7:78:ae:06:78:1d:74:48:81:13:8e:
                    f1:57:de:ab:82:f0:f0:8c:d6:00:9c:5a:fb:6f:fb:
                    20:56:f4:c9:85:3a:2f:03:87:a0:35:c1:7b:dd:77:
                    04:ab:a1:d7:d7:2d:91:40:3a:ee:cb:42:12:c2:fa:
                    49:77:e8:cc:2a:e8:d3:f1:10:5b:82:b2:fe:79:72:
                    70:9e:34:b8:8e:9e:c6:d0:34:1d:c4:e9:8f:f5:68:
                    fa:52:97:2b:d5:22:61:a8:a3:c1:d5:85:89:7a:8d:
                    4d:c6:26:8a:72:9f:df:bb:b9:7f:69:21:86:15:81:
                    a6:1d:56:8f:b4:3b:e0:18:17:05:67:5a:be:19:30:
                    07:d4:01:99:ab:ee:d1:4e:3c:d9:91:d6:75:fe:74:
                    5a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CC:E3:D2:2C:12:20:EB:5E:A0:78:3D:23:7D:CE:79:24:98:6F:B7
            X509v3 Authority Key Identifier:
                keyid:BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/4Mzj0iwSIOteoHg9I33OeSSYb7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.88.0/21
                  37.35.80.0/21
                  46.254.208.0/21
                  80.75.96.0/20
                  84.240.64.0/18
                  93.174.192.0/21
                  149.126.176.0/21
                  185.25.76.0/22
                  185.67.80.0/22
                  188.64.0.0/21
                IPv6:
                  2a00:1a58::/32
                  2a00:74a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:96:0a:4d:3b:69:87:0b:ac:68:27:9e:84:f9:56:e0:40:d9:
         53:6c:88:d8:e4:f1:45:7b:20:8b:21:dc:0b:67:49:9f:e8:55:
         5a:ce:68:ca:14:bd:49:8f:4b:72:f4:f6:4b:01:27:19:73:ec:
         3e:ac:d6:7c:93:0f:6f:14:b0:99:93:a0:18:15:69:d3:82:2c:
         a9:e3:7e:2c:c9:9e:d7:e8:88:d1:66:16:c4:f3:61:d7:c7:7f:
         6c:fc:03:cb:53:62:94:21:02:d8:fd:da:e8:02:51:44:18:6c:
         4e:d6:8d:79:f0:bc:9e:40:35:d7:68:51:e1:c0:a0:f2:6d:c5:
         33:56:7e:16:33:91:cc:05:6e:96:99:84:2f:ff:92:85:4d:e1:
         95:2f:45:17:b2:f2:31:ba:d9:ba:72:85:5a:e5:a6:e5:64:82:
         b9:6f:2a:6c:e2:72:ac:f8:38:30:57:aa:bc:9d:b6:d7:7d:03:
         59:8d:95:c1:94:34:a0:55:ab:f4:6c:7c:cd:37:6f:8c:e8:7a:
         77:a7:5a:51:3d:ca:1b:9a:08:2a:f7:93:dc:94:31:14:df:f1:
         75:ca:ba:d0:02:2c:6a:bb:13:3b:35:f7:ca:8a:36:e4:61:63:
         7f:5c:b3:5e:bb:98:b5:00:00:57:f6:2c:c4:90:a6:d0:31:9c:
         eb:ce:49:c6
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYHtQ6LFy8e9a2PJDKzy8mVMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMzFiY2Y5MjNjNWYyNWNhZmJkYWJkZmRkNDZlNTExZjk1
ZGYwZDEwHhcNMjIwNzExMTIzNzIxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGNjZTNkMjJjMTIyMGViNWVhMDc4M2QyMzdkY2U3OTI0OTg2ZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9yaD7qEqCi7DA4JP0Xfw5E0Sk7U
LW2Qn1z6FlPFOThkjY5qaliaq0ZU44H6D3Uk7apofXK1MkbH+DQ3gBfOikj4pVGD
nCKNRSCAHBYi8yq6jgRKovrZ35ZZbVkQyBdFPam9j9npmF5g2GIb93iuBngddEiB
E47xV96rgvDwjNYAnFr7b/sgVvTJhTovA4egNcF73XcEq6HX1y2RQDruy0ISwvpJ
d+jMKujT8RBbgrL+eXJwnjS4jp7G0DQdxOmP9Wj6Upcr1SJhqKPB1YWJeo1NxiaK
cp/fu7l/aSGGFYGmHVaPtDvgGBcFZ1q+GTAH1AGZq+7RTjzZkdZ1/nRaHwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFODM49IsEiDrXqB4PSN9znkkmG+3MB8GA1UdIwQY
MBaAFLoxvPkjxfJcr72r391G5RH5XfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYt
MWJhMzQzZjE3ZWMyLzEvNE16ajBpd1NJT3Rlb0hnOUkzM09lU1NZYjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYtMWJhMzQzZjE3ZWMy
LzEvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQDBT1YAwQD
JSNQAwQDLv7QAwQEUEtgAwQGVPBAAwQDXa7AAwQDlX6wAwQCuRlMAwQCuUNQAwQD
vEAAMBQEAgACMA4DBQAqABpYAwUAKgB0oDANBgkqhkiG9w0BAQsFAAOCAQEAF5YK
TTtphwusaCeehPlW4EDZU2yI2OTxRXsgiyHcC2dJn+hVWs5oyhS9SY9LcvT2SwEn
GXPsPqzWfJMPbxSwmZOgGBVp04IsqeN+LMme1+iI0WYWxPNh18d/bPwDy1NilCEC
2P3a6AJRRBhsTtaNefC8nkA112hR4cCg8m3FM1Z+FjORzAVulpmEL/+ShU3hlS9F
F7LyMbrZunKFWuWm5WSCuW8qbOJyrPg4MFeqvJ22130DWY2VwZQ0oFWr9Gx8zTdv
jOh6d6daUT3KG5oIKveT3JQxFN/xdcq60AIsarsTOzX3yoo25GFjf1yzXruYtQAA
V/YsxJCm0DGc685Jxg==
-----END CERTIFICATE-----