Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/cf8f99-e581-4f5f-875f-df4e8c7364fe/1/8lt6rBKDYBq9OM_ATXa8lpPOFIw.roa
File:                     8lt6rBKDYBq9OM_ATXa8lpPOFIw.roa (raw, json)
Hash identifier:          hqAcMLNUSMCibyfImEMpZsYisKK4pre4/qMA0xECIpA=
Subject key identifier:   F2:5B:7A:AC:12:83:60:1A:BD:38:CF:C0:4D:76:BC:96:93:CE:14:8C
Certificate issuer:       /CN=3096d7afbb8a5e315a5c489acea7dcb75aa65d04
Certificate serial:       0184CD1C16B13AF4C1EF3F661165F1F1AB1D
Authority key identifier: 30:96:D7:AF:BB:8A:5E:31:5A:5C:48:9A:CE:A7:DC:B7:5A:A6:5D:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MJbXr7uKXjFaXEiazqfct1qmXQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/cf8f99-e581-4f5f-875f-df4e8c7364fe/1/8lt6rBKDYBq9OM_ATXa8lpPOFIw.roa
Signing time:             Thu 01 Dec 2022 09:54:40 +0000
ROA not before:           Thu 01 Dec 2022 09:54:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34606
IP address blocks:        77.108.0.0/18 maxlen: 18
                          85.208.232.0/22 maxlen: 22
                          194.116.0.0/18 maxlen: 18
                          88.87.96.0/19 maxlen: 19
                          185.73.244.0/22 maxlen: 22
                          95.140.136.0/21 maxlen: 21
                          82.215.128.0/18 maxlen: 18
                          82.215.128.0/22 maxlen: 22
                          185.117.216.0/22 maxlen: 22
                          185.127.32.0/22 maxlen: 22
                          194.176.126.0/24 maxlen: 24
                          85.159.176.0/21 maxlen: 21
                          81.30.0.0/20 maxlen: 20
                          77.72.32.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:cd:1c:16:b1:3a:f4:c1:ef:3f:66:11:65:f1:f1:ab:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3096d7afbb8a5e315a5c489acea7dcb75aa65d04
        Validity
            Not Before: Dec  1 09:54:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f25b7aac1283601abd38cfc04d76bc9693ce148c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:84:ab:2a:e9:dc:92:93:e9:1a:47:d6:d6:ff:
                    59:d8:2e:87:28:71:db:ab:cb:ec:96:b6:5c:b0:95:
                    64:e1:ee:9a:3c:f8:76:19:82:30:55:00:27:5a:8b:
                    a0:08:b5:0f:65:f1:d5:27:a6:d8:50:4a:61:d5:da:
                    a1:2a:62:bc:da:9d:e9:d0:a8:f1:c5:54:8b:7e:ad:
                    4a:bd:c9:36:0d:24:a2:d9:a6:cd:9d:69:a9:c5:fa:
                    f7:26:cf:43:9c:f0:ad:f6:23:b9:11:1b:e2:ef:00:
                    37:89:a3:ea:5d:98:e0:2f:5c:d8:77:0f:4d:6a:20:
                    94:f8:3e:b6:f7:7f:bc:5c:0a:14:d8:31:46:18:4a:
                    b7:d3:cf:11:be:9b:88:95:ba:4c:98:0f:98:23:8f:
                    9b:ed:3a:8e:d5:bd:be:11:da:fb:25:48:e3:da:35:
                    28:e9:6d:c1:15:a4:0d:d7:dc:b7:b2:91:07:8a:b7:
                    98:30:12:1a:5c:a6:38:92:ee:55:d7:ef:bf:84:a7:
                    17:54:4d:99:2b:a1:e5:be:6b:7f:5b:67:a1:f0:51:
                    7f:d0:06:0e:4f:4e:c5:ca:47:1d:61:d3:9b:05:c1:
                    f5:d2:d2:9d:32:3c:6b:c7:89:ab:11:e8:6e:d3:cf:
                    41:61:a1:93:34:5f:c5:0e:48:53:2d:17:a6:c3:cb:
                    3c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:5B:7A:AC:12:83:60:1A:BD:38:CF:C0:4D:76:BC:96:93:CE:14:8C
            X509v3 Authority Key Identifier:
                keyid:30:96:D7:AF:BB:8A:5E:31:5A:5C:48:9A:CE:A7:DC:B7:5A:A6:5D:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MJbXr7uKXjFaXEiazqfct1qmXQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/cf8f99-e581-4f5f-875f-df4e8c7364fe/1/8lt6rBKDYBq9OM_ATXa8lpPOFIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/cf8f99-e581-4f5f-875f-df4e8c7364fe/1/MJbXr7uKXjFaXEiazqfct1qmXQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.72.32.0/21
                  77.108.0.0/18
                  81.30.0.0/20
                  82.215.128.0/18
                  85.159.176.0/21
                  85.208.232.0/22
                  88.87.96.0/19
                  95.140.136.0/21
                  185.73.244.0/22
                  185.117.216.0/22
                  185.127.32.0/22
                  194.116.0.0/18
                  194.176.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:b6:ad:89:e7:d5:d7:10:b1:63:02:9e:33:49:eb:8e:73:f8:
         9f:2f:64:f9:4b:f2:04:37:5c:d5:b2:21:5d:30:fa:2a:15:30:
         f9:50:92:96:7e:27:87:90:f8:b6:d1:65:af:5a:2a:a7:36:4e:
         fb:e5:d9:45:bb:42:73:cb:c3:c0:90:83:2f:26:99:50:9b:c2:
         b9:2d:59:0c:34:52:fc:24:58:4a:33:ed:00:91:a2:f2:07:88:
         f0:e0:9e:eb:2f:7a:48:18:4d:a0:4e:c3:03:df:97:72:88:61:
         ee:e1:e8:d8:e2:51:29:78:82:0a:bc:59:ff:35:95:29:62:2c:
         39:70:cd:c5:66:a1:d4:37:81:b3:16:7a:30:50:b6:fc:4a:78:
         ed:25:48:46:21:ee:62:fa:a7:de:58:9a:b6:c9:2e:1e:9f:cc:
         d9:73:98:53:f5:f3:43:23:f9:dc:0f:0b:c3:82:96:2e:40:d8:
         7e:72:37:34:19:2e:76:a9:8d:dc:28:6c:e0:df:35:20:5f:6d:
         97:f5:e1:f6:31:61:c0:48:7c:db:a4:55:ce:9e:39:df:41:de:
         9a:5b:6c:77:cd:ff:fd:c3:9f:66:7a:d5:c8:93:07:ef:6a:6c:
         25:e2:be:69:06:97:d5:7f:0c:42:c4:58:81:17:88:ac:b2:4f:
         ad:94:f3:52
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYTNHBaxOvTB7z9mEWXx8asdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwOTZkN2FmYmI4YTVlMzE1YTVjNDg5YWNlYTdkY2I3NWFh
NjVkMDQwHhcNMjIxMjAxMDk1NDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjViN2FhYzEyODM2MDFhYmQzOGNmYzA0ZDc2YmM5NjkzY2UxNDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYSrKunckpPpGkfW1v9Z2C6HKHHb
q8vslrZcsJVk4e6aPPh2GYIwVQAnWougCLUPZfHVJ6bYUEph1dqhKmK82p3p0Kjx
xVSLfq1Kvck2DSSi2abNnWmpxfr3Js9DnPCt9iO5ERvi7wA3iaPqXZjgL1zYdw9N
aiCU+D6293+8XAoU2DFGGEq3088RvpuIlbpMmA+YI4+b7TqO1b2+Edr7JUjj2jUo
6W3BFaQN19y3spEHireYMBIaXKY4ku5V1++/hKcXVE2ZK6Hlvmt/W2eh8FF/0AYO
T07FykcdYdObBcH10tKdMjxrx4mrEehu089BYaGTNF/FDkhTLRemw8s8JwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFPJbeqwSg2AavTjPwE12vJaTzhSMMB8GA1UdIwQY
MBaAFDCW16+7il4xWlxIms6n3Ldapl0EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUpiWHI3dUtYakZhWEVpYXpxZmN0MXFtWFFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jZjhmOTktZTU4MS00ZjVmLTg3NWYt
ZGY0ZThjNzM2NGZlLzEvOGx0NnJCS0RZQnE5T01fQVRYYThscFBPRkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jZjhmOTktZTU4MS00ZjVmLTg3NWYtZGY0ZThjNzM2NGZl
LzEvTUpiWHI3dUtYakZhWEVpYXpxZmN0MXFtWFFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQDTUggAwQG
TWwAAwQEUR4AAwQGUteAAwQDVZ+wAwQCVdDoAwQFWFdgAwQDX4yIAwQCuUn0AwQC
uXXYAwQCuX8gAwQGwnQAAwQAwrB+MA0GCSqGSIb3DQEBCwUAA4IBAQAYtq2J59XX
ELFjAp4zSeuOc/ifL2T5S/IEN1zVsiFdMPoqFTD5UJKWfieHkPi20WWvWiqnNk77
5dlFu0Jzy8PAkIMvJplQm8K5LVkMNFL8JFhKM+0AkaLyB4jw4J7rL3pIGE2gTsMD
35dyiGHu4ejY4lEpeIIKvFn/NZUpYiw5cM3FZqHUN4GzFnowULb8SnjtJUhGIe5i
+qfeWJq2yS4en8zZc5hT9fNDI/ncDwvDgpYuQNh+cjc0GS52qY3cKGzg3zUgX22X
9eH2MWHASHzbpFXOnjnfQd6aW2x3zf/9w59metXIkwfvamwl4r5pBpfVfwxCxFiB
F4issk+tlPNS
-----END CERTIFICATE-----