Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/r4WdYgiYYlKsWpGEdX-gw4VlB_g.roa
File:                     r4WdYgiYYlKsWpGEdX-gw4VlB_g.roa (raw, json)
Hash identifier:          UEG0Wj6PcZL2kEV9NumXzlTUW04t87qcQGbp4JShbz8=
Subject key identifier:   AF:85:9D:62:08:98:62:52:AC:5A:91:84:75:7F:A0:C3:85:65:07:F8
Certificate issuer:       /CN=5fe58e732a0f71f4f01302d62167173bd9b17cc1
Certificate serial:       018346D1A30D6ABDC17A8B28DE5D34DE3172
Authority key identifier: 5F:E5:8E:73:2A:0F:71:F4:F0:13:02:D6:21:67:17:3B:D9:B1:7C:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-WOcyoPcfTwEwLWIWcXO9mxfME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/r4WdYgiYYlKsWpGEdX-gw4VlB_g.roa
Signing time:             Fri 16 Sep 2022 15:01:27 +0000
ROA not before:           Fri 16 Sep 2022 15:01:27 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6085
IP address blocks:        57.55.0.0/16 maxlen: 16
                          57.2.0.0/16 maxlen: 16
                          57.18.0.0/16 maxlen: 16
                          57.226.0.0/16 maxlen: 16
                          57.50.0.0/16 maxlen: 16
                          57.61.0.0/16 maxlen: 16
                          57.13.0.0/16 maxlen: 16
                          57.0.0.0/16 maxlen: 16
                          57.192.0.0/16 maxlen: 16
                          57.27.0.0/16 maxlen: 16
                          57.54.0.0/16 maxlen: 16
                          57.17.0.0/16 maxlen: 16
                          57.49.0.0/16 maxlen: 16
                          57.33.0.0/16 maxlen: 16
                          57.52.0.0/16 maxlen: 16
                          57.63.0.0/16 maxlen: 16
                          57.3.0.0/16 maxlen: 16
                          57.19.0.0/16 maxlen: 16
                          57.62.0.0/16 maxlen: 16

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:46:d1:a3:0d:6a:bd:c1:7a:8b:28:de:5d:34:de:31:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe58e732a0f71f4f01302d62167173bd9b17cc1
        Validity
            Not Before: Sep 16 15:01:27 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af859d6208986252ac5a9184757fa0c3856507f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:61:0f:9e:aa:71:a2:3c:a8:62:11:cc:b5:bc:
                    dd:e4:de:92:3c:6b:fa:45:35:f0:43:c4:2d:4e:56:
                    b1:58:dd:a4:53:eb:19:52:0a:57:b2:ca:a6:9a:f3:
                    9d:08:48:a8:ad:60:72:02:d5:00:71:1d:5e:07:27:
                    1b:9c:60:6e:19:37:7e:a0:da:ee:23:e8:87:ce:dd:
                    5a:04:ce:e9:1b:37:ce:9a:ee:88:32:57:2c:1b:86:
                    b5:30:e5:43:a2:df:36:e5:d0:69:df:b7:72:28:b3:
                    ff:bd:ae:39:dc:cb:7b:b8:f5:81:f6:c2:f9:e3:49:
                    43:20:02:b6:8e:8c:0d:4f:2a:f3:e6:af:b7:2a:49:
                    dc:c9:dc:d7:12:63:4c:22:ba:42:45:18:df:32:ae:
                    ae:2d:bc:d5:9c:a4:26:24:4c:7e:30:0b:bd:aa:cb:
                    7f:ee:15:0c:ee:21:6a:b4:0a:1b:ee:01:81:1e:ff:
                    be:5a:9f:67:70:6e:1c:e0:57:53:b4:70:b4:bc:e3:
                    20:23:d3:78:77:7b:ba:05:8e:a3:48:ad:91:4c:1e:
                    2c:9b:d6:67:59:6a:ef:71:41:1a:e0:b6:81:96:7f:
                    99:9f:53:7e:02:8f:0e:d3:07:86:64:75:cb:02:b5:
                    cb:72:11:32:9b:42:fe:f1:1b:39:ad:08:a5:59:47:
                    37:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:85:9D:62:08:98:62:52:AC:5A:91:84:75:7F:A0:C3:85:65:07:F8
            X509v3 Authority Key Identifier:
                keyid:5F:E5:8E:73:2A:0F:71:F4:F0:13:02:D6:21:67:17:3B:D9:B1:7C:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-WOcyoPcfTwEwLWIWcXO9mxfME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/r4WdYgiYYlKsWpGEdX-gw4VlB_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/X-WOcyoPcfTwEwLWIWcXO9mxfME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.0.0.0/16
                  57.2.0.0/15
                  57.13.0.0/16
                  57.17.0.0-57.19.255.255
                  57.27.0.0/16
                  57.33.0.0/16
                  57.49.0.0-57.50.255.255
                  57.52.0.0/16
                  57.54.0.0/15
                  57.61.0.0-57.63.255.255
                  57.192.0.0/16
                  57.226.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         21:38:cd:2b:71:5f:34:ca:df:48:c7:03:d4:f7:9a:6f:2e:ee:
         82:e6:9d:51:7f:f2:00:43:4e:df:f3:52:21:c9:4d:d3:94:2d:
         93:c2:d2:21:d9:29:50:29:03:83:6b:d1:39:20:0d:77:ff:9b:
         a9:06:0f:b3:f8:74:56:06:99:c9:90:5a:6f:2d:d1:fd:e1:c4:
         77:87:1d:5a:89:93:a1:55:2f:71:fe:f4:d6:8f:15:9a:82:97:
         c2:77:23:74:4c:02:b3:23:de:fb:3a:c2:85:54:7c:bc:c6:67:
         5b:43:a3:ae:16:ca:91:08:22:28:43:83:af:b2:3b:92:7a:36:
         f6:5f:10:e4:e7:dd:b9:5b:50:fd:e7:24:a8:20:6b:77:9f:c4:
         9d:1b:01:6a:d2:5d:f5:1c:f6:36:41:9b:91:02:83:ae:a0:8f:
         c4:59:23:88:fc:1e:fc:5f:ad:30:93:82:cd:14:83:9f:31:a2:
         bb:ab:62:f2:1e:8c:68:a6:cb:26:f2:ad:fa:1f:74:6b:82:b9:
         f0:62:a1:99:2c:50:2d:78:3a:a8:93:81:74:a1:d7:fe:fe:de:
         d1:02:03:e7:0f:4f:3a:b0:da:80:4d:bf:75:fb:11:14:6d:df:
         57:4f:a9:39:52:58:f9:f0:a0:4a:19:e8:bf:a7:3b:e4:c6:7b:
         c4:e2:ee:bc
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYNG0aMNar3Beoso3l003jFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTU4ZTczMmEwZjcxZjRmMDEzMDJkNjIxNjcxNzNiZDli
MTdjYzEwHhcNMjIwOTE2MTUwMTI3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjg1OWQ2MjA4OTg2MjUyYWM1YTkxODQ3NTdmYTBjMzg1NjUwN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWEPnqpxojyoYhHMtbzd5N6SPGv6
RTXwQ8QtTlaxWN2kU+sZUgpXssqmmvOdCEiorWByAtUAcR1eBycbnGBuGTd+oNru
I+iHzt1aBM7pGzfOmu6IMlcsG4a1MOVDot825dBp37dyKLP/va453Mt7uPWB9sL5
40lDIAK2jowNTyrz5q+3KkncydzXEmNMIrpCRRjfMq6uLbzVnKQmJEx+MAu9qst/
7hUM7iFqtAob7gGBHv++Wp9ncG4c4FdTtHC0vOMgI9N4d3u6BY6jSK2RTB4sm9Zn
WWrvcUEa4LaBln+Zn1N+Ao8O0weGZHXLArXLchEym0L+8Rs5rQilWUc3IwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFK+FnWIImGJSrFqRhHV/oMOFZQf4MB8GA1UdIwQY
MBaAFF/ljnMqD3H08BMC1iFnFzvZsXzBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1XT2N5b1BjZlR3RXdMV0lXY1hPOW14Zk1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8wZDg0MGMtOTUyZC00NzAyLWFiYTMt
YjZlNThmOWM4MmUxLzEvcjRXZFlnaVlZbEtzV3BHRWRYLWd3NFZsQl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8wZDg0MGMtOTUyZC00NzAyLWFiYTMtYjZlNThmOWM4MmUx
LzEvWC1XT2N5b1BjZlR3RXdMV0lXY1hPOW14Zk1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBXBAIAATBRAwMAOQADAwE5
AgMDADkNMAoDAwA5EQMDAjkQAwMAORsDAwA5ITAKAwMAOTEDAwA5MgMDADk0AwMB
OTYwCgMDADk9AwMGOQADAwA5wAMDADniMA0GCSqGSIb3DQEBCwUAA4IBAQAhOM0r
cV80yt9IxwPU95pvLu6C5p1Rf/IAQ07f81IhyU3TlC2TwtIh2SlQKQODa9E5IA13
/5upBg+z+HRWBpnJkFpvLdH94cR3hx1aiZOhVS9x/vTWjxWagpfCdyN0TAKzI977
OsKFVHy8xmdbQ6OuFsqRCCIoQ4OvsjuSejb2XxDk5925W1D95ySoIGt3n8SdGwFq
0l31HPY2QZuRAoOuoI/EWSOI/B78X60wk4LNFIOfMaK7q2LyHoxopssm8q36H3Rr
grnwYqGZLFAteDqok4F0odf+/t7RAgPnD086sNqATb91+xEUbd9XT6k5Ulj58KBK
Gei/pzvkxnvE4u68
-----END CERTIFICATE-----