Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/hyI2s-lDr7bvKRZmtKfPSCih-qo.roa
File:                     hyI2s-lDr7bvKRZmtKfPSCih-qo.roa (raw, json)
Hash identifier:          06IKcCjVLMCq073PFPTxGusWnqyWeoTx+N4Ch5ygNqI=
Subject key identifier:   87:22:36:B3:E9:43:AF:B6:EF:29:16:66:B4:A7:CF:48:28:A1:FA:AA
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       01841424E1CE1C0B40E03883810FE6443DDE
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/hyI2s-lDr7bvKRZmtKfPSCih-qo.roa
Signing time:             Wed 26 Oct 2022 11:54:32 +0000
ROA not before:           Wed 26 Oct 2022 11:54:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207710
IP address blocks:        185.95.102.0/23 maxlen: 24
                          185.95.101.0/24 maxlen: 24
                          185.96.80.0/24 maxlen: 24
                          185.81.174.0/24 maxlen: 24
                          185.81.184.0/24 maxlen: 24
                          185.81.187.0/24 maxlen: 24
                          185.96.38.0/24 maxlen: 24
                          185.89.104.0/23 maxlen: 24
                          185.89.108.0/22 maxlen: 24
                          185.97.1.0/24 maxlen: 24
                          185.97.3.0/24 maxlen: 24
                          185.81.172.0/23 maxlen: 24
                          185.88.38.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:14:24:e1:ce:1c:0b:40:e0:38:83:81:0f:e6:44:3d:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Oct 26 11:54:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=872236b3e943afb6ef291666b4a7cf4828a1faaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:55:75:d6:c7:f4:42:67:6c:73:ab:85:ca:dd:
                    14:ba:e2:0e:b1:d6:61:b0:f2:d4:f0:91:da:a6:80:
                    2c:82:1f:bc:6c:5d:61:e2:78:39:5c:df:8d:04:ad:
                    80:41:60:30:68:7d:cb:4b:c9:fa:2b:8b:e1:88:29:
                    37:3c:c5:ae:3e:02:57:c9:68:9f:e7:2a:73:09:7f:
                    10:60:55:9d:32:c7:38:b2:45:3f:6c:25:62:36:d0:
                    13:a2:6a:67:88:56:fb:84:97:9c:7c:5b:be:20:7d:
                    26:cf:a9:90:f5:6e:c9:89:b8:7d:28:e4:36:23:00:
                    bf:5c:95:b9:01:e6:ba:c3:2b:6e:59:df:6d:47:20:
                    04:c6:20:2b:fc:f7:bf:7a:3e:6f:00:a6:a6:14:90:
                    2f:dd:f1:16:e9:b6:fe:8c:41:ba:ee:66:26:de:c8:
                    42:37:6e:3f:a1:9a:02:f4:af:f8:07:66:a9:ca:d4:
                    f1:4d:ea:ad:e1:38:01:3b:aa:b5:80:15:65:f0:1a:
                    53:28:84:5b:a9:82:eb:33:78:4d:2c:11:05:4d:83:
                    e1:b4:ed:4c:6b:91:63:8a:97:61:9c:46:e2:27:79:
                    60:1f:c1:03:de:e0:fd:73:d5:bf:4d:c9:c9:2a:13:
                    64:1a:bf:ef:b9:ad:64:c6:e8:c7:53:9f:f7:69:5d:
                    ee:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:22:36:B3:E9:43:AF:B6:EF:29:16:66:B4:A7:CF:48:28:A1:FA:AA
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/hyI2s-lDr7bvKRZmtKfPSCih-qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.172.0-185.81.174.255
                  185.81.184.0/24
                  185.81.187.0/24
                  185.88.38.0/24
                  185.89.104.0/23
                  185.89.108.0/22
                  185.95.101.0-185.95.103.255
                  185.96.38.0/24
                  185.96.80.0/24
                  185.97.1.0/24
                  185.97.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:6c:f1:e5:aa:fb:74:98:82:4c:75:62:ea:76:86:b5:a6:0a:
         32:bc:f7:d2:46:8f:23:c6:49:be:7a:bf:58:2b:3e:19:89:e2:
         dc:46:8e:c3:0b:c8:df:21:fe:5c:e7:f1:da:b9:1f:26:69:d7:
         27:43:5f:db:44:f2:6b:d4:43:b0:fa:15:0b:91:34:c4:2a:fb:
         fb:6b:14:17:28:ee:02:7f:17:3e:15:91:de:e6:aa:21:e0:99:
         d0:a2:01:f7:c6:e1:6d:43:ef:c5:95:00:d4:3d:74:36:3e:58:
         1e:72:fd:c8:c4:5c:93:2e:b7:e4:f9:b9:98:84:6b:99:8d:cd:
         77:bf:24:18:a8:87:53:bc:f1:1a:6c:c3:3c:f5:70:2c:5d:0f:
         a7:9a:d9:b9:63:a9:95:65:07:98:d1:db:73:a6:5d:d1:78:fb:
         c3:48:e4:24:2d:cf:36:b0:bc:45:4d:a3:c6:af:71:0c:15:b7:
         b9:c7:6a:f2:16:b9:0b:3b:39:59:12:59:a7:07:32:66:84:9e:
         1a:5a:b3:d8:33:58:b8:16:4e:47:ca:db:aa:23:b6:3b:d7:6a:
         df:6d:ff:99:37:e7:b1:ce:cb:67:f1:6e:55:c8:65:64:c2:bc:
         98:2b:88:e8:fc:5e:1e:bd:2b:7a:e0:8f:d5:ee:0f:4d:43:e3:
         be:91:1c:e9
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYQUJOHOHAtA4DiDgQ/mRD3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjIxMDI2MTE1NDMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzIyMzZiM2U5NDNhZmI2ZWYyOTE2NjZiNGE3Y2Y0ODI4YTFmYWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVV11sf0Qmdsc6uFyt0UuuIOsdZh
sPLU8JHapoAsgh+8bF1h4ng5XN+NBK2AQWAwaH3LS8n6K4vhiCk3PMWuPgJXyWif
5ypzCX8QYFWdMsc4skU/bCViNtATompniFb7hJecfFu+IH0mz6mQ9W7Jibh9KOQ2
IwC/XJW5Aea6wytuWd9tRyAExiAr/Pe/ej5vAKamFJAv3fEW6bb+jEG67mYm3shC
N24/oZoC9K/4B2apytTxTeqt4TgBO6q1gBVl8BpTKIRbqYLrM3hNLBEFTYPhtO1M
a5FjipdhnEbiJ3lgH8ED3uD9c9W/TcnJKhNkGr/vua1kxujHU5/3aV3uRQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFIciNrPpQ6+27ykWZrSnz0goofqqMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvaHlJMnMtbERyN2J2S1JabXRLZlBTQ2loLXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSMAwDBAK5UawD
BAC5Ua4DBAC5UbgDBAC5UbsDBAC5WCYDBAG5WWgDBAK5WWwwDAMEALlfZQMEA7lf
YAMEALlgJgMEALlgUAMEALlhAQMEALlhAzANBgkqhkiG9w0BAQsFAAOCAQEABmzx
5ar7dJiCTHVi6naGtaYKMrz30kaPI8ZJvnq/WCs+GYni3EaOwwvI3yH+XOfx2rkf
JmnXJ0Nf20Tya9RDsPoVC5E0xCr7+2sUFyjuAn8XPhWR3uaqIeCZ0KIB98bhbUPv
xZUA1D10Nj5YHnL9yMRcky635Pm5mIRrmY3Nd78kGKiHU7zxGmzDPPVwLF0Pp5rZ
uWOplWUHmNHbc6Zd0Xj7w0jkJC3PNrC8RU2jxq9xDBW3ucdq8ha5Czs5WRJZpwcy
ZoSeGlqz2DNYuBZOR8rbqiO2O9dq323/mTfnsc7LZ/FuVchlZMK8mCuI6PxeHr0r
euCP1e4PTUPjvpEc6Q==
-----END CERTIFICATE-----