Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/W7147l-8HCnmy4mcm4APMqffx5c.roa
File:                     W7147l-8HCnmy4mcm4APMqffx5c.roa (raw, json)
Hash identifier:          vx/7yilaG7UBmS7Q2ys5EU3jjmSx62iA1hXmBXq8E/w=
Subject key identifier:   5B:BD:78:EE:5F:BC:1C:29:E6:CB:89:9C:9B:80:0F:32:A7:DF:C7:97
Certificate issuer:       /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial:       0DF5B6D8
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/W7147l-8HCnmy4mcm4APMqffx5c.roa
Signing time:             Wed 30 Mar 2022 11:41:24 +0000
ROA not before:           Wed 30 Mar 2022 11:41:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50611
IP address blocks:        195.253.65.0/24 maxlen: 24
                          195.253.66.0/24 maxlen: 24
                          195.253.88.0/23 maxlen: 24
                          195.253.96.0/19 maxlen: 24
                          185.119.138.0/23 maxlen: 23
                          195.253.64.0/24 maxlen: 24
                          2a01:5b0:2e::/48 maxlen: 48
                          2a01:5b0:5::/48 maxlen: 48
                          2a01:5b0:20::/43 maxlen: 48
                          2a01:5b0:10::/47 maxlen: 48
                          2a01:5b0:2b::/48 maxlen: 48
                          2a01:5b0:6::/48 maxlen: 48
                          2a01:5b0:9::/48 maxlen: 48
                          2a01:5b0:4::/48 maxlen: 48
                          2a01:5b0:2a::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 234206936 (0xdf5b6d8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
        Validity
            Not Before: Mar 30 11:41:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5bbd78ee5fbc1c29e6cb899c9b800f32a7dfc797
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:48:77:b2:cc:83:80:6c:3d:d8:17:05:c9:53:
                    11:72:b0:33:8c:ba:69:e5:7e:7b:73:20:d0:5f:75:
                    87:82:b5:a0:5f:a4:d3:cf:58:2c:96:63:bc:a2:3c:
                    09:7c:22:48:80:3e:22:e5:4f:82:44:6b:2e:02:bc:
                    fd:57:c8:d8:9e:17:fa:71:01:dc:59:fc:ba:5f:73:
                    57:a5:26:e5:cb:ac:e7:4e:d2:72:4f:a5:2f:9b:d0:
                    5e:2c:60:49:19:44:3f:ca:b1:80:3c:04:06:fb:38:
                    ec:e2:d7:72:5b:31:88:74:53:4a:e3:62:36:8a:58:
                    c4:27:ef:d1:16:eb:e9:75:48:d0:e4:55:42:62:c9:
                    86:42:9f:49:99:67:5b:9f:9b:57:a3:e2:3b:dd:86:
                    9f:9b:eb:c9:c7:d5:3e:8c:a9:96:87:8d:26:df:72:
                    94:0a:21:fe:e5:6b:08:d3:d9:10:8e:10:e9:34:7a:
                    e2:e8:62:51:fc:36:d0:4d:ea:3b:c8:86:74:de:13:
                    2d:af:2c:b8:7f:39:77:12:c7:2f:2c:0d:62:7e:47:
                    18:d7:c3:c5:b1:a4:37:a4:41:a0:e5:39:74:d2:58:
                    ed:79:7a:bc:68:1d:29:3f:30:6e:fd:eb:fc:26:c4:
                    9d:65:94:e7:43:dd:59:14:22:22:30:9a:8d:de:9a:
                    bf:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:BD:78:EE:5F:BC:1C:29:E6:CB:89:9C:9B:80:0F:32:A7:DF:C7:97
            X509v3 Authority Key Identifier:
                keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/W7147l-8HCnmy4mcm4APMqffx5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.138.0/23
                  195.253.64.0-195.253.66.255
                  195.253.88.0/23
                  195.253.96.0/19
                IPv6:
                  2a01:5b0:4::-2a01:5b0:6:ffff:ffff:ffff:ffff:ffff
                  2a01:5b0:9::/48
                  2a01:5b0:10::/47
                  2a01:5b0:20::/43

    Signature Algorithm: sha256WithRSAEncryption
         8c:dc:73:e2:36:80:58:14:f6:1c:c7:84:c5:38:62:91:7e:17:
         3e:14:58:e7:29:f4:b4:fe:50:f8:2a:ed:39:74:40:7c:be:31:
         24:10:1b:94:4d:51:09:c4:1b:72:64:fa:e7:d1:0d:c9:90:8e:
         4f:92:a3:48:f3:98:4a:12:32:0f:43:1b:24:45:4e:e9:4c:73:
         de:28:bc:0e:84:55:e6:08:95:d9:5c:d7:32:d9:ad:95:f2:0a:
         dc:de:4c:58:0d:e9:7f:4a:95:ae:10:5f:76:eb:7b:68:2e:9c:
         b4:cb:7f:43:ed:1d:59:6f:c7:7f:71:19:ef:20:94:07:8c:0e:
         39:0d:40:04:5e:b0:60:51:03:bc:29:24:66:7e:cf:f5:35:4b:
         3c:f2:56:b9:f1:65:31:a1:ec:3b:9f:42:ad:3d:4e:47:b4:6e:
         76:b1:8f:31:72:9e:b4:f1:63:65:8e:7c:e2:46:ad:c9:df:41:
         aa:74:81:72:c8:68:e6:00:2c:b4:aa:f6:5e:43:c6:92:c7:43:
         e7:28:e5:b6:2c:41:7e:81:ff:ad:ce:b9:b3:84:16:cb:c9:78:
         e0:7e:5a:92:c2:11:8a:71:f3:ee:b9:0b:6c:93:ed:3e:f1:1c:
         de:05:14:a7:e8:f0:68:f1:80:85:6d:61:eb:ae:7c:85:ae:63:
         3d:ad:c9:af
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIEDfW22DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
MGMxZTQyNmY1OGU0MmFlMzBlNTZjZGI3ZmY0ZDhmOWRkZDg1YjMwMB4XDTIyMDMz
MDExNDEyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWJiZDc4ZWU1ZmJj
MWMyOWU2Y2I4OTljOWI4MDBmMzJhN2RmYzc5NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKBId7LMg4BsPdgXBclTEXKwM4y6aeV+e3Mg0F91h4K1oF+k
089YLJZjvKI8CXwiSIA+IuVPgkRrLgK8/VfI2J4X+nEB3Fn8ul9zV6Um5cus507S
ck+lL5vQXixgSRlEP8qxgDwEBvs47OLXclsxiHRTSuNiNopYxCfv0Rbr6XVI0ORV
QmLJhkKfSZlnW5+bV6PiO92Gn5vrycfVPoyploeNJt9ylAoh/uVrCNPZEI4Q6TR6
4uhiUfw20E3qO8iGdN4TLa8suH85dxLHLywNYn5HGNfDxbGkN6RBoOU5dNJY7Xl6
vGgdKT8wbv3r/CbEnWWU50PdWRQiIjCajd6av30CAwEAAaOCAlowggJWMB0GA1Ud
DgQWBBRbvXjuX7wcKebLiZybgA8yp9/HlzAfBgNVHSMEGDAWgBRQweQm9Y5CrjDl
bNt/9Nj53dhbMDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1VNSGtKdldPUXE0dzVXemJmX1RZLWQzWVd6QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2IvOWM2ZGFkLTM3N2EtNDQ0ZS1iMGRjLTA2M2NlNmNmNDYwZC8x
L1c3MTQ3bC04SENubXk0bWNtNEFQTXFmZng1Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Iv
OWM2ZGFkLTM3N2EtNDQ0ZS1iMGRjLTA2M2NlNmNmNDYwZC8xL1VNSGtKdldPUXE0
dzVXemJmX1RZLWQzWVd6QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBw
BggrBgEFBQcBBwEB/wRhMF8wJgQCAAEwIAMEAbl3ijAMAwQGw/1AAwQAw/1CAwQB
w/1YAwQFw/1gMDUEAgACMC8wEgMHAioBBbAABAMHACoBBbAABgMHACoBBbAACQMH
ASoBBbAAEAMHBSoBBbAAIDANBgkqhkiG9w0BAQsFAAOCAQEAjNxz4jaAWBT2HMeE
xThikX4XPhRY5yn0tP5Q+CrtOXRAfL4xJBAblE1RCcQbcmT659ENyZCOT5KjSPOY
ShIyD0MbJEVO6Uxz3ii8DoRV5giV2VzXMtmtlfIK3N5MWA3pf0qVrhBfdut7aC6c
tMt/Q+0dWW/Hf3EZ7yCUB4wOOQ1ABF6wYFEDvCkkZn7P9TVLPPJWufFlMaHsO59C
rT1OR7RudrGPMXKetPFjZY584katyd9BqnSBcsho5gAstKr2XkPGksdD5yjltixB
foH/rc65s4QWy8l44H5aksIRinHz7rkLbJPtPvEc3gUUp+jwaPGAhW1h6658ha5j
Pa3Jrw==
-----END CERTIFICATE-----