Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/kBkXdy2mqIXfjqJWf0rDLP6rdS4.roa
File:                     kBkXdy2mqIXfjqJWf0rDLP6rdS4.roa (raw, json)
Hash identifier:          nT20bCe91Y6gNnQmj7IiGruXLTOI6EPcQBarvgMbhFs=
Subject key identifier:   90:19:17:77:2D:A6:A8:85:DF:8E:A2:56:7F:4A:C3:2C:FE:AB:75:2E
Certificate issuer:       /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial:       0183D4EEFFAFC1185744CA24243FFEB37482
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/kBkXdy2mqIXfjqJWf0rDLP6rdS4.roa
Signing time:             Fri 14 Oct 2022 05:19:36 +0000
ROA not before:           Fri 14 Oct 2022 05:19:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50611
IP address blocks:        195.253.65.0/24 maxlen: 24
                          195.253.66.0/24 maxlen: 24
                          195.253.88.0/23 maxlen: 23
                          195.253.90.0/23 maxlen: 23
                          195.253.96.0/19 maxlen: 24
                          185.119.136.0/22 maxlen: 24
                          195.253.64.0/24 maxlen: 24
                          2a01:5b0:8::/46 maxlen: 48
                          2a01:5b0:2e::/48 maxlen: 48
                          2a01:5b0:10::/45 maxlen: 48
                          2a01:5b0:12::/47 maxlen: 47
                          2a01:5b0:5::/48 maxlen: 48
                          2a01:5b0:20::/43 maxlen: 48
                          2a01:5b0:2b::/48 maxlen: 48
                          2a01:5b0:6::/48 maxlen: 48
                          2a01:5b0:4::/48 maxlen: 48
                          2a01:5b0:2a::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:d4:ee:ff:af:c1:18:57:44:ca:24:24:3f:fe:b3:74:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
        Validity
            Not Before: Oct 14 05:19:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=901917772da6a885df8ea2567f4ac32cfeab752e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c6:1c:34:76:92:5b:af:a8:f4:e4:b2:29:bc:
                    99:81:6f:e5:87:70:b4:2f:7f:c6:65:f2:cb:3b:c7:
                    69:7c:d2:43:fc:f7:78:f5:dd:6c:3a:aa:cc:0d:05:
                    0f:2b:a7:cc:26:7d:a2:fd:82:8b:fd:71:82:b3:81:
                    3c:b9:0f:c9:36:66:43:7c:99:72:b1:c4:cf:d1:06:
                    d7:6c:ef:94:37:52:21:34:8c:a0:6f:2d:4a:ca:2a:
                    00:7f:e7:3e:fc:b1:84:bc:76:85:82:6b:2d:01:97:
                    c6:5c:59:db:a4:e3:fa:55:6c:49:52:66:1c:d9:83:
                    2c:df:d4:88:5c:61:df:cc:24:ba:a9:50:5d:f3:14:
                    21:f6:87:09:31:0a:67:f9:5d:46:62:d7:3a:11:e1:
                    df:0e:18:b6:21:6f:b3:d3:e2:84:35:0f:ae:37:11:
                    72:49:1b:aa:06:54:05:da:2e:16:26:cc:df:14:84:
                    e0:aa:ec:4d:e1:b0:fc:29:c4:8d:3c:45:14:5b:70:
                    88:d2:17:22:f3:e4:0b:18:47:9c:cc:0b:e0:75:51:
                    c5:ad:d0:93:b5:ed:de:0d:17:8a:67:65:ad:73:f8:
                    05:07:f7:9c:db:d9:4a:4e:fa:76:14:b9:eb:ec:5e:
                    23:c5:7c:c2:3d:5a:e5:d5:5b:a2:57:28:73:13:22:
                    16:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:19:17:77:2D:A6:A8:85:DF:8E:A2:56:7F:4A:C3:2C:FE:AB:75:2E
            X509v3 Authority Key Identifier:
                keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/kBkXdy2mqIXfjqJWf0rDLP6rdS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.136.0/22
                  195.253.64.0-195.253.66.255
                  195.253.88.0/22
                  195.253.96.0/19
                IPv6:
                  2a01:5b0:4::-2a01:5b0:6:ffff:ffff:ffff:ffff:ffff
                  2a01:5b0:8::/46
                  2a01:5b0:10::/45
                  2a01:5b0:20::/43

    Signature Algorithm: sha256WithRSAEncryption
         7b:e9:7a:be:7d:6e:44:f6:87:95:a6:8e:a9:c5:6c:ee:e1:2b:
         b8:13:f9:25:52:c3:ce:03:37:6f:e5:e4:d7:bb:f1:29:de:95:
         43:34:5a:a3:0a:db:2b:7e:d4:05:bc:46:3d:38:21:9a:5f:b5:
         1c:b2:48:d4:49:2c:b1:47:72:5b:f5:9a:b5:64:b1:70:f3:49:
         88:39:9d:ca:e1:f3:17:18:74:5e:3b:9e:85:a6:44:ad:1c:63:
         f9:4e:0d:e8:d9:0a:c8:d9:66:1d:f1:d6:de:68:b5:a4:cc:d5:
         f2:bd:eb:77:f8:e6:6f:24:91:a7:ca:4b:bb:1f:d6:61:c7:0e:
         59:d8:07:6f:a0:ad:c4:8d:c9:36:1b:42:eb:c2:ef:23:14:5f:
         80:86:59:b6:6e:61:03:e0:8c:8e:70:a4:2c:46:f8:24:89:44:
         c7:50:5f:4b:b7:de:e8:05:e1:9e:ec:59:7f:35:46:69:7e:24:
         6f:1c:d3:bb:4d:0a:9d:37:1e:81:30:07:27:2f:ef:b6:5c:d7:
         ad:8d:03:02:a6:2f:ea:e8:e9:52:c4:8d:c7:90:4c:61:5a:0a:
         f6:00:67:27:b9:91:c1:46:28:1e:d5:1c:45:ed:78:72:da:d3:
         a4:0d:e4:46:ea:b1:88:cc:3e:33:b5:ec:99:24:10:d6:59:b8:
         b9:12:a3:5a
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYPU7v+vwRhXRMokJD/+s3SCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzFlNDI2ZjU4ZTQyYWUzMGU1NmNkYjdmZjRkOGY5ZGRk
ODViMzAwHhcNMjIxMDE0MDUxOTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDE5MTc3NzJkYTZhODg1ZGY4ZWEyNTY3ZjRhYzMyY2ZlYWI3NTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcYcNHaSW6+o9OSyKbyZgW/lh3C0
L3/GZfLLO8dpfNJD/Pd49d1sOqrMDQUPK6fMJn2i/YKL/XGCs4E8uQ/JNmZDfJly
scTP0QbXbO+UN1IhNIygby1KyioAf+c+/LGEvHaFgmstAZfGXFnbpOP6VWxJUmYc
2YMs39SIXGHfzCS6qVBd8xQh9ocJMQpn+V1GYtc6EeHfDhi2IW+z0+KENQ+uNxFy
SRuqBlQF2i4WJszfFITgquxN4bD8KcSNPEUUW3CI0hci8+QLGEeczAvgdVHFrdCT
te3eDReKZ2Wtc/gFB/ec29lKTvp2FLnr7F4jxXzCPVrl1VuiVyhzEyIWPQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFJAZF3ctpqiF346iVn9Kwyz+q3UuMB8GA1UdIwQY
MBaAFFDB5Cb1jkKuMOVs23/02Pnd2FswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMt
MDYzY2U2Y2Y0NjBkLzEva0JrWGR5Mm1xSVhmanFKV2YwckRMUDZyZFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMtMDYzY2U2Y2Y0NjBk
LzEvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzAmBAIAATAgAwQCuXeIMAwD
BAbD/UADBADD/UIDBALD/VgDBAXD/WAwNQQCAAIwLzASAwcCKgEFsAAEAwcAKgEF
sAAGAwcCKgEFsAAIAwcDKgEFsAAQAwcFKgEFsAAgMA0GCSqGSIb3DQEBCwUAA4IB
AQB76Xq+fW5E9oeVpo6pxWzu4Su4E/klUsPOAzdv5eTXu/Ep3pVDNFqjCtsrftQF
vEY9OCGaX7UcskjUSSyxR3Jb9Zq1ZLFw80mIOZ3K4fMXGHReO56FpkStHGP5Tg3o
2QrI2WYd8dbeaLWkzNXyvet3+OZvJJGnyku7H9Zhxw5Z2AdvoK3Ejck2G0Lrwu8j
FF+Ahlm2bmED4IyOcKQsRvgkiUTHUF9Lt97oBeGe7Fl/NUZpfiRvHNO7TQqdNx6B
MAcnL++2XNetjQMCpi/q6OlSxI3HkExhWgr2AGcnuZHBRige1RxF7Xhy2tOkDeRG
6rGIzD4zteyZJBDWWbi5EqNa
-----END CERTIFICATE-----