Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/oyxsgtvmCqSXTEa85hdC_W7am2U.roa
File:                     oyxsgtvmCqSXTEa85hdC_W7am2U.roa (raw, json)
Hash identifier:          zqE3ulFSTDxn/c7pMAUj5WwXJrBSqLYWgkfX1UEdH8g=
Subject key identifier:   A3:2C:6C:82:DB:E6:0A:A4:97:4C:46:BC:E6:17:42:FD:6E:DA:9B:65
Certificate issuer:       /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial:       0E4837A8
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/oyxsgtvmCqSXTEa85hdC_W7am2U.roa
Signing time:             Wed 04 May 2022 09:39:03 +0000
ROA not before:           Wed 04 May 2022 09:39:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8561
IP address blocks:        195.253.66.0/24 maxlen: 24
                          195.253.74.0/24 maxlen: 24
                          195.253.88.0/21 maxlen: 24
                          195.253.96.0/19 maxlen: 24
                          185.119.136.0/22 maxlen: 24
                          194.77.54.0/23 maxlen: 23
                          195.253.64.0/24 maxlen: 24
                          2a01:5b0:d::/48 maxlen: 48
                          2a01:5b0:3::/48 maxlen: 48
                          2a01:5b0:8::/46 maxlen: 48
                          2a01:5b0:20::/43 maxlen: 48
                          2a01:5b0:10::/47 maxlen: 47
                          2a01:5b0:6::/48 maxlen: 48
                          2a01:5b0:4::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 239613864 (0xe4837a8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
        Validity
            Not Before: May  4 09:39:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a32c6c82dbe60aa4974c46bce61742fd6eda9b65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:24:3b:fc:d0:93:2f:ef:76:eb:61:c9:0f:0c:
                    84:bf:d3:96:d3:61:50:d5:02:2d:d8:fc:81:57:29:
                    1b:c3:44:c1:d1:74:79:72:80:fa:8d:6a:36:44:86:
                    11:80:69:b1:ff:fe:c0:35:4b:ae:af:6e:96:68:07:
                    95:d3:0f:56:77:5f:db:d5:4d:f7:ac:61:5e:7d:04:
                    b1:9c:57:9f:ed:4f:b9:77:5b:2c:fa:2c:96:6f:36:
                    d4:33:ba:cc:e6:23:5f:73:dd:52:22:07:7b:6b:29:
                    65:16:5b:e7:85:28:3f:61:58:14:ff:bb:d8:55:f3:
                    a1:78:c9:69:b7:b9:57:75:89:72:07:c8:4f:3f:68:
                    dd:18:52:4c:92:2e:f5:b4:7a:69:2a:b4:c7:ef:72:
                    b8:62:a6:b7:9b:c3:4c:01:82:f9:5a:03:e0:4c:98:
                    3a:b7:28:e7:3b:df:61:08:98:f6:b9:f8:7d:be:2d:
                    20:4b:4a:92:f5:8a:30:29:72:0f:ce:68:c3:d4:f9:
                    ba:61:23:8a:d3:51:6c:5c:ea:aa:dc:f2:ac:3a:bb:
                    8e:24:ed:17:27:84:a7:a3:35:54:e1:35:9d:e0:f3:
                    fd:17:94:36:e0:58:a0:e4:b9:d3:67:f9:fe:d3:f6:
                    58:13:e2:85:9c:f5:15:a6:15:7b:35:0b:24:c8:fc:
                    f1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:2C:6C:82:DB:E6:0A:A4:97:4C:46:BC:E6:17:42:FD:6E:DA:9B:65
            X509v3 Authority Key Identifier:
                keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/oyxsgtvmCqSXTEa85hdC_W7am2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.136.0/22
                  194.77.54.0/23
                  195.253.64.0/24
                  195.253.66.0/24
                  195.253.74.0/24
                  195.253.88.0-195.253.127.255
                IPv6:
                  2a01:5b0:3::-2a01:5b0:4:ffff:ffff:ffff:ffff:ffff
                  2a01:5b0:6::/48
                  2a01:5b0:8::/46
                  2a01:5b0:d::/48
                  2a01:5b0:10::/47
                  2a01:5b0:20::/43

    Signature Algorithm: sha256WithRSAEncryption
         64:e0:fb:5f:26:b9:81:0a:ae:88:2a:20:7f:7e:5a:09:a6:5a:
         71:95:6d:01:87:45:24:5a:37:83:f8:3d:3b:b6:52:99:4f:23:
         f9:9b:c2:16:69:87:13:2a:c4:c0:ae:7b:93:6e:e6:17:d9:ba:
         ab:d7:00:9a:18:54:0b:ac:c8:9b:90:e5:a7:a5:e0:83:c8:52:
         3c:b8:e2:54:d2:9d:39:71:1a:6e:08:83:cc:a9:19:eb:50:31:
         38:8c:ae:28:9b:6e:81:db:4b:40:18:36:74:26:df:9b:03:44:
         c5:82:24:74:57:79:65:6b:02:06:f6:15:77:50:5a:ec:56:fa:
         6c:47:c9:b5:1b:72:74:69:7b:dd:10:63:cb:ed:68:64:d8:05:
         c0:26:ff:fa:33:56:e5:92:f7:c1:8e:09:f8:9a:77:ac:dc:88:
         65:65:0b:fb:a1:e3:c5:12:39:d9:87:06:b5:cd:78:39:11:eb:
         05:d4:cf:e3:56:53:8d:63:27:bd:7a:99:d3:7b:90:68:7c:b0:
         6d:8b:94:84:f5:00:5c:99:b8:5a:3a:30:72:44:bf:b9:f3:c2:
         37:4c:d5:62:c8:a7:a3:8c:eb:22:91:d4:ed:e8:52:07:17:9a:
         de:76:19:30:0b:ff:c2:ec:c0:76:8a:aa:28:33:31:91:8c:5e:
         cb:5b:32:90
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIEDkg3qDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
MGMxZTQyNmY1OGU0MmFlMzBlNTZjZGI3ZmY0ZDhmOWRkZDg1YjMwMB4XDTIyMDUw
NDA5MzkwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTMyYzZjODJkYmU2
MGFhNDk3NGM0NmJjZTYxNzQyZmQ2ZWRhOWI2NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ8kO/zQky/vduthyQ8MhL/TltNhUNUCLdj8gVcpG8NEwdF0
eXKA+o1qNkSGEYBpsf/+wDVLrq9ulmgHldMPVndf29VN96xhXn0EsZxXn+1PuXdb
LPoslm821DO6zOYjX3PdUiIHe2spZRZb54UoP2FYFP+72FXzoXjJabe5V3WJcgfI
Tz9o3RhSTJIu9bR6aSq0x+9yuGKmt5vDTAGC+VoD4EyYOrco5zvfYQiY9rn4fb4t
IEtKkvWKMClyD85ow9T5umEjitNRbFzqqtzyrDq7jiTtFyeEp6M1VOE1neDz/ReU
NuBYoOS502f5/tP2WBPihZz1FaYVezULJMj88TUCAwEAAaOCAnkwggJ1MB0GA1Ud
DgQWBBSjLGyC2+YKpJdMRrzmF0L9btqbZTAfBgNVHSMEGDAWgBRQweQm9Y5CrjDl
bNt/9Nj53dhbMDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1VNSGtKdldPUXE0dzVXemJmX1RZLWQzWVd6QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2IvOWM2ZGFkLTM3N2EtNDQ0ZS1iMGRjLTA2M2NlNmNmNDYwZC8x
L295eHNndHZtQ3FTWFRFYTg1aGRDX1c3YW0yVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Iv
OWM2ZGFkLTM3N2EtNDQ0ZS1iMGRjLTA2M2NlNmNmNDYwZC8xL1VNSGtKdldPUXE0
dzVXemJmX1RZLWQzWVd6QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
jgYIKwYBBQUHAQcBAf8EfzB9MDIEAgABMCwDBAK5d4gDBAHCTTYDBADD/UADBADD
/UIDBADD/UowDAMEA8P9WAMEB8P9ADBHBAIAAjBBMBIDBwAqAQWwAAMDBwAqAQWw
AAQDBwAqAQWwAAYDBwIqAQWwAAgDBwAqAQWwAA0DBwEqAQWwABADBwUqAQWwACAw
DQYJKoZIhvcNAQELBQADggEBAGTg+18muYEKrogqIH9+WgmmWnGVbQGHRSRaN4P4
PTu2UplPI/mbwhZphxMqxMCue5Nu5hfZuqvXAJoYVAusyJuQ5ael4IPIUjy44lTS
nTlxGm4Ig8ypGetQMTiMriibboHbS0AYNnQm35sDRMWCJHRXeWVrAgb2FXdQWuxW
+mxHybUbcnRpe90QY8vtaGTYBcAm//ozVuWS98GOCfiad6zciGVlC/uh48USOdmH
BrXNeDkR6wXUz+NWU41jJ716mdN7kGh8sG2LlIT1AFyZuFo6MHJEv7nzwjdM1WLI
p6OM6yKR1O3oUgcXmt52GTAL/8LswHaKqigzMZGMXstbMpA=
-----END CERTIFICATE-----