Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/olHqtz_sZKCrn2dizoSzAtGWRHs.roa
File:                     olHqtz_sZKCrn2dizoSzAtGWRHs.roa (raw, json)
Hash identifier:          wJrzgy3Q9EkO7LYVJTUDEoXKTFLRaLMHGqBckAsH+o0=
Subject key identifier:   A2:51:EA:B7:3F:EC:64:A0:AB:9F:67:62:CE:84:B3:02:D1:96:44:7B
Certificate issuer:       /CN=925cecefe522817405d26fc92bb5104ac90cfdc5
Certificate serial:       0182B1421CBB610E8405E24976C39C753E79
Authority key identifier: 92:5C:EC:EF:E5:22:81:74:05:D2:6F:C9:2B:B5:10:4A:C9:0C:FD:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/olHqtz_sZKCrn2dizoSzAtGWRHs.roa
Signing time:             Thu 18 Aug 2022 14:01:16 +0000
ROA not before:           Thu 18 Aug 2022 14:01:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49601
IP address blocks:        185.189.124.0/22 maxlen: 22
                          185.189.125.0/24 maxlen: 24
                          185.189.124.0/24 maxlen: 24
                          185.189.126.0/24 maxlen: 24
                          185.189.127.0/24 maxlen: 24
                          91.229.56.0/24 maxlen: 24
                          91.229.182.0/24 maxlen: 24
                          91.229.210.0/24 maxlen: 24
                          185.226.62.0/24 maxlen: 24
                          185.226.60.0/22 maxlen: 22
                          185.226.63.0/24 maxlen: 24
                          185.226.60.0/24 maxlen: 24
                          185.226.61.0/24 maxlen: 24
                          185.252.96.0/24 maxlen: 24
                          185.252.97.0/24 maxlen: 24
                          185.252.98.0/24 maxlen: 24
                          185.252.96.0/22 maxlen: 22
                          185.252.99.0/24 maxlen: 24
                          2a0c:3e00::/29 maxlen: 29
                          2a0b:e680::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:b1:42:1c:bb:61:0e:84:05:e2:49:76:c3:9c:75:3e:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=925cecefe522817405d26fc92bb5104ac90cfdc5
        Validity
            Not Before: Aug 18 14:01:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a251eab73fec64a0ab9f6762ce84b302d196447b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:76:62:d4:85:4e:27:93:43:5b:47:3e:ec:37:
                    0d:67:98:9b:b8:74:22:62:7a:09:bb:d7:ee:07:9d:
                    17:10:bf:8d:79:7a:f0:99:5f:14:41:0d:c6:b5:e3:
                    0d:f2:f5:1d:af:a1:4a:4b:26:36:c1:d5:b8:00:0a:
                    8a:a9:dc:65:a4:89:1d:54:35:01:e5:df:b7:79:10:
                    27:68:33:9c:7c:a0:99:32:df:8c:aa:66:c5:96:76:
                    49:29:d1:94:59:3a:b7:1c:5c:af:8b:6b:9f:6d:48:
                    8b:30:af:44:eb:3b:92:15:25:5d:26:3b:02:ab:2b:
                    b7:09:88:d3:91:b1:38:99:bf:c5:64:2e:22:b8:d2:
                    bd:a2:7d:97:8f:35:26:5a:81:b2:47:1f:77:8a:83:
                    c8:4e:f1:f8:f6:14:65:9f:f3:85:d8:e9:99:98:80:
                    ba:c9:ec:9d:73:ab:11:f3:90:6b:ff:ab:a4:21:e2:
                    ce:16:81:2d:6c:48:e0:ab:79:dc:2b:07:60:72:a5:
                    1e:ad:ef:d6:5c:65:36:0d:75:48:72:0d:21:a3:0e:
                    ac:61:98:f4:f5:df:2c:56:e0:6a:1e:70:bc:a2:73:
                    c5:d8:0f:78:b8:51:6c:72:6f:20:46:18:f7:50:79:
                    08:9d:a4:b7:7e:75:ca:23:48:50:5e:c9:95:3f:ad:
                    62:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:51:EA:B7:3F:EC:64:A0:AB:9F:67:62:CE:84:B3:02:D1:96:44:7B
            X509v3 Authority Key Identifier:
                keyid:92:5C:EC:EF:E5:22:81:74:05:D2:6F:C9:2B:B5:10:4A:C9:0C:FD:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/olHqtz_sZKCrn2dizoSzAtGWRHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/klzs7-UigXQF0m_JK7UQSskM_cU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.56.0/24
                  91.229.182.0/24
                  91.229.210.0/24
                  185.189.124.0/22
                  185.226.60.0/22
                  185.252.96.0/22
                IPv6:
                  2a0b:e680::/29
                  2a0c:3e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:f0:30:99:0a:12:03:83:77:c3:67:55:b1:c5:b7:9c:46:ca:
         10:b3:dc:16:d1:6b:1e:05:e9:0f:52:60:07:d7:36:33:62:28:
         11:e4:0e:83:d4:2b:1b:6b:15:12:c1:ee:89:3a:4e:32:c9:75:
         e3:83:3b:6e:4a:60:44:d5:fb:0e:90:9f:ff:08:96:74:c0:fc:
         c6:79:ac:b7:d1:fe:7b:ba:01:bd:2f:c9:09:c4:9d:15:df:68:
         6d:dd:52:6a:52:51:06:ac:e2:f2:23:13:7d:7d:b9:8f:58:62:
         e5:cc:fb:fe:61:d8:05:e0:c9:dc:f7:d5:45:7a:01:c5:fa:54:
         d3:05:36:71:60:4b:ad:a9:4d:e8:e4:c2:cb:38:49:2d:13:3f:
         8b:60:07:fa:0a:e9:7b:9e:72:b6:73:fe:2f:96:3a:b2:a3:08:
         41:31:e6:b6:46:c8:fa:15:24:33:de:17:42:12:24:a6:f9:40:
         c9:2f:61:2f:b2:a9:79:6b:1a:4e:9f:82:c8:a5:70:cb:ce:7c:
         e6:6c:44:11:80:d3:14:6b:04:b0:14:12:d6:4b:59:53:cb:fc:
         c8:75:be:15:4d:a7:f7:8b:5c:3f:50:8b:e8:7b:80:ff:17:c1:
         a1:81:db:08:b6:cd:3e:3d:07:1b:77:05:04:22:14:c1:81:55:
         37:5e:ad:72
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYKxQhy7YQ6EBeJJdsOcdT55MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNWNlY2VmZTUyMjgxNzQwNWQyNmZjOTJiYjUxMDRhYzkw
Y2ZkYzUwHhcNMjIwODE4MTQwMTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjUxZWFiNzNmZWM2NGEwYWI5ZjY3NjJjZTg0YjMwMmQxOTY0NDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXZi1IVOJ5NDW0c+7DcNZ5ibuHQi
YnoJu9fuB50XEL+NeXrwmV8UQQ3GteMN8vUdr6FKSyY2wdW4AAqKqdxlpIkdVDUB
5d+3eRAnaDOcfKCZMt+MqmbFlnZJKdGUWTq3HFyvi2ufbUiLMK9E6zuSFSVdJjsC
qyu3CYjTkbE4mb/FZC4iuNK9on2XjzUmWoGyRx93ioPITvH49hRln/OF2OmZmIC6
yeydc6sR85Br/6ukIeLOFoEtbEjgq3ncKwdgcqUere/WXGU2DXVIcg0how6sYZj0
9d8sVuBqHnC8onPF2A94uFFscm8gRhj3UHkInaS3fnXKI0hQXsmVP61iDwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFKJR6rc/7GSgq59nYs6EswLRlkR7MB8GA1UdIwQY
MBaAFJJc7O/lIoF0BdJvySu1EErJDP3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2x6czctVWlnWFFGMG1fSks3VVFTc2tNX2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mMDc2N2MtYjAxOS00NjNjLWEwYjEt
OGQ0YmZkMGFhY2U4LzEvb2xIcXR6X3NaS0NybjJkaXpvU3pBdEdXUkhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mMDc2N2MtYjAxOS00NjNjLWEwYjEtOGQ0YmZkMGFhY2U4
LzEva2x6czctVWlnWFFGMG1fSks3VVFTc2tNX2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQAW+U4AwQA
W+W2AwQAW+XSAwQCub18AwQCueI8AwQCufxgMBQEAgACMA4DBQMqC+aAAwUDKgw+
ADANBgkqhkiG9w0BAQsFAAOCAQEAqvAwmQoSA4N3w2dVscW3nEbKELPcFtFrHgXp
D1JgB9c2M2IoEeQOg9QrG2sVEsHuiTpOMsl144M7bkpgRNX7DpCf/wiWdMD8xnms
t9H+e7oBvS/JCcSdFd9obd1SalJRBqzi8iMTfX25j1hi5cz7/mHYBeDJ3PfVRXoB
xfpU0wU2cWBLralN6OTCyzhJLRM/i2AH+grpe55ytnP+L5Y6sqMIQTHmtkbI+hUk
M94XQhIkpvlAyS9hL7KpeWsaTp+CyKVwy8585mxEEYDTFGsEsBQS1ktZU8v8yHW+
FU2n94tcP1CL6HuA/xfBoYHbCLbNPj0HG3cFBCIUwYFVN16tcg==
-----END CERTIFICATE-----