Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/Uq6JjdAMuG4y8KsdL-bOMh_p1vc.roa
File:                     Uq6JjdAMuG4y8KsdL-bOMh_p1vc.roa (raw, json)
Hash identifier:          MVydu4MrczPxQTi2nV/ePssJZOwa5gsZ79O6FGObdOc=
Subject key identifier:   52:AE:89:8D:D0:0C:B8:6E:32:F0:AB:1D:2F:E6:CE:32:1F:E9:D6:F7
Certificate issuer:       /CN=0a41a925f8d6684c86107d2756b4aa93881f02ae
Certificate serial:       07D2477B
Authority key identifier: 0A:41:A9:25:F8:D6:68:4C:86:10:7D:27:56:B4:AA:93:88:1F:02:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/Uq6JjdAMuG4y8KsdL-bOMh_p1vc.roa
Signing time:             Tue 01 Mar 2022 07:44:14 +0000
ROA not before:           Tue 01 Mar 2022 07:44:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12601
IP address blocks:        185.113.40.0/22 maxlen: 22
                          80.94.176.0/22 maxlen: 22
                          80.94.185.0/24 maxlen: 24
                          80.94.182.0/23 maxlen: 23
                          80.94.184.0/24 maxlen: 24
                          185.211.140.0/22 maxlen: 22
                          185.194.80.0/22 maxlen: 22
                          213.159.9.0/24 maxlen: 24
                          80.94.188.0/23 maxlen: 23
                          194.5.134.0/24 maxlen: 24
                          64.126.200.0/22 maxlen: 22
                          64.126.208.0/24 maxlen: 24
                          64.126.212.0/22 maxlen: 22
                          64.126.212.0/24 maxlen: 24
                          194.126.236.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 131221371 (0x7d2477b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a41a925f8d6684c86107d2756b4aa93881f02ae
        Validity
            Not Before: Mar  1 07:44:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=52ae898dd00cb86e32f0ab1d2fe6ce321fe9d6f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:43:9e:0b:76:6c:25:d5:84:6c:8b:bd:fc:24:
                    7e:90:4d:f0:e2:9c:7e:14:bc:c6:4a:61:81:cf:48:
                    ce:83:44:74:2c:81:70:df:71:21:0d:91:ab:6d:f9:
                    8a:ad:2b:aa:05:2e:fb:54:c0:bd:de:7b:fe:59:81:
                    ee:a8:bb:c0:fe:25:6e:31:1d:31:92:f0:7b:2d:26:
                    d6:e7:bc:6b:43:f7:c3:3e:fb:dd:ce:47:7c:a2:aa:
                    31:b9:5a:2f:69:b7:27:d8:49:0a:07:0d:32:45:e2:
                    5b:c6:36:83:7b:c3:bc:d0:20:5e:0e:5c:9c:07:ec:
                    66:d5:bc:f1:8f:21:2c:9c:c0:d8:31:fd:01:90:3d:
                    c7:69:c6:5d:13:fd:79:c0:a1:77:61:91:78:e7:c7:
                    72:04:fc:8c:7b:cc:2e:49:10:c2:a9:7a:4c:fd:5d:
                    a8:8e:6b:53:3d:c6:0e:8a:ef:53:1d:67:79:81:5d:
                    0a:f6:26:64:4c:be:3e:9f:d2:ce:b3:c2:8d:62:1c:
                    e3:b8:3a:96:a6:21:57:b2:b1:1c:71:d8:ac:69:02:
                    db:29:1b:1f:c0:5a:1c:04:02:d4:e8:4a:91:13:ba:
                    62:40:4c:a8:72:fc:6a:b9:73:7e:c0:d8:e3:72:83:
                    3d:16:ee:83:b4:c1:e3:7f:9b:c1:59:9d:b0:cc:c5:
                    8d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:AE:89:8D:D0:0C:B8:6E:32:F0:AB:1D:2F:E6:CE:32:1F:E9:D6:F7
            X509v3 Authority Key Identifier:
                keyid:0A:41:A9:25:F8:D6:68:4C:86:10:7D:27:56:B4:AA:93:88:1F:02:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/Uq6JjdAMuG4y8KsdL-bOMh_p1vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/CkGpJfjWaEyGEH0nVrSqk4gfAq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.126.200.0/22
                  64.126.208.0/24
                  64.126.212.0/22
                  80.94.176.0/22
                  80.94.182.0-80.94.185.255
                  80.94.188.0/23
                  185.113.40.0/22
                  185.194.80.0/22
                  185.211.140.0/22
                  194.5.134.0/24
                  194.126.236.0/24
                  213.159.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:82:60:e2:a1:d1:e2:6a:7a:9a:27:1d:b1:89:26:aa:b2:03:
         18:70:b6:0b:91:c7:bd:10:d6:79:e1:33:58:17:96:dc:3d:e8:
         57:45:1d:2e:f2:f0:60:3f:e2:20:59:c0:a2:72:1a:5a:6e:9f:
         98:86:fe:6f:86:f9:88:fe:68:e0:42:8d:42:52:04:11:6c:dd:
         fd:ce:55:0a:b9:3f:da:cc:a3:6e:a1:f1:5b:49:48:cc:8d:bb:
         e7:2b:6a:02:bf:7c:8e:5b:67:bd:60:b5:2a:88:00:00:cb:e1:
         7e:5b:2d:5f:d1:1d:28:84:44:dc:ec:24:a5:99:90:49:63:d1:
         95:73:4f:86:49:de:c4:76:dd:33:db:04:98:a3:27:3f:db:2c:
         89:36:2f:d7:74:03:c0:67:e0:5f:63:d5:5d:90:42:a4:3d:9a:
         1c:2e:c9:08:7b:64:9f:23:60:2b:4f:0e:ab:4d:74:af:70:d4:
         01:23:01:41:23:76:b1:8c:ef:a1:57:6f:07:ba:8c:98:85:f2:
         7b:43:e1:92:33:f7:5a:7f:ff:6f:f3:ea:41:0a:72:07:a0:4a:
         29:fd:3c:d5:47:53:9d:b4:e8:71:41:ca:ca:53:1f:3c:38:7b:
         37:84:08:2e:c2:d7:a8:f9:e5:59:9e:53:f2:42:6e:bd:16:bb:
         b7:6f:00:22
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgIEB9JHezANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YTQxYTkyNWY4ZDY2ODRjODYxMDdkMjc1NmI0YWE5Mzg4MWYwMmFlMB4XDTIyMDMw
MTA3NDQxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTJhZTg5OGRkMDBj
Yjg2ZTMyZjBhYjFkMmZlNmNlMzIxZmU5ZDZmNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIpDngt2bCXVhGyLvfwkfpBN8OKcfhS8xkphgc9IzoNEdCyB
cN9xIQ2Rq235iq0rqgUu+1TAvd57/lmB7qi7wP4lbjEdMZLwey0m1ue8a0P3wz77
3c5HfKKqMblaL2m3J9hJCgcNMkXiW8Y2g3vDvNAgXg5cnAfsZtW88Y8hLJzA2DH9
AZA9x2nGXRP9ecChd2GReOfHcgT8jHvMLkkQwql6TP1dqI5rUz3GDorvUx1neYFd
CvYmZEy+Pp/SzrPCjWIc47g6lqYhV7KxHHHYrGkC2ykbH8BaHAQC1OhKkRO6YkBM
qHL8arlzfsDY43KDPRbug7TB43+bwVmdsMzFjVMCAwEAAaOCAlMwggJPMB0GA1Ud
DgQWBBRSromN0Ay4bjLwqx0v5s4yH+nW9zAfBgNVHSMEGDAWgBQKQakl+NZoTIYQ
fSdWtKqTiB8CrjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NrR3BKZmpXYUV5R0VIMG5WclNxazRnZkFxNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODIvZTM3ZDFkLWQ0ZmItNDk2Yy1hZjQ5LTM0MjA2ODRjN2U0MS8x
L1VxNkpqZEFNdUc0eThLc2RMLWJPTWhfcDF2Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIv
ZTM3ZDFkLWQ0ZmItNDk2Yy1hZjQ5LTM0MjA2ODRjN2U0MS8xL0NrR3BKZmpXYUV5
R0VIMG5WclNxazRnZkFxNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBp
BggrBgEFBQcBBwEB/wRaMFgwVgQCAAEwUAMEAkB+yAMEAEB+0AMEAkB+1AMEAlBe
sDAMAwQBUF62AwQBUF64AwQBUF68AwQCuXEoAwQCucJQAwQCudOMAwQAwgWGAwQA
wn7sAwQA1Z8JMA0GCSqGSIb3DQEBCwUAA4IBAQCWgmDiodHianqaJx2xiSaqsgMY
cLYLkce9ENZ54TNYF5bcPehXRR0u8vBgP+IgWcCichpabp+Yhv5vhvmI/mjgQo1C
UgQRbN39zlUKuT/azKNuofFbSUjMjbvnK2oCv3yOW2e9YLUqiAAAy+F+Wy1f0R0o
hETc7CSlmZBJY9GVc0+GSd7Edt0z2wSYoyc/2yyJNi/XdAPAZ+BfY9VdkEKkPZoc
LskIe2SfI2ArTw6rTXSvcNQBIwFBI3axjO+hV28HuoyYhfJ7Q+GSM/daf/9v8+pB
CnIHoEop/TzVR1OdtOhxQcrKUx88OHs3hAguwteo+eVZnlPyQm69Fru3bwAi
-----END CERTIFICATE-----