Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/sg8ouxbiccQfw2NXgTOwzyHGZNE.roa
File:                     sg8ouxbiccQfw2NXgTOwzyHGZNE.roa (raw, json)
Hash identifier:          iP/pRuYqrWwfPJRpTY8NK+5VkO1YJ8XJWr4cAnp8kKw=
Subject key identifier:   B2:0F:28:BB:16:E2:71:C4:1F:C3:63:57:81:33:B0:CF:21:C6:64:D1
Certificate issuer:       /CN=2dc291b8db6cfddf6dd2a1d55b226d49492a2705
Certificate serial:       01837912085654F40F3C45C339B9FAF7A7C0
Authority key identifier: 2D:C2:91:B8:DB:6C:FD:DF:6D:D2:A1:D5:5B:22:6D:49:49:2A:27:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcKRuNts_d9t0qHVWyJtSUkqJwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/sg8ouxbiccQfw2NXgTOwzyHGZNE.roa
Signing time:             Mon 26 Sep 2022 09:12:48 +0000
ROA not before:           Mon 26 Sep 2022 09:12:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211393
IP address blocks:        45.9.23.0/24 maxlen: 24
                          2a0b:6dc1:1::/48 maxlen: 48
                          2a0b:6dc3::/48 maxlen: 48
                          2a0b:6dc0:123::/48 maxlen: 48
                          2a0b:6dc0::/46 maxlen: 46
                          2a0b:6dc0:6::/48 maxlen: 48
                          2a0b:6dc1:2::/48 maxlen: 48
                          2a0b:6dc2::/45 maxlen: 45
                          2a0b:6dc7::/32 maxlen: 32
                          2a0b:6dc3:a::/47 maxlen: 47
                          2a0b:6dc3:c::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:79:12:08:56:54:f4:0f:3c:45:c3:39:b9:fa:f7:a7:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc291b8db6cfddf6dd2a1d55b226d49492a2705
        Validity
            Not Before: Sep 26 09:12:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b20f28bb16e271c41fc363578133b0cf21c664d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:85:7c:79:36:41:f9:84:3c:b3:be:bf:fa:be:
                    19:cf:9d:6a:ea:e8:d5:c5:31:f5:bf:5d:2e:c5:41:
                    1b:4f:33:27:0d:b2:e1:b7:29:2d:4a:2a:bf:98:07:
                    af:db:fc:04:4e:80:77:79:c8:87:bb:f2:56:65:5d:
                    d3:21:05:ba:8b:3a:9b:32:e9:d3:13:d1:de:7a:7f:
                    84:f6:71:f8:f5:54:72:97:ea:68:13:aa:7b:da:6e:
                    e6:39:76:72:47:d0:3a:2e:e4:5c:43:a0:3c:b8:9a:
                    b1:ad:20:f2:a2:18:ae:d9:43:a2:89:fb:39:28:b0:
                    38:5d:14:2a:e7:2e:b1:aa:4b:b5:03:57:d6:85:67:
                    4f:a5:74:15:ed:35:91:f0:c1:d5:61:d9:10:62:ca:
                    d5:8a:f8:21:3e:dc:8f:f4:c4:58:80:c2:9e:84:c7:
                    81:1b:a4:2c:93:7e:9b:39:1f:52:9e:d9:42:bd:33:
                    92:44:c2:38:ec:57:ef:3d:a0:95:be:59:df:d8:7f:
                    4a:28:ce:de:bd:88:02:4a:1d:ac:a9:4c:5f:b0:a8:
                    57:40:07:24:13:30:bc:d9:67:98:ad:6d:73:95:34:
                    5f:37:0a:cf:31:e7:bc:5f:98:b7:65:2d:ed:58:08:
                    1c:00:d4:c5:e7:b4:79:52:23:e6:91:44:ad:a2:83:
                    83:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0F:28:BB:16:E2:71:C4:1F:C3:63:57:81:33:B0:CF:21:C6:64:D1
            X509v3 Authority Key Identifier:
                keyid:2D:C2:91:B8:DB:6C:FD:DF:6D:D2:A1:D5:5B:22:6D:49:49:2A:27:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcKRuNts_d9t0qHVWyJtSUkqJwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/sg8ouxbiccQfw2NXgTOwzyHGZNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/LcKRuNts_d9t0qHVWyJtSUkqJwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.23.0/24
                IPv6:
                  2a0b:6dc0::/46
                  2a0b:6dc0:6::/48
                  2a0b:6dc0:123::/48
                  2a0b:6dc1:1::-2a0b:6dc1:2:ffff:ffff:ffff:ffff:ffff
                  2a0b:6dc2::/45
                  2a0b:6dc3::/48
                  2a0b:6dc3:a::-2a0b:6dc3:c:ffff:ffff:ffff:ffff:ffff
                  2a0b:6dc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:47:91:1d:06:31:f1:ad:37:59:a3:09:8f:f8:59:85:51:78:
         f9:97:9e:bd:b3:87:90:47:48:7c:b5:a3:c7:db:8b:20:bb:b9:
         59:ae:d8:51:9a:6c:59:b0:41:39:18:c7:92:57:41:b6:c9:8d:
         41:64:49:98:1b:d2:ed:cd:fe:57:cf:f4:3e:1e:63:d2:11:d6:
         92:64:34:0d:46:0c:fd:22:5c:09:41:f8:35:14:21:26:aa:08:
         97:ac:bd:70:81:ca:e6:00:19:3d:98:cc:38:62:00:65:60:44:
         2f:9b:a7:ed:35:f4:12:96:d2:48:6a:90:f8:b9:34:89:b4:e4:
         28:76:59:7b:1a:e0:f5:ef:fa:b3:24:0d:cd:16:17:c0:65:2a:
         e5:96:b2:2d:92:e6:e9:d6:89:ab:a7:73:8f:f4:4c:94:d7:b5:
         df:96:93:f7:69:ce:f9:02:9b:ff:60:f4:9d:bd:79:46:13:b3:
         dd:37:39:f1:67:fb:be:ba:c7:12:2c:99:a6:32:a4:4b:71:ba:
         6b:98:f4:df:cc:87:fa:9e:57:35:35:24:c4:14:85:44:b3:05:
         1b:e3:8d:47:48:23:dc:85:a8:de:62:26:07:51:d4:63:d9:14:
         98:f0:48:2a:28:79:bd:b9:f5:98:80:f1:31:1c:33:9b:3b:78:
         fa:af:3b:a0
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYN5EghWVPQPPEXDObn696fAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzI5MWI4ZGI2Y2ZkZGY2ZGQyYTFkNTViMjI2ZDQ5NDky
YTI3MDUwHhcNMjIwOTI2MDkxMjQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjBmMjhiYjE2ZTI3MWM0MWZjMzYzNTc4MTMzYjBjZjIxYzY2NGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oV8eTZB+YQ8s76/+r4Zz51q6ujV
xTH1v10uxUEbTzMnDbLhtyktSiq/mAev2/wEToB3eciHu/JWZV3TIQW6izqbMunT
E9Heen+E9nH49VRyl+poE6p72m7mOXZyR9A6LuRcQ6A8uJqxrSDyohiu2UOiifs5
KLA4XRQq5y6xqku1A1fWhWdPpXQV7TWR8MHVYdkQYsrVivghPtyP9MRYgMKehMeB
G6Qsk36bOR9SntlCvTOSRMI47FfvPaCVvlnf2H9KKM7evYgCSh2sqUxfsKhXQAck
EzC82WeYrW1zlTRfNwrPMee8X5i3ZS3tWAgcANTF57R5UiPmkUStooODEwIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFLIPKLsW4nHEH8NjV4EzsM8hxmTRMB8GA1UdIwQY
MBaAFC3CkbjbbP3fbdKh1VsibUlJKicFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNLUnVOdHNfZDl0MHFIVld5SnRTVWtxSndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MWE4NDMtNzUyNC00NTViLWJlMjIt
MmIxNzBlOTVjMmI3LzEvc2c4b3V4YmljY1FmdzJOWGdUT3d6eUhHWk5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80MWE4NDMtNzUyNC00NTViLWJlMjItMmIxNzBlOTVjMmI3
LzEvTGNLUnVOdHNfZDl0MHFIVld5SnRTVWtxSndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwDAQCAAEwBgMEAC0JFzBi
BAIAAjBcAwcCKgttwAAAAwcAKgttwAAGAwcAKgttwAEjMBIDBwAqC23BAAEDBwAq
C23BAAIDBwMqC23CAAADBwAqC23DAAAwEgMHASoLbcMACgMHACoLbcMADAMFACoL
bccwDQYJKoZIhvcNAQELBQADggEBAGBHkR0GMfGtN1mjCY/4WYVRePmXnr2zh5BH
SHy1o8fbiyC7uVmu2FGabFmwQTkYx5JXQbbJjUFkSZgb0u3N/lfP9D4eY9IR1pJk
NA1GDP0iXAlB+DUUISaqCJesvXCByuYAGT2YzDhiAGVgRC+bp+019BKW0khqkPi5
NIm05Ch2WXsa4PXv+rMkDc0WF8BlKuWWsi2S5unWiaunc4/0TJTXtd+Wk/dpzvkC
m/9g9J29eUYTs903OfFn+766xxIsmaYypEtxumuY9N/Mh/qeVzU1JMQUhUSzBRvj
jUdII9yFqN5iJgdR1GPZFJjwSCooeb259ZiA8TEcM5s7ePqvO6A=
-----END CERTIFICATE-----