Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/dd3940-ffd6-4b69-9f01-fd8d25a263d2/1/MWdGqz-0AhXzjwYJviJCp15lgPM.roa
File:                     MWdGqz-0AhXzjwYJviJCp15lgPM.roa (raw, json)
Hash identifier:          V8wwL1ciMM2abU2vXdxEbXPVCMrH2q2s8LAHg7ZifDE=
Subject key identifier:   31:67:46:AB:3F:B4:02:15:F3:8F:06:09:BE:22:42:A7:5E:65:80:F3
Certificate issuer:       /CN=079889d9de4f07014beb2c0a312cd73652a3fc38
Certificate serial:       0183CCC96EC8EB9052FDBD1029FE994FF630
Authority key identifier: 07:98:89:D9:DE:4F:07:01:4B:EB:2C:0A:31:2C:D7:36:52:A3:FC:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B5iJ2d5PBwFL6ywKMSzXNlKj_Dg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/dd3940-ffd6-4b69-9f01-fd8d25a263d2/1/MWdGqz-0AhXzjwYJviJCp15lgPM.roa
Signing time:             Wed 12 Oct 2022 15:21:36 +0000
ROA not before:           Wed 12 Oct 2022 15:21:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60592
IP address blocks:        185.82.213.0/24 maxlen: 24
                          185.82.212.0/24 maxlen: 24
                          185.82.214.0/24 maxlen: 24
                          185.28.192.0/24 maxlen: 24
                          185.28.194.0/24 maxlen: 24
                          185.28.193.0/24 maxlen: 24
                          185.38.111.0/24 maxlen: 24
                          185.38.110.0/24 maxlen: 24
                          185.38.109.0/24 maxlen: 24
                          185.38.108.0/24 maxlen: 24
                          91.207.189.0/24 maxlen: 24
                          91.207.188.0/24 maxlen: 24
                          2a00:fea0::/32 maxlen: 32
                          2a00:a160::/32 maxlen: 32
                          2a03:6920::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:cc:c9:6e:c8:eb:90:52:fd:bd:10:29:fe:99:4f:f6:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=079889d9de4f07014beb2c0a312cd73652a3fc38
        Validity
            Not Before: Oct 12 15:21:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=316746ab3fb40215f38f0609be2242a75e6580f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4d:22:19:fd:80:de:e0:a2:e0:a1:90:be:49:
                    22:4f:c6:f2:68:24:9b:c2:3f:2f:3a:cd:ea:36:cd:
                    7e:02:f5:c5:05:77:9c:de:07:2e:59:dc:79:78:dd:
                    b5:7e:29:4c:5b:58:71:19:c0:8e:c6:80:a9:77:c0:
                    f8:c9:2e:da:9c:97:be:2c:35:b2:57:15:db:07:87:
                    de:c8:b9:d7:d1:fc:27:ce:7a:19:6c:64:40:1f:a1:
                    0d:7b:9d:fe:d3:2f:63:b3:62:75:e8:1a:f2:c4:d3:
                    d7:a6:0f:9a:f9:1e:f2:e7:7d:28:61:ef:6c:d4:ad:
                    77:5c:e7:c6:f6:a7:2b:e6:22:92:eb:08:39:0f:34:
                    5d:0d:ee:a3:2f:65:62:2e:94:ba:31:b3:43:68:5b:
                    64:41:cb:7a:cc:d5:ab:43:00:70:07:b5:85:15:f5:
                    74:37:35:e9:b6:a7:00:ba:ec:fe:b7:48:cc:00:92:
                    63:be:33:5b:5d:80:89:50:29:07:df:84:2c:e6:69:
                    9b:0c:13:10:10:d2:6b:8f:6e:da:b8:90:a4:a1:1a:
                    84:5d:3f:da:3f:cd:a5:d3:c9:42:c6:32:e1:fe:89:
                    f4:3a:db:66:d7:b8:bc:0f:bb:82:c2:d7:02:1c:c0:
                    d2:5e:63:93:54:6a:75:3e:c6:bc:91:ca:1f:c2:7f:
                    4c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:67:46:AB:3F:B4:02:15:F3:8F:06:09:BE:22:42:A7:5E:65:80:F3
            X509v3 Authority Key Identifier:
                keyid:07:98:89:D9:DE:4F:07:01:4B:EB:2C:0A:31:2C:D7:36:52:A3:FC:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B5iJ2d5PBwFL6ywKMSzXNlKj_Dg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/dd3940-ffd6-4b69-9f01-fd8d25a263d2/1/MWdGqz-0AhXzjwYJviJCp15lgPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/dd3940-ffd6-4b69-9f01-fd8d25a263d2/1/B5iJ2d5PBwFL6ywKMSzXNlKj_Dg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.188.0/23
                  185.28.192.0-185.28.194.255
                  185.38.108.0/22
                  185.82.212.0-185.82.214.255
                IPv6:
                  2a00:a160::/32
                  2a00:fea0::/32
                  2a03:6920::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:e2:8d:df:8c:b2:b3:9f:f4:e1:11:da:39:31:dc:0e:93:ec:
         b5:0b:cb:fa:53:8f:96:61:f1:42:2e:1c:20:3f:63:ec:17:5e:
         19:91:90:0e:cf:7d:c2:59:c8:6f:22:79:fd:b4:0a:f2:cb:4a:
         a8:16:2d:fa:45:44:96:2c:ed:8f:af:91:10:6d:fc:25:ab:c0:
         0f:79:98:e1:50:af:4c:6d:18:7e:01:61:b6:1f:07:2e:2e:33:
         fa:87:76:c9:1a:ba:58:e5:d8:c3:09:7c:12:17:5e:ee:ef:70:
         fb:69:6a:14:4e:ee:d4:6b:4e:9c:40:90:a4:d4:5a:16:85:c3:
         e0:c3:88:36:62:5f:ee:50:19:5c:07:a9:ff:80:f8:ff:0e:5a:
         8d:bd:0f:c6:02:ac:dc:87:d5:47:63:b2:b3:1f:93:3d:e6:fa:
         f6:57:c6:96:a4:c0:2a:ee:a8:03:25:57:ba:90:d7:c1:33:be:
         f9:ba:8d:d5:c4:7d:59:8a:30:22:57:7d:c9:0f:c1:27:ae:7c:
         3b:73:6c:05:e1:6e:a3:b0:ab:ee:24:55:a8:a4:89:f9:b3:56:
         31:f7:2e:35:a5:2b:3e:12:a9:7a:ca:f2:a1:57:09:53:a6:1b:
         35:21:21:d8:77:c4:cc:37:91:c9:8f:cb:1e:06:52:9b:4c:df:
         f9:c6:95:2d
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYPMyW7I65BS/b0QKf6ZT/YwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3OTg4OWQ5ZGU0ZjA3MDE0YmViMmMwYTMxMmNkNzM2NTJh
M2ZjMzgwHhcNMjIxMDEyMTUyMTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTY3NDZhYjNmYjQwMjE1ZjM4ZjA2MDliZTIyNDJhNzVlNjU4MGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkk0iGf2A3uCi4KGQvkkiT8byaCSb
wj8vOs3qNs1+AvXFBXec3gcuWdx5eN21filMW1hxGcCOxoCpd8D4yS7anJe+LDWy
VxXbB4feyLnX0fwnznoZbGRAH6ENe53+0y9js2J16BryxNPXpg+a+R7y530oYe9s
1K13XOfG9qcr5iKS6wg5DzRdDe6jL2ViLpS6MbNDaFtkQct6zNWrQwBwB7WFFfV0
NzXptqcAuuz+t0jMAJJjvjNbXYCJUCkH34Qs5mmbDBMQENJrj27auJCkoRqEXT/a
P82l08lCxjLh/on0Ottm17i8D7uCwtcCHMDSXmOTVGp1Psa8kcofwn9MxQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDFnRqs/tAIV848GCb4iQqdeZYDzMB8GA1UdIwQY
MBaAFAeYidneTwcBS+ssCjEs1zZSo/w4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjVpSjJkNVBCd0ZMNnl3S01TelhObEtqX0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9kZDM5NDAtZmZkNi00YjY5LTlmMDEt
ZmQ4ZDI1YTI2M2QyLzEvTVdkR3F6LTBBaFh6andZSnZpSkNwMTVsZ1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9kZDM5NDAtZmZkNi00YjY5LTlmMDEtZmQ4ZDI1YTI2M2Qy
LzEvQjVpSjJkNVBCd0ZMNnl3S01TelhObEtqX0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAuBAIAATAoAwQBW8+8MAwD
BAa5HMADBAC5HMIDBAK5JmwwDAMEArlS1AMEALlS1jAbBAIAAjAVAwUAKgChYAMF
ACoA/qADBQAqA2kgMA0GCSqGSIb3DQEBCwUAA4IBAQAU4o3fjLKzn/ThEdo5MdwO
k+y1C8v6U4+WYfFCLhwgP2PsF14ZkZAOz33CWchvInn9tAryy0qoFi36RUSWLO2P
r5EQbfwlq8APeZjhUK9MbRh+AWG2HwcuLjP6h3bJGrpY5djDCXwSF17u73D7aWoU
Tu7Ua06cQJCk1FoWhcPgw4g2Yl/uUBlcB6n/gPj/DlqNvQ/GAqzch9VHY7KzH5M9
5vr2V8aWpMAq7qgDJVe6kNfBM775uo3VxH1ZijAiV33JD8Enrnw7c2wF4W6jsKvu
JFWopIn5s1Yx9y41pSs+Eql6yvKhVwlTphs1ISHYd8TMN5HJj8seBlKbTN/5xpUt
-----END CERTIFICATE-----