Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/2siK9-ElQ9CFx1yj0bdpHUKz3o0.roa
File:                     2siK9-ElQ9CFx1yj0bdpHUKz3o0.roa (raw, json)
Hash identifier:          Qf1kI9c92IwpDkNnKQMxd/J0uOwYcA7ed8qxL7PuiFI=
Subject key identifier:   DA:C8:8A:F7:E1:25:43:D0:85:C7:5C:A3:D1:B7:69:1D:42:B3:DE:8D
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       01847BDABEA78D280963ABAFB50432747A7A
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/2siK9-ElQ9CFx1yj0bdpHUKz3o0.roa
Signing time:             Tue 15 Nov 2022 15:14:03 +0000
ROA not before:           Tue 15 Nov 2022 15:14:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9009
IP address blocks:        185.132.125.0/24 maxlen: 24
                          45.136.196.0/24 maxlen: 24
                          45.136.197.0/24 maxlen: 24
                          45.136.198.0/24 maxlen: 24
                          45.136.199.0/24 maxlen: 24
                          176.97.64.0/23 maxlen: 23
                          185.87.148.0/23 maxlen: 23
                          188.116.22.0/24 maxlen: 24
                          195.54.171.0/24 maxlen: 24
                          176.97.70.0/23 maxlen: 23
                          176.97.68.0/23 maxlen: 23
                          176.97.66.0/23 maxlen: 23
                          176.97.72.0/24 maxlen: 24
                          176.97.73.0/24 maxlen: 24
                          5.61.62.0/23 maxlen: 23
                          5.61.60.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:7b:da:be:a7:8d:28:09:63:ab:af:b5:04:32:74:7a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Nov 15 15:14:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dac88af7e12543d085c75ca3d1b7691d42b3de8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b2:01:a3:e4:e7:a2:8e:45:fb:1f:c2:ee:ca:
                    18:d0:3e:ca:ea:25:f9:fc:03:82:b5:05:98:e7:f6:
                    d5:14:d4:c1:9a:ba:be:99:ba:4d:8e:34:7f:f1:03:
                    92:f9:ef:70:74:a0:21:25:a5:d8:76:d6:ca:b1:f0:
                    e8:49:51:08:c3:34:e9:a8:45:a9:f6:9d:ff:5f:61:
                    a1:fb:ae:ac:cb:95:04:51:8f:9e:25:78:59:70:02:
                    fa:a0:10:1c:c4:18:14:ce:68:31:ae:31:09:f7:b4:
                    68:fe:fc:f7:bd:f6:1a:bd:ce:8a:2e:76:ce:70:ae:
                    69:15:22:47:f4:98:cb:28:d4:a0:9d:48:38:54:98:
                    40:87:1b:54:95:3a:ce:d0:d4:16:35:94:d5:b7:6b:
                    49:4a:23:01:aa:2c:ff:75:61:e1:c4:65:51:2c:1f:
                    91:35:b6:99:64:6a:e8:a1:74:bf:dd:75:9a:53:b8:
                    e3:c2:89:1c:4e:33:df:b6:af:d1:5c:bb:8b:10:9b:
                    1d:f7:17:2b:ad:2f:1e:a6:ba:bb:83:16:5c:14:7a:
                    4a:19:6b:27:c0:36:46:4c:f9:59:2f:f3:1c:a9:6a:
                    de:da:87:c0:4b:3f:ba:b6:28:da:cb:7a:dc:3d:10:
                    b3:e8:60:f6:21:80:a1:9a:68:a0:5f:62:88:22:ad:
                    57:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C8:8A:F7:E1:25:43:D0:85:C7:5C:A3:D1:B7:69:1D:42:B3:DE:8D
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/2siK9-ElQ9CFx1yj0bdpHUKz3o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.60.0/22
                  45.136.196.0/22
                  176.97.64.0-176.97.73.255
                  185.87.148.0/23
                  185.132.125.0/24
                  188.116.22.0/24
                  195.54.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:f2:44:43:c8:4f:c8:01:ee:66:8d:70:4e:c2:f3:57:c9:2e:
         37:45:3c:c4:37:fc:8b:cf:2b:d3:ad:69:4f:c8:b3:bc:6c:4f:
         e9:b9:81:6b:d7:3d:b6:6c:df:df:8f:6d:52:57:80:30:12:6f:
         24:ba:c4:16:8e:33:fd:af:be:23:46:2e:77:fb:ff:e5:c9:bf:
         c8:22:ce:b4:de:da:31:d8:f8:d4:57:f9:63:93:38:15:2f:4a:
         90:ca:1e:7b:c2:2b:2d:14:59:e7:dc:11:7a:54:fc:5f:5d:3f:
         54:9e:07:13:5d:db:c7:57:b9:aa:0f:6a:e8:b0:2c:64:ab:ef:
         17:03:ca:19:5c:75:a8:a3:2d:7c:0e:a6:1c:e3:35:15:8a:a6:
         08:e6:42:32:5e:79:41:c7:dc:17:9a:e5:a4:54:c6:e7:e0:b0:
         97:6a:f6:11:60:b5:6e:21:9a:19:4a:2c:ec:ee:03:9d:12:84:
         20:3e:60:ee:8c:11:92:6c:71:b4:3d:f3:2a:77:af:78:d3:59:
         0e:f3:e1:a2:f7:c8:8d:64:ae:c6:9f:0c:2f:10:96:52:7c:30:
         85:f4:0f:d5:fd:57:74:d2:c7:c2:2f:46:3e:4c:37:da:7c:a9:
         ef:01:dc:5b:ef:55:25:d4:ed:9b:aa:09:03:b2:6a:60:dd:a1:
         d9:22:cd:9f
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYR72r6njSgJY6uvtQQydHp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjIxMTE1MTUxNDAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWM4OGFmN2UxMjU0M2QwODVjNzVjYTNkMWI3NjkxZDQyYjNkZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7IBo+Tnoo5F+x/C7soY0D7K6iX5
/AOCtQWY5/bVFNTBmrq+mbpNjjR/8QOS+e9wdKAhJaXYdtbKsfDoSVEIwzTpqEWp
9p3/X2Gh+66sy5UEUY+eJXhZcAL6oBAcxBgUzmgxrjEJ97Ro/vz3vfYavc6KLnbO
cK5pFSJH9JjLKNSgnUg4VJhAhxtUlTrO0NQWNZTVt2tJSiMBqiz/dWHhxGVRLB+R
NbaZZGrooXS/3XWaU7jjwokcTjPftq/RXLuLEJsd9xcrrS8eprq7gxZcFHpKGWsn
wDZGTPlZL/McqWre2ofASz+6tijay3rcPRCz6GD2IYChmmigX2KIIq1XYQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFNrIivfhJUPQhcdco9G3aR1Cs96NMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvMnNpSzktRWxROUNGeDF5ajBiZHBIVUt6M28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCBT08AwQC
LYjEMAwDBAawYUADBAGwYUgDBAG5V5QDBAC5hH0DBAC8dBYDBADDNqswDQYJKoZI
hvcNAQELBQADggEBAGfyREPIT8gB7maNcE7C81fJLjdFPMQ3/IvPK9OtaU/Is7xs
T+m5gWvXPbZs39+PbVJXgDASbyS6xBaOM/2vviNGLnf7/+XJv8gizrTe2jHY+NRX
+WOTOBUvSpDKHnvCKy0UWefcEXpU/F9dP1SeBxNd28dXuaoPauiwLGSr7xcDyhlc
daijLXwOphzjNRWKpgjmQjJeeUHH3Bea5aRUxufgsJdq9hFgtW4hmhlKLOzuA50S
hCA+YO6MEZJscbQ98yp3r3jTWQ7z4aL3yI1krsafDC8QllJ8MIX0D9X9V3TSx8Iv
Rj5MN9p8qe8B3FvvVSXU7ZuqCQOyamDdodkizZ8=
-----END CERTIFICATE-----