Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/hlwBEGy9hrxejplBt9qnRDJi2ls.roa
File:                     hlwBEGy9hrxejplBt9qnRDJi2ls.roa (raw, json)
Hash identifier:          oU3BQIX8g24zMkWpBbJeTZjtyen1lDc2SIGJ6jjfY9w=
Subject key identifier:   86:5C:01:10:6C:BD:86:BC:5E:8E:99:41:B7:DA:A7:44:32:62:DA:5B
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0184E1544C8DBF1F8DC58F652971E5994F13
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/hlwBEGy9hrxejplBt9qnRDJi2ls.roa
Signing time:             Mon 05 Dec 2022 08:08:29 +0000
ROA not before:           Mon 05 Dec 2022 08:08:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9009
IP address blocks:        185.132.125.0/24 maxlen: 24
                          45.136.196.0/24 maxlen: 24
                          45.136.197.0/24 maxlen: 24
                          45.136.198.0/24 maxlen: 24
                          45.136.199.0/24 maxlen: 24
                          176.97.64.0/23 maxlen: 23
                          185.87.148.0/23 maxlen: 23
                          188.116.22.0/24 maxlen: 24
                          195.54.171.0/24 maxlen: 24
                          176.97.70.0/23 maxlen: 23
                          176.97.68.0/23 maxlen: 23
                          176.97.66.0/23 maxlen: 23
                          176.97.72.0/24 maxlen: 24
                          176.97.73.0/24 maxlen: 24
                          176.97.75.0/24 maxlen: 24
                          176.97.76.0/24 maxlen: 24
                          5.61.62.0/23 maxlen: 23
                          5.61.60.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e1:54:4c:8d:bf:1f:8d:c5:8f:65:29:71:e5:99:4f:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Dec  5 08:08:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=865c01106cbd86bc5e8e9941b7daa7443262da5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f7:84:8d:b0:34:ed:ce:f7:fd:00:22:47:1b:
                    e1:0f:12:9c:f9:92:c5:e2:78:27:2f:f5:1c:24:11:
                    cf:c0:36:a1:c1:ab:50:94:75:bf:a7:01:1b:d8:10:
                    c7:26:8e:25:2f:70:4a:06:9d:fc:37:c7:02:44:e6:
                    7e:b9:f1:60:c3:97:91:d1:b1:a4:eb:f0:72:e3:33:
                    bb:ea:ca:81:a9:29:b5:d2:dc:f2:a4:41:83:ab:71:
                    93:64:7c:30:a5:0e:f6:1c:63:7e:c2:d4:57:85:df:
                    e6:dd:27:cb:0f:61:61:e6:7a:0c:37:78:28:10:7f:
                    93:b9:f2:ca:37:4c:35:0c:f0:cc:98:74:07:cd:85:
                    cf:04:f2:53:4c:1f:8c:6a:64:62:4f:89:ef:a2:02:
                    5d:b9:95:bb:78:c5:0c:94:a4:54:1c:ec:23:12:2f:
                    e2:0f:7f:8b:a0:df:e8:86:e3:41:52:3c:2e:bc:cf:
                    08:be:bd:37:ca:dd:a7:a1:9a:14:8d:1b:11:03:28:
                    cf:3f:e7:1d:8e:03:63:b6:ce:6c:3e:28:72:04:5d:
                    2b:eb:e9:a2:38:19:44:5b:32:c4:5d:49:cb:c9:69:
                    20:5f:fc:cd:48:45:c8:78:ab:44:90:78:79:4c:2a:
                    c8:db:39:cb:8a:67:86:a7:25:8e:c8:52:3f:1c:a6:
                    db:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:5C:01:10:6C:BD:86:BC:5E:8E:99:41:B7:DA:A7:44:32:62:DA:5B
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/hlwBEGy9hrxejplBt9qnRDJi2ls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.60.0/22
                  45.136.196.0/22
                  176.97.64.0-176.97.73.255
                  176.97.75.0-176.97.76.255
                  185.87.148.0/23
                  185.132.125.0/24
                  188.116.22.0/24
                  195.54.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b6:c3:71:c6:c4:05:ab:1c:ca:24:4c:79:89:6e:87:1f:4d:
         a8:d3:50:3d:d6:23:61:de:48:15:57:c9:2e:7d:8d:ca:59:8f:
         50:31:22:8c:a3:e4:59:1d:cf:c6:f5:75:b5:05:bc:fe:2e:9a:
         1f:60:32:ca:93:d4:7c:71:67:41:49:27:ec:61:fb:09:99:ef:
         2c:1d:39:e3:6d:f3:78:d2:69:a6:0f:95:f9:2f:11:1f:0b:2b:
         83:84:ea:23:06:cf:ab:56:13:1b:07:7c:10:c2:d7:fd:6a:35:
         88:c2:29:66:c4:a8:21:0a:1f:0e:c1:3a:87:dd:b3:d7:cb:c1:
         90:36:62:f1:bf:b4:45:e8:0b:df:2c:e7:a8:48:08:77:5e:80:
         01:90:9e:86:6b:b9:a1:55:a4:55:79:f6:2e:f4:4e:e4:25:4b:
         0c:b8:a4:b5:c9:99:a0:6e:00:0b:d7:3a:74:fb:1c:d7:66:00:
         de:6a:09:31:b2:5b:7f:1e:ca:30:e2:c5:ff:0a:34:7f:40:d9:
         00:6e:db:ae:e2:25:87:c5:5e:be:89:f0:6c:cb:eb:d6:72:1d:
         05:ac:a2:0c:72:7c:b1:8d:ce:00:cd:4e:12:72:fc:3a:d6:0e:
         6e:b9:4a:4a:9a:ad:a5:e1:9c:ad:b2:2c:de:50:99:de:5b:e4:
         6e:e1:43:fc
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYThVEyNvx+NxY9lKXHlmU8TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjIxMjA1MDgwODI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjVjMDExMDZjYmQ4NmJjNWU4ZTk5NDFiN2RhYTc0NDMyNjJkYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfeEjbA07c73/QAiRxvhDxKc+ZLF
4ngnL/UcJBHPwDahwatQlHW/pwEb2BDHJo4lL3BKBp38N8cCROZ+ufFgw5eR0bGk
6/By4zO76sqBqSm10tzypEGDq3GTZHwwpQ72HGN+wtRXhd/m3SfLD2Fh5noMN3go
EH+TufLKN0w1DPDMmHQHzYXPBPJTTB+MamRiT4nvogJduZW7eMUMlKRUHOwjEi/i
D3+LoN/ohuNBUjwuvM8Ivr03yt2noZoUjRsRAyjPP+cdjgNjts5sPihyBF0r6+mi
OBlEWzLEXUnLyWkgX/zNSEXIeKtEkHh5TCrI2znLimeGpyWOyFI/HKbbnQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFIZcARBsvYa8Xo6ZQbfap0QyYtpbMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvaGx3QkVHeTlocnhlanBsQnQ5cW5SREppMmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCBT08AwQC
LYjEMAwDBAawYUADBAGwYUgwDAMEALBhSwMEALBhTAMEAblXlAMEALmEfQMEALx0
FgMEAMM2qzANBgkqhkiG9w0BAQsFAAOCAQEASrbDccbEBascyiRMeYluhx9NqNNQ
PdYjYd5IFVfJLn2NylmPUDEijKPkWR3PxvV1tQW8/i6aH2AyypPUfHFnQUkn7GH7
CZnvLB05423zeNJppg+V+S8RHwsrg4TqIwbPq1YTGwd8EMLX/Wo1iMIpZsSoIQof
DsE6h92z18vBkDZi8b+0RegL3yznqEgId16AAZCehmu5oVWkVXn2LvRO5CVLDLik
tcmZoG4AC9c6dPsc12YA3moJMbJbfx7KMOLF/wo0f0DZAG7bruIlh8VevonwbMvr
1nIdBayiDHJ8sY3OAM1OEnL8OtYObrlKSpqtpeGcrbIs3lCZ3lvkbuFD/A==
-----END CERTIFICATE-----