Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/N5lORjqMHRs7Imx802EIxHnQU9I.roa
File:                     N5lORjqMHRs7Imx802EIxHnQU9I.roa (raw, json)
Hash identifier:          0rgKZBv53EytuO40C9mbjkWRHBY3DyWbGPGtQHe0c/c=
Subject key identifier:   37:99:4E:46:3A:8C:1D:1B:3B:22:6C:7C:D3:61:08:C4:79:D0:53:D2
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       0182D9DB6EF3E33EC218E7F39ECA6B5ADE2D
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/N5lORjqMHRs7Imx802EIxHnQU9I.roa
Signing time:             Fri 26 Aug 2022 11:13:32 +0000
ROA not before:           Fri 26 Aug 2022 11:13:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     23959
IP address blocks:        45.66.216.0/22 maxlen: 24
                          213.232.112.0/22 maxlen: 24
                          176.119.148.0/22 maxlen: 24
                          45.159.48.0/22 maxlen: 24
                          88.214.20.0/22 maxlen: 24
                          147.78.240.0/21 maxlen: 24
                          193.111.30.0/23 maxlen: 24
                          45.66.128.0/22 maxlen: 24
                          91.200.240.0/24 maxlen: 24
                          91.200.242.0/24 maxlen: 24
                          45.149.156.0/22 maxlen: 24
                          78.142.228.0/22 maxlen: 24
                          193.32.148.0/22 maxlen: 24
                          2a09:7::/36 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:d9:db:6e:f3:e3:3e:c2:18:e7:f3:9e:ca:6b:5a:de:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Aug 26 11:13:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=37994e463a8c1d1b3b226c7cd36108c479d053d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2b:ce:eb:d8:e5:6c:4d:4a:61:10:d8:96:86:
                    fc:f5:0a:82:b8:8b:7c:d8:94:f1:46:d2:d3:7f:bf:
                    6c:79:5a:14:6a:bb:5f:1a:d5:5c:bf:f8:0a:b7:bc:
                    42:d2:f0:d3:b8:06:bf:dd:2b:9a:41:a9:07:c7:f4:
                    c3:5c:b2:43:fe:6c:72:f0:da:00:b0:af:0d:5d:b4:
                    99:0d:fa:44:60:35:f5:99:21:12:86:c1:8e:61:2c:
                    7a:4b:6b:56:0b:47:57:f0:0c:db:fc:6d:60:7e:05:
                    bf:8c:d1:e4:45:f1:87:21:9f:66:8c:c3:a8:3b:b8:
                    73:6f:92:97:ab:82:73:49:21:45:08:ec:28:01:fb:
                    8f:6a:15:dd:ff:e7:f6:d7:b5:81:8c:ee:b5:74:52:
                    43:fa:c0:36:ed:da:02:ab:0f:72:67:ff:7d:a8:58:
                    9a:0c:0a:c1:27:ce:20:d2:5d:ae:27:a7:98:2c:bc:
                    89:b9:50:aa:f5:7b:3b:ec:a5:2b:35:a4:02:c8:99:
                    8e:ae:cb:ab:02:2d:c3:02:14:fb:31:45:5f:6c:f7:
                    80:50:95:e1:0e:49:83:39:31:09:23:1f:eb:dc:57:
                    b8:af:bc:6a:10:25:40:bf:49:70:85:51:bc:82:7a:
                    55:46:da:66:c0:00:bc:4d:95:a3:4b:c5:60:9d:64:
                    c8:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:99:4E:46:3A:8C:1D:1B:3B:22:6C:7C:D3:61:08:C4:79:D0:53:D2
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/N5lORjqMHRs7Imx802EIxHnQU9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.128.0/22
                  45.66.216.0/22
                  45.149.156.0/22
                  45.159.48.0/22
                  78.142.228.0/22
                  88.214.20.0/22
                  91.200.240.0/24
                  91.200.242.0/24
                  147.78.240.0/21
                  176.119.148.0/22
                  193.32.148.0/22
                  193.111.30.0/23
                  213.232.112.0/22
                IPv6:
                  2a09:7::/36

    Signature Algorithm: sha256WithRSAEncryption
         46:2b:28:25:b3:99:06:d1:b5:22:18:f5:f7:ec:f5:de:3c:e0:
         b5:a4:b4:2e:72:13:4e:74:9e:b9:52:52:4d:12:e0:00:53:d2:
         c1:cd:fb:08:77:cb:53:e8:29:60:c4:7d:7d:97:fd:e1:0b:e9:
         be:f1:26:a7:07:02:39:9c:05:a0:ac:0d:bf:d5:d4:db:3d:f5:
         8f:81:d3:a8:20:be:47:17:35:f0:ab:c8:eb:72:ca:ad:c1:71:
         2e:72:fc:5a:24:ca:c1:ae:5e:81:f3:88:46:40:b2:85:c7:ee:
         77:b1:9c:5b:80:56:76:88:fb:65:ca:39:1d:c9:4c:61:fc:ea:
         a9:53:b3:27:67:da:26:b5:25:c4:c2:fa:e3:64:61:bd:ed:94:
         02:2e:59:74:bc:42:1b:8d:7f:65:8d:52:20:62:bd:58:50:c7:
         82:0b:2a:d4:dc:4a:17:fa:39:91:c2:d2:d6:dc:17:9a:1d:6e:
         2c:89:16:2a:86:e5:32:63:b9:3f:c3:32:b9:c0:da:69:f1:46:
         32:bd:2a:0f:11:26:8a:6f:bf:b5:8b:2a:cf:ee:eb:63:17:ae:
         fa:3e:53:df:36:24:54:67:6e:97:72:b4:a9:54:33:b3:2e:ff:
         be:2f:39:15:b3:9b:ab:61:f4:ef:9e:d1:60:1d:ef:76:e8:4d:
         23:55:78:57
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYLZ227z4z7CGOfznsprWt4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjIwODI2MTExMzMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk5NGU0NjNhOGMxZDFiM2IyMjZjN2NkMzYxMDhjNDc5ZDA1M2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSvO69jlbE1KYRDYlob89QqCuIt8
2JTxRtLTf79seVoUartfGtVcv/gKt7xC0vDTuAa/3SuaQakHx/TDXLJD/mxy8NoA
sK8NXbSZDfpEYDX1mSEShsGOYSx6S2tWC0dX8Azb/G1gfgW/jNHkRfGHIZ9mjMOo
O7hzb5KXq4JzSSFFCOwoAfuPahXd/+f217WBjO61dFJD+sA27doCqw9yZ/99qFia
DArBJ84g0l2uJ6eYLLyJuVCq9Xs77KUrNaQCyJmOrsurAi3DAhT7MUVfbPeAUJXh
DkmDOTEJIx/r3Fe4r7xqECVAv0lwhVG8gnpVRtpmwAC8TZWjS8VgnWTIdwIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFDeZTkY6jB0bOyJsfNNhCMR50FPSMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvTjVsT1JqcU1IUnM3SW14ODAyRUl4SG5RVTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBUBAIAATBOAwQCLUKAAwQC
LULYAwQCLZWcAwQCLZ8wAwQCTo7kAwQCWNYUAwQAW8jwAwQAW8jyAwQDk07wAwQC
sHeUAwQCwSCUAwQBwW8eAwQC1ehwMA4EAgACMAgDBgQqCQAHADANBgkqhkiG9w0B
AQsFAAOCAQEARisoJbOZBtG1Ihj19+z13jzgtaS0LnITTnSeuVJSTRLgAFPSwc37
CHfLU+gpYMR9fZf94QvpvvEmpwcCOZwFoKwNv9XU2z31j4HTqCC+Rxc18KvI63LK
rcFxLnL8WiTKwa5egfOIRkCyhcfud7GcW4BWdoj7Zco5HclMYfzqqVOzJ2faJrUl
xML642Rhve2UAi5ZdLxCG41/ZY1SIGK9WFDHggsq1NxKF/o5kcLS1twXmh1uLIkW
KoblMmO5P8MyucDaafFGMr0qDxEmim+/tYsqz+7rYxeu+j5T3zYkVGdul3K0qVQz
sy7/vi85FbObq2H0757RYB3vduhNI1V4Vw==
-----END CERTIFICATE-----