Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/uIc1iNLBUukVQcw5Ff3k5ntaQdY.roa
File:                     uIc1iNLBUukVQcw5Ff3k5ntaQdY.roa (raw, json)
Hash identifier:          H1rZ84NcMEEAtrJQsUYH1j4rqPpTWWf7JAsO5hRrfAA=
Subject key identifier:   B8:87:35:88:D2:C1:52:E9:15:41:CC:39:15:FD:E4:E6:7B:5A:41:D6
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       0183732B6A154E40A4FBD4AA8F5C5235518D
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/uIc1iNLBUukVQcw5Ff3k5ntaQdY.roa
Signing time:             Sun 25 Sep 2022 05:42:48 +0000
ROA not before:           Sun 25 Sep 2022 05:42:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6233
IP address blocks:        80.66.196.0/24 maxlen: 24
                          45.11.45.0/24 maxlen: 24
                          45.13.197.0/24 maxlen: 24
                          45.13.196.0/22 maxlen: 24
                          45.13.196.0/24 maxlen: 24
                          79.143.140.0/22 maxlen: 24
                          45.87.164.0/22 maxlen: 24
                          45.87.164.0/24 maxlen: 24
                          45.153.244.0/22 maxlen: 24
                          194.36.242.0/24 maxlen: 24
                          185.248.87.0/24 maxlen: 24
                          45.139.193.0/24 maxlen: 24
                          185.184.222.0/24 maxlen: 24
                          185.222.216.0/21 maxlen: 24
                          2a09::/29 maxlen: 48
                          2a0d:c7c0::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:73:2b:6a:15:4e:40:a4:fb:d4:aa:8f:5c:52:35:51:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Sep 25 05:42:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b8873588d2c152e91541cc3915fde4e67b5a41d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5b:8a:98:7c:ae:a3:ad:43:72:4f:2b:6a:ac:
                    ca:88:18:cd:ea:5c:49:66:e4:29:2f:07:3c:bf:b1:
                    c0:86:fa:59:8f:8c:95:d0:ef:e3:28:cb:f3:41:56:
                    f8:ce:6d:99:ff:dc:3d:be:2a:63:26:55:1c:2f:98:
                    c4:54:f9:86:5f:54:33:b2:6a:b1:6d:d2:fb:3d:50:
                    c6:76:5f:88:92:fa:2e:e4:d9:5c:de:3d:e0:c6:76:
                    a2:42:15:90:94:8a:b8:db:89:6e:0f:3e:25:f4:ef:
                    d4:d6:15:9b:f0:6c:de:34:a1:46:e1:5d:01:01:90:
                    65:d9:ae:4f:bf:37:ac:8e:04:52:44:26:52:a8:56:
                    8f:81:ef:3b:db:84:ca:c3:c5:33:b0:47:ce:f5:fe:
                    de:ab:ec:7d:06:be:17:97:7d:94:c2:1b:93:c0:c0:
                    06:8d:30:52:13:5b:dd:6e:3f:8d:93:09:bb:7a:87:
                    ae:d2:98:30:4e:72:7c:34:f0:e8:c5:a5:8f:7c:53:
                    65:39:f3:bd:16:9e:d3:a7:08:73:a6:b8:4a:5a:7b:
                    61:c4:dc:70:72:7e:be:a0:50:af:c9:a6:3e:2a:aa:
                    54:ad:39:a1:5f:4c:21:47:f9:0a:c2:8e:0d:1a:5c:
                    49:b6:63:10:3e:37:b2:7e:52:27:2a:27:87:97:6b:
                    03:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:87:35:88:D2:C1:52:E9:15:41:CC:39:15:FD:E4:E6:7B:5A:41:D6
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/uIc1iNLBUukVQcw5Ff3k5ntaQdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.45.0/24
                  45.13.196.0/22
                  45.87.164.0/22
                  45.139.193.0/24
                  45.153.244.0/22
                  79.143.140.0/22
                  80.66.196.0/24
                  185.184.222.0/24
                  185.222.216.0/21
                  185.248.87.0/24
                  194.36.242.0/24
                IPv6:
                  2a09::/29
                  2a0d:c7c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:e0:4b:09:df:fc:d3:de:f3:59:02:ef:f7:71:0f:95:8d:30:
         98:7a:b3:6f:b7:b4:7d:75:d9:c4:7c:41:5b:ea:de:b6:7b:d4:
         03:b6:12:bd:04:21:02:71:f8:45:35:98:02:21:f4:0c:24:84:
         e3:ca:b8:81:a6:35:cb:40:9a:93:62:95:27:a1:2a:0b:32:e8:
         0a:8e:31:c0:3c:38:ca:3a:5b:1e:ed:f0:e7:85:de:c1:d1:54:
         68:7d:e2:12:ef:3b:f0:d8:15:1e:44:fe:34:d8:49:b3:ca:23:
         10:be:ba:02:bb:99:31:be:7e:55:14:22:71:2e:94:44:88:8c:
         59:46:f9:5b:11:b5:fa:a6:e6:7e:81:3f:b3:9f:99:d4:a8:b6:
         b8:96:b2:89:6b:4a:ab:5e:77:06:1f:78:ca:b4:cd:d7:86:5a:
         e0:97:63:26:f9:2f:ff:cc:10:44:0a:72:cc:30:7b:54:aa:29:
         3d:ab:d5:b2:f2:20:c6:1c:68:68:01:b2:2c:25:9f:06:a0:e4:
         d3:34:12:56:86:6f:92:70:62:c1:e3:aa:3e:f5:ff:2b:f9:5e:
         e7:85:6c:1b:ec:ee:31:6b:94:49:5b:6f:7d:47:74:60:04:ce:
         37:b6:63:3c:f7:a3:39:fe:73:8b:32:49:09:92:1f:5e:70:06:
         a0:98:50:58
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYNzK2oVTkCk+9Sqj1xSNVGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjIwOTI1MDU0MjQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODg3MzU4OGQyYzE1MmU5MTU0MWNjMzkxNWZkZTRlNjdiNWE0MWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVuKmHyuo61Dck8raqzKiBjN6lxJ
ZuQpLwc8v7HAhvpZj4yV0O/jKMvzQVb4zm2Z/9w9vipjJlUcL5jEVPmGX1Qzsmqx
bdL7PVDGdl+Ikvou5Nlc3j3gxnaiQhWQlIq424luDz4l9O/U1hWb8GzeNKFG4V0B
AZBl2a5PvzesjgRSRCZSqFaPge8724TKw8UzsEfO9f7eq+x9Br4Xl32UwhuTwMAG
jTBSE1vdbj+Nkwm7eoeu0pgwTnJ8NPDoxaWPfFNlOfO9Fp7TpwhzprhKWnthxNxw
cn6+oFCvyaY+KqpUrTmhX0whR/kKwo4NGlxJtmMQPjeyflInKieHl2sDfwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFLiHNYjSwVLpFUHMORX95OZ7WkHWMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvdUljMWlOTEJVdWtWUWN3NUZmM2s1bnRhUWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQALQstAwQC
LQ3EAwQCLVekAwQALYvBAwQCLZn0AwQCT4+MAwQAUELEAwQAubjeAwQDud7YAwQA
ufhXAwQAwiTyMBQEAgACMA4DBQMqCQAAAwUAKg3HwDANBgkqhkiG9w0BAQsFAAOC
AQEAOuBLCd/8097zWQLv93EPlY0wmHqzb7e0fXXZxHxBW+retnvUA7YSvQQhAnH4
RTWYAiH0DCSE48q4gaY1y0Cak2KVJ6EqCzLoCo4xwDw4yjpbHu3w54XewdFUaH3i
Eu878NgVHkT+NNhJs8ojEL66AruZMb5+VRQicS6URIiMWUb5WxG1+qbmfoE/s5+Z
1Ki2uJayiWtKq153Bh94yrTN14Za4JdjJvkv/8wQRApyzDB7VKopPavVsvIgxhxo
aAGyLCWfBqDk0zQSVoZvknBiweOqPvX/K/le54VsG+zuMWuUSVtvfUd0YATON7Zj
PPejOf5zizJJCZIfXnAGoJhQWA==
-----END CERTIFICATE-----