Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/Q0kW2ihIxrxBJ93mJMUBOqb_poE.roa
File:                     Q0kW2ihIxrxBJ93mJMUBOqb_poE.roa (raw, json)
Hash identifier:          ZtJKCXkAvMv8NJyUDzGWoMWtOztltUOyEuDpnsWdtWg=
Subject key identifier:   43:49:16:DA:28:48:C6:BC:41:27:DD:E6:24:C5:01:3A:A6:FF:A6:81
Certificate issuer:       /CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
Certificate serial:       01831460611004A62ECFA1AC8EDFB620ACE5
Authority key identifier: 99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/Q0kW2ihIxrxBJ93mJMUBOqb_poE.roa
Signing time:             Tue 06 Sep 2022 19:56:44 +0000
ROA not before:           Tue 06 Sep 2022 19:56:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     132892
IP address blocks:        141.101.88.0/24 maxlen: 24
                          141.101.89.0/24 maxlen: 24
                          2a06:98c0:3604::/48 maxlen: 48
                          2a06:98c0:360f::/48 maxlen: 48
                          2a06:98c0:360a::/48 maxlen: 48
                          2a06:98c0:3605::/48 maxlen: 48
                          2a06:98c0:3608::/48 maxlen: 48
                          2a06:98c0:3603::/48 maxlen: 48
                          2a06:98c0:3609::/48 maxlen: 48
                          2a06:98c0:360c::/48 maxlen: 48
                          2a06:98c0:3607::/48 maxlen: 48
                          2a06:98c0:3602::/48 maxlen: 48
                          2a06:98c0:360d::/48 maxlen: 48
                          2a06:98c0:3610::/48 maxlen: 48
                          2a06:98c0:3600::/48 maxlen: 48
                          2a06:98c0:360b::/48 maxlen: 48
                          2a06:98c0:3606::/48 maxlen: 48
                          2a06:98c0:3611::/48 maxlen: 48
                          2a06:98c0:3601::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:14:60:61:10:04:a6:2e:cf:a1:ac:8e:df:b6:20:ac:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
        Validity
            Not Before: Sep  6 19:56:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=434916da2848c6bc4127dde624c5013aa6ffa681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c8:f4:e6:c3:88:45:d6:d4:1e:14:4b:b8:ab:
                    4d:90:7f:4f:da:f8:88:31:95:0a:66:d5:d9:4c:9a:
                    41:6f:37:1a:1b:47:7c:45:0f:99:90:83:87:ba:a5:
                    b3:18:1d:b4:65:75:d5:60:99:fe:fb:d0:10:95:8d:
                    22:6e:24:50:7e:08:44:e2:1f:1f:71:f0:d4:c6:c9:
                    2b:c9:fc:45:33:00:84:3b:e2:13:ec:39:b4:be:70:
                    f6:cb:38:fb:3e:f1:c6:e9:7e:80:81:01:ab:81:1f:
                    47:a1:70:6c:29:e2:14:df:cc:d5:24:12:f2:9b:80:
                    a1:16:5d:44:f4:ec:40:5c:78:56:7f:6e:69:4f:0a:
                    2a:d6:23:a7:cd:73:1d:1d:82:ca:53:e1:c6:d8:53:
                    89:1a:54:9d:4c:4f:a0:0f:b4:12:51:07:26:d6:a5:
                    15:d6:c2:1b:50:37:f4:50:2b:f0:89:18:43:99:e3:
                    6b:ec:6b:de:9d:97:b4:f6:4f:83:b6:48:39:48:3e:
                    a8:43:1a:c9:cd:2e:2b:29:49:7a:a2:ae:f2:be:73:
                    fc:bc:eb:1b:58:a6:c8:dd:8e:fb:f9:65:3a:57:b1:
                    04:d6:2b:8f:2d:7d:3a:2c:e5:2e:a8:4b:ba:f7:aa:
                    84:a1:ab:b2:fc:62:92:a6:5f:df:0d:49:81:b3:a2:
                    45:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:49:16:DA:28:48:C6:BC:41:27:DD:E6:24:C5:01:3A:A6:FF:A6:81
            X509v3 Authority Key Identifier:
                keyid:99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/Q0kW2ihIxrxBJ93mJMUBOqb_poE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.88.0/23
                IPv6:
                  2a06:98c0:3600::-2a06:98c0:360d:ffff:ffff:ffff:ffff:ffff
                  2a06:98c0:360f::-2a06:98c0:3611:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         14:dd:56:7b:ea:d0:47:93:cb:9f:f8:f4:2b:77:8f:88:36:4b:
         03:e2:bd:19:15:15:df:f9:bc:a0:d5:c7:a1:79:78:85:df:29:
         86:45:ff:40:34:a7:db:ff:55:e6:be:07:ba:73:a1:d7:4e:b8:
         de:11:80:96:5e:51:79:8d:ff:bf:a6:e5:51:72:a7:a9:34:91:
         99:b3:b3:b8:29:58:c1:e6:a4:3b:0f:ac:30:8b:51:39:e7:09:
         fe:fa:bc:80:5e:8c:78:e9:11:e9:0a:f5:49:7b:66:08:e1:ff:
         69:18:da:f6:32:64:c0:87:1f:05:1f:38:55:af:75:89:28:3e:
         ed:96:b4:22:85:a8:16:6c:3f:24:bf:d1:92:ed:46:cb:64:73:
         b8:8c:b2:f7:e4:68:b0:e3:12:2a:cd:01:2d:ad:65:a9:c1:c8:
         50:c9:fc:2e:53:5c:89:48:2a:94:21:e3:bd:2e:f5:db:df:ff:
         a9:9c:47:87:6f:e4:18:55:31:26:20:e7:ef:eb:02:57:98:8d:
         d9:14:6c:1a:9c:95:da:0a:06:ea:2b:6b:41:87:be:cd:0e:c6:
         16:d9:d2:15:35:8b:e3:72:c5:f2:ed:00:a3:8e:a6:e0:e0:8e:
         2e:d4:2c:b3:0a:6f:9d:58:65:3d:17:bc:8f:6b:e7:32:17:1e:
         38:60:80:f3
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYMUYGEQBKYuz6Gsjt+2IKzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZDViZmFkNDVkN2M2NWE2ZTM0MzAyODUwOWZkMTg5MmU5
N2I5ZDAwHhcNMjIwOTA2MTk1NjQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQ5MTZkYTI4NDhjNmJjNDEyN2RkZTYyNGM1MDEzYWE2ZmZhNjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8j05sOIRdbUHhRLuKtNkH9P2viI
MZUKZtXZTJpBbzcaG0d8RQ+ZkIOHuqWzGB20ZXXVYJn++9AQlY0ibiRQfghE4h8f
cfDUxskryfxFMwCEO+IT7Dm0vnD2yzj7PvHG6X6AgQGrgR9HoXBsKeIU38zVJBLy
m4ChFl1E9OxAXHhWf25pTwoq1iOnzXMdHYLKU+HG2FOJGlSdTE+gD7QSUQcm1qUV
1sIbUDf0UCvwiRhDmeNr7GvenZe09k+Dtkg5SD6oQxrJzS4rKUl6oq7yvnP8vOsb
WKbI3Y77+WU6V7EE1iuPLX06LOUuqEu696qEoauy/GKSpl/fDUmBs6JF6wIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFENJFtooSMa8QSfd5iTFATqm/6aBMB8GA1UdIwQY
MBaAFJnVv61F18ZabjQwKFCf0Ykul7nQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQt
NzU1MTgwOWNiNzMxLzEvUTBrVzJpaEl4cnhCSjkzbUpNVUJPcWJfcG9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQtNzU1MTgwOWNiNzMx
LzEvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAMBAIAATAGAwQBjWVYMC0E
AgACMCcwEQMGASoGmMA2AwcBKgaYwDYMMBIDBwAqBpjANg8DBwEqBpjANhAwDQYJ
KoZIhvcNAQELBQADggEBABTdVnvq0EeTy5/49Ct3j4g2SwPivRkVFd/5vKDVx6F5
eIXfKYZF/0A0p9v/Vea+B7pzoddOuN4RgJZeUXmN/7+m5VFyp6k0kZmzs7gpWMHm
pDsPrDCLUTnnCf76vIBejHjpEekK9Ul7Zgjh/2kY2vYyZMCHHwUfOFWvdYkoPu2W
tCKFqBZsPyS/0ZLtRstkc7iMsvfkaLDjEirNAS2tZanByFDJ/C5TXIlIKpQh470u
9dvf/6mcR4dv5BhVMSYg5+/rAleYjdkUbBqcldoKBuora0GHvs0OxhbZ0hU1i+Ny
xfLtAKOOpuDgji7ULLMKb51YZT0XvI9r5zIXHjhggPM=
-----END CERTIFICATE-----