Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/BjqupCYma2o28mVVDv6wQsvrIV0.roa
File:                     BjqupCYma2o28mVVDv6wQsvrIV0.roa (raw, json)
Hash identifier:          +GIVW6E7e5xW0S2p5NP9HgqSF8u6+/OkhgWTG1Bwj0I=
Subject key identifier:   06:3A:AE:A4:26:26:6B:6A:36:F2:65:55:0E:FE:B0:42:CB:EB:21:5D
Certificate issuer:       /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial:       018269953868FAA59340C169092289717B33
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/BjqupCYma2o28mVVDv6wQsvrIV0.roa
Signing time:             Thu 04 Aug 2022 15:59:23 +0000
ROA not before:           Thu 04 Aug 2022 15:59:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49687
IP address blocks:        146.66.212.0/22 maxlen: 22
                          146.66.216.0/23 maxlen: 23
                          5.157.224.0/22 maxlen: 22
                          178.157.127.0/24 maxlen: 24
                          5.157.137.0/24 maxlen: 24
                          5.157.136.0/21 maxlen: 21
                          5.157.138.0/24 maxlen: 24
                          5.157.144.0/21 maxlen: 21
                          5.157.140.0/22 maxlen: 22
                          188.119.176.0/22 maxlen: 22
                          188.74.191.0/24 maxlen: 24
                          37.35.44.0/22 maxlen: 22
                          188.74.154.0/23 maxlen: 23
                          188.74.153.0/24 maxlen: 24
                          188.74.170.0/24 maxlen: 24
                          2a03:8800::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:69:95:38:68:fa:a5:93:40:c1:69:09:22:89:71:7b:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
        Validity
            Not Before: Aug  4 15:59:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=063aaea426266b6a36f265550efeb042cbeb215d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:df:62:22:4e:e7:02:01:8e:c1:6d:2f:91:d4:
                    9f:e0:84:01:3a:ff:97:80:3f:5e:e2:92:dc:c6:15:
                    1c:84:ed:fc:05:71:b8:c9:d4:ba:da:13:d1:ee:44:
                    4a:7d:87:88:97:d9:29:ba:9c:b3:c3:e9:42:32:92:
                    bc:6e:76:bf:2f:56:91:2d:c8:61:2a:37:49:09:33:
                    c2:85:d2:fa:ec:10:d7:b3:07:86:8e:a6:8b:cd:30:
                    3f:49:c2:c0:6a:be:9d:11:fc:7d:23:be:b5:e7:6f:
                    ae:50:85:41:56:ad:42:e8:05:a3:a8:4d:7e:53:07:
                    ca:d9:c9:eb:fe:ee:01:dc:56:03:7a:58:eb:4d:5d:
                    a5:bf:c1:7e:63:af:a5:69:4a:ea:fe:83:f8:b8:1e:
                    6c:fb:48:1d:38:53:ec:83:00:75:e4:52:e2:9c:ab:
                    9d:10:21:6d:d2:e9:6c:21:d1:ed:b0:27:f2:53:67:
                    fc:72:63:fa:b5:cc:c4:d2:ce:ab:d1:ad:50:e2:67:
                    40:05:99:36:aa:07:03:8e:86:17:81:a5:bd:99:e6:
                    dc:ee:bd:db:52:68:18:70:8e:4f:5b:67:a1:45:c0:
                    10:3e:7e:ae:b1:94:25:f1:32:ce:93:f2:68:46:82:
                    62:47:00:bc:c4:c0:6a:b3:56:47:c5:e1:9d:85:e1:
                    9b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:3A:AE:A4:26:26:6B:6A:36:F2:65:55:0E:FE:B0:42:CB:EB:21:5D
            X509v3 Authority Key Identifier:
                keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/BjqupCYma2o28mVVDv6wQsvrIV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.157.136.0-5.157.151.255
                  5.157.224.0/22
                  37.35.44.0/22
                  146.66.212.0-146.66.217.255
                  178.157.127.0/24
                  188.74.153.0-188.74.155.255
                  188.74.170.0/24
                  188.74.191.0/24
                  188.119.176.0/22
                IPv6:
                  2a03:8800::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:88:47:a8:ee:e0:cd:22:99:f2:92:86:11:40:bd:5f:7e:2f:
         b8:9e:fd:3a:c1:76:b5:9c:70:2c:03:18:79:c7:89:7a:b5:f1:
         57:fe:10:47:1d:f6:38:23:78:31:ac:ec:d5:e3:52:6f:ee:b8:
         e2:2e:81:24:a8:00:52:91:bd:d2:5f:c9:6a:db:05:76:d8:b0:
         3c:43:ad:25:14:28:43:12:d1:21:5b:23:bc:19:44:95:fe:15:
         0e:10:7d:39:03:7d:41:7a:bc:00:fa:52:50:40:07:32:0e:9e:
         eb:5c:d9:be:02:ec:41:63:23:47:d6:1a:5b:b7:92:fd:e4:a0:
         9c:99:c7:6d:cb:8c:b2:89:58:3c:36:5d:cd:cd:d4:54:b2:f8:
         13:f8:9e:9a:9b:d5:68:11:03:b4:3f:66:17:e8:09:71:71:de:
         57:83:2c:3e:f3:4a:61:a5:f3:02:a0:76:cb:74:d6:fc:b2:ee:
         6b:e4:38:d3:8e:80:36:cc:fb:67:48:ab:67:da:d9:97:a8:71:
         8b:d7:65:0c:26:c8:6e:78:32:a6:bd:de:8b:7c:01:4c:25:2c:
         ec:01:88:cc:a0:51:50:b9:c8:40:bb:fe:0f:1b:e2:3e:ce:76:
         9b:73:f1:1b:fa:78:05:3d:c5:e3:39:99:b0:55:4c:92:64:00:
         99:6d:7b:f8
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYJplTho+qWTQMFpCSKJcXszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjIwODA0MTU1OTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjNhYWVhNDI2MjY2YjZhMzZmMjY1NTUwZWZlYjA0MmNiZWIyMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv99iIk7nAgGOwW0vkdSf4IQBOv+X
gD9e4pLcxhUchO38BXG4ydS62hPR7kRKfYeIl9kpupyzw+lCMpK8bna/L1aRLchh
KjdJCTPChdL67BDXsweGjqaLzTA/ScLAar6dEfx9I76152+uUIVBVq1C6AWjqE1+
UwfK2cnr/u4B3FYDeljrTV2lv8F+Y6+laUrq/oP4uB5s+0gdOFPsgwB15FLinKud
ECFt0ulsIdHtsCfyU2f8cmP6tczE0s6r0a1Q4mdABZk2qgcDjoYXgaW9mebc7r3b
UmgYcI5PW2ehRcAQPn6usZQl8TLOk/JoRoJiRwC8xMBqs1ZHxeGdheGbxQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFAY6rqQmJmtqNvJlVQ7+sELL6yFdMB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvQmpxdXBDWW1hMm8yOG1WVkR2NndRc3ZySVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOMAwDBAMFnYgD
BAMFnZADBAIFneADBAIlIywwDAMEApJC1AMEAZJC2AMEALKdfzAMAwQAvEqZAwQC
vEqYAwQAvEqqAwQAvEq/AwQCvHewMA0EAgACMAcDBQAqA4gAMA0GCSqGSIb3DQEB
CwUAA4IBAQB6iEeo7uDNIpnykoYRQL1ffi+4nv06wXa1nHAsAxh5x4l6tfFX/hBH
HfY4I3gxrOzV41Jv7rjiLoEkqABSkb3SX8lq2wV22LA8Q60lFChDEtEhWyO8GUSV
/hUOEH05A31BerwA+lJQQAcyDp7rXNm+AuxBYyNH1hpbt5L95KCcmcdty4yyiVg8
Nl3NzdRUsvgT+J6am9VoEQO0P2YX6Alxcd5Xgyw+80phpfMCoHbLdNb8su5r5DjT
joA2zPtnSKtn2tmXqHGL12UMJshueDKmvd6LfAFMJSzsAYjMoFFQuchAu/4PG+I+
znabc/Eb+ngFPcXjOZmwVUySZACZbXv4
-----END CERTIFICATE-----