Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/vz7fMdXrfQED1VaUuPc95BBfEJI.roa
File:                     vz7fMdXrfQED1VaUuPc95BBfEJI.roa (raw, json)
Hash identifier:          hRctJZg94jTUnxaVX/sNSxr6P7Tu5Z/hrS+xWLmYzgg=
Subject key identifier:   BF:3E:DF:31:D5:EB:7D:01:03:D5:56:94:B8:F7:3D:E4:10:5F:10:92
Certificate issuer:       /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial:       051DC4F3
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/vz7fMdXrfQED1VaUuPc95BBfEJI.roa
Signing time:             Tue 17 May 2022 15:07:30 +0000
ROA not before:           Tue 17 May 2022 15:07:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49687
IP address blocks:        146.66.212.0/22 maxlen: 22
                          146.66.216.0/23 maxlen: 23
                          5.157.224.0/22 maxlen: 22
                          178.157.125.0/24 maxlen: 24
                          178.157.127.0/24 maxlen: 24
                          5.157.136.0/21 maxlen: 21
                          188.119.162.0/24 maxlen: 24
                          5.157.144.0/21 maxlen: 21
                          188.119.176.0/22 maxlen: 22
                          188.74.191.0/24 maxlen: 24
                          37.35.44.0/22 maxlen: 22
                          188.74.154.0/23 maxlen: 23
                          188.74.153.0/24 maxlen: 24
                          188.74.170.0/24 maxlen: 24
                          2a03:8800::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 85837043 (0x51dc4f3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
        Validity
            Not Before: May 17 15:07:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bf3edf31d5eb7d0103d55694b8f73de4105f1092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f7:76:4a:9e:3e:90:78:70:51:f7:03:73:9b:
                    57:83:a0:33:77:6f:56:79:36:56:e4:ca:8f:e5:d2:
                    2e:6e:df:89:dd:4b:61:3d:9d:ca:53:a2:cc:4c:60:
                    b4:22:8c:99:83:41:ab:77:3b:68:f1:8f:76:51:d4:
                    3e:e1:8c:c7:a7:2a:6c:ef:a8:8e:6c:53:6f:ba:d3:
                    f5:a9:49:59:89:c5:a6:02:cf:a0:17:9e:be:bd:83:
                    c3:2e:84:6e:35:6e:69:ba:77:06:7b:3e:cd:7a:b9:
                    9a:e0:7a:dc:77:16:85:23:ff:e3:8c:36:2a:de:e3:
                    e1:b8:47:12:15:dd:80:1d:f8:02:d5:bd:7c:0e:04:
                    35:ee:8f:bb:80:a2:23:6d:49:7a:63:a2:4e:39:42:
                    c6:0e:44:37:29:45:75:86:e8:ab:64:3b:9b:1e:a1:
                    94:01:42:a9:25:ba:0e:aa:de:bd:00:d9:62:43:bd:
                    97:62:1c:84:6a:da:2c:ca:34:a5:f3:bb:34:28:52:
                    4f:6a:3b:0b:af:59:76:32:1c:22:c0:df:80:0b:74:
                    39:ea:c6:19:39:20:51:9a:d3:57:7e:78:a3:1c:e5:
                    6c:59:50:83:fc:11:12:35:d1:ba:3b:81:15:94:fc:
                    76:47:4a:58:6f:3f:68:de:ae:5f:13:41:99:4a:9a:
                    21:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:3E:DF:31:D5:EB:7D:01:03:D5:56:94:B8:F7:3D:E4:10:5F:10:92
            X509v3 Authority Key Identifier:
                keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/vz7fMdXrfQED1VaUuPc95BBfEJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.157.136.0-5.157.151.255
                  5.157.224.0/22
                  37.35.44.0/22
                  146.66.212.0-146.66.217.255
                  178.157.125.0/24
                  178.157.127.0/24
                  188.74.153.0-188.74.155.255
                  188.74.170.0/24
                  188.74.191.0/24
                  188.119.162.0/24
                  188.119.176.0/22
                IPv6:
                  2a03:8800::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:88:50:7d:8f:d4:d5:74:e2:0d:0d:36:dd:7a:b6:08:f5:db:
         22:d9:0f:80:76:49:ec:5d:28:2a:2e:a5:6c:d1:76:1c:ad:41:
         8d:29:6b:10:91:18:ac:7a:a1:fd:7f:4d:c2:6d:b4:a1:37:31:
         65:00:f7:aa:d9:fe:9e:ab:93:2e:f9:1f:49:80:7b:0b:de:24:
         3d:64:ca:e6:a6:aa:83:65:51:ed:a8:3d:90:b5:6c:88:5f:c2:
         9d:98:ea:d4:a0:cf:c2:52:79:0d:34:ea:17:72:c2:38:97:3c:
         5d:0f:06:28:47:a5:a2:4b:1c:67:92:80:a0:a8:31:0b:2a:82:
         d5:3b:b5:19:7c:b3:d9:8f:6e:59:bf:be:a8:19:91:e0:4e:43:
         78:87:7d:fd:fe:41:ee:a5:11:19:f8:d4:5f:73:61:91:b9:ae:
         c6:9d:c7:40:4d:33:38:c3:a5:a8:7d:71:6e:35:f1:37:87:c3:
         1d:0b:18:af:79:27:45:43:d1:4c:47:67:c6:96:e2:40:10:46:
         9e:71:b9:38:e2:f2:0b:db:bc:d7:ea:66:dc:6f:75:a8:8d:5f:
         17:6c:81:93:d3:9c:b5:f8:96:ed:76:1d:37:41:6d:74:db:1d:
         41:41:13:ab:6f:17:8c:ff:e9:08:7f:ea:54:ee:93:9b:55:60:
         79:9a:3f:62
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgIEBR3E8zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YjIzM2Q3NTUwOGI0ZTg1Y2NjZjQ0MzQ5YTdjYjcwMzE5OGQxZDI2MB4XDTIyMDUx
NzE1MDczMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmYzZWRmMzFkNWVi
N2QwMTAzZDU1Njk0YjhmNzNkZTQxMDVmMTA5MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMv3dkqePpB4cFH3A3ObV4OgM3dvVnk2VuTKj+XSLm7fid1L
YT2dylOizExgtCKMmYNBq3c7aPGPdlHUPuGMx6cqbO+ojmxTb7rT9alJWYnFpgLP
oBeevr2Dwy6EbjVuabp3Bns+zXq5muB63HcWhSP/44w2Kt7j4bhHEhXdgB34AtW9
fA4ENe6Pu4CiI21JemOiTjlCxg5ENylFdYboq2Q7mx6hlAFCqSW6DqrevQDZYkO9
l2IchGraLMo0pfO7NChST2o7C69ZdjIcIsDfgAt0OerGGTkgUZrTV354oxzlbFlQ
g/wREjXRujuBFZT8dkdKWG8/aN6uXxNBmUqaIT8CAwEAAaOCAm0wggJpMB0GA1Ud
DgQWBBS/Pt8x1et9AQPVVpS49z3kEF8QkjAfBgNVHSMEGDAWgBRrIz11UItOhczP
RDSafLcDGY0dJjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2F5TTlkVkNMVG9YTXowUTBtbnkzQXhtTkhTWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTAvOWQ5MTkyLTI3M2MtNGNhOS1iMmJhLWZhOWNiNTFjZDBmMS8x
L3Z6N2ZNZFhyZlFFRDFWYVV1UGM5NUJCZkVKSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAv
OWQ5MTkyLTI3M2MtNGNhOS1iMmJhLWZhOWNiNTFjZDBmMS8xL2F5TTlkVkNMVG9Y
TXowUTBtbnkzQXhtTkhTWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
ggYIKwYBBQUHAQcBAf8EczBxMGAEAgABMFowDAMEAwWdiAMEAwWdkAMEAgWd4AME
AiUjLDAMAwQCkkLUAwQBkkLYAwQAsp19AwQAsp1/MAwDBAC8SpkDBAK8SpgDBAC8
SqoDBAC8Sr8DBAC8d6IDBAK8d7AwDQQCAAIwBwMFACoDiAAwDQYJKoZIhvcNAQEL
BQADggEBAJyIUH2P1NV04g0NNt16tgj12yLZD4B2SexdKCoupWzRdhytQY0paxCR
GKx6of1/TcJttKE3MWUA96rZ/p6rky75H0mAewveJD1kyuamqoNlUe2oPZC1bIhf
wp2Y6tSgz8JSeQ006hdywjiXPF0PBihHpaJLHGeSgKCoMQsqgtU7tRl8s9mPblm/
vqgZkeBOQ3iHff3+Qe6lERn41F9zYZG5rsadx0BNMzjDpah9cW418TeHwx0LGK95
J0VD0UxHZ8aW4kAQRp5xuTji8gvbvNfqZtxvdaiNXxdsgZPTnLX4lu12HTdBbXTb
HUFBE6tvF4z/6Qh/6lTuk5tVYHmaP2I=
-----END CERTIFICATE-----