Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/6PIuGM6k7wWipi6Ji_fYgWATqsI.roa
File:                     6PIuGM6k7wWipi6Ji_fYgWATqsI.roa (raw, json)
Hash identifier:          MUHYyUnPDdibc6YOIDm0nJw76nphmPlbDZyJz3Z5+Bs=
Subject key identifier:   E8:F2:2E:18:CE:A4:EF:05:A2:A6:2E:89:8B:F7:D8:81:60:13:AA:C2
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01833AF4CB8971DDF1CB50116D62DB5C2019
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/6PIuGM6k7wWipi6Ji_fYgWATqsI.roa
Signing time:             Wed 14 Sep 2022 07:44:24 +0000
ROA not before:           Wed 14 Sep 2022 07:44:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197343
IP address blocks:        185.215.230.0/24 maxlen: 24
                          5.56.130.0/23 maxlen: 23
                          5.56.128.0/22 maxlen: 22
                          5.56.128.0/23 maxlen: 23
                          37.32.44.0/24 maxlen: 24
                          37.32.42.0/24 maxlen: 24
                          37.32.41.0/24 maxlen: 24
                          37.32.40.0/22 maxlen: 24
                          37.32.45.0/24 maxlen: 24
                          37.32.47.0/24 maxlen: 24
                          5.57.32.0/21 maxlen: 24
                          185.212.48.0/24 maxlen: 24
                          185.212.48.0/22 maxlen: 22
                          185.212.49.0/24 maxlen: 24
                          178.239.149.0/24 maxlen: 24
                          178.239.150.0/24 maxlen: 24
                          178.239.156.0/23 maxlen: 23
                          178.239.156.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:3a:f4:cb:89:71:dd:f1:cb:50:11:6d:62:db:5c:20:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Sep 14 07:44:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e8f22e18cea4ef05a2a62e898bf7d8816013aac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b5:48:2d:a1:6a:f1:2d:24:a3:33:aa:c7:ac:
                    62:71:e0:6b:3e:6e:98:3d:be:d5:23:a9:78:47:c9:
                    b2:88:9d:20:5d:ad:0d:bd:19:16:7f:44:ee:ce:15:
                    8c:8c:81:00:66:e5:5c:fb:49:7a:99:78:ab:94:95:
                    a5:9a:bb:d4:18:4f:41:1a:a8:74:91:fd:00:dc:a5:
                    08:10:6f:8c:fe:cf:63:26:ab:c4:11:9a:77:a2:c7:
                    6d:63:7b:ae:96:ff:08:4e:51:2f:6b:87:23:78:4e:
                    bf:77:36:93:46:5a:ea:9c:ef:14:5e:ae:84:01:5e:
                    6c:c2:3f:05:d0:8c:45:cc:0f:70:53:62:72:88:cb:
                    9c:0b:24:73:41:57:fe:9a:70:d9:0e:dc:1e:d4:d4:
                    be:56:29:9f:e4:72:f2:58:cf:42:92:29:81:c6:bc:
                    58:0e:58:1f:ea:59:c4:4f:7e:af:4a:ed:94:c0:9e:
                    85:74:94:3f:46:32:07:c2:80:0b:ce:fd:16:7f:48:
                    bf:45:10:a0:a6:94:95:97:99:1d:8e:53:89:2a:01:
                    ed:76:80:9a:5e:6a:34:7b:d7:ff:f2:59:ee:39:d0:
                    da:e5:0f:5a:d3:d3:b6:b1:12:dc:2e:f8:5b:eb:85:
                    71:7c:d4:ce:62:59:68:7b:02:da:e1:6f:10:a7:ea:
                    a1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:F2:2E:18:CE:A4:EF:05:A2:A6:2E:89:8B:F7:D8:81:60:13:AA:C2
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/6PIuGM6k7wWipi6Ji_fYgWATqsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.128.0/22
                  5.57.32.0/21
                  37.32.40.0-37.32.45.255
                  37.32.47.0/24
                  178.239.149.0-178.239.150.255
                  178.239.156.0/22
                  185.212.48.0/22
                  185.215.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:4c:05:60:97:fe:9f:3e:93:1b:8a:f1:cd:4d:a4:db:cd:32:
         15:4f:6d:fb:23:c3:48:c0:83:a6:a0:5e:0b:74:2d:10:a7:27:
         ec:46:1b:59:db:7f:39:32:9b:fe:15:4a:34:1a:f2:4a:f3:50:
         9e:29:74:cd:95:1f:a9:c2:cd:cf:4a:f1:d3:e9:99:39:22:7b:
         03:de:32:0e:dd:85:fc:27:c9:62:ba:64:70:a2:06:7a:32:7f:
         aa:1c:c9:e3:63:cd:45:25:7f:1c:93:17:ce:33:4c:ab:32:d1:
         b4:90:b7:6c:9b:f5:22:ad:78:85:15:e3:2a:9a:27:84:57:18:
         aa:2a:fd:2e:26:f9:9e:5a:33:c8:c7:99:fb:c8:57:69:63:6d:
         ef:fa:67:99:3c:e3:b7:eb:2e:9b:16:18:76:54:08:e8:6f:1c:
         48:f8:df:e6:04:f9:d1:fe:68:c9:5d:ee:af:b6:52:86:b2:11:
         1d:97:e1:bb:e4:cc:cf:05:69:12:ac:76:42:c7:c8:51:b6:13:
         f5:1b:3f:56:52:98:60:8d:6d:40:5c:61:66:e8:7d:f7:22:a7:
         7f:7c:00:5a:5c:65:0b:05:6d:58:36:6f:ee:3d:0b:50:79:0f:
         70:4b:57:dd:d0:61:25:c8:67:59:18:95:9b:88:00:23:cb:b8:
         7f:e8:4e:50
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYM69MuJcd3xy1ARbWLbXCAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjIwOTE0MDc0NDI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGYyMmUxOGNlYTRlZjA1YTJhNjJlODk4YmY3ZDg4MTYwMTNhYWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17VILaFq8S0kozOqx6xiceBrPm6Y
Pb7VI6l4R8myiJ0gXa0NvRkWf0TuzhWMjIEAZuVc+0l6mXirlJWlmrvUGE9BGqh0
kf0A3KUIEG+M/s9jJqvEEZp3osdtY3uulv8ITlEva4cjeE6/dzaTRlrqnO8UXq6E
AV5swj8F0IxFzA9wU2JyiMucCyRzQVf+mnDZDtwe1NS+Vimf5HLyWM9CkimBxrxY
Dlgf6lnET36vSu2UwJ6FdJQ/RjIHwoALzv0Wf0i/RRCgppSVl5kdjlOJKgHtdoCa
Xmo0e9f/8lnuOdDa5Q9a09O2sRLcLvhb64VxfNTOYlloewLa4W8Qp+qhfQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFOjyLhjOpO8FoqYuiYv32IFgE6rCMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvNlBJdUdNNms3d1dpcGk2SmlfZllnV0FUcXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCBTiAAwQD
BTkgMAwDBAMlICgDBAElICwDBAAlIC8wDAMEALLvlQMEALLvlgMEArLvnAMEArnU
MAMEALnX5jANBgkqhkiG9w0BAQsFAAOCAQEAd0wFYJf+nz6TG4rxzU2k280yFU9t
+yPDSMCDpqBeC3QtEKcn7EYbWdt/OTKb/hVKNBrySvNQnil0zZUfqcLNz0rx0+mZ
OSJ7A94yDt2F/CfJYrpkcKIGejJ/qhzJ42PNRSV/HJMXzjNMqzLRtJC3bJv1Iq14
hRXjKponhFcYqir9Lib5nlozyMeZ+8hXaWNt7/pnmTzjt+sumxYYdlQI6G8cSPjf
5gT50f5oyV3ur7ZShrIRHZfhu+TMzwVpEqx2QsfIUbYT9Rs/VlKYYI1tQFxhZuh9
9yKnf3wAWlxlCwVtWDZv7j0LUHkPcEtX3dBhJchnWRiVm4gAI8u4f+hOUA==
-----END CERTIFICATE-----