Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/50tUCVDpkjfhiASDHTNdaJx4tbo.roa
File:                     50tUCVDpkjfhiASDHTNdaJx4tbo.roa (raw, json)
Hash identifier:          FiJd1HHZJ2YBsyEvnUhEoz02NwJSx+ZDvyG2urO7DEU=
Subject key identifier:   E7:4B:54:09:50:E9:92:37:E1:88:04:83:1D:33:5D:68:9C:78:B5:BA
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       0182E9390C1E006EDC0000ABBA092A81A36C
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/50tUCVDpkjfhiASDHTNdaJx4tbo.roa
Signing time:             Mon 29 Aug 2022 10:50:05 +0000
ROA not before:           Mon 29 Aug 2022 10:50:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12608
IP address blocks:        2a06:d904::/30 maxlen: 30
                          2a09:3800::/30 maxlen: 30
                          2a04:c104::/30 maxlen: 30
                          2a04:c100::/30 maxlen: 30
                          2a09:3804::/30 maxlen: 30
                          2a10:d8c4::/30 maxlen: 30
                          2a0a:2884::/30 maxlen: 30
                          2a06:d900::/30 maxlen: 30
                          2a0d:2e44::/30 maxlen: 30
                          2a0c:e8c0::/30 maxlen: 30
                          2a0f:cf84::/30 maxlen: 30
                          2a0b:ab04::/30 maxlen: 30
                          2a09:3b04::/30 maxlen: 30
                          2a0b:ab00::/30 maxlen: 30
                          2a09:3b00::/30 maxlen: 30
                          2a0c:e8c4::/30 maxlen: 30
                          2a0d:2e40::/30 maxlen: 30
                          2a10:d8c0::/30 maxlen: 30
                          2a0a:2880::/30 maxlen: 30
                          2a0f:cf80::/30 maxlen: 30

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:e9:39:0c:1e:00:6e:dc:00:00:ab:ba:09:2a:81:a3:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Aug 29 10:50:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e74b540950e99237e18804831d335d689c78b5ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:54:90:ee:f1:65:ff:80:b3:a0:f8:30:0f:59:
                    25:35:3d:8a:35:9c:76:a1:47:12:3f:ef:6e:d2:a0:
                    f9:df:1c:a5:2a:7e:ef:3c:b9:44:dd:53:68:f1:3a:
                    fc:ec:17:c0:8a:ad:f9:ea:94:da:e3:9e:04:64:13:
                    6c:7d:1f:4c:d2:7b:24:8b:de:8a:7e:42:17:11:5b:
                    2f:f7:36:70:70:6a:f5:1d:4d:6b:7e:33:32:fa:ad:
                    7a:9e:41:b4:60:45:58:94:86:91:fa:41:16:8c:0b:
                    5c:b2:2d:db:ad:1e:23:ab:c6:c5:ea:4f:c0:41:d0:
                    1d:5e:a3:1c:cc:11:38:23:cb:dd:67:1d:27:c3:d9:
                    63:fb:27:a1:83:6c:13:37:69:14:8c:ab:d0:8a:ff:
                    f8:d1:11:aa:f9:30:83:ba:42:ff:68:41:78:60:1f:
                    84:28:bb:63:93:99:3c:28:1a:e6:ff:a0:b4:b9:65:
                    c9:a7:d2:de:75:60:85:51:06:2b:e4:cf:bd:e4:d5:
                    cc:ae:dd:3b:90:32:ed:9e:43:35:7b:9d:36:ad:a8:
                    4d:c4:cc:2d:03:57:bd:a4:0a:b5:fb:9f:27:fd:d5:
                    cf:6f:c7:b3:ef:74:c4:6f:52:3a:35:8c:7d:d2:fb:
                    65:3b:50:87:77:97:0e:2c:0d:d1:3b:68:1f:b3:ce:
                    aa:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:4B:54:09:50:E9:92:37:E1:88:04:83:1D:33:5D:68:9C:78:B5:BA
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/50tUCVDpkjfhiASDHTNdaJx4tbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:c100::/29
                  2a06:d900::/29
                  2a09:3800::/29
                  2a09:3b00::/29
                  2a0a:2880::/29
                  2a0b:ab00::/29
                  2a0c:e8c0::/29
                  2a0d:2e40::/29
                  2a0f:cf80::/29
                  2a10:d8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:f1:a5:2f:08:8a:f4:b5:56:07:73:18:d6:6e:56:03:16:37:
         8d:df:6f:dc:e0:c2:cd:22:a0:40:38:1a:20:6c:73:0b:8e:f6:
         2c:2c:65:28:0a:99:75:ed:fa:92:9e:9f:2b:16:4b:c1:11:77:
         6b:e3:5c:63:b4:2b:5b:72:9b:dc:9e:c1:03:f7:d2:16:93:72:
         ec:74:0a:b9:c3:5d:65:ee:5b:e2:5f:1d:26:6b:17:53:da:78:
         98:d9:e0:fb:89:1e:ea:73:cd:85:f6:a1:bc:92:2f:7c:f4:e3:
         f0:41:84:d9:7d:93:dc:06:6f:9d:8c:71:e4:87:e8:d1:62:96:
         f9:f6:f1:2c:db:eb:62:fe:70:1b:80:d9:e0:00:40:ff:5b:00:
         c8:99:29:c0:7a:b6:48:6e:28:a5:61:52:d8:0f:71:bf:bd:ab:
         2d:0b:db:40:3a:55:d2:20:92:e6:62:50:8c:b6:ad:92:7c:42:
         31:a2:7f:cb:a3:2b:e6:95:fb:50:b3:02:ba:0b:4c:20:03:46:
         e2:f4:77:38:7f:1f:94:d4:8b:2c:ed:b2:16:b7:67:15:34:0a:
         8b:b9:b9:e9:e1:2b:43:c5:60:32:6b:40:61:63:e6:54:7f:c6:
         b8:58:29:1f:e6:74:5a:ec:0e:70:ef:31:cc:19:9e:93:b3:31:
         fb:e8:b2:3d
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYLpOQweAG7cAACrugkqgaNsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjIwODI5MTA1MDA1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzRiNTQwOTUwZTk5MjM3ZTE4ODA0ODMxZDMzNWQ2ODljNzhiNWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlSQ7vFl/4CzoPgwD1klNT2KNZx2
oUcSP+9u0qD53xylKn7vPLlE3VNo8Tr87BfAiq356pTa454EZBNsfR9M0nski96K
fkIXEVsv9zZwcGr1HU1rfjMy+q16nkG0YEVYlIaR+kEWjAtcsi3brR4jq8bF6k/A
QdAdXqMczBE4I8vdZx0nw9lj+yehg2wTN2kUjKvQiv/40RGq+TCDukL/aEF4YB+E
KLtjk5k8KBrm/6C0uWXJp9LedWCFUQYr5M+95NXMrt07kDLtnkM1e502rahNxMwt
A1e9pAq1+58n/dXPb8ez73TEb1I6NYx90vtlO1CHd5cOLA3RO2gfs86qHwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFOdLVAlQ6ZI34YgEgx0zXWiceLW6MB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvNTB0VUNWRHBramZoaUFTREhUTmRhSng0dGJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKgTBAAMF
AyoG2QADBQMqCTgAAwUDKgk7AAMFAyoKKIADBQMqC6sAAwUDKgzowAMFAyoNLkAD
BQMqD8+AAwUDKhDYwDANBgkqhkiG9w0BAQsFAAOCAQEAWvGlLwiK9LVWB3MY1m5W
AxY3jd9v3ODCzSKgQDgaIGxzC472LCxlKAqZde36kp6fKxZLwRF3a+NcY7QrW3Kb
3J7BA/fSFpNy7HQKucNdZe5b4l8dJmsXU9p4mNng+4ke6nPNhfahvJIvfPTj8EGE
2X2T3AZvnYxx5Ifo0WKW+fbxLNvrYv5wG4DZ4ABA/1sAyJkpwHq2SG4opWFS2A9x
v72rLQvbQDpV0iCS5mJQjLatknxCMaJ/y6Mr5pX7ULMCugtMIANG4vR3OH8flNSL
LO2yFrdnFTQKi7m56eErQ8VgMmtAYWPmVH/GuFgpH+Z0WuwOcO8xzBmek7Mx++iy
PQ==
-----END CERTIFICATE-----