Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/P_UiHWS5vssAaVACtk5ctZRfuy4.roa
File:                     P_UiHWS5vssAaVACtk5ctZRfuy4.roa (raw, json)
Hash identifier:          M76YVdo6GZqg2jf1h0kZopCXBTswFYzoFOrhxe5PYeo=
Subject key identifier:   3F:F5:22:1D:64:B9:BE:CB:00:69:50:02:B6:4E:5C:B5:94:5F:BB:2E
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       0181D7ACB497F1D0A0FFFCB397B94CB37790
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/P_UiHWS5vssAaVACtk5ctZRfuy4.roa
Signing time:             Thu 07 Jul 2022 08:00:28 +0000
ROA not before:           Thu 07 Jul 2022 08:00:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210554
IP address blocks:        2a06:e881:8707::/48 maxlen: 128
                          2a06:e881:870c::/48 maxlen: 128
                          2a06:e881:870d::/48 maxlen: 128
                          2a06:e881:8702::/48 maxlen: 128
                          2a06:e881:8703::/48 maxlen: 128
                          2a06:e881:8708::/48 maxlen: 128
                          2a06:e881:8709::/48 maxlen: 128
                          2a06:e881:870e::/48 maxlen: 128
                          2a06:e881:870f::/48 maxlen: 128
                          2a06:e881:8704::/48 maxlen: 128
                          2a06:e881:870a::/48 maxlen: 128
                          2a06:e881:870b::/48 maxlen: 128
                          2a06:e881:8700::/48 maxlen: 128
                          2a06:e881:8701::/48 maxlen: 128
                          2a06:e881:8706::/48 maxlen: 128

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:d7:ac:b4:97:f1:d0:a0:ff:fc:b3:97:b9:4c:b3:77:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jul  7 08:00:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3ff5221d64b9becb00695002b64e5cb5945fbb2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9e:0c:70:02:dd:2f:22:fe:49:f8:66:07:41:
                    e9:52:ca:f1:e5:cb:79:51:96:99:8b:12:9c:7c:63:
                    af:12:7b:41:50:a7:2f:73:d1:28:3b:34:71:bb:a3:
                    07:42:de:b3:b7:5e:0e:c8:ca:71:14:87:d9:44:2a:
                    dc:c2:27:0a:65:d9:dd:b3:99:07:14:4a:6b:d8:99:
                    1f:6d:ac:b5:57:ef:05:90:32:ff:95:cc:e7:41:99:
                    41:fd:a5:d1:5d:e8:68:26:ad:25:94:36:42:ff:3a:
                    c8:df:87:a7:5f:23:bc:96:06:5d:f0:0c:fe:90:25:
                    68:a7:2a:57:37:0e:19:34:8d:e2:63:62:c3:b7:9c:
                    ce:46:81:a8:18:e1:88:28:3d:df:53:d6:cb:e9:17:
                    18:06:bf:86:d5:07:f1:eb:1e:e4:39:40:79:cf:54:
                    62:5e:8b:9d:16:dc:99:33:bb:4f:db:e1:84:51:c9:
                    b1:6d:2b:3b:bb:6c:84:01:cc:fd:bb:2c:39:83:d1:
                    59:fc:fd:c9:08:86:7d:b1:bf:f9:8f:d6:68:94:71:
                    ff:b5:e6:a0:b0:03:7c:2e:14:d1:fc:69:70:63:a1:
                    da:d8:da:ac:a0:be:0f:aa:16:a4:26:6c:04:a7:5e:
                    36:aa:9a:a6:43:08:8f:e3:ff:cc:4a:c7:cb:36:34:
                    e6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F5:22:1D:64:B9:BE:CB:00:69:50:02:B6:4E:5C:B5:94:5F:BB:2E
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/P_UiHWS5vssAaVACtk5ctZRfuy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:8700::-2a06:e881:8704:ffff:ffff:ffff:ffff:ffff
                  2a06:e881:8706::-2a06:e881:870f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         07:c4:cd:9f:f9:58:4e:ab:9d:3d:aa:e2:84:24:53:4b:f6:09:
         f1:64:10:ff:f1:ba:4e:1d:9a:d1:f1:00:46:56:13:f9:15:ef:
         db:a3:6d:2b:98:b7:d7:03:5e:a1:1d:49:00:9d:69:ce:89:81:
         6b:38:d2:42:86:8f:06:70:c2:d9:a4:3a:14:38:cd:79:01:7a:
         fe:ad:40:fc:35:6a:a5:5d:62:0a:26:1c:b6:be:3b:b0:cb:b6:
         d0:24:61:82:7b:35:15:25:00:2d:5d:fd:e9:8d:3f:31:68:63:
         ed:24:f0:e9:e6:0c:3d:a9:a2:96:0b:f3:23:b5:d2:0c:85:08:
         1f:2f:28:89:50:cd:ec:0c:9e:82:8c:a6:ee:60:56:ad:3f:a2:
         eb:0e:9b:70:0c:47:9e:8d:53:04:43:f9:05:e6:91:3d:52:eb:
         b1:29:17:3b:14:da:e0:ce:7b:c6:5d:06:82:ac:7f:46:ea:81:
         4b:ac:f4:e9:56:c9:3a:ab:4d:c3:55:0f:0c:ec:20:29:58:15:
         20:95:b0:cb:d4:a2:48:42:40:ab:40:30:cb:f0:12:5d:f9:0a:
         ff:08:8b:55:37:0a:f2:32:cf:af:8f:c7:23:6e:40:c3:f1:90:
         e8:80:53:88:f2:fc:37:c0:12:71:ff:c9:e6:05:9f:ad:25:78:
         b5:d5:20:91
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYHXrLSX8dCg//yzl7lMs3eQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjIwNzA3MDgwMDI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY1MjIxZDY0YjliZWNiMDA2OTUwMDJiNjRlNWNiNTk0NWZiYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr54McALdLyL+SfhmB0HpUsrx5ct5
UZaZixKcfGOvEntBUKcvc9EoOzRxu6MHQt6zt14OyMpxFIfZRCrcwicKZdnds5kH
FEpr2Jkfbay1V+8FkDL/lcznQZlB/aXRXehoJq0llDZC/zrI34enXyO8lgZd8Az+
kCVopypXNw4ZNI3iY2LDt5zORoGoGOGIKD3fU9bL6RcYBr+G1Qfx6x7kOUB5z1Ri
XoudFtyZM7tP2+GEUcmxbSs7u2yEAcz9uyw5g9FZ/P3JCIZ9sb/5j9ZolHH/teag
sAN8LhTR/GlwY6Ha2NqsoL4PqhakJmwEp142qpqmQwiP4//MSsfLNjTmywIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFD/1Ih1kub7LAGlQArZOXLWUX7suMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvUF9VaUhXUzV2c3NBYVZBQ3RrNWN0WlJmdXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAtBAIAAjAnMBEDBgAqBuiB
hwMHACoG6IGHBDASAwcBKgbogYcGAwcEKgbogYcAMA0GCSqGSIb3DQEBCwUAA4IB
AQAHxM2f+VhOq509quKEJFNL9gnxZBD/8bpOHZrR8QBGVhP5Fe/bo20rmLfXA16h
HUkAnWnOiYFrONJCho8GcMLZpDoUOM15AXr+rUD8NWqlXWIKJhy2vjuwy7bQJGGC
ezUVJQAtXf3pjT8xaGPtJPDp5gw9qaKWC/MjtdIMhQgfLyiJUM3sDJ6CjKbuYFat
P6LrDptwDEeejVMEQ/kF5pE9UuuxKRc7FNrgznvGXQaCrH9G6oFLrPTpVsk6q03D
VQ8M7CApWBUglbDL1KJIQkCrQDDL8BJd+Qr/CItVNwryMs+vj8cjbkDD8ZDogFOI
8vw3wBJx/8nmBZ+tJXi11SCR
-----END CERTIFICATE-----