Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/7ea195-2fbe-4806-a82d-16b44c4935ea/1/xnodunw0hSe5LPsVDq7ZCU_VUM8.roa
File:                     xnodunw0hSe5LPsVDq7ZCU_VUM8.roa (raw, json)
Hash identifier:          gjLKQfN3riKM018swPdlA/N2G1Z1QV5bqnR0TM6qwh8=
Subject key identifier:   C6:7A:1D:BA:7C:34:85:27:B9:2C:FB:15:0E:AE:D9:09:4F:D5:50:CF
Certificate issuer:       /CN=2fc438cd8aaeb1ad242ed49b4ff287c9d0f43b0e
Certificate serial:       01830DED3D258A9BED2DBA51E1F6FE87EEF0
Authority key identifier: 2F:C4:38:CD:8A:AE:B1:AD:24:2E:D4:9B:4F:F2:87:C9:D0:F4:3B:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L8Q4zYqusa0kLtSbT_KHydD0Ow4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/7ea195-2fbe-4806-a82d-16b44c4935ea/1/xnodunw0hSe5LPsVDq7ZCU_VUM8.roa
Signing time:             Mon 05 Sep 2022 13:53:14 +0000
ROA not before:           Mon 05 Sep 2022 13:53:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35665
IP address blocks:        213.108.232.0/23 maxlen: 23
                          213.108.238.0/23 maxlen: 23
                          213.108.236.0/23 maxlen: 23
                          213.108.234.0/23 maxlen: 23
                          185.177.224.0/22 maxlen: 22
                          46.18.96.0/24 maxlen: 24
                          46.18.97.0/24 maxlen: 24
                          46.18.98.0/24 maxlen: 24
                          46.18.103.0/24 maxlen: 24
                          46.18.99.0/24 maxlen: 24
                          46.18.100.0/24 maxlen: 24
                          46.18.101.0/24 maxlen: 24
                          46.18.102.0/24 maxlen: 24
                          195.160.188.0/24 maxlen: 24
                          195.160.189.0/24 maxlen: 24
                          2a02:2778::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:0d:ed:3d:25:8a:9b:ed:2d:ba:51:e1:f6:fe:87:ee:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fc438cd8aaeb1ad242ed49b4ff287c9d0f43b0e
        Validity
            Not Before: Sep  5 13:53:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c67a1dba7c348527b92cfb150eaed9094fd550cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a8:1d:10:b2:75:3f:75:29:52:f0:a4:7c:a0:
                    3d:52:0e:a8:73:15:8b:89:0b:1e:4a:b4:08:2b:81:
                    0a:d2:ab:c6:51:f2:2f:35:b4:7e:05:54:6f:e7:2c:
                    64:c1:5e:f2:54:48:f4:fd:76:83:6b:66:dc:0f:96:
                    f0:68:e1:c8:51:2e:46:45:c6:be:d6:94:b3:ac:f4:
                    c2:ac:7e:de:3a:47:7d:04:0c:c1:37:e1:20:d0:2d:
                    cf:9e:f5:0f:c4:a5:74:6c:bf:85:d7:2d:fe:df:21:
                    90:65:fe:9c:f1:99:26:18:91:8c:c7:a3:36:14:1c:
                    7f:c7:d5:59:f6:5e:f6:e3:f9:7f:8e:c1:ed:1f:60:
                    95:e6:45:ab:b2:09:11:58:83:53:8b:bd:ef:78:ba:
                    8b:e3:0b:1c:38:dc:d1:6b:ce:87:41:7a:dd:2b:ab:
                    be:59:69:3a:8b:2e:bf:9f:ee:dd:75:b7:88:c2:bd:
                    7a:40:f1:ab:a8:83:60:98:d0:d2:39:56:c0:93:08:
                    03:c0:57:5b:4d:81:99:67:aa:6b:97:db:04:4c:93:
                    7f:de:e6:de:3b:2c:fd:d1:e6:3f:04:8f:ca:eb:0f:
                    e3:76:05:5a:ee:2c:e6:a7:6f:90:56:dc:29:b3:69:
                    d0:76:49:02:ae:bc:28:4f:04:55:70:39:0c:32:85:
                    0c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:7A:1D:BA:7C:34:85:27:B9:2C:FB:15:0E:AE:D9:09:4F:D5:50:CF
            X509v3 Authority Key Identifier:
                keyid:2F:C4:38:CD:8A:AE:B1:AD:24:2E:D4:9B:4F:F2:87:C9:D0:F4:3B:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L8Q4zYqusa0kLtSbT_KHydD0Ow4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/7ea195-2fbe-4806-a82d-16b44c4935ea/1/xnodunw0hSe5LPsVDq7ZCU_VUM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/7ea195-2fbe-4806-a82d-16b44c4935ea/1/L8Q4zYqusa0kLtSbT_KHydD0Ow4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.96.0/21
                  185.177.224.0/22
                  195.160.188.0/23
                  213.108.232.0/21
                IPv6:
                  2a02:2778::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:50:34:f7:dd:95:f6:7a:09:5b:61:d6:57:3c:50:d1:1d:b6:
         c5:b5:77:5e:95:af:c1:1a:72:88:f5:32:cf:14:85:4e:cb:35:
         a2:09:9a:cc:d9:a5:da:1d:b8:52:77:f6:1d:a2:1a:a7:77:df:
         51:2b:ff:8d:e8:80:ce:06:1e:9d:74:9f:29:fb:60:5a:ca:e2:
         e8:55:05:01:d0:e4:f1:53:ba:5f:29:0d:6e:f1:c5:9f:b3:69:
         34:06:b4:d0:b8:ff:72:ac:79:b4:fb:ea:92:1e:8f:f1:48:fd:
         be:53:a3:ff:1e:5e:2f:51:b4:ca:11:a6:98:91:7f:40:35:b2:
         52:68:2b:51:19:74:de:cf:b8:37:e5:f1:95:92:6a:6d:71:e0:
         60:cb:bc:81:1f:f4:51:6e:ae:dc:23:7d:b9:07:da:67:67:6d:
         f1:cf:61:51:57:12:62:3f:12:64:f1:15:37:be:36:aa:92:ef:
         0c:7c:cf:fc:56:9b:3f:43:d3:34:2e:5c:d4:82:47:01:8d:23:
         78:19:21:67:d5:45:99:84:0d:a2:ba:05:43:22:89:7b:b2:84:
         89:b3:b3:bb:d5:bd:d0:d6:9b:8b:3f:6a:bb:bc:6d:89:5f:e4:
         2d:7b:70:18:f5:a4:43:9f:98:66:c1:52:7c:17:dd:41:ce:79:
         38:51:1f:cb
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYMN7T0lipvtLbpR4fb+h+7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYzQzOGNkOGFhZWIxYWQyNDJlZDQ5YjRmZjI4N2M5ZDBm
NDNiMGUwHhcNMjIwOTA1MTM1MzE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjdhMWRiYTdjMzQ4NTI3YjkyY2ZiMTUwZWFlZDkwOTRmZDU1MGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3agdELJ1P3UpUvCkfKA9Ug6ocxWL
iQseSrQIK4EK0qvGUfIvNbR+BVRv5yxkwV7yVEj0/XaDa2bcD5bwaOHIUS5GRca+
1pSzrPTCrH7eOkd9BAzBN+Eg0C3PnvUPxKV0bL+F1y3+3yGQZf6c8ZkmGJGMx6M2
FBx/x9VZ9l724/l/jsHtH2CV5kWrsgkRWINTi73veLqL4wscONzRa86HQXrdK6u+
WWk6iy6/n+7ddbeIwr16QPGrqINgmNDSOVbAkwgDwFdbTYGZZ6prl9sETJN/3ube
Oyz90eY/BI/K6w/jdgVa7izmp2+QVtwps2nQdkkCrrwoTwRVcDkMMoUMOwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMZ6Hbp8NIUnuSz7FQ6u2QlP1VDPMB8GA1UdIwQY
MBaAFC/EOM2KrrGtJC7Um0/yh8nQ9DsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDhRNHpZcXVzYTBrTHRTYlRfS0h5ZEQwT3c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi83ZWExOTUtMmZiZS00ODA2LWE4MmQt
MTZiNDRjNDkzNWVhLzEveG5vZHVudzBoU2U1TFBzVkRxN1pDVV9WVU04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi83ZWExOTUtMmZiZS00ODA2LWE4MmQtMTZiNDRjNDkzNWVh
LzEvTDhRNHpZcXVzYTBrTHRTYlRfS0h5ZEQwT3c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDLhJgAwQC
ubHgAwQBw6C8AwQD1WzoMA0EAgACMAcDBQAqAid4MA0GCSqGSIb3DQEBCwUAA4IB
AQB9UDT33ZX2eglbYdZXPFDRHbbFtXdela/BGnKI9TLPFIVOyzWiCZrM2aXaHbhS
d/Ydohqnd99RK/+N6IDOBh6ddJ8p+2BayuLoVQUB0OTxU7pfKQ1u8cWfs2k0BrTQ
uP9yrHm0++qSHo/xSP2+U6P/Hl4vUbTKEaaYkX9ANbJSaCtRGXTez7g35fGVkmpt
ceBgy7yBH/RRbq7cI325B9pnZ23xz2FRVxJiPxJk8RU3vjaqku8MfM/8Vps/Q9M0
LlzUgkcBjSN4GSFn1UWZhA2iugVDIol7soSJs7O71b3Q1puLP2q7vG2JX+Qte3AY
9aRDn5hmwVJ8F91Bznk4UR/L
-----END CERTIFICATE-----