Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/r8OfWrKiUTA-1hY2q1tkSYdtmao.roa
File:                     r8OfWrKiUTA-1hY2q1tkSYdtmao.roa (raw, json)
Hash identifier:          1/87GgMvVZkxApkzaP/2f7zl+4PsBFIpXr5k+umQTu8=
Subject key identifier:   AF:C3:9F:5A:B2:A2:51:30:3E:D6:16:36:AB:5B:64:49:87:6D:99:AA
Certificate issuer:       /CN=90f25e6a6893f466d2695e90670c047443643701
Certificate serial:       01853A13589649CDF122CFBEB35499053018
Authority key identifier: 90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/r8OfWrKiUTA-1hY2q1tkSYdtmao.roa
Signing time:             Thu 22 Dec 2022 13:43:44 +0000
ROA not before:           Thu 22 Dec 2022 13:43:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6830
IP address blocks:        78.103.0.0/16 maxlen: 16
                          80.111.128.0/17 maxlen: 17
                          195.34.134.0/23 maxlen: 23
                          92.235.0.0/18 maxlen: 18
                          92.235.0.0/19 maxlen: 19
                          94.171.0.0/16 maxlen: 16
                          92.235.32.0/19 maxlen: 19
                          84.116.0.0/16 maxlen: 16
                          80.111.0.0/17 maxlen: 17
                          213.47.222.0/23 maxlen: 23
                          213.47.220.0/22 maxlen: 22
                          213.47.220.0/23 maxlen: 23
                          80.111.0.0/16 maxlen: 16
                          94.170.0.0/16 maxlen: 16
                          94.170.0.0/15 maxlen: 15
                          195.34.130.0/24 maxlen: 24
                          195.34.132.0/22 maxlen: 22
                          195.34.132.0/23 maxlen: 23
                          62.179.0.0/17 maxlen: 17
                          2001:730::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3a:13:58:96:49:cd:f1:22:cf:be:b3:54:99:05:30:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f25e6a6893f466d2695e90670c047443643701
        Validity
            Not Before: Dec 22 13:43:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=afc39f5ab2a251303ed61636ab5b6449876d99aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:11:75:fa:ec:80:af:27:7d:e6:61:26:08:83:
                    5e:be:52:a9:87:a3:65:6a:40:f9:c1:56:9d:48:a8:
                    0d:06:e7:48:09:5e:ca:fa:a5:34:b3:86:1f:25:12:
                    8f:12:f2:f3:43:d9:41:7a:a9:9b:09:a1:53:bc:af:
                    a4:6b:0a:19:0f:0b:6d:32:1d:dd:b2:87:fa:99:74:
                    1c:31:f4:00:3d:bc:d9:3f:18:f3:81:5e:e8:30:34:
                    d4:50:af:22:a4:03:fa:fc:b0:93:a2:ac:6c:86:ac:
                    e5:cc:68:46:d9:26:21:a2:07:7e:11:4e:c7:57:63:
                    a5:71:8d:d6:6f:47:fe:c7:ea:41:80:c2:ec:bc:c8:
                    3b:1d:3d:61:93:01:6b:d7:b8:98:c4:3a:45:58:af:
                    8d:85:c4:c6:12:1a:27:f5:ea:41:9c:42:a0:03:c8:
                    67:75:3b:bd:1a:0c:a0:05:98:9f:bd:b2:23:1b:0b:
                    65:14:9b:6b:bb:2e:10:e6:40:0e:08:0e:07:e8:67:
                    8e:e6:b9:6a:3c:e5:1d:d9:1a:c5:3c:2a:e0:de:e6:
                    b7:79:8d:85:ba:6a:f9:33:bd:d5:5f:1e:e4:64:b5:
                    b9:11:d8:35:95:92:e0:6d:02:91:9b:ed:73:71:aa:
                    d2:26:dc:4f:5c:a2:4b:f6:0e:22:d2:2d:cd:34:d7:
                    fe:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:C3:9F:5A:B2:A2:51:30:3E:D6:16:36:AB:5B:64:49:87:6D:99:AA
            X509v3 Authority Key Identifier:
                keyid:90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/r8OfWrKiUTA-1hY2q1tkSYdtmao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.179.0.0/17
                  78.103.0.0/16
                  80.111.0.0/16
                  84.116.0.0/16
                  92.235.0.0/18
                  94.170.0.0/15
                  195.34.130.0/24
                  195.34.132.0/22
                  213.47.220.0/22
                IPv6:
                  2001:730::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:d0:9e:a8:b7:22:42:61:35:56:f5:fe:e4:d6:1a:64:5b:56:
         20:44:22:7b:2a:0c:a3:1e:54:0d:df:6e:4e:20:76:62:7c:83:
         25:24:8f:d5:03:f1:5c:af:fc:5b:99:b3:0b:63:16:30:3a:c5:
         31:2d:e6:7f:47:f0:c9:46:c2:e5:70:19:a9:43:25:25:b1:5f:
         9b:ba:4c:7c:7d:c8:94:2e:6b:9b:12:4f:44:56:7a:6c:df:28:
         7a:58:77:88:07:aa:12:7f:92:cf:1b:c7:4d:10:39:12:b2:86:
         8a:3c:e5:cf:d1:8b:7a:66:da:01:6e:b9:01:5a:28:eb:3f:84:
         e0:2c:c1:f3:5a:e6:36:b8:68:20:69:35:89:92:8e:5d:a1:9b:
         7e:3f:bf:f1:8c:11:15:7a:11:d9:85:24:76:c6:87:8a:44:8f:
         11:2c:12:fa:88:5e:18:ef:79:c2:d6:46:81:2b:02:67:90:df:
         c0:11:19:e1:c5:e3:21:b1:5d:c9:db:0c:81:a1:b6:ff:55:2f:
         4d:60:82:5c:81:08:3d:46:6e:95:1d:0b:b7:94:b7:f4:1a:18:
         5c:ff:c6:1e:06:00:fc:7f:89:31:7c:7b:0f:79:6d:88:b4:ef:
         31:e9:4d:59:af:2a:6f:48:05:83:aa:f0:ef:81:e3:14:47:15:
         ee:de:64:bb
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYU6E1iWSc3xIs++s1SZBTAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjI1ZTZhNjg5M2Y0NjZkMjY5NWU5MDY3MGMwNDc0NDM2
NDM3MDEwHhcNMjIxMjIyMTM0MzQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmMzOWY1YWIyYTI1MTMwM2VkNjE2MzZhYjViNjQ0OTg3NmQ5OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhF1+uyAryd95mEmCINevlKph6Nl
akD5wVadSKgNBudICV7K+qU0s4YfJRKPEvLzQ9lBeqmbCaFTvK+kawoZDwttMh3d
sof6mXQcMfQAPbzZPxjzgV7oMDTUUK8ipAP6/LCToqxshqzlzGhG2SYhogd+EU7H
V2OlcY3Wb0f+x+pBgMLsvMg7HT1hkwFr17iYxDpFWK+NhcTGEhon9epBnEKgA8hn
dTu9GgygBZifvbIjGwtlFJtruy4Q5kAOCA4H6GeO5rlqPOUd2RrFPCrg3ua3eY2F
umr5M73VXx7kZLW5Edg1lZLgbQKRm+1zcarSJtxPXKJL9g4i0i3NNNf+bwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFK/Dn1qyolEwPtYWNqtbZEmHbZmqMB8GA1UdIwQY
MBaAFJDyXmpok/Rm0mlekGcMBHRDZDcBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEt
M2IwYjRiOGEyOTgzLzEvcjhPZldyS2lVVEEtMWhZMnExdGtTWWR0bWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEtM2IwYjRiOGEyOTgz
LzEva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQHPrMAAwMA
TmcDAwBQbwMDAFR0AwQGXOsAAwMBXqoDBADDIoIDBALDIoQDBALVL9wwDQQCAAIw
BwMFAyABBzAwDQYJKoZIhvcNAQELBQADggEBAEPQnqi3IkJhNVb1/uTWGmRbViBE
InsqDKMeVA3fbk4gdmJ8gyUkj9UD8Vyv/FuZswtjFjA6xTEt5n9H8MlGwuVwGalD
JSWxX5u6THx9yJQua5sST0RWemzfKHpYd4gHqhJ/ks8bx00QORKyhoo85c/Ri3pm
2gFuuQFaKOs/hOAswfNa5ja4aCBpNYmSjl2hm34/v/GMERV6EdmFJHbGh4pEjxEs
EvqIXhjvecLWRoErAmeQ38ARGeHF4yGxXcnbDIGhtv9VL01gglyBCD1GbpUdC7eU
t/QaGFz/xh4GAPx/iTF8ew95bYi07zHpTVmvKm9IBYOq8O+B4xRHFe7eZLs=
-----END CERTIFICATE-----