Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/yXfMxTvu8cN-5mVp6CTloYRnEm4.roa
File:                     yXfMxTvu8cN-5mVp6CTloYRnEm4.roa (raw, json)
Hash identifier:          7JhMmmtm93DUn3pgbwWYrSCjLtwpF1MqioWSyPMkNwg=
Subject key identifier:   C9:77:CC:C5:3B:EE:F1:C3:7E:E6:65:69:E8:24:E5:A1:84:67:12:6E
Certificate issuer:       /CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
Certificate serial:       01840DC26F05926C6516629B79E5A17C9849
Authority key identifier: 34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/yXfMxTvu8cN-5mVp6CTloYRnEm4.roa
Signing time:             Tue 25 Oct 2022 06:09:16 +0000
ROA not before:           Tue 25 Oct 2022 06:09:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25540
IP address blocks:        185.12.0.0/22 maxlen: 22
                          185.120.176.0/22 maxlen: 22
                          185.9.248.0/22 maxlen: 22
                          130.93.0.0/17 maxlen: 17
                          185.133.128.0/22 maxlen: 22
                          185.137.72.0/22 maxlen: 22
                          130.93.128.0/18 maxlen: 22
                          185.122.160.0/22 maxlen: 22
                          193.84.89.0/24 maxlen: 24
                          45.81.212.0/22 maxlen: 22
                          2a02:ec00::/29 maxlen: 29
                          2a0e:4180::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:0d:c2:6f:05:92:6c:65:16:62:9b:79:e5:a1:7c:98:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
        Validity
            Not Before: Oct 25 06:09:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c977ccc53beef1c37ee66569e824e5a18467126e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:97:24:61:98:43:6e:01:e3:fd:21:02:00:16:
                    7e:46:7e:35:e2:df:b4:e1:9f:e4:a5:98:af:5f:3b:
                    4a:6d:bd:0c:2e:80:e9:27:67:82:0c:58:22:d9:48:
                    88:83:43:b2:e5:22:c1:52:6e:0e:43:59:42:5c:5d:
                    7d:61:ef:97:71:22:12:51:05:b3:b2:84:47:ba:3c:
                    10:b7:41:46:4d:ee:d9:9f:6a:a3:b6:01:21:fc:42:
                    d5:38:bc:22:bb:45:f5:68:54:7c:e7:a5:79:3a:26:
                    a9:02:ce:ef:42:7b:be:b1:94:7e:75:f0:d9:ce:5e:
                    82:e7:22:77:22:17:0f:c3:b0:07:17:3d:5f:52:57:
                    7c:ca:44:73:bc:d8:b6:42:09:8b:8f:17:74:c5:b5:
                    c8:ad:3a:f8:14:10:87:cf:84:98:8b:35:ea:b4:0b:
                    bc:f8:0e:a4:ec:3f:1d:5c:70:52:98:ee:13:78:0e:
                    c2:7f:d6:23:65:81:8f:7a:70:e5:e7:a6:7a:d6:22:
                    dd:11:0b:c3:ab:18:d5:ff:0f:ce:1c:77:fb:c1:f7:
                    42:2c:d6:0f:9c:5c:7b:dc:66:c3:ae:4d:12:f4:71:
                    57:01:6c:02:fa:ca:c9:19:f5:3e:71:e4:6d:21:53:
                    e6:80:ed:ac:e5:56:60:cd:f8:fc:d2:3d:ca:17:4c:
                    6c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:77:CC:C5:3B:EE:F1:C3:7E:E6:65:69:E8:24:E5:A1:84:67:12:6E
            X509v3 Authority Key Identifier:
                keyid:34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/yXfMxTvu8cN-5mVp6CTloYRnEm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.212.0/22
                  130.93.0.0-130.93.191.255
                  185.9.248.0/22
                  185.12.0.0/22
                  185.120.176.0/22
                  185.122.160.0/22
                  185.133.128.0/22
                  185.137.72.0/22
                  193.84.89.0/24
                IPv6:
                  2a02:ec00::/29
                  2a0e:4180::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:e6:8f:36:63:73:62:2b:e3:eb:64:f0:8b:57:26:80:8c:2f:
         0a:54:25:06:03:07:0c:64:c7:44:47:60:75:72:2a:ee:1f:17:
         48:63:9c:76:15:38:4c:90:cb:67:94:65:e3:ad:5d:d7:83:da:
         bd:b1:cd:ca:aa:a5:3e:13:05:41:d5:21:68:98:7e:b8:7b:4d:
         78:e1:74:ca:5e:65:00:b5:f6:10:dc:c2:56:d2:96:74:d3:fe:
         f1:16:43:51:ef:5e:59:e3:34:02:cc:c7:b1:e1:51:75:96:d2:
         6a:e9:76:65:e9:35:03:84:94:a3:7c:3c:aa:68:34:cc:0d:43:
         f9:1b:28:1c:36:aa:4c:60:73:18:58:49:bd:2d:d9:06:23:d0:
         52:e0:36:0e:3c:79:e6:a4:df:43:b1:0d:99:c8:d9:2e:aa:97:
         9b:d6:e1:fa:c7:de:80:af:c9:4f:85:af:98:4a:48:43:bd:0c:
         73:1d:77:3a:aa:c2:00:cd:ff:b5:8d:c5:99:5d:bb:ac:f2:87:
         c3:a4:e6:a8:c0:79:52:0f:4e:d8:61:c0:5d:2d:43:02:8b:f3:
         ce:ee:10:49:13:16:84:0c:bf:93:98:f1:b0:df:b6:13:75:c6:
         93:68:15:80:3a:89:ad:f7:a6:70:30:61:d7:f3:4c:3a:e7:27:
         a1:01:c2:14
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYQNwm8FkmxlFmKbeeWhfJhJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NWZiM2ZlYjE1YzAzYzRkMzRkOWZmNDQ0ZDlhZDdlMzAw
NjcyMDgwHhcNMjIxMDI1MDYwOTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTc3Y2NjNTNiZWVmMWMzN2VlNjY1NjllODI0ZTVhMTg0NjcxMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZckYZhDbgHj/SECABZ+Rn414t+0
4Z/kpZivXztKbb0MLoDpJ2eCDFgi2UiIg0Oy5SLBUm4OQ1lCXF19Ye+XcSISUQWz
soRHujwQt0FGTe7Zn2qjtgEh/ELVOLwiu0X1aFR856V5OiapAs7vQnu+sZR+dfDZ
zl6C5yJ3IhcPw7AHFz1fUld8ykRzvNi2QgmLjxd0xbXIrTr4FBCHz4SYizXqtAu8
+A6k7D8dXHBSmO4TeA7Cf9YjZYGPenDl56Z61iLdEQvDqxjV/w/OHHf7wfdCLNYP
nFx73GbDrk0S9HFXAWwC+srJGfU+ceRtIVPmgO2s5VZgzfj80j3KF0xsbwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFMl3zMU77vHDfuZlaegk5aGEZxJuMB8GA1UdIwQY
MBaAFDRfs/6xXAPE002f9ETZrX4wBnIIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUt
YmM1NGIxMjExYjYwLzEveVhmTXhUdnU4Y04tNW1WcDZDVGxvWVJuRW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUtYmM1NGIxMjExYjYw
LzEvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBDBAIAATA9AwQCLVHUMAsD
AwCCXQMEBoJdgAMEArkJ+AMEArkMAAMEArl4sAMEArl6oAMEArmFgAMEArmJSAME
AMFUWTAUBAIAAjAOAwUDKgLsAAMFAyoOQYAwDQYJKoZIhvcNAQELBQADggEBAFLm
jzZjc2Ir4+tk8ItXJoCMLwpUJQYDBwxkx0RHYHVyKu4fF0hjnHYVOEyQy2eUZeOt
XdeD2r2xzcqqpT4TBUHVIWiYfrh7TXjhdMpeZQC19hDcwlbSlnTT/vEWQ1HvXlnj
NALMx7HhUXWW0mrpdmXpNQOElKN8PKpoNMwNQ/kbKBw2qkxgcxhYSb0t2QYj0FLg
Ng48eeak30OxDZnI2S6ql5vW4frH3oCvyU+Fr5hKSEO9DHMddzqqwgDN/7WNxZld
u6zyh8Ok5qjAeVIPTthhwF0tQwKL887uEEkTFoQMv5OY8bDfthN1xpNoFYA6ia33
pnAwYdfzTDrnJ6EBwhQ=
-----END CERTIFICATE-----