Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/yWGmGc6PHA8Hxe2rtDZ4Vl-eJUk.roa
File:                     yWGmGc6PHA8Hxe2rtDZ4Vl-eJUk.roa (raw, json)
Hash identifier:          7Mx5yoTHtw4gR3d5rK07Fv5ln2r8DaPZqHYUvNl3l4M=
Subject key identifier:   C9:61:A6:19:CE:8F:1C:0F:07:C5:ED:AB:B4:36:78:56:5F:9E:25:49
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       0184664007399082D967C9476F81D26EF547
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/yWGmGc6PHA8Hxe2rtDZ4Vl-eJUk.roa
Signing time:             Fri 11 Nov 2022 10:33:02 +0000
ROA not before:           Fri 11 Nov 2022 10:33:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12679
IP address blocks:        45.134.13.0/24 maxlen: 24
                          45.134.12.0/24 maxlen: 24
                          45.134.15.0/24 maxlen: 24
                          45.134.14.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.229.0/24 maxlen: 24
                          212.8.228.0/24 maxlen: 24
                          2a07:505::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a07:500::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:66:40:07:39:90:82:d9:67:c9:47:6f:81:d2:6e:f5:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Nov 11 10:33:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c961a619ce8f1c0f07c5edabb43678565f9e2549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5f:dc:2c:04:ed:1a:2d:01:c6:7f:85:f1:d8:
                    36:b7:1c:0c:f0:32:4f:a4:eb:59:cb:18:45:7a:db:
                    43:9a:0d:09:41:6c:06:1c:85:d4:f0:73:7a:98:0c:
                    b2:2c:de:cb:db:48:e2:0b:27:f9:f8:24:42:bb:e9:
                    bf:17:9f:db:87:81:e6:6f:d6:13:55:e7:07:fb:c8:
                    e6:a0:37:97:64:ec:0e:ba:8b:d3:52:3c:9e:14:e1:
                    d6:2f:e7:2b:81:0d:6a:9b:3b:b9:52:1f:87:86:82:
                    01:10:b9:79:ea:d1:d1:72:6b:38:70:ed:83:ad:96:
                    30:dd:f9:60:0a:ee:31:57:ff:f5:a3:1c:32:40:4d:
                    a8:e5:f3:30:f5:51:f8:04:8b:2b:8d:9e:db:db:d0:
                    e3:d9:c9:dd:c6:39:8e:50:12:9f:5d:5d:3b:5a:39:
                    09:3b:a4:4e:b4:48:c4:61:66:e2:64:89:63:f4:ea:
                    1e:e7:da:5a:94:a5:12:75:25:a7:ef:f1:8f:59:fb:
                    0a:93:64:db:b8:12:61:63:36:06:ca:6e:15:12:aa:
                    03:25:fd:44:d0:3d:3f:c6:20:d3:9f:4e:05:27:19:
                    f2:5a:05:5b:cf:9b:bd:a4:3e:b3:52:b5:05:04:bf:
                    2e:94:08:7f:d8:c9:67:21:a1:af:42:92:c8:27:8f:
                    7b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:61:A6:19:CE:8F:1C:0F:07:C5:ED:AB:B4:36:78:56:5F:9E:25:49
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/yWGmGc6PHA8Hxe2rtDZ4Vl-eJUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.12.0/22
                  212.8.224.0-212.8.229.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:ae:eb:1d:a8:70:a6:01:17:af:2e:48:0a:f4:d5:a9:49:15:
         86:0b:61:67:05:0c:6f:9a:b5:1d:a6:2b:32:98:2d:eb:18:78:
         18:bd:1c:7a:aa:b0:7b:bf:a1:8c:63:5a:76:54:85:bd:c7:ac:
         b8:dd:85:fb:81:1d:29:8d:8a:11:53:22:74:73:55:04:00:33:
         46:a0:d3:15:cb:1e:f5:f2:c6:cf:5e:bd:ba:2f:bf:31:ee:53:
         13:de:d6:b6:bd:62:27:3c:de:3b:eb:57:c6:5c:8b:a6:29:87:
         a7:3e:e2:bb:b2:d8:75:eb:5e:89:ae:eb:cd:f6:7a:80:6b:6c:
         76:69:16:49:b2:6c:87:d1:80:9d:56:ed:cc:ef:04:ab:ff:86:
         7e:2e:04:85:64:18:cf:bf:08:96:48:ce:97:0e:16:71:f7:4b:
         2e:b4:d7:76:a4:0e:ff:e2:14:98:b2:50:b3:b0:32:ed:b3:1c:
         bf:5f:50:24:21:8b:78:66:a6:a7:d4:79:ea:0e:23:b3:77:2e:
         ae:83:f0:f0:57:94:49:7b:a6:68:18:c4:11:79:13:88:4e:b3:
         f8:d0:79:6a:f4:0c:67:cc:e9:ad:26:5e:44:2e:49:5e:c8:23:
         02:b6:31:7a:1f:4e:d4:c4:a1:32:7a:f7:c7:ac:bd:bf:41:a0:
         08:47:4b:ba
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYRmQAc5kILZZ8lHb4HSbvVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjIxMTExMTAzMzAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTYxYTYxOWNlOGYxYzBmMDdjNWVkYWJiNDM2Nzg1NjVmOWUyNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1/cLATtGi0Bxn+F8dg2txwM8DJP
pOtZyxhFettDmg0JQWwGHIXU8HN6mAyyLN7L20jiCyf5+CRCu+m/F5/bh4Hmb9YT
VecH+8jmoDeXZOwOuovTUjyeFOHWL+crgQ1qmzu5Uh+HhoIBELl56tHRcms4cO2D
rZYw3flgCu4xV//1oxwyQE2o5fMw9VH4BIsrjZ7b29Dj2cndxjmOUBKfXV07WjkJ
O6ROtEjEYWbiZIlj9Ooe59palKUSdSWn7/GPWfsKk2TbuBJhYzYGym4VEqoDJf1E
0D0/xiDTn04FJxnyWgVbz5u9pD6zUrUFBL8ulAh/2MlnIaGvQpLIJ497KwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMlhphnOjxwPB8Xtq7Q2eFZfniVJMB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEveVdHbUdjNlBIQThIeGUycnREWjRWbC1lSlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAaBAIAATAUAwQCLYYMMAwD
BAXUCOADBAHUCOQwFAQCAAIwDgMFAyoHBQADBQMqDnxAMA0GCSqGSIb3DQEBCwUA
A4IBAQAmrusdqHCmARevLkgK9NWpSRWGC2FnBQxvmrUdpisymC3rGHgYvRx6qrB7
v6GMY1p2VIW9x6y43YX7gR0pjYoRUyJ0c1UEADNGoNMVyx718sbPXr26L78x7lMT
3ta2vWInPN4761fGXIumKYenPuK7sth1616JruvN9nqAa2x2aRZJsmyH0YCdVu3M
7wSr/4Z+LgSFZBjPvwiWSM6XDhZx90sutNd2pA7/4hSYslCzsDLtsxy/X1AkIYt4
Zqan1HnqDiOzdy6ug/DwV5RJe6ZoGMQReROITrP40Hlq9AxnzOmtJl5ELkleyCMC
tjF6H07UxKEyevfHrL2/QaAIR0u6
-----END CERTIFICATE-----