Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/lidoz8de2yZhCemvW7exLnOIEZU.roa
File:                     lidoz8de2yZhCemvW7exLnOIEZU.roa (raw, json)
Hash identifier:          ggwbCqbbcAOUJTmVdK2bpuMluCKk6Jh1/IY6bkhVQ0Y=
Subject key identifier:   96:27:68:CF:C7:5E:DB:26:61:09:E9:AF:5B:B7:B1:2E:73:88:11:95
Certificate issuer:       /CN=547841eeff20c78b33d411dae51a692adb892e31
Certificate serial:       0183B1DE9363AD9EA1E96F8B124DF63B31DE
Authority key identifier: 54:78:41:EE:FF:20:C7:8B:33:D4:11:DA:E5:1A:69:2A:DB:89:2E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VHhB7v8gx4sz1BHa5RppKtuJLjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/lidoz8de2yZhCemvW7exLnOIEZU.roa
Signing time:             Fri 07 Oct 2022 09:54:57 +0000
ROA not before:           Fri 07 Oct 2022 09:54:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202491
IP address blocks:        212.225.228.0/23 maxlen: 23
                          212.225.232.0/24 maxlen: 24
                          171.33.238.0/24 maxlen: 24
                          89.37.75.0/24 maxlen: 24
                          46.37.87.0/24 maxlen: 24
                          46.37.95.0/24 maxlen: 24
                          89.39.18.0/23 maxlen: 23
                          89.39.20.0/23 maxlen: 23
                          89.39.152.0/23 maxlen: 23
                          89.39.157.0/24 maxlen: 24
                          37.61.148.0/22 maxlen: 22
                          37.61.154.0/24 maxlen: 24
                          89.32.114.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b1:de:93:63:ad:9e:a1:e9:6f:8b:12:4d:f6:3b:31:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=547841eeff20c78b33d411dae51a692adb892e31
        Validity
            Not Before: Oct  7 09:54:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=962768cfc75edb266109e9af5bb7b12e73881195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:da:5d:09:60:92:04:98:7a:80:41:d2:d0:e9:
                    f3:94:18:f6:c8:46:e2:c2:7e:a6:24:d8:0d:43:0c:
                    dd:d8:7b:9e:18:56:42:3e:b8:45:dc:34:56:dc:c2:
                    9c:e0:17:1b:00:2d:e6:d5:20:dc:07:30:cd:cf:50:
                    a3:77:c8:d5:ac:32:14:5b:a3:7b:bf:aa:88:a5:96:
                    7f:f3:14:8e:84:fc:0d:cc:fc:f8:94:1f:10:eb:bf:
                    d2:d9:8e:58:24:91:68:fc:fb:42:73:33:b6:6c:dd:
                    ef:69:39:e7:be:8c:3c:df:31:d0:49:d2:d4:8e:ae:
                    49:6d:82:22:05:ad:06:cd:fb:ba:cd:e0:42:0a:5b:
                    1a:d2:75:52:2f:81:60:15:e8:3a:3f:91:b7:06:65:
                    01:2a:7b:91:af:c3:4c:61:d5:ee:34:a8:e0:99:e3:
                    31:75:d3:69:f4:fa:84:6e:11:b5:52:52:98:9d:25:
                    25:7b:3a:a5:90:56:4d:34:8b:f0:ef:e0:0d:13:3c:
                    24:f6:0a:7a:49:7b:64:a9:bb:df:24:d5:8d:a1:16:
                    d1:0a:ee:b6:f6:07:6c:b9:71:b3:20:30:08:00:5a:
                    b2:98:5d:f2:d8:a0:e7:b9:d3:37:24:02:b5:f7:b4:
                    0d:71:ce:c3:88:27:a3:6d:c6:80:9c:a8:3e:49:9d:
                    59:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:27:68:CF:C7:5E:DB:26:61:09:E9:AF:5B:B7:B1:2E:73:88:11:95
            X509v3 Authority Key Identifier:
                keyid:54:78:41:EE:FF:20:C7:8B:33:D4:11:DA:E5:1A:69:2A:DB:89:2E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VHhB7v8gx4sz1BHa5RppKtuJLjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/lidoz8de2yZhCemvW7exLnOIEZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/c8d393-3e28-4f07-996b-366ba1700fe0/1/VHhB7v8gx4sz1BHa5RppKtuJLjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.148.0/22
                  37.61.154.0/24
                  46.37.87.0/24
                  46.37.95.0/24
                  89.32.114.0/23
                  89.37.75.0/24
                  89.39.18.0-89.39.21.255
                  89.39.152.0/23
                  89.39.157.0/24
                  171.33.238.0/24
                  212.225.228.0/23
                  212.225.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:ec:47:07:0d:bd:2f:45:4e:fd:87:3d:f5:dd:8d:9c:93:ce:
         0c:d1:8e:b7:10:5f:2e:0b:a1:68:e6:a4:10:67:0b:fb:03:c4:
         b2:f7:ac:b0:7e:3e:42:c4:0a:44:d0:ea:c3:f8:b8:62:2e:1e:
         34:08:ad:10:42:11:b3:8b:0a:cd:ef:d5:21:e3:9b:ee:bc:9a:
         fd:f8:07:79:c4:bc:20:11:ea:7e:b9:8d:c6:9a:d0:e1:90:dc:
         fa:e5:37:39:6d:b8:ad:f2:c7:2f:e8:c4:1a:3b:6c:e9:11:17:
         21:6e:71:66:a9:50:d7:5a:63:a2:a9:9b:90:6a:09:27:ce:6f:
         dd:7f:85:3b:47:0e:eb:b4:fb:5c:24:84:9d:16:07:66:d0:d0:
         1e:cd:53:f1:f9:7e:e9:52:b6:d5:fa:77:e1:a0:0e:52:e3:4b:
         c1:81:76:2e:17:51:0b:17:90:9c:ed:f0:aa:66:9e:e4:04:f0:
         9a:1f:f4:ac:3a:59:e4:cc:fe:e5:8d:ea:9d:23:90:63:0e:2d:
         2b:d6:5b:f1:79:15:d0:a7:24:24:d7:f7:88:1a:46:29:d3:86:
         14:81:48:58:3d:dc:69:d9:50:3e:af:2e:59:a4:88:5b:a8:b9:
         7d:3e:a3:8f:c6:38:2e:10:5e:87:17:0c:6f:71:c4:3a:ba:51:
         cd:87:d3:a7
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYOx3pNjrZ6h6W+LEk32OzHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Nzg0MWVlZmYyMGM3OGIzM2Q0MTFkYWU1MWE2OTJhZGI4
OTJlMzEwHhcNMjIxMDA3MDk1NDU3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjI3NjhjZmM3NWVkYjI2NjEwOWU5YWY1YmI3YjEyZTczODgxMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNpdCWCSBJh6gEHS0OnzlBj2yEbi
wn6mJNgNQwzd2HueGFZCPrhF3DRW3MKc4BcbAC3m1SDcBzDNz1Cjd8jVrDIUW6N7
v6qIpZZ/8xSOhPwNzPz4lB8Q67/S2Y5YJJFo/PtCczO2bN3vaTnnvow83zHQSdLU
jq5JbYIiBa0Gzfu6zeBCClsa0nVSL4FgFeg6P5G3BmUBKnuRr8NMYdXuNKjgmeMx
ddNp9PqEbhG1UlKYnSUlezqlkFZNNIvw7+ANEzwk9gp6SXtkqbvfJNWNoRbRCu62
9gdsuXGzIDAIAFqymF3y2KDnudM3JAK197QNcc7DiCejbcaAnKg+SZ1Z8QIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFJYnaM/HXtsmYQnpr1u3sS5ziBGVMB8GA1UdIwQY
MBaAFFR4Qe7/IMeLM9QR2uUaaSrbiS4xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkhoQjd2OGd4NHN6MUJIYTVScHBLdHVKTGpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9jOGQzOTMtM2UyOC00ZjA3LTk5NmIt
MzY2YmExNzAwZmUwLzEvbGlkb3o4ZGUyeVpoQ2Vtdlc3ZXhMbk9JRVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9jOGQzOTMtM2UyOC00ZjA3LTk5NmItMzY2YmExNzAwZmUw
LzEvVkhoQjd2OGd4NHN6MUJIYTVScHBLdHVKTGpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQCJT2UAwQA
JT2aAwQALiVXAwQALiVfAwQBWSByAwQAWSVLMAwDBAFZJxIDBAFZJxQDBAFZJ5gD
BABZJ50DBACrIe4DBAHU4eQDBADU4egwDQYJKoZIhvcNAQELBQADggEBAGnsRwcN
vS9FTv2HPfXdjZyTzgzRjrcQXy4LoWjmpBBnC/sDxLL3rLB+PkLECkTQ6sP4uGIu
HjQIrRBCEbOLCs3v1SHjm+68mv34B3nEvCAR6n65jcaa0OGQ3PrlNzltuK3yxy/o
xBo7bOkRFyFucWapUNdaY6Kpm5BqCSfOb91/hTtHDuu0+1wkhJ0WB2bQ0B7NU/H5
fulSttX6d+GgDlLjS8GBdi4XUQsXkJzt8KpmnuQE8Jof9Kw6WeTM/uWN6p0jkGMO
LSvWW/F5FdCnJCTX94gaRinThhSBSFg93GnZUD6vLlmkiFuouX0+o4/GOC4QXocX
DG9xxDq6Uc2H06c=
-----END CERTIFICATE-----