Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/To98Zajsj0_DMcfBNnxgXS1bujU.roa
File:                     To98Zajsj0_DMcfBNnxgXS1bujU.roa (raw, json)
Hash identifier:          QjgW2nsf/hY+V6TFHeAkSTn2OWdNC/XJUQnn9ZF3P3k=
Subject key identifier:   4E:8F:7C:65:A8:EC:8F:4F:C3:31:C7:C1:36:7C:60:5D:2D:5B:BA:35
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       095AAEFE
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/To98Zajsj0_DMcfBNnxgXS1bujU.roa
Signing time:             Sat 14 May 2022 19:35:41 +0000
ROA not before:           Sat 14 May 2022 19:35:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        94.241.176.0/21 maxlen: 24
                          91.186.196.0/22 maxlen: 24
                          91.186.194.0/23 maxlen: 24
                          94.241.136.0/21 maxlen: 24
                          91.186.200.0/22 maxlen: 24
                          91.186.212.0/22 maxlen: 24
                          91.186.216.0/22 maxlen: 24
                          91.186.220.0/22 maxlen: 24
                          94.241.160.0/21 maxlen: 24
                          94.241.168.0/21 maxlen: 24
                          178.253.12.0/23 maxlen: 24
                          83.147.216.0/23 maxlen: 24
                          83.147.222.0/23 maxlen: 24
                          178.253.32.0/23 maxlen: 24
                          178.253.44.0/23 maxlen: 24
                          178.253.38.0/23 maxlen: 24
                          83.147.232.0/22 maxlen: 24
                          178.253.52.0/23 maxlen: 24
                          83.147.248.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 156937982 (0x95aaefe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: May 14 19:35:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4e8f7c65a8ec8f4fc331c7c1367c605d2d5bba35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e5:08:26:14:13:10:29:51:e2:21:be:9a:fb:
                    6e:f7:27:c7:c6:ea:a5:e4:39:df:10:45:c6:3a:dc:
                    f8:cc:e2:93:97:54:62:d2:b8:da:db:fa:3b:06:d2:
                    12:54:ff:bc:97:ed:f4:4b:f7:9d:3e:1b:6e:c9:cc:
                    fc:03:b8:b9:68:bf:d5:94:48:90:8f:61:8a:82:94:
                    f3:10:17:d2:2f:26:7a:31:4d:b6:76:94:e0:0d:c7:
                    a8:7d:b4:51:93:65:88:8d:c1:61:0e:ab:00:74:de:
                    35:a9:d2:15:a8:78:5c:ff:cd:fb:b9:e7:64:3c:58:
                    97:f1:4f:10:9d:d4:fb:ed:67:05:af:ad:56:2d:fc:
                    4f:af:bb:45:15:bc:cf:88:df:58:79:d7:13:ef:64:
                    54:39:5a:8b:91:57:f7:6b:5a:ad:f3:ae:f2:e6:93:
                    d2:e8:85:f8:8b:62:c2:97:ee:6e:1c:14:53:a1:f4:
                    e9:60:5b:f9:97:99:20:a8:1c:28:75:bd:b0:ae:d7:
                    eb:b8:5d:74:6f:59:cd:72:f8:ad:60:d6:66:fd:af:
                    14:7b:3f:96:5a:bb:e9:86:b4:c1:29:5e:4a:f8:ac:
                    90:21:3b:9c:cf:ba:7f:f9:2e:2c:8c:3c:51:54:15:
                    58:23:fe:a6:be:cc:ce:da:16:02:17:d4:1b:f1:8e:
                    f0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8F:7C:65:A8:EC:8F:4F:C3:31:C7:C1:36:7C:60:5D:2D:5B:BA:35
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/To98Zajsj0_DMcfBNnxgXS1bujU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.216.0/23
                  83.147.222.0/23
                  83.147.232.0/22
                  83.147.248.0/22
                  91.186.194.0-91.186.203.255
                  91.186.212.0-91.186.223.255
                  94.241.136.0/21
                  94.241.160.0-94.241.183.255
                  178.253.12.0/23
                  178.253.32.0/23
                  178.253.38.0/23
                  178.253.44.0/23
                  178.253.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:34:3a:1c:ab:5f:91:fa:f4:30:42:8b:62:b3:b2:c7:c5:bc:
         ee:80:28:43:21:1d:fa:c2:c4:11:a1:82:bb:7f:ff:66:e6:aa:
         87:b0:c4:8a:01:2d:a5:a5:21:d2:27:cb:21:02:5d:27:4e:97:
         b3:17:ce:14:aa:a6:15:04:5d:71:55:7a:03:cd:07:93:d6:ae:
         d6:3e:3b:75:64:05:db:bf:a6:1f:38:d9:07:e4:68:40:65:ec:
         db:56:6b:1a:96:b2:3b:62:ea:b9:f4:a1:f0:65:4f:97:41:ee:
         0b:a5:a0:f9:56:48:e7:21:38:51:96:17:35:fe:34:78:65:04:
         31:11:f9:75:ea:2f:25:6e:ba:4f:f8:44:ae:7d:39:0f:bc:ae:
         30:ce:bd:ef:1c:1d:da:15:0d:e6:ac:5d:bc:f1:e2:79:3a:74:
         b8:8a:4d:dd:a6:49:2b:b4:08:c1:61:9f:fa:c9:06:0d:1a:50:
         87:eb:70:d9:dc:68:56:f0:bc:62:91:b0:0c:11:22:5f:9f:18:
         0f:a8:38:b0:b0:97:36:a1:61:4e:f5:aa:07:32:fb:9f:18:9a:
         12:a7:dc:74:9f:e1:d1:5b:9a:46:63:62:ff:7d:fd:4c:2e:4f:
         19:d6:c7:64:c2:12:41:b1:7a:53:08:05:b6:dd:8b:7a:c3:70:
         96:55:f5:7d
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIECVqu/jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Mjc3OGRlMmE5YmU5ODAyMTIwMzgyZTc1MGQxNTllOTU4NzJjMmFlMB4XDTIyMDUx
NDE5MzU0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGU4ZjdjNjVhOGVj
OGY0ZmMzMzFjN2MxMzY3YzYwNWQyZDViYmEzNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMvlCCYUExApUeIhvpr7bvcnx8bqpeQ53xBFxjrc+Mzik5dU
YtK42tv6OwbSElT/vJft9Ev3nT4bbsnM/AO4uWi/1ZRIkI9hioKU8xAX0i8mejFN
tnaU4A3HqH20UZNliI3BYQ6rAHTeNanSFah4XP/N+7nnZDxYl/FPEJ3U++1nBa+t
Vi38T6+7RRW8z4jfWHnXE+9kVDlai5FX92tarfOu8uaT0uiF+ItiwpfubhwUU6H0
6WBb+ZeZIKgcKHW9sK7X67hddG9ZzXL4rWDWZv2vFHs/llq76Ya0wSleSviskCE7
nM+6f/kuLIw8UVQVWCP+pr7MztoWAhfUG/GO8FECAwEAAaOCAmkwggJlMB0GA1Ud
DgQWBBROj3xlqOyPT8Mxx8E2fGBdLVu6NTAfBgNVHSMEGDAWgBTCd43iqb6YAhID
gudQ0VnpWHLCrjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3duZU40cW0tbUFJU0E0TG5VTkZaNlZoeXdxNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjgvNDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQzNC8x
L1RvOThaYWpzajBfRE1jZkJObnhnWFMxYnVqVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgv
NDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQzNC8xL3duZU40cW0tbUFJ
U0E0TG5VTkZaNlZoeXdxNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB/
BggrBgEFBQcBBwEB/wRwMG4wbAQCAAEwZgMEAVOT2AMEAVOT3gMEAlOT6AMEAlOT
+DAMAwQBW7rCAwQCW7rIMAwDBAJbutQDBAVbusADBANe8YgwDAMEBV7xoAMEA17x
sAMEAbL9DAMEAbL9IAMEAbL9JgMEAbL9LAMEAbL9NDANBgkqhkiG9w0BAQsFAAOC
AQEAFDQ6HKtfkfr0MEKLYrOyx8W87oAoQyEd+sLEEaGCu3//Zuaqh7DEigEtpaUh
0ifLIQJdJ06XsxfOFKqmFQRdcVV6A80Hk9au1j47dWQF27+mHzjZB+RoQGXs21Zr
GpayO2LqufSh8GVPl0HuC6Wg+VZI5yE4UZYXNf40eGUEMRH5deovJW66T/hErn05
D7yuMM697xwd2hUN5qxdvPHieTp0uIpN3aZJK7QIwWGf+skGDRpQh+tw2dxoVvC8
YpGwDBEiX58YD6g4sLCXNqFhTvWqBzL7nxiaEqfcdJ/h0VuaRmNi/339TC5PGdbH
ZMISQbF6UwgFtt2LesNwllX1fQ==
-----END CERTIFICATE-----