Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d900b3-5462-4eb4-9c90-0e0377d4e6d6/1/ybIPcgSsg-BaFp-oRC6G8qjp--o.roa
File:                     ybIPcgSsg-BaFp-oRC6G8qjp--o.roa (raw, json)
Hash identifier:          A8pk0R0pXeS8+36TWTr0Nit1BfEtWV5cVXEKIecQ9c8=
Subject key identifier:   C9:B2:0F:72:04:AC:83:E0:5A:16:9F:A8:44:2E:86:F2:A8:E9:FB:EA
Certificate issuer:       /CN=9110100f3cc787d6315303cb7fc88d9e25e56ea8
Certificate serial:       018558E728369F83CEBAC347B43D71291B9F
Authority key identifier: 91:10:10:0F:3C:C7:87:D6:31:53:03:CB:7F:C8:8D:9E:25:E5:6E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kRAQDzzHh9YxUwPLf8iNniXlbqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d900b3-5462-4eb4-9c90-0e0377d4e6d6/1/ybIPcgSsg-BaFp-oRC6G8qjp--o.roa
Signing time:             Wed 28 Dec 2022 13:23:41 +0000
ROA not before:           Wed 28 Dec 2022 13:23:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56823
IP address blocks:        176.109.175.0/24 maxlen: 24
                          176.109.174.0/24 maxlen: 24
                          176.109.173.0/24 maxlen: 24
                          31.134.208.0/21 maxlen: 21
                          31.134.210.0/24 maxlen: 24
                          31.134.209.0/24 maxlen: 24
                          31.134.211.0/24 maxlen: 24
                          31.134.212.0/24 maxlen: 24
                          31.134.214.0/24 maxlen: 24
                          176.109.168.0/21 maxlen: 21
                          176.109.170.0/24 maxlen: 24
                          176.109.169.0/24 maxlen: 24
                          176.109.172.0/24 maxlen: 24
                          176.109.171.0/24 maxlen: 24
                          2001:67c:1378::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:58:e7:28:36:9f:83:ce:ba:c3:47:b4:3d:71:29:1b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9110100f3cc787d6315303cb7fc88d9e25e56ea8
        Validity
            Not Before: Dec 28 13:23:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c9b20f7204ac83e05a169fa8442e86f2a8e9fbea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7e:ae:73:e9:2c:b5:85:cb:ff:cd:19:f9:12:
                    6a:01:64:83:9a:20:58:99:61:27:f0:ca:74:99:21:
                    40:dd:58:85:1e:c3:54:6e:53:41:3d:02:3e:d8:6b:
                    c7:2b:39:d0:58:83:d9:f8:91:0c:59:e3:e9:28:3f:
                    fd:a5:5d:1c:88:39:c1:71:59:6a:a2:7b:c1:d3:8a:
                    6a:59:3b:da:4e:37:e8:d4:af:1b:00:3e:3d:07:41:
                    b6:f6:ce:b1:ab:bf:f2:4e:26:e2:9f:16:51:1c:b4:
                    d5:58:13:0d:2c:d0:67:bb:8b:83:31:03:f8:2e:dc:
                    f1:c3:d4:d1:0d:0c:ca:b4:60:5c:ea:66:09:5d:84:
                    da:4d:60:7c:f2:b1:04:fb:4f:da:e0:bc:0b:8e:e8:
                    3a:bf:ff:a2:14:35:75:78:42:33:93:33:f2:ec:73:
                    00:9e:f6:e7:8e:80:cb:97:bc:91:a5:d6:73:d3:92:
                    b1:27:ed:e6:19:15:34:d1:bb:93:c4:78:45:8d:fd:
                    31:22:8d:9a:bc:46:fc:05:b6:63:12:46:12:fe:0c:
                    de:ff:95:a0:53:71:c7:4c:3b:1b:42:d2:51:f1:0a:
                    78:20:10:71:16:be:fd:9d:9f:51:57:f6:2a:3e:21:
                    b9:4d:cc:f6:c2:73:2d:c9:b7:ec:9c:20:91:16:a5:
                    cb:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:B2:0F:72:04:AC:83:E0:5A:16:9F:A8:44:2E:86:F2:A8:E9:FB:EA
            X509v3 Authority Key Identifier:
                keyid:91:10:10:0F:3C:C7:87:D6:31:53:03:CB:7F:C8:8D:9E:25:E5:6E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kRAQDzzHh9YxUwPLf8iNniXlbqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d900b3-5462-4eb4-9c90-0e0377d4e6d6/1/ybIPcgSsg-BaFp-oRC6G8qjp--o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d900b3-5462-4eb4-9c90-0e0377d4e6d6/1/kRAQDzzHh9YxUwPLf8iNniXlbqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.134.208.0/21
                  176.109.168.0/21
                IPv6:
                  2001:67c:1378::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:ec:38:30:7b:6c:bd:4c:92:0a:58:2f:ad:fd:1e:31:28:9b:
         52:fd:a9:26:86:46:26:95:e0:1c:40:45:83:2b:bc:3e:d2:0f:
         de:73:09:27:9b:21:09:1e:ea:35:a8:6e:69:72:4c:7d:7f:1e:
         82:c7:db:0b:a6:b4:14:02:af:77:82:0b:de:b5:f5:f9:ca:8b:
         31:e1:ea:68:54:db:e4:ef:50:74:f7:5e:aa:dd:77:97:87:39:
         47:5f:a2:9e:e8:04:af:63:8a:df:58:41:69:94:ed:f7:c0:d4:
         d9:5e:a0:19:01:ee:4b:09:36:0b:bf:04:2f:11:e4:79:c3:61:
         22:c8:be:61:1e:dd:39:84:f5:6f:51:03:a1:a7:19:fd:9f:97:
         96:a7:c3:60:c1:a2:63:29:80:63:f5:fd:5a:f0:5a:87:df:29:
         ac:4b:fa:3e:e1:eb:7e:10:c6:f1:c7:b4:3a:7a:2d:7e:9f:ed:
         8e:c6:7b:8c:27:63:f7:7d:35:1e:f6:ea:43:90:24:d3:ec:4c:
         9d:1b:1a:dd:e5:7c:46:1c:50:db:0c:d1:0c:33:55:96:52:f9:
         ff:17:e8:d3:e4:b7:3f:60:f6:79:2d:88:c3:99:1f:ea:81:a3:
         8d:37:62:30:39:df:82:b9:9e:f1:3d:fd:66:e9:ff:cc:50:81:
         fe:f5:3c:34
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVY5yg2n4POusNHtD1xKRufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMTAxMDBmM2NjNzg3ZDYzMTUzMDNjYjdmYzg4ZDllMjVl
NTZlYTgwHhcNMjIxMjI4MTMyMzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWIyMGY3MjA0YWM4M2UwNWExNjlmYTg0NDJlODZmMmE4ZTlmYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw36uc+kstYXL/80Z+RJqAWSDmiBY
mWEn8Mp0mSFA3ViFHsNUblNBPQI+2GvHKznQWIPZ+JEMWePpKD/9pV0ciDnBcVlq
onvB04pqWTvaTjfo1K8bAD49B0G29s6xq7/yTibinxZRHLTVWBMNLNBnu4uDMQP4
Ltzxw9TRDQzKtGBc6mYJXYTaTWB88rEE+0/a4LwLjug6v/+iFDV1eEIzkzPy7HMA
nvbnjoDLl7yRpdZz05KxJ+3mGRU00buTxHhFjf0xIo2avEb8BbZjEkYS/gze/5Wg
U3HHTDsbQtJR8Qp4IBBxFr79nZ9RV/YqPiG5Tcz2wnMtybfsnCCRFqXLvwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMmyD3IErIPgWhafqEQuhvKo6fvqMB8GA1UdIwQY
MBaAFJEQEA88x4fWMVMDy3/IjZ4l5W6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1JBUUR6ekhoOVl4VXdQTGY4aU5uaVhsYnFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kOTAwYjMtNTQ2Mi00ZWI0LTljOTAt
MGUwMzc3ZDRlNmQ2LzEveWJJUGNnU3NnLUJhRnAtb1JDNkc4cWpwLS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kOTAwYjMtNTQ2Mi00ZWI0LTljOTAtMGUwMzc3ZDRlNmQ2
LzEva1JBUUR6ekhoOVl4VXdQTGY4aU5uaVhsYnFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDH4bQAwQD
sG2oMA8EAgACMAkDBwAgAQZ8E3gwDQYJKoZIhvcNAQELBQADggEBACzsODB7bL1M
kgpYL639HjEom1L9qSaGRiaV4BxARYMrvD7SD95zCSebIQke6jWobmlyTH1/HoLH
2wumtBQCr3eCC9619fnKizHh6mhU2+TvUHT3Xqrdd5eHOUdfop7oBK9jit9YQWmU
7ffA1NleoBkB7ksJNgu/BC8R5HnDYSLIvmEe3TmE9W9RA6GnGf2fl5anw2DBomMp
gGP1/VrwWoffKaxL+j7h634QxvHHtDp6LX6f7Y7Ge4wnY/d9NR726kOQJNPsTJ0b
Gt3lfEYcUNsM0QwzVZZS+f8X6NPktz9g9nktiMOZH+qBo403YjA534K5nvE9/Wbp
/8xQgf71PDQ=
-----END CERTIFICATE-----