Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/fqyMh14ftR2o3Y6khRGZtkyti84.roa
File:                     fqyMh14ftR2o3Y6khRGZtkyti84.roa (raw, json)
Hash identifier:          jC1bF8vcwHuw4bqO/iGxsQ2ywnx0JHP/OTKbYmcSEyY=
Subject key identifier:   7E:AC:8C:87:5E:1F:B5:1D:A8:DD:8E:A4:85:11:99:B6:4C:AD:8B:CE
Certificate issuer:       /CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
Certificate serial:       2896AE91
Authority key identifier: 4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/fqyMh14ftR2o3Y6khRGZtkyti84.roa
Signing time:             Sat 01 Jan 2022 02:52:31 +0000
ROA not before:           Sat 01 Jan 2022 02:52:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198102
IP address blocks:        195.28.8.0/23 maxlen: 23
                          213.225.240.0/20 maxlen: 20
                          89.35.168.0/22 maxlen: 22
                          195.225.40.0/23 maxlen: 23
                          89.45.212.0/22 maxlen: 22
                          195.238.80.0/23 maxlen: 23
                          128.65.204.0/23 maxlen: 24
                          128.65.200.0/23 maxlen: 24
                          86.105.236.0/22 maxlen: 22
                          185.85.192.0/23 maxlen: 23
                          185.85.194.0/24 maxlen: 24
                          78.111.224.0/20 maxlen: 24
                          195.210.40.0/23 maxlen: 23
                          134.255.168.0/22 maxlen: 22
                          91.231.62.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 680963729 (0x2896ae91)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
        Validity
            Not Before: Jan  1 02:52:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7eac8c875e1fb51da8dd8ea4851199b64cad8bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8c:63:75:fc:f8:fe:3c:6d:15:ee:78:22:d0:
                    d5:d2:24:99:f0:e6:90:0d:62:86:38:a3:d3:a0:2c:
                    ad:4e:95:62:67:59:d1:61:14:b5:19:16:4a:c4:ce:
                    25:fe:54:83:b9:9f:22:1f:d8:a9:39:e9:78:fc:97:
                    d1:05:70:fb:cb:12:1c:03:b0:7e:21:d2:9f:f0:96:
                    c2:e8:9d:2c:52:c6:8f:13:53:21:81:da:79:7c:d8:
                    73:50:92:2a:58:7c:e2:5b:d8:fa:22:dd:ca:84:41:
                    46:b3:8b:94:5e:96:d9:60:a8:92:72:bb:6d:f3:65:
                    04:00:e9:e8:9d:e4:98:85:c7:a2:ae:6a:d6:e1:17:
                    77:68:44:f7:65:09:ac:18:14:d8:ba:43:e7:dc:39:
                    34:37:e5:b1:7c:fd:ea:3d:3b:cf:d3:fc:75:00:30:
                    24:04:be:29:8a:be:9f:6e:93:e3:a5:5a:fd:57:40:
                    cf:21:2c:fa:13:75:62:7f:b0:69:5a:29:b0:1b:ec:
                    3e:1d:3c:33:22:3e:73:9b:3a:9d:1b:fd:f7:31:ca:
                    11:89:02:fc:e0:95:90:25:44:ef:1d:37:5e:fe:c8:
                    ea:3d:55:27:61:4b:78:94:86:99:04:af:26:f8:59:
                    41:91:74:0b:2b:96:04:42:1e:99:3a:4f:57:f2:60:
                    11:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:AC:8C:87:5E:1F:B5:1D:A8:DD:8E:A4:85:11:99:B6:4C:AD:8B:CE
            X509v3 Authority Key Identifier:
                keyid:4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/fqyMh14ftR2o3Y6khRGZtkyti84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.111.224.0/20
                  86.105.236.0/22
                  89.35.168.0/22
                  89.45.212.0/22
                  91.231.62.0/24
                  128.65.200.0/23
                  128.65.204.0/23
                  134.255.168.0/22
                  185.85.192.0-185.85.194.255
                  195.28.8.0/23
                  195.210.40.0/23
                  195.225.40.0/23
                  195.238.80.0/23
                  213.225.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5e:00:fd:5d:96:fa:40:30:8d:6b:36:45:74:98:2a:12:58:64:
         5f:7b:bd:e7:5c:89:12:d4:7e:ff:e5:7f:4c:6f:e5:1a:1b:83:
         4a:44:4f:3b:3d:83:47:30:96:ce:c8:9a:44:96:25:83:6d:1f:
         62:5e:5d:ad:e7:99:5e:ec:2b:5e:7e:37:ce:24:32:e6:dc:7a:
         e8:d0:b7:32:2f:22:5e:60:11:31:9e:8e:e9:0a:9c:27:fc:d3:
         01:d9:72:c4:49:4e:c7:47:06:d5:f0:24:db:0f:05:f8:94:d0:
         b3:0c:12:fa:4a:2f:d6:9c:93:9b:62:2d:7b:32:29:9d:86:ed:
         10:5a:21:cd:59:17:f6:95:fd:29:04:59:6b:83:17:dc:26:bc:
         ce:a2:39:ae:69:92:6b:b6:70:c4:d9:a0:7f:f8:db:68:54:ca:
         10:c5:77:17:7d:28:17:a2:a7:45:b1:78:3a:07:48:4c:e4:ed:
         2e:38:a1:66:eb:50:e7:2e:1a:3c:52:5a:7e:db:b7:3c:cd:62:
         dd:06:e8:96:65:f6:5f:19:4b:84:a5:63:56:11:1a:6f:f7:7f:
         c7:bc:27:7b:2d:54:f5:02:d2:d9:6b:f5:73:26:8d:17:6e:38:
         00:6b:1b:bd:25:68:96:45:7a:51:ce:b5:92:47:1f:c8:a6:1a:
         c2:2a:7f:02
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgIEKJaukTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZTUxNDZiYjRlMjE5NzQ0ZjU4YzI2OGU5ZWM2MjFjMThkZDIyOWMzMB4XDTIyMDEw
MTAyNTIzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2VhYzhjODc1ZTFm
YjUxZGE4ZGQ4ZWE0ODUxMTk5YjY0Y2FkOGJjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJaMY3X8+P48bRXueCLQ1dIkmfDmkA1ihjij06AsrU6VYmdZ
0WEUtRkWSsTOJf5Ug7mfIh/YqTnpePyX0QVw+8sSHAOwfiHSn/CWwuidLFLGjxNT
IYHaeXzYc1CSKlh84lvY+iLdyoRBRrOLlF6W2WCoknK7bfNlBADp6J3kmIXHoq5q
1uEXd2hE92UJrBgU2LpD59w5NDflsXz96j07z9P8dQAwJAS+KYq+n26T46Va/VdA
zyEs+hN1Yn+waVopsBvsPh08MyI+c5s6nRv99zHKEYkC/OCVkCVE7x03Xv7I6j1V
J2FLeJSGmQSvJvhZQZF0CyuWBEIemTpPV/JgEfECAwEAAaOCAl8wggJbMB0GA1Ud
DgQWBBR+rIyHXh+1HajdjqSFEZm2TK2LzjAfBgNVHSMEGDAWgBROUUa7TiGXRPWM
Jo6exiHBjdIpwzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RsRkd1MDRobDBUMWpDYU9uc1lod1kzU0tjTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMjViNTRhLWU3NzAtNDRhYi1hMDA0LWM5MjBjNTE3ZDYwMC8x
L2ZxeU1oMTRmdFIybzNZNmtoUkdadGt5dGk4NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MjViNTRhLWU3NzAtNDRhYi1hMDA0LWM5MjBjNTE3ZDYwMC8xL1RsRkd1MDRobDBU
MWpDYU9uc1lod1kzU0tjTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB1
BggrBgEFBQcBBwEB/wRmMGQwYgQCAAEwXAMEBE5v4AMEAlZp7AMEAlkjqAMEAlkt
1AMEAFvnPgMEAYBByAMEAYBBzAMEAob/qDAMAwQGuVXAAwQAuVXCAwQBwxwIAwQB
w9IoAwQBw+EoAwQBw+5QAwQE1eHwMA0GCSqGSIb3DQEBCwUAA4IBAQBeAP1dlvpA
MI1rNkV0mCoSWGRfe73nXIkS1H7/5X9Mb+UaG4NKRE87PYNHMJbOyJpEliWDbR9i
Xl2t55le7CtefjfOJDLm3Hro0LcyLyJeYBExno7pCpwn/NMB2XLESU7HRwbV8CTb
DwX4lNCzDBL6Si/WnJObYi17Mimdhu0QWiHNWRf2lf0pBFlrgxfcJrzOojmuaZJr
tnDE2aB/+NtoVMoQxXcXfSgXoqdFsXg6B0hM5O0uOKFm61DnLho8Ulp+27c8zWLd
BuiWZfZfGUuEpWNWERpv93/HvCd7LVT1AtLZa/VzJo0XbjgAaxu9JWiWRXpRzrWS
Rx/IphrCKn8C
-----END CERTIFICATE-----