Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/cRZSmYf8i5EhAEQ8p7lcZz5m6sA.roa
File:                     cRZSmYf8i5EhAEQ8p7lcZz5m6sA.roa (raw, json)
Hash identifier:          3iSx/DaoU96w5xldw0yZQIkGTHvGgJxWeIxJt7sCMa0=
Subject key identifier:   71:16:52:99:87:FC:8B:91:21:00:44:3C:A7:B9:5C:67:3E:66:EA:C0
Certificate issuer:       /CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
Certificate serial:       01823352D6A054FB036DB0340EE3A2443A72
Authority key identifier: 91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/cRZSmYf8i5EhAEQ8p7lcZz5m6sA.roa
Signing time:             Mon 25 Jul 2022 03:07:23 +0000
ROA not before:           Mon 25 Jul 2022 03:07:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49675
IP address blocks:        185.161.180.0/24 maxlen: 24
                          185.161.180.0/22 maxlen: 22
                          185.161.181.0/24 maxlen: 24
                          185.161.183.0/24 maxlen: 24
                          185.161.182.0/24 maxlen: 24
                          46.17.201.0/24 maxlen: 24
                          46.17.200.0/21 maxlen: 21
                          46.17.202.0/24 maxlen: 24
                          46.17.206.0/24 maxlen: 24
                          46.17.200.0/24 maxlen: 24
                          46.17.204.0/24 maxlen: 24
                          46.17.205.0/24 maxlen: 24
                          46.17.203.0/24 maxlen: 24
                          46.17.207.0/24 maxlen: 24
                          2a02:26a8:f001::/48 maxlen: 48
                          2a02:26a8:ffff::/48 maxlen: 48
                          2a02:26a8:3::/48 maxlen: 48
                          2a02:26a8:fffe::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:33:52:d6:a0:54:fb:03:6d:b0:34:0e:e3:a2:44:3a:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
        Validity
            Not Before: Jul 25 03:07:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7116529987fc8b912100443ca7b95c673e66eac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:3d:9a:c3:75:d9:21:fc:96:ce:3f:68:1c:bd:
                    f4:71:6e:4d:a3:fa:b4:4e:a9:1c:c5:14:e7:a8:8e:
                    db:60:bf:c2:89:fb:ef:a1:43:31:ff:51:c4:31:49:
                    f9:84:7d:d1:73:40:96:6b:89:2c:8b:55:ac:75:11:
                    e0:3f:a8:bf:4d:2f:18:84:b3:69:f8:2e:ab:a9:27:
                    09:8c:71:23:55:b1:fa:32:9e:44:33:16:60:e1:fe:
                    bd:ce:7b:95:77:cb:7e:b7:b3:d4:93:5e:d2:0f:90:
                    e1:f6:6a:2c:a2:7f:22:a8:0b:58:6f:86:7b:e4:14:
                    b3:62:c6:06:03:ea:7f:23:a0:c5:00:99:84:16:ce:
                    75:86:b7:9b:ec:ca:fb:37:48:cc:5d:3c:a6:db:48:
                    c8:31:ba:cf:f3:dd:24:07:2d:f1:98:a5:9e:37:40:
                    64:7d:19:90:49:e6:56:47:c9:01:e6:ff:45:fa:8e:
                    8c:79:c0:c1:56:a4:f6:87:42:e6:cf:23:a5:d6:be:
                    c5:5e:ad:95:f3:61:3d:e9:41:af:7d:27:38:a2:25:
                    b1:98:5c:e1:bc:94:c8:6f:b3:22:e6:c6:94:5d:95:
                    67:86:c5:7c:a0:a4:7e:45:5b:7f:11:1d:5a:ee:de:
                    b5:ab:1d:47:5a:64:98:8e:6d:a5:6d:61:57:4b:a4:
                    47:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:16:52:99:87:FC:8B:91:21:00:44:3C:A7:B9:5C:67:3E:66:EA:C0
            X509v3 Authority Key Identifier:
                keyid:91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/cRZSmYf8i5EhAEQ8p7lcZz5m6sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.200.0/21
                  185.161.180.0/22
                IPv6:
                  2a02:26a8:3::/48
                  2a02:26a8:f001::/48
                  2a02:26a8:fffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         07:9e:a3:22:9e:55:ee:76:d4:48:d7:6d:14:93:70:e6:21:ea:
         0f:13:08:22:c9:7e:1f:61:9f:f0:5c:40:c5:a5:aa:67:80:83:
         7c:89:17:c8:f1:ec:3c:f7:5e:0f:19:64:7e:db:f4:93:4a:3e:
         df:0c:ba:45:67:3b:41:ff:58:00:6d:a6:0c:f6:17:0f:99:14:
         71:e9:eb:00:56:f9:84:c9:e4:14:d6:ea:e5:b5:1b:51:13:8d:
         03:29:0f:09:c3:44:eb:05:23:23:61:40:f3:a1:5a:fd:7e:6a:
         df:01:cb:e3:ea:a0:4c:21:b3:26:e0:b2:58:6f:39:94:74:21:
         cb:19:4a:28:47:f4:f3:c3:07:ca:2c:be:80:5c:73:bb:b3:03:
         88:6b:31:83:7d:e8:e5:7d:ab:01:b3:54:42:2f:6d:4a:51:7d:
         ad:69:55:8d:20:94:59:23:6f:6e:ed:91:03:3d:36:df:84:f7:
         63:24:32:7b:09:50:c4:57:33:54:26:11:e0:35:51:ca:1f:e0:
         36:15:84:8d:25:38:a9:c7:40:a8:04:c4:14:54:68:ba:fb:ec:
         43:02:a4:99:34:92:8e:b5:11:f1:7e:6d:ba:c9:4a:e9:52:4e:
         e2:51:f0:c3:db:0b:b0:22:b6:47:69:10:a4:91:aa:c9:03:b1:
         49:b1:b7:fb
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYIzUtagVPsDbbA0DuOiRDpyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDAxYzQ3ZjAwZTY0ZjM1Y2M3NTJkMDNiMzRhNzFiNzE0
MDZiM2YwHhcNMjIwNzI1MDMwNzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTE2NTI5OTg3ZmM4YjkxMjEwMDQ0M2NhN2I5NWM2NzNlNjZlYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5T2aw3XZIfyWzj9oHL30cW5No/q0
TqkcxRTnqI7bYL/CifvvoUMx/1HEMUn5hH3Rc0CWa4ksi1WsdRHgP6i/TS8YhLNp
+C6rqScJjHEjVbH6Mp5EMxZg4f69znuVd8t+t7PUk17SD5Dh9moson8iqAtYb4Z7
5BSzYsYGA+p/I6DFAJmEFs51hreb7Mr7N0jMXTym20jIMbrP890kBy3xmKWeN0Bk
fRmQSeZWR8kB5v9F+o6MecDBVqT2h0LmzyOl1r7FXq2V82E96UGvfSc4oiWxmFzh
vJTIb7Mi5saUXZVnhsV8oKR+RVt/ER1a7t61qx1HWmSYjm2lbWFXS6RHjQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFHEWUpmH/IuRIQBEPKe5XGc+ZurAMB8GA1UdIwQY
MBaAFJHQHEfwDmTzXMdS0Ds0pxtxQGs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWIt
NTZiMDA2ZWYwZDNiLzEvY1JaU21ZZjhpNUVoQUVROHA3bGNaejVtNnNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWItNTZiMDA2ZWYwZDNi
LzEva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzASBAIAATAMAwQDLhHIAwQC
uaG0MCEEAgACMBsDBwAqAiaoAAMDBwAqAiao8AEDBwEqAiao//4wDQYJKoZIhvcN
AQELBQADggEBAAeeoyKeVe521EjXbRSTcOYh6g8TCCLJfh9hn/BcQMWlqmeAg3yJ
F8jx7Dz3Xg8ZZH7b9JNKPt8MukVnO0H/WABtpgz2Fw+ZFHHp6wBW+YTJ5BTW6uW1
G1ETjQMpDwnDROsFIyNhQPOhWv1+at8By+PqoEwhsybgslhvOZR0IcsZSihH9PPD
B8osvoBcc7uzA4hrMYN96OV9qwGzVEIvbUpRfa1pVY0glFkjb27tkQM9Nt+E92Mk
MnsJUMRXM1QmEeA1Ucof4DYVhI0lOKnHQKgExBRUaLr77EMCpJk0ko61EfF+bbrJ
SulSTuJR8MPbC7AitkdpEKSRqskDsUmxt/s=
-----END CERTIFICATE-----