Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/gaRb0ZV1ixd_F-ya3JXyxPqfBBg.roa
File:                     gaRb0ZV1ixd_F-ya3JXyxPqfBBg.roa (raw, json)
Hash identifier:          B7C9tmRGzudrm9WteB6yrqZeniZkP0SK+dJVdiB5JHk=
Subject key identifier:   81:A4:5B:D1:95:75:8B:17:7F:17:EC:9A:DC:95:F2:C4:FA:9F:04:18
Certificate issuer:       /CN=68b22eea4a4a3b81654a227eda94e0e75937b015
Certificate serial:       0182EE0A849BF023A19057004AD906AF7FCD
Authority key identifier: 68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/gaRb0ZV1ixd_F-ya3JXyxPqfBBg.roa
Signing time:             Tue 30 Aug 2022 09:17:22 +0000
ROA not before:           Tue 30 Aug 2022 09:17:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204348
IP address blocks:        185.252.112.0/24 maxlen: 24
                          185.252.115.0/24 maxlen: 24
                          185.252.113.0/24 maxlen: 24
                          2a0e:e7c3::/32 maxlen: 32
                          2a04:b804::/32 maxlen: 32
                          2a04:b800::/32 maxlen: 32
                          2a0e:e7c7::/32 maxlen: 32
                          2a04:b803::/32 maxlen: 32
                          2a0e:e7c0::/32 maxlen: 32
                          2a04:b805::/32 maxlen: 32
                          2a10:a6c0::/29 maxlen: 29
                          2a0e:e7c6::/32 maxlen: 32
                          2a04:b802::/32 maxlen: 32
                          2a0e:e7c1::/32 maxlen: 32
                          2a0e:e7c5::/32 maxlen: 32
                          2a04:b806::/32 maxlen: 32
                          2a0e:e7c4::/32 maxlen: 32
                          2a0e:e7c2::/32 maxlen: 32
                          2a04:b807::/32 maxlen: 32
                          2a04:b801::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ee:0a:84:9b:f0:23:a1:90:57:00:4a:d9:06:af:7f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68b22eea4a4a3b81654a227eda94e0e75937b015
        Validity
            Not Before: Aug 30 09:17:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=81a45bd195758b177f17ec9adc95f2c4fa9f0418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c9:2f:43:92:d6:a7:ec:33:d7:65:ae:15:a2:
                    7e:97:00:8c:0e:79:56:68:30:a2:36:cc:94:be:62:
                    b4:a1:01:92:46:95:95:53:c4:92:fe:d6:eb:b8:84:
                    02:b8:70:ec:03:eb:a4:91:8d:6f:d4:85:e7:88:8e:
                    10:7d:54:4f:c4:84:62:b4:57:6d:1d:8d:cc:1a:b9:
                    b3:69:e8:f9:6e:f9:1a:00:00:45:3c:25:4c:58:bf:
                    3a:e3:40:07:7a:4f:e4:44:28:3a:fc:23:8b:76:45:
                    c0:5f:d5:54:33:6a:a6:25:c7:ca:5d:af:c7:0f:9d:
                    5d:16:48:f1:db:bb:35:5a:01:05:14:e9:c0:53:99:
                    6e:47:0a:a1:9e:ab:1b:6c:68:f4:db:db:12:6a:b3:
                    7b:6a:c9:e4:93:d2:45:af:d5:49:b2:92:a6:5c:db:
                    68:8f:d2:36:0e:99:7f:ed:22:3e:3b:bd:7e:ba:a4:
                    18:d5:5b:d6:f5:b9:df:fc:ab:0b:43:c9:d1:bf:f3:
                    1e:81:24:ca:31:2a:a0:07:0d:71:38:eb:c2:aa:d8:
                    13:5b:71:0f:f4:ed:25:6f:2e:80:89:84:1f:52:8a:
                    f2:f1:10:29:c1:77:eb:6c:1a:c7:26:09:3b:99:44:
                    f7:08:9a:dc:f6:16:b8:26:0d:09:d6:2f:93:c3:14:
                    14:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A4:5B:D1:95:75:8B:17:7F:17:EC:9A:DC:95:F2:C4:FA:9F:04:18
            X509v3 Authority Key Identifier:
                keyid:68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/gaRb0ZV1ixd_F-ya3JXyxPqfBBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.112.0/23
                  185.252.115.0/24
                IPv6:
                  2a04:b800::/29
                  2a0e:e7c0::/29
                  2a10:a6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:ee:7d:61:70:ba:3b:db:e8:ad:76:94:06:15:22:66:38:fb:
         e6:b1:ad:e6:0c:f9:68:f5:bc:cd:f5:98:c2:c4:07:d8:53:82:
         5a:1b:96:8d:e5:01:51:bc:6d:38:44:55:c0:50:88:80:6b:57:
         12:76:09:5d:52:49:3f:16:03:c8:37:2f:5a:02:82:9e:56:44:
         ba:c0:9c:ca:55:91:b4:18:46:db:63:4c:2d:3c:55:a1:c0:be:
         03:05:50:09:97:c7:62:11:d7:6e:2e:de:32:d0:2e:03:ca:87:
         9b:2e:df:a3:69:ba:e4:76:21:50:99:25:0b:58:e3:a2:4b:33:
         08:0d:a7:97:ea:eb:88:ac:09:69:ca:ee:54:78:c9:76:13:f9:
         a2:d5:0d:5b:63:f1:72:2e:40:b7:3a:b1:a1:43:82:f0:31:3b:
         5c:d1:c3:06:b6:08:07:b8:32:51:f4:b9:0a:b6:81:ad:a4:f1:
         24:a3:54:d5:3a:68:79:8f:56:4d:0e:25:d7:65:18:4a:ff:ed:
         12:d2:89:26:0e:bd:91:dd:7b:aa:b9:05:55:ac:15:af:da:7c:
         6d:43:7d:21:27:46:99:16:e9:a4:b0:9b:3d:1f:e1:9d:47:7d:
         87:60:7f:c0:3d:66:13:79:1d:f6:ae:fa:a6:88:04:7b:48:be:
         e2:fe:2f:f9
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYLuCoSb8COhkFcAStkGr3/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YjIyZWVhNGE0YTNiODE2NTRhMjI3ZWRhOTRlMGU3NTkz
N2IwMTUwHhcNMjIwODMwMDkxNzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWE0NWJkMTk1NzU4YjE3N2YxN2VjOWFkYzk1ZjJjNGZhOWYwNDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8kvQ5LWp+wz12WuFaJ+lwCMDnlW
aDCiNsyUvmK0oQGSRpWVU8SS/tbruIQCuHDsA+ukkY1v1IXniI4QfVRPxIRitFdt
HY3MGrmzaej5bvkaAABFPCVMWL8640AHek/kRCg6/COLdkXAX9VUM2qmJcfKXa/H
D51dFkjx27s1WgEFFOnAU5luRwqhnqsbbGj029sSarN7asnkk9JFr9VJspKmXNto
j9I2Dpl/7SI+O71+uqQY1VvW9bnf/KsLQ8nRv/MegSTKMSqgBw1xOOvCqtgTW3EP
9O0lby6AiYQfUory8RApwXfrbBrHJgk7mUT3CJrc9ha4Jg0J1i+TwxQUkQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFIGkW9GVdYsXfxfsmtyV8sT6nwQYMB8GA1UdIwQY
MBaAFGiyLupKSjuBZUoiftqU4OdZN7AVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2It
MmI2NWE3YThiZThjLzEvZ2FSYjBaVjFpeGRfRi15YTNKWHl4UHFmQkJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2ItMmI2NWE3YThiZThj
LzEvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTASBAIAATAMAwQBufxwAwQA
ufxzMBsEAgACMBUDBQMqBLgAAwUDKg7nwAMFAyoQpsAwDQYJKoZIhvcNAQELBQAD
ggEBAE/ufWFwujvb6K12lAYVImY4++axreYM+Wj1vM31mMLEB9hTgloblo3lAVG8
bThEVcBQiIBrVxJ2CV1SST8WA8g3L1oCgp5WRLrAnMpVkbQYRttjTC08VaHAvgMF
UAmXx2IR124u3jLQLgPKh5su36NpuuR2IVCZJQtY46JLMwgNp5fq64isCWnK7lR4
yXYT+aLVDVtj8XIuQLc6saFDgvAxO1zRwwa2CAe4MlH0uQq2ga2k8SSjVNU6aHmP
Vk0OJddlGEr/7RLSiSYOvZHde6q5BVWsFa/afG1DfSEnRpkW6aSwmz0f4Z1HfYdg
f8A9ZhN5Hfau+qaIBHtIvuL+L/k=
-----END CERTIFICATE-----