Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/vPQvtghgArsPK4SPRQx841la8e8.roa
File:                     vPQvtghgArsPK4SPRQx841la8e8.roa (raw, json)
Hash identifier:          YIBGDpgcl9eW7Unpxw42ghoQuqu+1b2RAGDS6SV6dWQ=
Subject key identifier:   BC:F4:2F:B6:08:60:02:BB:0F:2B:84:8F:45:0C:7C:E3:59:5A:F1:EF
Certificate issuer:       /CN=543e20bf5f252b1bdbd21dc99d94cd97ea7f0fe6
Certificate serial:       0380CC31
Authority key identifier: 54:3E:20:BF:5F:25:2B:1B:DB:D2:1D:C9:9D:94:CD:97:EA:7F:0F:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VD4gv18lKxvb0h3JnZTNl-p_D-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/vPQvtghgArsPK4SPRQx841la8e8.roa
Signing time:             Mon 04 Jul 2022 07:20:25 +0000
ROA not before:           Mon 04 Jul 2022 07:20:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43872
IP address blocks:        185.253.176.0/22 maxlen: 22
                          185.187.61.0/24 maxlen: 24
                          185.183.20.0/22 maxlen: 22
                          193.247.165.0/24 maxlen: 24
                          193.247.94.0/24 maxlen: 24
                          193.247.103.0/24 maxlen: 24
                          193.247.101.0/24 maxlen: 24
                          193.105.189.0/24 maxlen: 24
                          5.253.252.0/22 maxlen: 22
                          92.118.111.0/24 maxlen: 24
                          176.101.169.0/24 maxlen: 24
                          2a10:c9c0::/29 maxlen: 29
                          2a10:cac0::/29 maxlen: 29
                          2a0b:180::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 58772529 (0x380cc31)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543e20bf5f252b1bdbd21dc99d94cd97ea7f0fe6
        Validity
            Not Before: Jul  4 07:20:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bcf42fb6086002bb0f2b848f450c7ce3595af1ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ed:4e:96:8b:48:c8:ea:b2:e9:7f:80:6a:a6:
                    58:29:93:73:55:7e:1b:fb:f5:aa:9b:45:ce:7a:e5:
                    19:a5:c8:79:bf:c4:a0:ae:00:8d:25:2e:14:c6:89:
                    3a:3a:a3:56:d6:60:76:3e:d7:3c:a7:bc:4c:33:28:
                    56:ea:85:2c:6c:27:10:0c:75:dd:45:a4:81:5e:fd:
                    3e:d1:31:63:2d:f3:ef:90:28:ab:92:0f:ca:ed:b2:
                    09:a5:08:bb:8c:cf:8a:5c:60:be:d0:6d:e1:31:f8:
                    54:1f:da:85:f8:79:6f:3c:4e:e0:60:35:b5:2d:79:
                    12:c7:e9:27:d7:dc:e9:9d:fc:d1:98:bc:91:ad:49:
                    41:6d:46:d3:99:56:d6:5d:49:c0:82:4c:cc:39:b2:
                    b2:d5:6c:13:73:3b:c4:c8:1a:2c:9d:29:78:de:2e:
                    df:0c:06:eb:f4:96:d2:0a:9a:93:86:a8:5b:f2:3e:
                    e6:c6:f6:84:6f:87:43:36:92:83:1a:76:9f:83:0e:
                    da:17:bf:66:e4:7b:74:52:7b:06:4e:9f:8d:23:f8:
                    1e:d5:0b:60:73:fc:2d:76:d3:78:d8:fb:e8:f9:95:
                    05:6e:d1:f8:f0:ee:c4:d7:86:72:21:4a:72:75:ae:
                    b8:55:18:92:b9:27:ca:3c:d8:0b:78:84:97:d0:40:
                    ec:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:F4:2F:B6:08:60:02:BB:0F:2B:84:8F:45:0C:7C:E3:59:5A:F1:EF
            X509v3 Authority Key Identifier:
                keyid:54:3E:20:BF:5F:25:2B:1B:DB:D2:1D:C9:9D:94:CD:97:EA:7F:0F:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VD4gv18lKxvb0h3JnZTNl-p_D-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/vPQvtghgArsPK4SPRQx841la8e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/VD4gv18lKxvb0h3JnZTNl-p_D-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.252.0/22
                  92.118.111.0/24
                  176.101.169.0/24
                  185.183.20.0/22
                  185.187.61.0/24
                  185.253.176.0/22
                  193.105.189.0/24
                  193.247.94.0/24
                  193.247.101.0/24
                  193.247.103.0/24
                  193.247.165.0/24
                IPv6:
                  2a0b:180::/29
                  2a10:c9c0::/29
                  2a10:cac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:fb:4f:a7:4b:fe:f8:d3:c4:9e:3e:fb:20:4d:35:1a:d7:48:
         aa:f5:3c:37:7f:f6:9e:df:48:26:47:a6:89:a0:46:1d:37:1b:
         07:a9:38:e6:e8:14:08:f5:6d:1e:dc:68:b3:69:f6:4e:b2:26:
         3c:f7:79:4a:03:fc:e0:6d:8a:7d:32:50:4c:81:c5:ad:2d:ce:
         50:d9:45:d0:2d:16:06:68:32:10:93:f6:ff:02:d0:7a:05:39:
         e8:6f:87:88:f3:db:2d:af:1d:fc:0f:ad:5b:96:27:33:48:39:
         8b:f9:50:90:0b:2c:32:c2:76:4e:11:b3:80:b1:a6:ce:b0:a2:
         e7:03:66:3e:ab:a9:66:48:88:09:14:02:63:1c:fa:7b:4b:df:
         e3:86:dd:0d:a3:b5:84:de:0c:67:0a:06:e0:ca:7b:15:22:55:
         f1:15:7b:44:e4:57:42:db:e3:6c:2f:24:02:e3:e4:5a:14:ed:
         38:54:36:57:b2:ca:f8:7f:ec:45:78:d4:81:27:ac:d3:a5:fb:
         66:31:1e:30:5b:ad:96:88:52:bb:71:ca:fc:ee:81:1a:10:0d:
         7c:3f:9d:f2:44:14:33:1a:ba:d9:d3:fb:81:52:b2:af:76:29:
         cf:99:e4:78:07:a2:05:4a:2c:7e:81:db:2e:67:03:cc:50:d5:
         38:25:b8:df
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgIEA4DMMTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
NDNlMjBiZjVmMjUyYjFiZGJkMjFkYzk5ZDk0Y2Q5N2VhN2YwZmU2MB4XDTIyMDcw
NDA3MjAyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmNmNDJmYjYwODYw
MDJiYjBmMmI4NDhmNDUwYzdjZTM1OTVhZjFlZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJrtTpaLSMjqsul/gGqmWCmTc1V+G/v1qptFznrlGaXIeb/E
oK4AjSUuFMaJOjqjVtZgdj7XPKe8TDMoVuqFLGwnEAx13UWkgV79PtExYy3z75Ao
q5IPyu2yCaUIu4zPilxgvtBt4TH4VB/ahfh5bzxO4GA1tS15EsfpJ9fc6Z380Zi8
ka1JQW1G05lW1l1JwIJMzDmystVsE3M7xMgaLJ0peN4u3wwG6/SW0gqak4aoW/I+
5sb2hG+HQzaSgxp2n4MO2he/ZuR7dFJ7Bk6fjSP4HtULYHP8LXbTeNj76PmVBW7R
+PDuxNeGciFKcnWuuFUYkrknyjzYC3iEl9BA7PUCAwEAAaOCAmIwggJeMB0GA1Ud
DgQWBBS89C+2CGACuw8rhI9FDHzjWVrx7zAfBgNVHSMEGDAWgBRUPiC/XyUrG9vS
HcmdlM2X6n8P5jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1ZENGd2MThsS3h2YjBoM0puWlRObC1wX0QtWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvNGU4N2E2LTY1MzYtNDU0YS1hNTllLWQ1YWQ5OTZhMWFjOC8x
L3ZQUXZ0Z2hnQXJzUEs0U1BSUXg4NDFsYThlOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
NGU4N2E2LTY1MzYtNDU0YS1hNTllLWQ1YWQ5OTZhMWFjOC8xL1ZENGd2MThsS3h2
YjBoM0puWlRObC1wX0QtWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB4
BggrBgEFBQcBBwEB/wRpMGcwSAQCAAEwQgMEAgX9/AMEAFx2bwMEALBlqQMEArm3
FAMEALm7PQMEArn9sAMEAMFpvQMEAMH3XgMEAMH3ZQMEAMH3ZwMEAMH3pTAbBAIA
AjAVAwUDKgsBgAMFAyoQycADBQMqEMrAMA0GCSqGSIb3DQEBCwUAA4IBAQCi+0+n
S/7408SePvsgTTUa10iq9Tw3f/ae30gmR6aJoEYdNxsHqTjm6BQI9W0e3GizafZO
siY893lKA/zgbYp9MlBMgcWtLc5Q2UXQLRYGaDIQk/b/AtB6BTnob4eI89strx38
D61bliczSDmL+VCQCywywnZOEbOAsabOsKLnA2Y+q6lmSIgJFAJjHPp7S9/jht0N
o7WE3gxnCgbgynsVIlXxFXtE5FdC2+NsLyQC4+RaFO04VDZXssr4f+xFeNSBJ6zT
pftmMR4wW62WiFK7ccr87oEaEA18P53yRBQzGrrZ0/uBUrKvdinPmeR4B6IFSix+
gdsuZwPMUNU4Jbjf
-----END CERTIFICATE-----