Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/sYdqvjoB4RfEwbP4nTsOHtN4jyU.roa
File:                     sYdqvjoB4RfEwbP4nTsOHtN4jyU.roa (raw, json)
Hash identifier:          Qsji4/8YqoYJYNgrvWTE+mjBgxO2MRmzuJWkf2ov6V0=
Subject key identifier:   B1:87:6A:BE:3A:01:E1:17:C4:C1:B3:F8:9D:3B:0E:1E:D3:78:8F:25
Certificate issuer:       /CN=056ad2f4ffc5872e35a429e53ef179925ff4215e
Certificate serial:       19B6BFF7
Authority key identifier: 05:6A:D2:F4:FF:C5:87:2E:35:A4:29:E5:3E:F1:79:92:5F:F4:21:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BWrS9P_Fhy41pCnlPvF5kl_0IV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/sYdqvjoB4RfEwbP4nTsOHtN4jyU.roa
Signing time:             Tue 24 May 2022 22:27:52 +0000
ROA not before:           Tue 24 May 2022 22:27:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5605
IP address blocks:        193.102.227.0/24 maxlen: 24
                          193.101.58.0/24 maxlen: 24
                          195.244.233.0/24 maxlen: 24
                          195.244.232.0/24 maxlen: 24
                          195.244.228.0/24 maxlen: 24
                          195.244.229.0/24 maxlen: 24
                          195.244.240.0/24 maxlen: 24
                          195.244.235.0/24 maxlen: 24
                          195.244.234.0/24 maxlen: 24
                          195.244.236.0/24 maxlen: 24
                          195.244.246.0/24 maxlen: 24
                          195.244.242.0/24 maxlen: 24
                          195.244.241.0/24 maxlen: 24
                          195.244.243.0/24 maxlen: 24
                          195.244.245.0/24 maxlen: 24
                          195.244.244.0/24 maxlen: 24
                          193.98.110.0/24 maxlen: 24
                          195.244.247.0/24 maxlen: 24
                          195.244.254.0/24 maxlen: 24
                          195.244.255.0/24 maxlen: 24
                          2a00:fa8::/32 maxlen: 32
                          2a00:fa8:3::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 431407095 (0x19b6bff7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=056ad2f4ffc5872e35a429e53ef179925ff4215e
        Validity
            Not Before: May 24 22:27:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b1876abe3a01e117c4c1b3f89d3b0e1ed3788f25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:30:f2:08:43:a6:0e:49:12:31:65:be:da:8c:
                    7e:4f:c2:b3:90:19:ba:a8:a0:69:87:03:9e:cf:92:
                    ea:6d:7c:d1:94:b0:a5:9d:88:b6:5e:e4:dc:dd:e4:
                    8b:3c:47:00:24:b7:7a:22:9a:b4:d7:0e:5f:7e:a7:
                    cb:b3:51:62:02:f7:4c:36:b9:ae:44:2e:0a:95:42:
                    21:2c:54:7e:a1:8f:b4:74:91:19:11:d6:99:d6:8a:
                    a0:3d:13:23:45:00:37:e8:92:d8:c4:68:70:40:11:
                    f2:ef:dc:5c:cb:c3:94:87:77:86:7b:81:cf:61:e5:
                    de:6b:68:0e:6a:53:75:96:62:0a:fe:a3:6a:e8:79:
                    ef:38:08:2a:43:bd:22:0d:e6:69:44:07:c0:e5:bf:
                    74:b1:8b:13:e1:7f:2b:7a:f3:d1:2a:19:56:5e:ad:
                    57:7d:c6:c8:6b:59:cd:22:03:31:3c:74:b2:49:8b:
                    e4:2a:26:dd:94:dc:d4:25:18:b0:f6:46:3f:be:1f:
                    02:26:e6:ff:0c:84:6a:da:26:1a:1d:03:c7:88:f4:
                    2d:a3:21:f4:45:3a:07:46:98:e0:91:02:cd:c3:73:
                    94:11:1b:9f:79:38:78:2a:24:f3:f1:44:28:83:b6:
                    fe:10:e6:5e:df:74:70:36:f8:e7:5e:ab:c2:64:93:
                    58:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:87:6A:BE:3A:01:E1:17:C4:C1:B3:F8:9D:3B:0E:1E:D3:78:8F:25
            X509v3 Authority Key Identifier:
                keyid:05:6A:D2:F4:FF:C5:87:2E:35:A4:29:E5:3E:F1:79:92:5F:F4:21:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BWrS9P_Fhy41pCnlPvF5kl_0IV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/sYdqvjoB4RfEwbP4nTsOHtN4jyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/BWrS9P_Fhy41pCnlPvF5kl_0IV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.98.110.0/24
                  193.101.58.0/24
                  193.102.227.0/24
                  195.244.228.0/23
                  195.244.232.0-195.244.236.255
                  195.244.240.0/21
                  195.244.254.0/23
                IPv6:
                  2a00:fa8::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:ea:94:36:f2:c0:f4:31:90:e7:75:39:32:d4:c7:df:69:42:
         16:49:63:b1:05:c8:98:c1:69:c9:cf:3e:77:59:44:1e:c6:8f:
         ae:ae:f4:d7:c2:b0:bd:ea:17:c5:d2:7f:4f:3c:6a:0c:4b:a3:
         4c:cc:61:13:3b:c8:32:00:2c:ef:02:2f:e3:55:e8:f3:52:fb:
         f7:6b:0d:84:47:5d:cb:8c:bc:d9:ae:b9:be:70:a4:9a:37:3b:
         b3:0b:7e:1f:78:a8:7e:28:9a:e2:f8:2e:9a:a3:5b:fd:cb:1a:
         a1:0f:e8:b7:db:6f:d2:ff:68:1c:9a:27:06:3a:e5:19:24:72:
         3d:e5:f6:2d:d4:43:7e:d5:c6:7a:d7:ae:10:cd:f5:4d:c8:61:
         44:ae:15:a1:46:1b:71:ef:01:11:c8:92:fe:a5:20:fb:33:79:
         79:b3:04:40:e7:d0:35:3e:b8:01:15:4c:80:33:8b:41:bb:48:
         5f:ae:e3:6b:0d:cc:38:78:89:b3:30:5e:17:f5:c4:58:69:26:
         95:65:29:f4:f7:50:cb:03:9f:af:47:bc:04:31:4b:05:51:78:
         f6:b8:4b:16:40:62:30:a7:ca:46:ea:d6:16:7b:b8:40:cb:a9:
         ac:fc:03:f3:fd:13:b4:7c:80:c2:e5:d9:f7:6d:6c:02:d9:73:
         0a:06:1c:50
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIEGba/9zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NTZhZDJmNGZmYzU4NzJlMzVhNDI5ZTUzZWYxNzk5MjVmZjQyMTVlMB4XDTIyMDUy
NDIyMjc1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjE4NzZhYmUzYTAx
ZTExN2M0YzFiM2Y4OWQzYjBlMWVkMzc4OGYyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANkw8ghDpg5JEjFlvtqMfk/Cs5AZuqigaYcDns+S6m180ZSw
pZ2Itl7k3N3kizxHACS3eiKatNcOX36ny7NRYgL3TDa5rkQuCpVCISxUfqGPtHSR
GRHWmdaKoD0TI0UAN+iS2MRocEAR8u/cXMvDlId3hnuBz2Hl3mtoDmpTdZZiCv6j
auh57zgIKkO9Ig3maUQHwOW/dLGLE+F/K3rz0SoZVl6tV33GyGtZzSIDMTx0skmL
5Com3ZTc1CUYsPZGP74fAibm/wyEatomGh0Dx4j0LaMh9EU6B0aY4JECzcNzlBEb
n3k4eCok8/FEKIO2/hDmXt90cDb4516rwmSTWCkCAwEAAaOCAkQwggJAMB0GA1Ud
DgQWBBSxh2q+OgHhF8TBs/idOw4e03iPJTAfBgNVHSMEGDAWgBQFatL0/8WHLjWk
KeU+8XmSX/QhXjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JXclM5UF9GaHk0MXBDbmxQdkY1a2xfMElWNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzgvNDMzMGZlLWRiZmMtNDgxZi04ZmQ5LTFlNGZjYjFjNjBjYi8x
L3NZZHF2am9CNFJmRXdiUDRuVHNPSHRONGp5VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgv
NDMzMGZlLWRiZmMtNDgxZi04ZmQ5LTFlNGZjYjFjNjBjYi8xL0JXclM5UF9GaHk0
MXBDbmxQdkY1a2xfMElWNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBa
BggrBgEFBQcBBwEB/wRLMEkwOAQCAAEwMgMEAMFibgMEAMFlOgMEAMFm4wMEAcP0
5DAMAwQDw/ToAwQAw/TsAwQDw/TwAwQBw/T+MA0EAgACMAcDBQAqAA+oMA0GCSqG
SIb3DQEBCwUAA4IBAQCK6pQ28sD0MZDndTky1MffaUIWSWOxBciYwWnJzz53WUQe
xo+urvTXwrC96hfF0n9PPGoMS6NMzGETO8gyACzvAi/jVejzUvv3aw2ER13LjLzZ
rrm+cKSaNzuzC34feKh+KJri+C6ao1v9yxqhD+i322/S/2gcmicGOuUZJHI95fYt
1EN+1cZ6164QzfVNyGFErhWhRhtx7wERyJL+pSD7M3l5swRA59A1PrgBFUyAM4tB
u0hfruNrDcw4eImzMF4X9cRYaSaVZSn091DLA5+vR7wEMUsFUXj2uEsWQGIwp8pG
6tYWe7hAy6ms/APz/RO0fIDC5dn3bWwC2XMKBhxQ
-----END CERTIFICATE-----