Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/mps2f3J3Jvcm0epLwa5G6DSNM4U.roa
File:                     mps2f3J3Jvcm0epLwa5G6DSNM4U.roa (raw, json)
Hash identifier:          U1HNmLuIBhxUK+EI3M93Hhi8cUDRQhQzCQ4+I3t98eQ=
Subject key identifier:   9A:9B:36:7F:72:77:26:F7:26:D1:EA:4B:C1:AE:46:E8:34:8D:33:85
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       0183E9B4F46E37AF5F47AD5278EA3D6B460E
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/mps2f3J3Jvcm0epLwa5G6DSNM4U.roa
Signing time:             Tue 18 Oct 2022 06:08:13 +0000
ROA not before:           Tue 18 Oct 2022 06:08:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61423
IP address blocks:        185.202.132.0/24 maxlen: 24
                          2a0a:d6c0:9::/48 maxlen: 48
                          2a0a:d6c0:4::/48 maxlen: 48
                          2a0a:d6c0:efef::/48 maxlen: 48
                          2a0a:d6c0:efff::/48 maxlen: 48
                          2a0a:d6c0:8::/48 maxlen: 48
                          2a0a:d6c0:3::/48 maxlen: 48
                          2a0a:d6c0:eff3::/48 maxlen: 48
                          2a0a:d6c0:13::/48 maxlen: 48
                          2a0a:d6c0:11::/48 maxlen: 48
                          2a0a:d6c0:eff1::/48 maxlen: 48
                          2a0a:d6c0:7::/48 maxlen: 48
                          2a0a:d6c0:eff2::/48 maxlen: 48
                          2a0a:d6c0:2::/48 maxlen: 48
                          2a0a:d6c0:5::/48 maxlen: 48
                          2a0a:d6c0::/48 maxlen: 48
                          2a0a:d6c0:10::/48 maxlen: 48
                          2a0a:d6c0:eff0::/48 maxlen: 48
                          2a0a:d6c0:6::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:e9:b4:f4:6e:37:af:5f:47:ad:52:78:ea:3d:6b:46:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Oct 18 06:08:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9a9b367f727726f726d1ea4bc1ae46e8348d3385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4e:56:f7:9f:75:e3:f0:84:ce:9f:01:75:55:
                    2b:b0:1a:4d:e0:13:2b:19:fa:f5:27:c3:e7:75:4e:
                    28:65:55:3f:f1:c5:48:8b:7e:9e:cc:bc:9a:28:97:
                    38:f1:fc:cf:0c:81:6d:37:5e:23:de:c3:50:be:0e:
                    24:e6:16:ad:b1:95:93:07:a5:3f:1a:24:70:ba:26:
                    e0:35:c1:be:8f:87:c4:c3:15:d0:f0:e9:cd:9a:f6:
                    58:e8:99:f1:f8:bd:12:0e:a4:c3:e5:9c:d3:3e:3b:
                    f7:0c:15:08:61:09:71:fd:0f:f2:0b:02:8b:73:d8:
                    1b:db:c0:3c:bf:f0:d2:ce:4f:13:d0:fd:a1:1d:4f:
                    80:57:6c:c2:6f:fe:cb:a5:1d:74:48:b1:ad:fb:76:
                    64:f0:bb:09:ac:e2:76:33:d3:c8:51:61:7d:4d:36:
                    5e:61:4e:ca:1b:f8:84:9d:0b:03:79:0b:8f:4f:e7:
                    9c:47:71:ce:20:77:0d:e0:07:18:7c:58:ae:4e:d8:
                    65:bd:f3:93:4d:7c:0e:4f:82:4d:66:77:58:76:ca:
                    c2:18:65:d0:83:0e:84:37:a9:76:b7:f0:a4:f1:71:
                    77:1c:d8:bf:31:a0:eb:78:e3:3e:2e:2e:88:e8:f5:
                    b7:3a:14:67:db:ca:14:8c:a7:37:bc:23:fd:fe:7e:
                    dd:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:9B:36:7F:72:77:26:F7:26:D1:EA:4B:C1:AE:46:E8:34:8D:33:85
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/mps2f3J3Jvcm0epLwa5G6DSNM4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.132.0/24
                IPv6:
                  2a0a:d6c0::/48
                  2a0a:d6c0:2::-2a0a:d6c0:9:ffff:ffff:ffff:ffff:ffff
                  2a0a:d6c0:10::/47
                  2a0a:d6c0:13::/48
                  2a0a:d6c0:efef::-2a0a:d6c0:eff3:ffff:ffff:ffff:ffff:ffff
                  2a0a:d6c0:efff::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:98:fc:57:02:92:f5:1e:88:e5:08:e0:1e:4f:1c:2c:61:e4:
         7f:6b:33:b0:29:47:b3:af:fb:4f:eb:24:9e:07:f7:b6:09:9c:
         50:97:4c:e8:c9:07:6e:7b:41:0d:08:f0:e9:a4:05:dc:dd:15:
         f8:ad:b3:30:6d:a7:1d:26:bb:e9:9c:d5:6e:fb:9a:75:e2:f5:
         cf:1a:a1:3e:e8:65:76:5c:74:54:1a:d6:23:0a:59:a8:0b:f6:
         a2:f7:d0:88:8a:7d:90:8b:11:cc:92:5c:eb:ee:53:51:d7:a4:
         bc:e3:8a:78:5e:df:5e:8e:48:94:82:d3:a2:9c:ff:57:7e:a5:
         d6:21:fb:de:7f:59:0f:cd:96:42:94:06:50:a5:88:7d:46:86:
         0b:99:61:bd:0d:81:75:ae:05:bc:d5:75:24:ef:28:5a:a8:47:
         d4:dd:b0:9b:ba:e7:98:a2:c9:0c:e7:49:e0:cd:26:f7:cd:6e:
         ca:3c:d2:39:50:cd:52:95:06:66:24:03:61:74:04:8f:d2:55:
         04:24:23:60:1b:6d:a2:5f:00:2d:6f:c5:c2:ed:0b:c1:96:64:
         ab:31:39:fc:83:fb:71:fd:18:58:ea:ca:90:4d:68:b0:1e:dd:
         76:e2:81:ec:ce:e6:56:78:31:63:01:da:2f:7f:90:64:94:97:
         ab:63:26:bf
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYPptPRuN69fR61SeOo9a0YOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjIxMDE4MDYwODEzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTliMzY3ZjcyNzcyNmY3MjZkMWVhNGJjMWFlNDZlODM0OGQzMzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkE5W95914/CEzp8BdVUrsBpN4BMr
Gfr1J8PndU4oZVU/8cVIi36ezLyaKJc48fzPDIFtN14j3sNQvg4k5hatsZWTB6U/
GiRwuibgNcG+j4fEwxXQ8OnNmvZY6Jnx+L0SDqTD5ZzTPjv3DBUIYQlx/Q/yCwKL
c9gb28A8v/DSzk8T0P2hHU+AV2zCb/7LpR10SLGt+3Zk8LsJrOJ2M9PIUWF9TTZe
YU7KG/iEnQsDeQuPT+ecR3HOIHcN4AcYfFiuTthlvfOTTXwOT4JNZndYdsrCGGXQ
gw6EN6l2t/Ck8XF3HNi/MaDreOM+Li6I6PW3OhRn28oUjKc3vCP9/n7dGwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFJqbNn9ydyb3JtHqS8GuRug0jTOFMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvbXBzMmYzSjNKdmNtMGVwTHdhNUc2RFNOTTRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjAMBAIAATAGAwQAucqEMFIE
AgACMEwDBwAqCtbAAAAwEgMHASoK1sAAAgMHASoK1sAACAMHASoK1sAAEAMHACoK
1sAAEzASAwcAKgrWwO/vAwcCKgrWwO/wAwcAKgrWwO//MA0GCSqGSIb3DQEBCwUA
A4IBAQCimPxXApL1HojlCOAeTxwsYeR/azOwKUezr/tP6ySeB/e2CZxQl0zoyQdu
e0ENCPDppAXc3RX4rbMwbacdJrvpnNVu+5p14vXPGqE+6GV2XHRUGtYjClmoC/ai
99CIin2QixHMklzr7lNR16S844p4Xt9ejkiUgtOinP9XfqXWIfvef1kPzZZClAZQ
pYh9RoYLmWG9DYF1rgW81XUk7yhaqEfU3bCbuueYoskM50ngzSb3zW7KPNI5UM1S
lQZmJANhdASP0lUEJCNgG22iXwAtb8XC7QvBlmSrMTn8g/tx/RhY6sqQTWiwHt12
4oHszuZWeDFjAdovf5BklJerYya/
-----END CERTIFICATE-----