Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4b419c-cf8f-4c9a-94d7-bb4b65b6a0d1/1/ZoMhd-U2eeprZdhZESk9Og5qcKo.roa
File:                     ZoMhd-U2eeprZdhZESk9Og5qcKo.roa (raw, json)
Hash identifier:          AjcS19dy8BXKeMPwEmjiWh2Q8gpJv208Z2cxoo0Gt50=
Subject key identifier:   66:83:21:77:E5:36:79:EA:6B:65:D8:59:11:29:3D:3A:0E:6A:70:AA
Certificate issuer:       /CN=5833294a1cdc1358afc439c0a72733b065a86f8b
Certificate serial:       03E5738D
Authority key identifier: 58:33:29:4A:1C:DC:13:58:AF:C4:39:C0:A7:27:33:B0:65:A8:6F:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WDMpShzcE1ivxDnApyczsGWob4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/4b419c-cf8f-4c9a-94d7-bb4b65b6a0d1/1/ZoMhd-U2eeprZdhZESk9Og5qcKo.roa
Signing time:             Sat 01 Jan 2022 02:55:37 +0000
ROA not before:           Sat 01 Jan 2022 02:55:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49352
IP address blocks:        188.93.209.127/32 maxlen: 32
                          188.93.213.0/24 maxlen: 24
                          188.93.208.0/23 maxlen: 23
                          188.93.215.0/24 maxlen: 24
                          188.93.214.0/24 maxlen: 24
                          178.21.14.0/23 maxlen: 23
                          178.21.13.0/24 maxlen: 24
                          178.21.12.0/22 maxlen: 22
                          178.21.12.0/24 maxlen: 24
                          185.38.16.0/24 maxlen: 24
                          185.38.17.0/24 maxlen: 24
                          185.38.18.0/24 maxlen: 24
                          188.93.208.172/32 maxlen: 32
                          194.67.75.0/24 maxlen: 24
                          178.21.9.0/24 maxlen: 24
                          176.99.4.0/24 maxlen: 24
                          176.99.9.0/24 maxlen: 24
                          176.99.5.0/24 maxlen: 24
                          176.99.7.0/24 maxlen: 24
                          176.99.6.0/24 maxlen: 24
                          176.99.5.190/32 maxlen: 32
                          2a02:f20::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65368973 (0x3e5738d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5833294a1cdc1358afc439c0a72733b065a86f8b
        Validity
            Not Before: Jan  1 02:55:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=66832177e53679ea6b65d85911293d3a0e6a70aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:1a:c5:3b:dd:f5:9b:94:7f:c6:8e:8b:0d:c7:
                    cc:99:25:e6:1c:0f:ae:c1:2e:88:0e:17:83:89:f4:
                    56:50:59:32:38:23:f3:e1:18:b8:28:a0:e5:a8:05:
                    2c:83:d7:74:b2:a8:51:18:c1:c1:05:79:83:fe:fc:
                    c1:01:fd:7d:ec:75:2d:35:a9:15:4d:ac:f4:00:f2:
                    96:d5:d8:f4:76:81:53:70:fe:74:33:ed:dd:dd:6f:
                    17:6d:79:c6:a9:de:55:58:66:5a:d0:d0:64:e6:15:
                    9a:c7:83:aa:f0:bb:6d:f5:40:e8:96:e9:67:71:d4:
                    0c:f1:5b:6c:bd:a1:bd:09:b1:f6:4a:e6:0c:b0:16:
                    32:b1:0f:d5:cb:23:98:13:6e:d3:52:40:e5:58:10:
                    a9:6e:9b:31:e4:ed:ee:06:06:ce:0c:f2:8b:e1:1c:
                    22:9d:a3:61:eb:fc:67:e0:6f:31:57:15:0e:d1:39:
                    8a:2c:35:c2:db:ab:bb:fb:71:29:19:d4:84:49:ea:
                    38:b2:30:64:35:2f:af:cd:04:ce:e5:63:73:86:c9:
                    9f:9c:3b:9b:e1:5a:62:fb:cc:79:29:8d:9b:9a:7d:
                    c5:b7:95:a1:0e:fa:d0:88:49:57:9e:b6:3d:80:c1:
                    7c:3a:d3:22:da:0e:54:79:c6:e3:b4:5b:95:73:b3:
                    49:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:83:21:77:E5:36:79:EA:6B:65:D8:59:11:29:3D:3A:0E:6A:70:AA
            X509v3 Authority Key Identifier:
                keyid:58:33:29:4A:1C:DC:13:58:AF:C4:39:C0:A7:27:33:B0:65:A8:6F:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WDMpShzcE1ivxDnApyczsGWob4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4b419c-cf8f-4c9a-94d7-bb4b65b6a0d1/1/ZoMhd-U2eeprZdhZESk9Og5qcKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4b419c-cf8f-4c9a-94d7-bb4b65b6a0d1/1/WDMpShzcE1ivxDnApyczsGWob4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.99.4.0/22
                  176.99.9.0/24
                  178.21.9.0/24
                  178.21.12.0/22
                  185.38.16.0-185.38.18.255
                  188.93.208.0/23
                  188.93.213.0-188.93.215.255
                  194.67.75.0/24
                IPv6:
                  2a02:f20::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:dc:40:58:99:fe:b8:fe:4d:5b:76:7d:8e:5d:6c:a4:fc:5d:
         f2:07:e7:4c:46:bd:6d:c2:6d:ad:c7:97:ff:26:30:46:df:42:
         cd:8b:f4:4c:c1:bd:68:ea:96:82:7e:c4:7c:55:e0:3c:eb:63:
         44:95:65:fc:00:25:3e:98:c6:38:76:72:4d:45:4b:a5:ad:a8:
         b3:82:a9:7a:95:6b:57:fe:8e:15:f0:5c:bb:37:20:50:a4:86:
         ed:0b:dc:c4:8b:76:28:3e:48:f0:0c:79:c7:f5:bb:22:1d:e6:
         4e:af:7f:a2:42:3b:05:af:cd:54:74:47:35:1e:1c:e8:7b:7b:
         dc:cf:2d:50:09:ae:5d:e9:fd:8b:e3:d2:6f:a6:1f:4a:13:44:
         fb:a0:3e:35:f5:4d:3e:1e:2e:43:4e:cb:3d:0f:11:77:b8:05:
         4f:37:76:b0:88:82:ed:99:94:f7:61:fc:40:f2:41:21:eb:78:
         22:10:68:7a:0b:62:6a:e1:24:9f:d5:58:d4:a4:f3:59:69:e1:
         d1:51:56:f8:47:86:c8:7e:37:bc:74:7d:08:ee:b9:92:22:10:
         bc:f3:61:00:e1:3a:ad:4d:9b:cd:df:b0:53:9f:11:a2:39:a9:
         3e:21:9e:42:26:92:22:14:4d:72:c2:4b:97:2c:3e:73:6e:04:
         db:b9:40:e7
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIEA+VzjTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ODMzMjk0YTFjZGMxMzU4YWZjNDM5YzBhNzI3MzNiMDY1YTg2ZjhiMB4XDTIyMDEw
MTAyNTUzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjY4MzIxNzdlNTM2
NzllYTZiNjVkODU5MTEyOTNkM2EwZTZhNzBhYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPEaxTvd9ZuUf8aOiw3HzJkl5hwPrsEuiA4Xg4n0VlBZMjgj
8+EYuCig5agFLIPXdLKoURjBwQV5g/78wQH9fex1LTWpFU2s9ADyltXY9HaBU3D+
dDPt3d1vF215xqneVVhmWtDQZOYVmseDqvC7bfVA6JbpZ3HUDPFbbL2hvQmx9krm
DLAWMrEP1csjmBNu01JA5VgQqW6bMeTt7gYGzgzyi+EcIp2jYev8Z+BvMVcVDtE5
iiw1wturu/txKRnUhEnqOLIwZDUvr80EzuVjc4bJn5w7m+FaYvvMeSmNm5p9xbeV
oQ760IhJV562PYDBfDrTItoOVHnG47RblXOzSV8CAwEAAaOCAlIwggJOMB0GA1Ud
DgQWBBRmgyF35TZ56mtl2FkRKT06DmpwqjAfBgNVHSMEGDAWgBRYMylKHNwTWK/E
OcCnJzOwZahvizAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1dETXBTaHpjRTFpdnhEbkFweWN6c0dXb2I0cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNGI0MTljLWNmOGYtNGM5YS05NGQ3LWJiNGI2NWI2YTBkMS8x
L1pvTWhkLVUyZWVwclpkaFpFU2s5T2c1cWNLby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NGI0MTljLWNmOGYtNGM5YS05NGQ3LWJiNGI2NWI2YTBkMS8xL1dETXBTaHpjRTFp
dnhEbkFweWN6c0dXb2I0cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBo
BggrBgEFBQcBBwEB/wRZMFcwRgQCAAEwQAMEArBjBAMEALBjCQMEALIVCQMEArIV
DDAMAwQEuSYQAwQAuSYSAwQBvF3QMAwDBAC8XdUDBAO8XdADBADCQ0swDQQCAAIw
BwMFACoCDyAwDQYJKoZIhvcNAQELBQADggEBAKDcQFiZ/rj+TVt2fY5dbKT8XfIH
50xGvW3Cba3Hl/8mMEbfQs2L9EzBvWjqloJ+xHxV4DzrY0SVZfwAJT6Yxjh2ck1F
S6WtqLOCqXqVa1f+jhXwXLs3IFCkhu0L3MSLdig+SPAMecf1uyId5k6vf6JCOwWv
zVR0RzUeHOh7e9zPLVAJrl3p/Yvj0m+mH0oTRPugPjX1TT4eLkNOyz0PEXe4BU83
drCIgu2ZlPdh/EDyQSHreCIQaHoLYmrhJJ/VWNSk81lp4dFRVvhHhsh+N7x0fQju
uZIiELzzYQDhOq1Nm83fsFOfEaI5qT4hnkImkiIUTXLCS5csPnNuBNu5QOc=
-----END CERTIFICATE-----