Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/6djQIrDNb8B85rmCquBgNU4dVbg.roa
File:                     6djQIrDNb8B85rmCquBgNU4dVbg.roa (raw, json)
Hash identifier:          8Py/Xpsspw+R39YSNjXGlo3vmpvE8bR5KAQmrxqB9GY=
Subject key identifier:   E9:D8:D0:22:B0:CD:6F:C0:7C:E6:B9:82:AA:E0:60:35:4E:1D:55:B8
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       0183E645B766C2D60A7D23BBCAC0A1BC9532
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/6djQIrDNb8B85rmCquBgNU4dVbg.roa
Signing time:             Mon 17 Oct 2022 14:07:52 +0000
ROA not before:           Mon 17 Oct 2022 14:07:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204755
IP address blocks:        2a0f:ca80:deed::/48 maxlen: 48
                          2a0f:ca80:fe0::/44 maxlen: 44
                          2a0f:ca80:b00b::/48 maxlen: 48
                          2a0f:ca80:616::/48 maxlen: 48
                          2a0f:ca80:666::/48 maxlen: 48
                          2a0f:ca81:deed::/48 maxlen: 48
                          2a0f:ca80:1339::/48 maxlen: 48
                          2a0f:ca81:b00b::/48 maxlen: 48
                          2a0f:ca80:beef::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:e6:45:b7:66:c2:d6:0a:7d:23:bb:ca:c0:a1:bc:95:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Oct 17 14:07:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e9d8d022b0cd6fc07ce6b982aae060354e1d55b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e4:90:95:7a:ac:a9:30:60:e9:9b:1e:e0:77:
                    45:c8:bb:9c:47:1c:94:e6:60:1d:e3:3d:a6:b7:ab:
                    5e:61:fd:e6:1a:47:0b:9d:45:a7:74:a2:1d:23:a9:
                    7c:5c:b4:ae:a2:64:ae:7b:a0:fb:60:8f:10:8a:9c:
                    ca:07:14:c6:65:ab:11:66:a3:43:68:ab:f5:d3:89:
                    9e:b8:0f:64:8e:be:88:78:1c:01:b7:dc:9e:43:d6:
                    9c:89:1f:2c:a1:4a:72:b3:0c:b9:69:b8:18:38:09:
                    2a:c1:6b:70:27:4d:28:92:66:ea:a1:1a:2b:95:12:
                    47:b8:78:26:21:23:f3:78:aa:af:d9:c4:fb:0b:9a:
                    80:09:28:3d:00:91:df:3b:09:ee:49:06:8a:27:f0:
                    4e:c6:36:e5:0d:15:ee:38:b0:e6:a0:0f:60:0a:85:
                    5a:71:66:b9:cb:47:6a:27:fd:45:11:f0:96:75:e7:
                    95:20:e2:2d:04:3e:96:c4:d5:71:ce:04:5f:c6:70:
                    34:bf:8e:42:51:cf:98:6d:73:4f:b0:3a:ad:6d:65:
                    8e:0d:f4:73:04:72:ec:57:94:c0:9d:7a:bc:81:b4:
                    a3:64:26:44:ee:58:03:60:5d:60:62:a9:85:92:b1:
                    09:4f:e0:ac:4f:5b:8b:17:cb:0c:23:6f:a9:f2:de:
                    ac:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D8:D0:22:B0:CD:6F:C0:7C:E6:B9:82:AA:E0:60:35:4E:1D:55:B8
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/6djQIrDNb8B85rmCquBgNU4dVbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ca80:616::/48
                  2a0f:ca80:666::/48
                  2a0f:ca80:fe0::/44
                  2a0f:ca80:1339::/48
                  2a0f:ca80:b00b::/48
                  2a0f:ca80:beef::/48
                  2a0f:ca80:deed::/48
                  2a0f:ca81:b00b::/48
                  2a0f:ca81:deed::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:e8:31:f8:ed:90:d4:dc:8a:98:cb:4e:bd:91:27:43:ad:88:
         d5:ab:8c:77:81:7f:73:76:8a:ef:cc:55:d6:2b:81:d4:6c:89:
         26:a2:c5:95:bb:3c:81:d7:c8:96:4f:a8:a7:eb:fb:f6:ff:73:
         f3:88:c0:98:d3:85:7b:ae:c3:ef:16:7a:be:7e:56:4f:c9:e0:
         07:d9:d4:ca:4e:2f:8d:59:d6:74:41:e7:46:7f:c5:90:42:10:
         5c:50:27:27:70:b7:d0:8b:7e:51:3f:2e:29:42:0b:b9:17:bb:
         a7:e3:7d:3b:3d:4e:10:d9:35:f5:f5:de:63:a2:aa:ab:58:fb:
         ae:c5:39:73:3f:c5:40:b1:b1:72:9e:1f:ef:2d:15:3a:18:bf:
         87:c6:20:39:9b:cd:39:1e:2b:e2:2c:99:85:2a:6a:a2:27:f6:
         2a:91:75:19:b1:5c:b2:38:7f:c0:8f:3f:92:5b:9e:99:44:f6:
         a8:0a:ab:2f:ae:41:a9:26:29:7b:cd:c7:22:40:8a:0a:2a:d2:
         0d:3c:91:61:1c:f1:86:3f:85:a7:b5:55:28:58:a5:7b:70:75:
         f8:51:c8:ad:d3:97:eb:dd:df:4d:83:79:27:c2:15:58:16:7a:
         f2:03:29:8b:43:53:5d:0e:24:68:75:b5:97:5d:a8:00:3d:90:
         5a:fe:d8:22
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYPmRbdmwtYKfSO7ysChvJUyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjIxMDE3MTQwNzUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWQ4ZDAyMmIwY2Q2ZmMwN2NlNmI5ODJhYWUwNjAzNTRlMWQ1NWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuSQlXqsqTBg6Zse4HdFyLucRxyU
5mAd4z2mt6teYf3mGkcLnUWndKIdI6l8XLSuomSue6D7YI8QipzKBxTGZasRZqND
aKv104meuA9kjr6IeBwBt9yeQ9aciR8soUpyswy5abgYOAkqwWtwJ00okmbqoRor
lRJHuHgmISPzeKqv2cT7C5qACSg9AJHfOwnuSQaKJ/BOxjblDRXuOLDmoA9gCoVa
cWa5y0dqJ/1FEfCWdeeVIOItBD6WxNVxzgRfxnA0v45CUc+YbXNPsDqtbWWODfRz
BHLsV5TAnXq8gbSjZCZE7lgDYF1gYqmFkrEJT+CsT1uLF8sMI2+p8t6s7wIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFOnY0CKwzW/AfOa5gqrgYDVOHVW4MB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvNmRqUUlyRE5iOEI4NXJtQ3F1QmdOVTRkVmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBXBAIAAjBRAwcAKg/KgAYW
AwcAKg/KgAZmAwcEKg/KgA/gAwcAKg/KgBM5AwcAKg/KgLALAwcAKg/KgL7vAwcA
Kg/KgN7tAwcAKg/KgbALAwcAKg/Kgd7tMA0GCSqGSIb3DQEBCwUAA4IBAQBv6DH4
7ZDU3IqYy069kSdDrYjVq4x3gX9zdorvzFXWK4HUbIkmosWVuzyB18iWT6in6/v2
/3PziMCY04V7rsPvFnq+flZPyeAH2dTKTi+NWdZ0QedGf8WQQhBcUCcncLfQi35R
Py4pQgu5F7un4307PU4Q2TX19d5joqqrWPuuxTlzP8VAsbFynh/vLRU6GL+HxiA5
m805HiviLJmFKmqiJ/YqkXUZsVyyOH/Ajz+SW56ZRPaoCqsvrkGpJil7zcciQIoK
KtINPJFhHPGGP4WntVUoWKV7cHX4Ucit05fr3d9Ng3knwhVYFnryAymLQ1NdDiRo
dbWXXagAPZBa/tgi
-----END CERTIFICATE-----