Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9dN3bB_02Fe0YzBvaoHuaVQliQ4.roa
File:                     9dN3bB_02Fe0YzBvaoHuaVQliQ4.roa (raw, json)
Hash identifier:          fvb0iR+3TBySOPSZTJL8gI/620oqW6gHfPwkN2jcBPo=
Subject key identifier:   F5:D3:77:6C:1F:F4:D8:57:B4:63:30:6F:6A:81:EE:69:54:25:89:0E
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       01843C5A8620AAEB4E8AA964B87DF814EE8D
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9dN3bB_02Fe0YzBvaoHuaVQliQ4.roa
Signing time:             Thu 03 Nov 2022 07:17:56 +0000
ROA not before:           Thu 03 Nov 2022 07:17:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42926
IP address blocks:        84.17.64.0/24 maxlen: 24
                          195.128.38.0/24 maxlen: 24
                          195.128.36.0/24 maxlen: 24
                          195.128.34.0/24 maxlen: 24
                          195.128.33.0/24 maxlen: 24
                          195.128.32.0/24 maxlen: 24
                          195.128.39.0/24 maxlen: 24
                          193.254.253.0/24 maxlen: 24
                          193.254.252.0/24 maxlen: 24
                          84.17.66.0/24 maxlen: 24
                          84.17.77.0/24 maxlen: 24
                          84.17.82.0/24 maxlen: 24
                          84.17.81.0/24 maxlen: 24
                          84.17.80.0/24 maxlen: 24
                          84.17.85.0/24 maxlen: 24
                          84.17.94.0/24 maxlen: 24
                          84.17.92.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:3c:5a:86:20:aa:eb:4e:8a:a9:64:b8:7d:f8:14:ee:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Nov  3 07:17:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f5d3776c1ff4d857b463306f6a81ee695425890e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4b:a1:66:66:ff:5e:05:ad:af:4b:f5:5d:aa:
                    e6:b6:0d:f2:be:8c:82:99:21:9b:a4:28:27:d5:f4:
                    25:86:5f:26:f5:05:f4:ae:7f:9f:3e:92:bf:e2:49:
                    42:4e:ac:37:e0:bf:3c:44:e9:cd:cb:0d:8f:06:af:
                    13:73:31:c0:04:11:80:20:9c:80:73:e6:e5:7c:f8:
                    23:ca:fb:d9:e3:9d:df:1c:c3:8d:63:e0:d1:c3:80:
                    03:08:8d:11:d3:1e:fc:b7:a9:10:0d:6d:e1:dd:7f:
                    da:be:69:72:2d:64:0a:b4:b2:c8:fc:ec:88:58:70:
                    5e:a5:f2:5f:31:56:99:ca:88:5b:29:35:24:c9:5c:
                    8f:bf:d3:26:6d:03:24:13:f2:88:51:50:e0:d7:cb:
                    1d:3f:cf:0e:a1:55:34:3f:c3:25:6c:42:58:ed:7b:
                    83:f7:e5:21:53:9d:a1:92:5c:95:c2:9c:dc:c1:38:
                    c8:96:a7:33:7f:e8:74:6e:a8:34:0d:7f:d7:ae:6c:
                    7c:ef:13:7d:2d:73:d2:28:14:07:b0:6b:20:ed:8d:
                    53:7d:41:f8:dc:7f:40:5f:c4:c7:c4:a5:3a:95:bb:
                    f8:70:19:41:41:5e:3b:9d:40:f6:aa:6a:13:81:44:
                    fa:1a:a9:2f:79:49:bb:f9:20:d7:95:5e:8e:d9:13:
                    d3:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:D3:77:6C:1F:F4:D8:57:B4:63:30:6F:6A:81:EE:69:54:25:89:0E
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9dN3bB_02Fe0YzBvaoHuaVQliQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.64.0/24
                  84.17.66.0/24
                  84.17.77.0/24
                  84.17.80.0-84.17.82.255
                  84.17.85.0/24
                  84.17.92.0/24
                  84.17.94.0/24
                  193.254.252.0/23
                  195.128.32.0-195.128.34.255
                  195.128.36.0/24
                  195.128.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:ad:1b:47:e3:71:48:8a:ef:9e:72:fc:c2:84:2c:6f:ee:29:
         08:a6:59:77:a3:40:9d:47:3d:a4:df:0f:77:29:7a:c0:f1:5c:
         a7:6f:b9:a3:83:5e:ef:3f:8d:be:ac:42:d0:fb:83:07:08:6b:
         ba:a2:8c:30:fd:c8:8b:13:37:9d:5b:db:bb:5d:c9:72:cb:02:
         25:1c:41:de:e5:57:42:eb:47:7d:c2:4b:c8:2a:2a:02:5a:10:
         d7:0f:cc:97:d1:a1:35:7f:56:1b:c6:56:8a:94:25:a3:bf:16:
         0a:d9:c0:b2:a1:9e:d6:e1:3d:94:65:54:c4:1f:73:87:41:76:
         55:9f:de:ac:ef:65:65:4c:5e:b8:fc:4f:5e:7c:17:9f:47:33:
         d7:34:e6:c8:88:e2:ff:4b:db:e6:b9:a7:56:c6:0c:87:62:bd:
         34:a4:66:78:e3:f4:70:fa:a4:ff:a4:0a:2f:45:7e:32:e6:a8:
         1b:90:20:d7:ab:1a:75:e9:da:e5:3b:02:c2:4a:dd:97:d1:c2:
         ab:ce:9a:1e:57:fe:83:4b:6c:82:95:e1:48:8c:3c:74:e8:5e:
         d0:88:a0:10:09:39:1f:47:df:47:07:45:75:09:7a:d5:54:67:
         9d:aa:1b:ba:91:ca:48:24:76:bf:32:4a:ac:ad:9f:25:db:8a:
         73:e3:41:30
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYQ8WoYgqutOiqlkuH34FO6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjIxMTAzMDcxNzU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWQzNzc2YzFmZjRkODU3YjQ2MzMwNmY2YTgxZWU2OTU0MjU4OTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UuhZmb/XgWtr0v1Xarmtg3yvoyC
mSGbpCgn1fQlhl8m9QX0rn+fPpK/4klCTqw34L88ROnNyw2PBq8TczHABBGAIJyA
c+blfPgjyvvZ453fHMONY+DRw4ADCI0R0x78t6kQDW3h3X/avmlyLWQKtLLI/OyI
WHBepfJfMVaZyohbKTUkyVyPv9MmbQMkE/KIUVDg18sdP88OoVU0P8MlbEJY7XuD
9+UhU52hklyVwpzcwTjIlqczf+h0bqg0DX/Xrmx87xN9LXPSKBQHsGsg7Y1TfUH4
3H9AX8THxKU6lbv4cBlBQV47nUD2qmoTgUT6GqkveUm7+SDXlV6O2RPT+QIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFPXTd2wf9NhXtGMwb2qB7mlUJYkOMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvOWROM2JCXzAyRmUwWXpCdmFvSHVhVlFsaVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAVBFAAwQA
VBFCAwQAVBFNMAwDBARUEVADBABUEVIDBABUEVUDBABUEVwDBABUEV4DBAHB/vww
DAMEBcOAIAMEAMOAIgMEAMOAJAMEAcOAJjANBgkqhkiG9w0BAQsFAAOCAQEASK0b
R+NxSIrvnnL8woQsb+4pCKZZd6NAnUc9pN8Pdyl6wPFcp2+5o4Ne7z+NvqxC0PuD
BwhruqKMMP3IixM3nVvbu13JcssCJRxB3uVXQutHfcJLyCoqAloQ1w/Ml9GhNX9W
G8ZWipQlo78WCtnAsqGe1uE9lGVUxB9zh0F2VZ/erO9lZUxeuPxPXnwXn0cz1zTm
yIji/0vb5rmnVsYMh2K9NKRmeOP0cPqk/6QKL0V+MuaoG5Ag16sadena5TsCwkrd
l9HCq86aHlf+g0tsgpXhSIw8dOhe0IigEAk5H0ffRwdFdQl61VRnnaobupHKSCR2
vzJKrK2fJduKc+NBMA==
-----END CERTIFICATE-----