Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/uUq7AxReqvcq02EfL3VRDoBTerY.roa
File:                     uUq7AxReqvcq02EfL3VRDoBTerY.roa (raw, json)
Hash identifier:          8sMF89Xwew1J5Ku7cfq27wJuKlki3+pE1NG4jPE+UmY=
Subject key identifier:   B9:4A:BB:03:14:5E:AA:F7:2A:D3:61:1F:2F:75:51:0E:80:53:7A:B6
Certificate issuer:       /CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
Certificate serial:       018533F05D914DE5ED0F693F160CE01CE93B
Authority key identifier: 27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/uUq7AxReqvcq02EfL3VRDoBTerY.roa
Signing time:             Wed 21 Dec 2022 09:07:48 +0000
ROA not before:           Wed 21 Dec 2022 09:07:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15623
IP address blocks:        193.247.205.0/24 maxlen: 24
                          193.246.253.0/24 maxlen: 24
                          212.45.192.0/19 maxlen: 19
                          195.226.0.0/19 maxlen: 19
                          213.189.128.0/19 maxlen: 19
                          217.75.16.0/21 maxlen: 21
                          217.75.24.0/21 maxlen: 21
                          212.55.192.0/19 maxlen: 19
                          213.158.128.0/19 maxlen: 19
                          195.144.160.0/19 maxlen: 19
                          62.12.128.0/17 maxlen: 17
                          217.14.64.0/20 maxlen: 20
                          193.5.123.0/24 maxlen: 24
                          2001:8a8::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:33:f0:5d:91:4d:e5:ed:0f:69:3f:16:0c:e0:1c:e9:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
        Validity
            Not Before: Dec 21 09:07:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b94abb03145eaaf72ad3611f2f75510e80537ab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:36:cc:81:33:9a:93:74:b0:27:79:05:04:be:
                    ed:2b:bb:f6:78:4e:97:8a:4c:70:9c:43:91:04:5a:
                    43:de:f8:a0:43:a2:68:83:fa:9f:a0:79:70:80:70:
                    7b:54:5d:0c:db:66:29:7b:f1:58:0e:96:b2:88:90:
                    7c:7b:32:f5:ec:75:9c:17:a1:cc:1d:ff:7a:51:53:
                    96:d6:16:e2:4b:1b:cb:aa:a8:20:a7:15:74:63:e2:
                    ed:36:99:9d:a7:53:9c:90:e0:14:9a:b6:9a:56:a2:
                    c9:13:19:04:d7:7f:57:fc:7c:f1:c6:34:86:54:38:
                    a1:35:bc:30:06:45:29:c0:69:3c:30:eb:6b:aa:bf:
                    14:5b:dc:b0:09:59:45:77:21:94:cc:40:14:a6:0a:
                    3d:f7:3d:95:24:80:e0:af:1a:62:2a:12:3c:ab:e4:
                    d8:1b:a4:84:11:9c:9e:73:b0:7e:e6:1b:06:3a:ea:
                    f8:3e:3f:c1:b6:6c:54:88:a2:7e:50:90:f4:ba:6e:
                    b9:1d:e7:f4:ed:7f:df:50:e2:43:9f:12:c0:d2:75:
                    8c:61:c5:01:98:36:39:f4:68:bb:7d:f0:54:19:08:
                    b3:66:1c:04:f3:2d:36:19:bc:68:99:1a:1c:fd:f2:
                    2d:68:47:2c:6b:44:5f:92:00:e4:0a:40:44:5c:a1:
                    1e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4A:BB:03:14:5E:AA:F7:2A:D3:61:1F:2F:75:51:0E:80:53:7A:B6
            X509v3 Authority Key Identifier:
                keyid:27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/uUq7AxReqvcq02EfL3VRDoBTerY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.12.128.0/17
                  193.5.123.0/24
                  193.246.253.0/24
                  193.247.205.0/24
                  195.144.160.0/19
                  195.226.0.0/19
                  212.45.192.0/19
                  212.55.192.0/19
                  213.158.128.0/19
                  213.189.128.0/19
                  217.14.64.0/20
                  217.75.16.0/20
                IPv6:
                  2001:8a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:8f:76:72:48:ee:d6:19:d7:10:04:26:b0:81:46:5c:06:b2:
         44:fd:cd:a0:81:ca:c7:93:2b:ae:fa:25:c2:58:04:b5:66:7f:
         1f:19:73:cf:fc:ac:aa:22:b9:05:59:fc:62:e3:17:af:39:99:
         89:8d:72:97:0c:9a:a9:06:98:42:bb:4a:af:bf:af:35:5a:10:
         d9:3f:79:c4:ae:ca:25:66:f1:78:9f:2d:fc:36:0f:6f:af:9b:
         20:8c:a6:05:78:45:f7:60:0a:93:29:67:fa:e4:94:59:5d:4c:
         57:c2:69:5c:39:e0:89:0d:c5:97:6e:4e:06:20:86:4e:89:98:
         bf:3e:56:ad:23:71:ec:19:8c:54:15:5b:ef:1b:41:66:5b:83:
         8a:ad:96:ea:bd:2c:39:11:b9:b8:8b:d0:54:94:a6:b1:d2:64:
         fb:23:4c:8f:45:68:66:f4:74:6f:e3:ff:a0:99:9a:5f:eb:9c:
         aa:95:0e:89:be:f8:5d:ba:11:f6:7a:e9:4e:d1:7e:7a:b4:16:
         dd:76:f3:ce:dc:fd:14:04:94:78:35:28:70:a8:a3:55:a9:64:
         15:49:41:42:6d:ed:91:ec:a0:de:b5:9d:df:aa:28:82:f1:05:
         ca:f7:e8:c9:78:8d:d6:ce:4b:8d:1c:5e:bb:8e:a9:74:7c:7c:
         7e:24:70:62
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYUz8F2RTeXtD2k/FgzgHOk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZjUxODBmOWI5M2FlNzU3M2MwOGE4OTRiZDQ1MmJkNzdj
ZTU2Y2QwHhcNMjIxMjIxMDkwNzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTRhYmIwMzE0NWVhYWY3MmFkMzYxMWYyZjc1NTEwZTgwNTM3YWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDbMgTOak3SwJ3kFBL7tK7v2eE6X
ikxwnEORBFpD3vigQ6Jog/qfoHlwgHB7VF0M22Ype/FYDpayiJB8ezL17HWcF6HM
Hf96UVOW1hbiSxvLqqggpxV0Y+LtNpmdp1OckOAUmraaVqLJExkE139X/HzxxjSG
VDihNbwwBkUpwGk8MOtrqr8UW9ywCVlFdyGUzEAUpgo99z2VJIDgrxpiKhI8q+TY
G6SEEZyec7B+5hsGOur4Pj/BtmxUiKJ+UJD0um65Hef07X/fUOJDnxLA0nWMYcUB
mDY59Gi7ffBUGQizZhwE8y02GbxomRoc/fItaEcsa0RfkgDkCkBEXKEe7QIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFLlKuwMUXqr3KtNhHy91UQ6AU3q2MB8GA1UdIwQY
MBaAFCf1GA+bk651c8CKiUvUUr13zlbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMt
MzBmZWUyN2U4NGNiLzEvdVVxN0F4UmVxdmNxMDJFZkwzVlJEb0JUZXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMtMzBmZWUyN2U4NGNi
LzEvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQHPgyAAwQA
wQV7AwQAwfb9AwQAwffNAwQFw5CgAwQFw+IAAwQF1C3AAwQF1DfAAwQF1Z6AAwQF
1b2AAwQE2Q5AAwQE2UsQMA0EAgACMAcDBQAgAQioMA0GCSqGSIb3DQEBCwUAA4IB
AQA8j3ZySO7WGdcQBCawgUZcBrJE/c2ggcrHkyuu+iXCWAS1Zn8fGXPP/KyqIrkF
Wfxi4xevOZmJjXKXDJqpBphCu0qvv681WhDZP3nErsolZvF4ny38Ng9vr5sgjKYF
eEX3YAqTKWf65JRZXUxXwmlcOeCJDcWXbk4GIIZOiZi/PlatI3HsGYxUFVvvG0Fm
W4OKrZbqvSw5Ebm4i9BUlKax0mT7I0yPRWhm9HRv4/+gmZpf65yqlQ6JvvhduhH2
eulO0X56tBbddvPO3P0UBJR4NShwqKNVqWQVSUFCbe2R7KDetZ3fqiiC8QXK9+jJ
eI3WzkuNHF67jql0fHx+JHBi
-----END CERTIFICATE-----