Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/A41km9ujKqb0jSNyj1xL8hid7HM.roa
File:                     A41km9ujKqb0jSNyj1xL8hid7HM.roa (raw, json)
Hash identifier:          OIH4B1lgb2vVFes1bIlRYfbBY08F08c55xIThU40rRc=
Subject key identifier:   03:8D:64:9B:DB:A3:2A:A6:F4:8D:23:72:8F:5C:4B:F2:18:9D:EC:73
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       16EA39D8
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/A41km9ujKqb0jSNyj1xL8hid7HM.roa
Signing time:             Tue 17 May 2022 09:43:29 +0000
ROA not before:           Tue 17 May 2022 09:43:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47537
IP address blocks:        46.28.43.0/24 maxlen: 24
                          46.28.44.0/24 maxlen: 24
                          46.28.41.0/24 maxlen: 24
                          46.28.42.0/24 maxlen: 24
                          46.28.45.0/24 maxlen: 24
                          46.28.46.0/24 maxlen: 24
                          46.28.47.0/24 maxlen: 24
                          91.208.12.0/24 maxlen: 24
                          37.143.0.0/24 maxlen: 24
                          37.143.1.0/24 maxlen: 24
                          37.143.2.0/24 maxlen: 24
                          37.143.3.0/24 maxlen: 24
                          37.143.4.0/24 maxlen: 24
                          37.143.5.0/24 maxlen: 24
                          37.143.6.0/24 maxlen: 24
                          37.143.7.0/24 maxlen: 24
                          2a02:2d00:21::/48 maxlen: 48
                          2a02:2d00:1::/48 maxlen: 48
                          2a02:2d00:20::/48 maxlen: 48
                          2a02:2d00:30::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 384448984 (0x16ea39d8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: May 17 09:43:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=038d649bdba32aa6f48d23728f5c4bf2189dec73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4b:07:f9:bf:1e:0e:22:95:c7:0c:90:59:8c:
                    c4:13:e3:c8:c3:27:77:2d:cd:cf:3c:61:2d:c8:a0:
                    5c:91:4e:de:a1:97:03:7d:3f:82:75:65:04:08:b4:
                    59:93:a4:be:c8:64:c6:74:be:89:bb:85:3b:94:c5:
                    47:75:af:ea:89:e7:d0:22:d5:ac:1f:f2:24:4b:e3:
                    fe:e4:5f:da:13:3f:39:d6:c9:20:67:b9:8e:ec:2d:
                    43:a6:9b:f3:00:1f:59:7c:a7:1b:8d:c1:8f:d8:a2:
                    9a:3c:a3:74:ee:f6:e9:f3:6b:c5:84:41:c8:92:5e:
                    87:19:b5:83:3e:83:a0:af:36:29:dc:29:05:51:6a:
                    5c:b5:28:f6:3a:cc:f0:b2:08:81:a5:75:1e:99:94:
                    38:58:9f:c2:7b:41:1c:74:9f:f0:9e:1a:09:e6:9e:
                    0d:00:57:84:69:63:1d:82:64:2b:f7:b3:b7:36:3b:
                    6a:46:dc:5f:27:dd:95:22:e2:06:e0:1d:0d:fd:96:
                    5c:54:c6:9d:d5:a6:fd:0d:c4:48:49:d8:d0:5b:8d:
                    18:e1:4a:8b:c9:ff:e9:b1:26:e7:28:9d:4b:05:9e:
                    0e:28:b9:23:bc:c6:89:da:42:29:bf:90:cc:6e:84:
                    ae:04:b5:3f:4b:54:0d:6e:2e:50:1c:df:11:80:9b:
                    f9:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:8D:64:9B:DB:A3:2A:A6:F4:8D:23:72:8F:5C:4B:F2:18:9D:EC:73
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/A41km9ujKqb0jSNyj1xL8hid7HM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.0.0/21
                  46.28.41.0-46.28.47.255
                  91.208.12.0/24
                IPv6:
                  2a02:2d00:1::/48
                  2a02:2d00:20::/47
                  2a02:2d00:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:9d:c7:03:45:84:1e:80:6a:51:ec:4a:2b:29:09:4f:f9:2b:
         59:19:1e:1f:bf:16:b3:8c:8b:8b:e8:b1:21:3a:e7:88:ab:20:
         23:7d:d1:13:02:d4:4e:dd:a0:ae:31:5c:2c:ff:31:39:10:15:
         19:fb:82:b9:4f:9b:a6:b4:5a:49:0c:ed:c6:c4:9a:1d:8c:c7:
         4c:7e:5b:f5:9f:3f:cf:52:76:17:ae:b1:16:a8:95:cf:e0:ca:
         f4:dd:d0:40:94:93:f8:8c:6b:aa:d6:fc:e4:5b:e6:04:b2:2b:
         e3:14:ea:62:f4:ef:e7:19:4c:8d:ce:dd:c5:28:8e:a0:0a:c6:
         25:48:38:d5:70:bb:20:34:d5:b8:69:a6:5f:ba:ed:62:7e:3d:
         f5:ea:d0:a8:dc:e1:f4:7c:23:1f:7e:24:f1:24:3a:79:5d:4b:
         b6:22:de:bf:2c:5b:b7:fb:33:37:75:84:c0:e2:22:f0:4c:11:
         4e:a9:db:df:0b:6d:0a:df:01:9e:08:48:19:92:98:f4:d4:e2:
         49:4b:00:ea:75:36:9e:73:f5:97:23:34:9f:e5:cd:73:88:57:
         d4:43:7a:27:1e:cb:f9:56:a0:29:74:87:04:00:5f:f2:1b:97:
         06:db:92:c2:19:02:17:85:31:72:37:2f:1c:5a:d6:e6:58:a2:
         25:0b:94:67
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIEFuo52DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ZjYzNjNkNDI4Yjc5MTVjMTA4ODI1ZjA5NzA2MDA0YjhlYTNkNGI1MB4XDTIyMDUx
NzA5NDMyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDM4ZDY0OWJkYmEz
MmFhNmY0OGQyMzcyOGY1YzRiZjIxODlkZWM3MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALBLB/m/Hg4ilccMkFmMxBPjyMMndy3NzzxhLcigXJFO3qGX
A30/gnVlBAi0WZOkvshkxnS+ibuFO5TFR3Wv6onn0CLVrB/yJEvj/uRf2hM/OdbJ
IGe5juwtQ6ab8wAfWXynG43Bj9iimjyjdO726fNrxYRByJJehxm1gz6DoK82Kdwp
BVFqXLUo9jrM8LIIgaV1HpmUOFifwntBHHSf8J4aCeaeDQBXhGljHYJkK/eztzY7
akbcXyfdlSLiBuAdDf2WXFTGndWm/Q3ESEnY0FuNGOFKi8n/6bEm5yidSwWeDii5
I7zGidpCKb+QzG6ErgS1P0tUDW4uUBzfEYCb+W0CAwEAAaOCAkAwggI8MB0GA1Ud
DgQWBBQDjWSb26MqpvSNI3KPXEvyGJ3sczAfBgNVHSMEGDAWgBQPY2PUKLeRXBCI
JfCXBgBLjqPUtTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0QyTmoxQ2kza1Z3UWlDWHdsd1lBUzQ2ajFMVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDcvNmJlY2IwLTE4ZmQtNGFkZC1iYjQxLTJlMWMwYWY0ZmFhNC8x
L0E0MWttOXVqS3FiMGpTTnlqMXhMOGhpZDdITS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcv
NmJlY2IwLTE4ZmQtNGFkZC1iYjQxLTJlMWMwYWY0ZmFhNC8xL0QyTmoxQ2kza1Z3
UWlDWHdsd1lBUzQ2ajFMVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBW
BggrBgEFBQcBBwEB/wRHMEUwIAQCAAEwGgMEAyWPADAMAwQALhwpAwQELhwgAwQA
W9AMMCEEAgACMBsDBwAqAi0AAAEDBwEqAi0AACADBwAqAi0AADAwDQYJKoZIhvcN
AQELBQADggEBAGSdxwNFhB6AalHsSispCU/5K1kZHh+/FrOMi4vosSE654irICN9
0RMC1E7doK4xXCz/MTkQFRn7grlPm6a0WkkM7cbEmh2Mx0x+W/WfP89SdheusRao
lc/gyvTd0ECUk/iMa6rW/ORb5gSyK+MU6mL07+cZTI3O3cUojqAKxiVIONVwuyA0
1bhppl+67WJ+PfXq0Kjc4fR8Ix9+JPEkOnldS7Yi3r8sW7f7Mzd1hMDiIvBMEU6p
298LbQrfAZ4ISBmSmPTU4klLAOp1Np5z9ZcjNJ/lzXOIV9RDeicey/lWoCl0hwQA
X/IblwbbksIZAheFMXI3Lxxa1uZYoiULlGc=
-----END CERTIFICATE-----