Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/Zk8rrizlD_9RIRoo9JJeoO7BWwo.roa
File:                     Zk8rrizlD_9RIRoo9JJeoO7BWwo.roa (raw, json)
Hash identifier:          eLkDloX749HXWfcvDK39hEuOV337D+x7NdpopKBncjU=
Subject key identifier:   66:4F:2B:AE:2C:E5:0F:FF:51:21:1A:28:F4:92:5E:A0:EE:C1:5B:0A
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       0183C74ED862209E073F749A35461EC20487
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/Zk8rrizlD_9RIRoo9JJeoO7BWwo.roa
Signing time:             Tue 11 Oct 2022 13:49:36 +0000
ROA not before:           Tue 11 Oct 2022 13:49:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47537
IP address blocks:        46.28.44.0/24 maxlen: 24
                          46.28.45.0/24 maxlen: 24
                          46.28.46.0/24 maxlen: 24
                          46.28.47.0/24 maxlen: 24
                          91.208.12.0/24 maxlen: 24
                          37.143.0.0/24 maxlen: 24
                          37.143.1.0/24 maxlen: 24
                          37.143.2.0/24 maxlen: 24
                          37.143.3.0/24 maxlen: 24
                          37.143.4.0/24 maxlen: 24
                          37.143.5.0/24 maxlen: 24
                          37.143.6.0/24 maxlen: 24
                          37.143.7.0/24 maxlen: 24
                          2a02:2d00:1::/48 maxlen: 48
                          2a02:2d00:21::/48 maxlen: 48
                          2a02:2d00:20::/48 maxlen: 48
                          2a02:2d00:30::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c7:4e:d8:62:20:9e:07:3f:74:9a:35:46:1e:c2:04:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: Oct 11 13:49:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=664f2bae2ce50fff51211a28f4925ea0eec15b0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:62:99:aa:0d:b5:0a:f9:20:a9:66:eb:63:79:
                    8d:a4:9c:80:be:15:06:ea:ce:fe:bb:d2:41:54:d6:
                    27:a2:f8:23:f0:69:0d:15:d1:75:75:ea:cb:ca:b3:
                    90:d1:8a:b5:7d:0c:5b:8d:c0:ee:af:d6:7a:0f:cc:
                    86:b5:d4:af:ab:a2:00:08:94:34:39:45:e4:64:37:
                    1c:cd:4e:35:8c:3a:06:8e:d1:f3:dc:80:f9:9f:b4:
                    bc:de:38:eb:bc:b8:94:ac:03:88:56:c4:25:2d:50:
                    e3:6e:03:15:9e:d9:1e:df:39:d4:30:df:d0:8e:5a:
                    c4:e1:de:5a:5d:5e:4e:b0:a9:30:96:b2:0b:0e:cc:
                    c1:a8:62:6a:09:93:3c:b2:1c:10:d5:34:65:22:54:
                    18:8d:2b:d9:05:55:5e:52:b3:55:9f:01:61:9d:48:
                    18:a6:a0:a7:e2:26:b6:15:fb:e8:2d:1d:67:ce:11:
                    0b:72:75:8c:e3:b0:1b:61:e6:71:20:df:e4:a5:96:
                    02:04:5b:4f:2b:13:94:f7:93:67:4e:69:8d:97:10:
                    eb:50:36:df:19:13:8e:03:03:7d:4c:7d:59:d4:44:
                    54:2b:a1:fd:b3:f3:14:07:c0:f4:30:7e:c5:07:61:
                    b2:04:85:d4:7f:e9:18:cc:a2:e8:8a:91:c2:42:6d:
                    54:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:4F:2B:AE:2C:E5:0F:FF:51:21:1A:28:F4:92:5E:A0:EE:C1:5B:0A
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/Zk8rrizlD_9RIRoo9JJeoO7BWwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.0.0/21
                  46.28.44.0/22
                  91.208.12.0/24
                IPv6:
                  2a02:2d00:1::/48
                  2a02:2d00:20::/47
                  2a02:2d00:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:a2:68:a2:65:ea:26:86:1f:87:c7:cd:a8:05:1c:6a:1f:4f:
         95:41:36:c0:72:a7:48:e7:6d:ee:ac:6a:85:a6:b8:ad:e3:c0:
         d3:1b:70:6b:fc:e3:a1:d8:77:21:cd:55:f0:ca:8d:7d:2b:fd:
         9c:57:c3:ec:ea:aa:e7:bf:fe:c8:3f:84:e1:87:20:22:80:97:
         23:02:9d:bc:3f:70:73:c5:2b:34:81:b6:a7:6a:b3:32:2f:41:
         fc:15:86:6e:58:94:81:a5:93:17:76:f9:86:6e:ef:58:bb:cc:
         19:66:cd:b9:e7:70:f0:9f:66:9e:93:6c:40:b0:e8:6c:6a:75:
         79:09:d1:8f:6e:24:0f:56:c9:e9:d9:96:9a:e2:ee:ca:a7:a0:
         fe:40:b7:39:7d:29:31:a7:f2:99:2d:a1:f9:0e:fb:90:c6:d9:
         04:fa:40:b8:e0:97:de:c9:ae:1a:5b:ec:87:7b:20:2d:fe:17:
         b7:45:4d:a0:41:1e:25:69:65:da:95:e4:a2:28:0b:81:0c:97:
         e7:db:fb:7d:ad:b8:1e:2b:74:85:91:af:79:a7:3d:7c:01:93:
         80:bb:cf:97:cc:31:c8:b7:45:0f:30:58:37:a7:0a:7c:95:58:
         3d:a7:fa:0e:1b:75:0f:ec:1b:d4:c5:5f:a1:b9:9a:f5:6c:90:
         c6:a4:b3:63
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYPHTthiIJ4HP3SaNUYewgSHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjM2M2Q0MjhiNzkxNWMxMDg4MjVmMDk3MDYwMDRiOGVh
M2Q0YjUwHhcNMjIxMDExMTM0OTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjRmMmJhZTJjZTUwZmZmNTEyMTFhMjhmNDkyNWVhMGVlYzE1YjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGKZqg21CvkgqWbrY3mNpJyAvhUG
6s7+u9JBVNYnovgj8GkNFdF1derLyrOQ0Yq1fQxbjcDur9Z6D8yGtdSvq6IACJQ0
OUXkZDcczU41jDoGjtHz3ID5n7S83jjrvLiUrAOIVsQlLVDjbgMVntke3znUMN/Q
jlrE4d5aXV5OsKkwlrILDszBqGJqCZM8shwQ1TRlIlQYjSvZBVVeUrNVnwFhnUgY
pqCn4ia2FfvoLR1nzhELcnWM47AbYeZxIN/kpZYCBFtPKxOU95NnTmmNlxDrUDbf
GROOAwN9TH1Z1ERUK6H9s/MUB8D0MH7FB2GyBIXUf+kYzKLoipHCQm1U5wIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFGZPK64s5Q//USEaKPSSXqDuwVsKMB8GA1UdIwQY
MBaAFA9jY9Qot5FcEIgl8JcGAEuOo9S1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEt
MmUxYzBhZjRmYWE0LzEvWms4cnJpemxEXzlSSVJvbzlKSmVvTzdCV3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEtMmUxYzBhZjRmYWE0
LzEvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAYBAIAATASAwQDJY8AAwQC
LhwsAwQAW9AMMCEEAgACMBsDBwAqAi0AAAEDBwEqAi0AACADBwAqAi0AADAwDQYJ
KoZIhvcNAQELBQADggEBAMeiaKJl6iaGH4fHzagFHGofT5VBNsByp0jnbe6saoWm
uK3jwNMbcGv846HYdyHNVfDKjX0r/ZxXw+zqque//sg/hOGHICKAlyMCnbw/cHPF
KzSBtqdqszIvQfwVhm5YlIGlkxd2+YZu71i7zBlmzbnncPCfZp6TbECw6GxqdXkJ
0Y9uJA9WyenZlpri7sqnoP5Atzl9KTGn8pktofkO+5DG2QT6QLjgl97Jrhpb7Id7
IC3+F7dFTaBBHiVpZdqV5KIoC4EMl+fb+32tuB4rdIWRr3mnPXwBk4C7z5fMMci3
RQ8wWDenCnyVWD2n+g4bdQ/sG9TFX6G5mvVskMaks2M=
-----END CERTIFICATE-----