Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/3iqi-aYHoA3Ta-PBK8vTvFWdiTU.roa
File:                     3iqi-aYHoA3Ta-PBK8vTvFWdiTU.roa (raw, json)
Hash identifier:          Kb2rhpktrusZklbDXdFQtS6A/Unrn26kSfClUN9QzUE=
Subject key identifier:   DE:2A:A2:F9:A6:07:A0:0D:D3:6B:E3:C1:2B:CB:D3:BC:55:9D:89:35
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       0184528971525A79B2069E4173A65152F14D
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/3iqi-aYHoA3Ta-PBK8vTvFWdiTU.roa
Signing time:             Mon 07 Nov 2022 14:40:49 +0000
ROA not before:           Mon 07 Nov 2022 14:40:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203020
IP address blocks:        83.229.66.0/24 maxlen: 32
                          193.32.96.0/23 maxlen: 32
                          193.32.98.0/23 maxlen: 32
                          80.240.98.0/23 maxlen: 32
                          217.194.136.0/23 maxlen: 32
                          217.194.136.0/24 maxlen: 32
                          193.47.56.0/22 maxlen: 32
                          195.216.128.0/22 maxlen: 32
                          103.14.104.0/22 maxlen: 32
                          194.99.60.0/23 maxlen: 32
                          194.99.62.0/23 maxlen: 32
                          80.240.116.0/22 maxlen: 32
                          212.103.56.0/22 maxlen: 32
                          80.240.120.0/22 maxlen: 32
                          185.18.40.0/22 maxlen: 32
                          31.12.76.0/23 maxlen: 32
                          31.12.78.0/23 maxlen: 32
                          46.149.160.0/22 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:52:89:71:52:5a:79:b2:06:9e:41:73:a6:51:52:f1:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: Nov  7 14:40:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=de2aa2f9a607a00dd36be3c12bcbd3bc559d8935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4e:98:78:35:6b:2b:a4:83:63:28:24:9e:1b:
                    93:de:25:93:4b:97:55:9d:44:9f:d3:47:c9:ca:ce:
                    59:85:a7:6a:fc:37:d8:81:b0:19:7a:dd:0d:27:28:
                    6b:a2:8c:6a:9f:e6:4f:7c:c7:f3:60:a0:85:b0:a2:
                    87:4c:74:08:ce:a1:2d:8f:3f:27:11:14:ee:ab:14:
                    db:f8:0a:13:22:bd:29:b7:83:be:1a:f3:d7:66:c8:
                    4b:a1:7d:27:d7:67:9e:38:b0:15:8a:fc:79:a3:34:
                    0d:74:43:09:44:6c:5f:7c:07:3a:34:26:bd:f4:22:
                    df:d1:e5:8d:f8:cd:0a:c2:46:20:5f:3c:7e:6c:3c:
                    45:32:de:44:2a:39:59:f2:5f:10:28:7a:89:d9:65:
                    09:82:d9:6a:31:9f:9e:cb:4b:d6:c5:ac:28:25:57:
                    65:91:ad:a8:90:f4:f2:50:af:65:b6:4a:55:91:09:
                    2a:f8:53:cd:22:bb:d4:34:c4:50:87:be:21:38:82:
                    56:10:6a:3f:ea:db:9f:12:f0:29:11:74:09:60:0c:
                    b6:48:40:5b:3c:ef:21:3e:80:b1:a2:2a:71:55:75:
                    7e:11:47:cd:5c:86:fa:8a:d6:68:93:7e:56:99:fa:
                    20:9e:00:e3:cb:eb:56:b4:2c:78:f0:1f:56:2e:3c:
                    77:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:2A:A2:F9:A6:07:A0:0D:D3:6B:E3:C1:2B:CB:D3:BC:55:9D:89:35
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/3iqi-aYHoA3Ta-PBK8vTvFWdiTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.12.76.0/22
                  46.149.160.0/22
                  80.240.98.0/23
                  80.240.116.0-80.240.123.255
                  83.229.66.0/24
                  103.14.104.0/22
                  185.18.40.0/22
                  193.32.96.0/22
                  193.47.56.0/22
                  194.99.60.0/22
                  195.216.128.0/22
                  212.103.56.0/22
                  217.194.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:b7:6d:d9:a5:43:8f:ad:4d:86:11:3d:e1:6d:5c:c5:8b:21:
         57:ba:d8:ba:73:13:9d:0f:eb:8a:e9:45:80:ee:9c:5f:d9:92:
         36:b1:91:33:6c:73:4e:f3:37:9e:8e:76:7f:51:db:f1:d8:3c:
         d8:ff:6c:3a:b3:af:6d:de:c5:6c:23:20:09:6f:2e:3e:a2:b8:
         78:46:38:de:f3:90:c0:31:a4:f5:39:23:ca:5a:61:4b:28:61:
         b9:a4:d1:24:7d:d9:67:d6:e2:a6:48:73:a9:31:6e:e2:4e:58:
         9b:4e:27:a5:f8:e5:55:67:97:a6:24:4d:7c:84:0c:df:f8:73:
         d4:dc:5a:a5:8e:c2:ba:10:de:51:54:7b:d8:f6:05:a1:88:66:
         79:ac:c4:b8:8a:04:cf:03:1d:e7:1c:92:1b:b5:49:be:8c:75:
         af:7b:25:c0:6e:35:e9:15:b4:b3:e7:ef:07:04:11:06:e1:5a:
         d9:83:8e:6b:05:9e:9c:0c:35:04:21:ae:b0:b8:15:81:31:3c:
         79:6c:49:87:11:78:bb:93:97:a9:87:e3:4e:3c:d5:fc:2c:9d:
         00:df:c7:6e:c6:60:44:fd:85:d2:e7:71:99:87:02:3d:f1:45:
         66:15:e4:27:71:21:d3:45:8b:2a:3b:7b:11:49:bf:d1:b2:ac:
         59:ae:59:86
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYRSiXFSWnmyBp5Bc6ZRUvFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjIxMTA3MTQ0MDQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTJhYTJmOWE2MDdhMDBkZDM2YmUzYzEyYmNiZDNiYzU1OWQ4OTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiU6YeDVrK6SDYygknhuT3iWTS5dV
nUSf00fJys5Zhadq/DfYgbAZet0NJyhrooxqn+ZPfMfzYKCFsKKHTHQIzqEtjz8n
ERTuqxTb+AoTIr0pt4O+GvPXZshLoX0n12eeOLAVivx5ozQNdEMJRGxffAc6NCa9
9CLf0eWN+M0KwkYgXzx+bDxFMt5EKjlZ8l8QKHqJ2WUJgtlqMZ+ey0vWxawoJVdl
ka2okPTyUK9ltkpVkQkq+FPNIrvUNMRQh74hOIJWEGo/6tufEvApEXQJYAy2SEBb
PO8hPoCxoipxVXV+EUfNXIb6itZok35WmfogngDjy+tWtCx48B9WLjx31QIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFN4qovmmB6AN02vjwSvL07xVnYk1MB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvM2lxaS1hWUhvQTNUYS1QQks4dlR2RldkaVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQCHwxMAwQC
LpWgAwQBUPBiMAwDBAJQ8HQDBAJQ8HgDBABT5UIDBAJnDmgDBAK5EigDBALBIGAD
BALBLzgDBALCYzwDBALD2IADBALUZzgDBAHZwogwDQYJKoZIhvcNAQELBQADggEB
AAq3bdmlQ4+tTYYRPeFtXMWLIVe62LpzE50P64rpRYDunF/ZkjaxkTNsc07zN56O
dn9R2/HYPNj/bDqzr23exWwjIAlvLj6iuHhGON7zkMAxpPU5I8paYUsoYbmk0SR9
2WfW4qZIc6kxbuJOWJtOJ6X45VVnl6YkTXyEDN/4c9TcWqWOwroQ3lFUe9j2BaGI
ZnmsxLiKBM8DHecckhu1Sb6Mda97JcBuNekVtLPn7wcEEQbhWtmDjmsFnpwMNQQh
rrC4FYExPHlsSYcReLuTl6mH40481fwsnQDfx27GYET9hdLncZmHAj3xRWYV5Cdx
IdNFiyo7exFJv9GyrFmuWYY=
-----END CERTIFICATE-----