Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/Kj1JOu9ooelhTmC4MK36XjeUGec.roa
File:                     Kj1JOu9ooelhTmC4MK36XjeUGec.roa (raw, json)
Hash identifier:          PeVwwqMJrXAC1gEBsCpmBZcBgay2/CUGOo1/f7In81U=
Subject key identifier:   2A:3D:49:3A:EF:68:A1:E9:61:4E:60:B8:30:AD:FA:5E:37:94:19:E7
Certificate issuer:       /CN=6d150b438cc68f62dc15d359593161f799de53af
Certificate serial:       0182F56130FFB52B8E18334A71EF8CCF0583
Authority key identifier: 6D:15:0B:43:8C:C6:8F:62:DC:15:D3:59:59:31:61:F7:99:DE:53:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bRULQ4zGj2LcFdNZWTFh95neU68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/Kj1JOu9ooelhTmC4MK36XjeUGec.roa
Signing time:             Wed 31 Aug 2022 19:29:23 +0000
ROA not before:           Wed 31 Aug 2022 19:29:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35258
IP address blocks:        185.6.252.0/22 maxlen: 22
                          87.253.184.0/22 maxlen: 22
                          195.85.72.0/23 maxlen: 23
                          195.85.38.0/24 maxlen: 24
                          91.208.244.0/24 maxlen: 24
                          46.254.120.0/21 maxlen: 21
                          83.143.208.0/21 maxlen: 21
                          83.143.210.0/24 maxlen: 24
                          83.143.208.0/23 maxlen: 24
                          185.102.105.0/24 maxlen: 24
                          185.102.104.0/22 maxlen: 22
                          185.102.106.0/23 maxlen: 23
                          2a06:23c0::/29 maxlen: 29
                          2a00:e400::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f5:61:30:ff:b5:2b:8e:18:33:4a:71:ef:8c:cf:05:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d150b438cc68f62dc15d359593161f799de53af
        Validity
            Not Before: Aug 31 19:29:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2a3d493aef68a1e9614e60b830adfa5e379419e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:fa:30:0e:45:0f:78:1e:fa:37:17:10:88:47:
                    aa:54:00:95:a4:86:f7:98:70:13:c6:77:19:b5:df:
                    c4:be:de:17:9d:91:cd:14:85:39:2f:a4:26:ef:4d:
                    27:9b:01:85:75:bb:f8:b2:d7:0b:f3:d5:f1:36:65:
                    fc:55:e1:df:cf:d6:e8:cc:4d:7a:a5:40:a1:99:87:
                    d3:de:1b:2f:0a:b0:a1:a0:42:7b:bf:75:ff:bf:1c:
                    73:a2:34:6d:d5:7f:c0:02:1f:10:af:a6:9b:1b:11:
                    a0:50:e4:43:e0:bf:bd:e4:84:8b:90:f4:d0:4c:c0:
                    2b:33:55:5e:b3:6b:3b:73:74:72:bf:53:21:27:a4:
                    4c:5c:7f:7e:46:96:93:6c:b7:b1:91:df:a5:e6:37:
                    e8:1e:8c:a8:63:51:57:3a:42:c7:6f:61:92:94:ec:
                    37:68:fd:dd:82:2e:b0:a2:2e:84:25:42:05:6f:94:
                    37:8b:ef:c8:b8:bd:1b:69:a9:cc:80:66:cb:1e:f8:
                    a9:03:65:33:1e:f8:e1:63:e9:cc:67:47:6c:e1:10:
                    e4:37:2a:e6:5d:00:9a:39:76:a2:c9:a6:75:5e:ee:
                    6f:74:0f:07:ec:97:84:ef:e5:d3:db:c2:d8:cb:0e:
                    4a:19:8c:5a:a6:95:a9:94:a5:db:7a:03:4b:99:5b:
                    ee:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:3D:49:3A:EF:68:A1:E9:61:4E:60:B8:30:AD:FA:5E:37:94:19:E7
            X509v3 Authority Key Identifier:
                keyid:6D:15:0B:43:8C:C6:8F:62:DC:15:D3:59:59:31:61:F7:99:DE:53:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bRULQ4zGj2LcFdNZWTFh95neU68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/Kj1JOu9ooelhTmC4MK36XjeUGec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/bRULQ4zGj2LcFdNZWTFh95neU68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.120.0/21
                  83.143.208.0/21
                  87.253.184.0/22
                  91.208.244.0/24
                  185.6.252.0/22
                  185.102.104.0/22
                  195.85.38.0/24
                  195.85.72.0/23
                IPv6:
                  2a00:e400::/29
                  2a06:23c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:fd:56:44:4e:49:07:f3:44:9b:35:cd:5b:c6:1e:b5:42:83:
         e2:34:75:81:d0:30:23:06:4f:20:a9:74:fa:25:38:c5:e3:e7:
         48:0b:a5:47:6b:0e:e8:56:16:be:ed:c1:75:6f:e7:6f:c8:d3:
         d5:e9:1c:54:00:9c:69:65:6a:9c:dc:5b:96:b5:10:5d:14:e0:
         3d:08:f0:f2:35:86:79:9b:07:01:1b:a8:72:e8:24:ff:b9:0d:
         a0:ab:9a:cd:42:ec:1c:ea:ec:36:ba:24:0b:1b:72:33:88:29:
         dc:9b:be:f7:6b:51:b9:27:35:3e:3c:14:24:af:14:ee:80:63:
         c3:cd:e9:93:91:ff:08:06:ab:00:ab:04:19:8f:b7:92:e1:21:
         c3:0f:16:0e:72:79:65:90:1c:f8:5e:15:41:88:9d:0c:de:be:
         8d:bf:85:c9:c1:1b:6f:fe:81:9e:1e:c3:f6:00:b9:dd:49:b4:
         4f:51:81:ed:79:e2:43:a9:15:f8:71:5b:30:f6:d3:20:3d:54:
         d8:14:91:64:8d:a0:36:93:b4:48:b4:82:30:33:dd:48:93:2f:
         ad:9b:89:48:6d:0c:76:19:f3:c6:e4:7d:93:34:c3:5c:d4:10:
         ad:6c:d5:8f:ff:a4:27:47:1f:50:3b:d0:3d:c9:c9:bd:ff:10:
         09:ec:2c:fd
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYL1YTD/tSuOGDNKce+MzwWDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMTUwYjQzOGNjNjhmNjJkYzE1ZDM1OTU5MzE2MWY3OTlk
ZTUzYWYwHhcNMjIwODMxMTkyOTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTNkNDkzYWVmNjhhMWU5NjE0ZTYwYjgzMGFkZmE1ZTM3OTQxOWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/owDkUPeB76NxcQiEeqVACVpIb3
mHATxncZtd/Evt4XnZHNFIU5L6Qm700nmwGFdbv4stcL89XxNmX8VeHfz9bozE16
pUChmYfT3hsvCrChoEJ7v3X/vxxzojRt1X/AAh8Qr6abGxGgUORD4L+95ISLkPTQ
TMArM1Ves2s7c3Ryv1MhJ6RMXH9+RpaTbLexkd+l5jfoHoyoY1FXOkLHb2GSlOw3
aP3dgi6woi6EJUIFb5Q3i+/IuL0baanMgGbLHvipA2UzHvjhY+nMZ0ds4RDkNyrm
XQCaOXaiyaZ1Xu5vdA8H7JeE7+XT28LYyw5KGYxappWplKXbegNLmVvuSQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFCo9STrvaKHpYU5guDCt+l43lBnnMB8GA1UdIwQY
MBaAFG0VC0OMxo9i3BXTWVkxYfeZ3lOvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlJVTFE0ekdqMkxjRmROWldURmg5NW5lVTY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yZmE4NmYtN2Y0ZS00YWFiLTlkZmQt
MWIzZDk4YmVmMWU5LzEvS2oxSk91OW9vZWxoVG1DNE1LMzZYamVVR2VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yZmE4NmYtN2Y0ZS00YWFiLTlkZmQtMWIzZDk4YmVmMWU5
LzEvYlJVTFE0ekdqMkxjRmROWldURmg5NW5lVTY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDLv54AwQD
U4/QAwQCV/24AwQAW9D0AwQCuQb8AwQCuWZoAwQAw1UmAwQBw1VIMBQEAgACMA4D
BQMqAOQAAwUDKgYjwDANBgkqhkiG9w0BAQsFAAOCAQEAqf1WRE5JB/NEmzXNW8Ye
tUKD4jR1gdAwIwZPIKl0+iU4xePnSAulR2sO6FYWvu3BdW/nb8jT1ekcVACcaWVq
nNxblrUQXRTgPQjw8jWGeZsHARuocugk/7kNoKuazULsHOrsNrokCxtyM4gp3Ju+
92tRuSc1PjwUJK8U7oBjw83pk5H/CAarAKsEGY+3kuEhww8WDnJ5ZZAc+F4VQYid
DN6+jb+FycEbb/6Bnh7D9gC53Um0T1GB7XniQ6kV+HFbMPbTID1U2BSRZI2gNpO0
SLSCMDPdSJMvrZuJSG0MdhnzxuR9kzTDXNQQrWzVj/+kJ0cfUDvQPcnJvf8QCews
/Q==
-----END CERTIFICATE-----