Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/oCIf_59RvRKPBZAXSAPMSf-Ta0Q.roa
File:                     oCIf_59RvRKPBZAXSAPMSf-Ta0Q.roa (raw, json)
Hash identifier:          /60IRf0Y0n3stRDMa+DJKG1ZA2C5uYM9tiZo1/yUGaw=
Subject key identifier:   A0:22:1F:FF:9F:51:BD:12:8F:05:90:17:48:03:CC:49:FF:93:6B:44
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       01849F7D40566E6661D2F4839F8701985BF4
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/oCIf_59RvRKPBZAXSAPMSf-Ta0Q.roa
Signing time:             Tue 22 Nov 2022 13:18:16 +0000
ROA not before:           Tue 22 Nov 2022 13:18:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42739
IP address blocks:        188.112.57.0/24 maxlen: 24
                          92.55.220.0/24 maxlen: 24
                          92.55.226.0/24 maxlen: 24
                          77.242.224.0/20 maxlen: 20
                          77.242.233.0/24 maxlen: 24
                          77.242.234.0/24 maxlen: 24
                          77.242.235.0/24 maxlen: 24
                          188.112.0.0/18 maxlen: 18
                          185.46.92.0/22 maxlen: 22
                          78.159.64.0/20 maxlen: 20
                          78.159.83.0/24 maxlen: 24
                          92.55.192.0/18 maxlen: 18
                          37.139.148.0/24 maxlen: 24
                          37.139.149.0/24 maxlen: 24
                          37.139.144.0/24 maxlen: 24
                          37.139.145.0/24 maxlen: 24
                          2a02:7f0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:7d:40:56:6e:66:61:d2:f4:83:9f:87:01:98:5b:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Nov 22 13:18:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a0221fff9f51bd128f0590174803cc49ff936b44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:15:b3:f0:00:66:1a:95:33:fe:b9:ba:88:32:
                    31:12:ce:ae:01:63:8c:60:a2:75:c8:73:dc:8b:90:
                    84:4a:d3:5b:3c:1d:72:c4:61:1c:ff:73:16:14:21:
                    3a:5a:14:11:d1:2f:40:36:2b:13:2b:65:b1:8e:35:
                    85:65:b3:60:e0:f1:cd:b0:e8:a6:25:d6:72:34:06:
                    32:56:20:88:21:ab:d0:da:da:fc:71:8c:3e:eb:eb:
                    3a:9b:a1:c1:fd:f2:58:e7:df:48:39:de:93:b6:ed:
                    1d:b7:24:d3:31:5c:33:46:c5:87:a4:a7:16:84:0e:
                    56:ad:7f:20:f4:80:b6:63:e0:a4:a1:6b:be:6c:b1:
                    05:de:18:b4:cb:e3:39:d0:f9:e9:df:c5:e2:2c:db:
                    78:e5:08:ab:9f:fd:43:ff:a3:1e:d6:07:1c:f5:56:
                    4c:72:92:77:5a:54:d8:c1:34:26:c7:fc:0b:bd:24:
                    51:ae:af:b0:44:1d:73:7f:ee:dc:6b:7d:aa:05:40:
                    68:c5:94:52:61:4d:f8:10:c1:33:08:a5:80:fd:74:
                    14:7b:e1:bb:75:30:3d:ab:2f:8c:ee:55:c5:1d:a8:
                    4d:bc:e9:5a:88:1e:83:e0:57:1d:a3:0b:70:38:9b:
                    77:18:cf:5c:90:3e:43:d4:cd:d6:71:fd:37:12:b8:
                    c3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:22:1F:FF:9F:51:BD:12:8F:05:90:17:48:03:CC:49:FF:93:6B:44
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/oCIf_59RvRKPBZAXSAPMSf-Ta0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.144.0/23
                  37.139.148.0/23
                  77.242.224.0/20
                  78.159.64.0/20
                  78.159.83.0/24
                  92.55.192.0/18
                  185.46.92.0/22
                  188.112.0.0/18
                IPv6:
                  2a02:7f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:43:eb:4e:17:9f:ab:0c:fb:93:70:39:0f:78:50:e0:35:0f:
         2a:4b:8c:5b:ef:62:90:92:be:28:63:bd:c7:31:41:d0:64:64:
         82:44:27:92:e6:0a:df:91:62:a0:82:05:19:db:61:d7:1e:8a:
         32:c4:18:3e:39:9f:eb:e9:fd:09:b1:a1:b4:b2:d1:55:46:93:
         3d:fc:04:49:5a:79:f5:54:d3:d3:cc:6d:04:b5:1b:38:13:06:
         58:95:2e:82:ed:a0:78:f9:f8:42:54:1d:b7:ab:ad:54:19:47:
         47:13:fb:aa:d8:7b:57:db:93:58:1a:74:89:1c:7d:1a:5d:19:
         90:fd:f7:d6:fc:74:36:a2:83:2f:62:6b:16:a4:01:53:c7:94:
         34:d5:5f:66:b7:5f:3d:20:4d:fa:fc:3c:16:30:c0:1b:ba:ea:
         5f:4b:cb:89:7b:0d:e7:09:b1:34:ff:8a:da:cf:e7:61:c5:af:
         3a:ae:80:78:01:75:fd:ed:b2:cc:6b:e0:ad:0f:00:c0:c5:a8:
         19:f1:d3:27:0e:8a:16:8d:5b:93:20:7e:91:58:dd:58:00:be:
         2d:d6:66:49:63:5f:7e:7e:37:5e:f3:53:2c:66:e0:e7:c2:d0:
         65:e5:60:bb:c0:11:9d:f5:9a:d1:8c:e1:0c:49:56:a0:fe:5a:
         e4:b4:c2:1c
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYSffUBWbmZh0vSDn4cBmFv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjIxMTIyMTMxODE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDIyMWZmZjlmNTFiZDEyOGYwNTkwMTc0ODAzY2M0OWZmOTM2YjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBWz8ABmGpUz/rm6iDIxEs6uAWOM
YKJ1yHPci5CEStNbPB1yxGEc/3MWFCE6WhQR0S9ANisTK2WxjjWFZbNg4PHNsOim
JdZyNAYyViCIIavQ2tr8cYw+6+s6m6HB/fJY599IOd6Ttu0dtyTTMVwzRsWHpKcW
hA5WrX8g9IC2Y+CkoWu+bLEF3hi0y+M50Pnp38XiLNt45Qirn/1D/6Me1gcc9VZM
cpJ3WlTYwTQmx/wLvSRRrq+wRB1zf+7ca32qBUBoxZRSYU34EMEzCKWA/XQUe+G7
dTA9qy+M7lXFHahNvOlaiB6D4FcdowtwOJt3GM9ckD5D1M3Wcf03ErjDqwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFKAiH/+fUb0SjwWQF0gDzEn/k2tEMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvb0NJZl81OVJ2UktQQlpBWFNBUE1TZi1UYTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQBJYuQAwQB
JYuUAwQETfLgAwQETp9AAwQATp9TAwQGXDfAAwQCuS5cAwQGvHAAMA0EAgACMAcD
BQAqAgfwMA0GCSqGSIb3DQEBCwUAA4IBAQArQ+tOF5+rDPuTcDkPeFDgNQ8qS4xb
72KQkr4oY73HMUHQZGSCRCeS5grfkWKgggUZ22HXHooyxBg+OZ/r6f0JsaG0stFV
RpM9/ARJWnn1VNPTzG0EtRs4EwZYlS6C7aB4+fhCVB23q61UGUdHE/uq2HtX25NY
GnSJHH0aXRmQ/ffW/HQ2ooMvYmsWpAFTx5Q01V9mt189IE36/DwWMMAbuupfS8uJ
ew3nCbE0/4raz+dhxa86roB4AXX97bLMa+CtDwDAxagZ8dMnDooWjVuTIH6RWN1Y
AL4t1mZJY19+fjde81MsZuDnwtBl5WC7wBGd9ZrRjOEMSVag/lrktMIc
-----END CERTIFICATE-----