Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/sisSSCc3RXzYrxx6XG85VwzCfgU.roa
File:                     sisSSCc3RXzYrxx6XG85VwzCfgU.roa (raw, json)
Hash identifier:          Yx6FjkxVonnv/GFI28QrFzPISyMvQmNCnCGMKse4E6g=
Subject key identifier:   B2:2B:12:48:27:37:45:7C:D8:AF:1C:7A:5C:6F:39:57:0C:C2:7E:05
Certificate issuer:       /CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
Certificate serial:       0182438F5B820873C2E2EBDD89BDBA8BF3A6
Authority key identifier: E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/sisSSCc3RXzYrxx6XG85VwzCfgU.roa
Signing time:             Thu 28 Jul 2022 06:47:24 +0000
ROA not before:           Thu 28 Jul 2022 06:47:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210329
IP address blocks:        81.28.4.0/24 maxlen: 24
                          83.229.68.0/24 maxlen: 24
                          83.229.69.0/24 maxlen: 24
                          83.229.75.0/24 maxlen: 24
                          81.28.5.0/24 maxlen: 24
                          194.146.24.0/24 maxlen: 24
                          63.250.58.0/24 maxlen: 24
                          185.127.17.0/24 maxlen: 24
                          185.127.16.0/24 maxlen: 24
                          185.237.98.0/24 maxlen: 24
                          185.127.18.0/24 maxlen: 24
                          185.127.19.0/24 maxlen: 24
                          185.237.99.0/24 maxlen: 24
                          185.237.12.0/24 maxlen: 24
                          185.237.13.0/24 maxlen: 24
                          194.146.25.0/24 maxlen: 24
                          212.86.104.0/24 maxlen: 24
                          212.86.105.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:43:8f:5b:82:08:73:c2:e2:eb:dd:89:bd:ba:8b:f3:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
        Validity
            Not Before: Jul 28 06:47:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b22b12482737457cd8af1c7a5c6f39570cc27e05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:28:f0:af:25:22:47:81:72:86:07:ae:80:32:
                    82:56:20:ac:0d:cd:23:32:08:ba:2d:8c:96:bc:22:
                    a6:a9:21:60:5f:be:f1:48:27:07:89:bb:36:0b:6c:
                    9d:59:89:c1:3d:c9:99:92:9a:f8:23:83:32:36:df:
                    6a:29:0f:88:03:81:ab:73:27:d4:fd:38:b9:38:a2:
                    ee:f3:b7:66:22:7b:8a:5d:84:f7:e9:c5:67:58:f8:
                    9e:78:95:ee:92:6b:42:08:52:6e:64:de:8c:98:c1:
                    6c:c8:bc:7d:58:ed:44:5a:de:75:7e:61:53:48:67:
                    fa:ea:0f:91:c1:b7:ed:b8:7d:2b:0f:c1:ab:c3:30:
                    aa:6c:4b:03:18:07:da:25:fb:8f:42:a5:b3:e4:93:
                    9b:40:a3:c6:ea:cd:9c:5c:4b:62:e2:be:60:ca:65:
                    ea:94:01:72:51:7b:67:3e:3a:76:35:91:b3:81:96:
                    e7:f8:90:8a:53:96:a0:8c:ea:cd:4c:f5:61:ab:ec:
                    bd:fa:02:b0:66:1a:70:63:18:ea:f3:01:7b:93:9e:
                    31:c9:6e:b9:ad:81:58:4e:12:a9:b3:3d:85:3b:6b:
                    f9:e8:f5:33:9d:6f:3e:68:df:45:a2:87:70:95:b2:
                    63:0b:92:15:de:0f:cb:bd:f6:26:e5:22:88:6d:d8:
                    5e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:2B:12:48:27:37:45:7C:D8:AF:1C:7A:5C:6F:39:57:0C:C2:7E:05
            X509v3 Authority Key Identifier:
                keyid:E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/sisSSCc3RXzYrxx6XG85VwzCfgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/5b15I6_brofQeyMI3TidnPCC7W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.250.58.0/24
                  81.28.4.0/23
                  83.229.68.0/23
                  83.229.75.0/24
                  185.127.16.0/22
                  185.237.12.0/23
                  185.237.98.0/23
                  194.146.24.0/23
                  212.86.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cb:6e:6c:97:96:fa:ff:39:57:df:7a:60:95:3d:6b:5a:5f:ec:
         c8:d1:48:a8:9c:a2:36:df:bd:de:e6:89:65:3d:ef:ab:c8:87:
         6d:14:98:b4:e6:86:c5:a6:49:90:76:04:4c:2e:f6:b3:b3:40:
         f3:e8:08:27:b0:77:dc:ab:ed:0e:27:ac:1c:13:e2:37:16:11:
         2a:dc:e6:3f:49:18:20:d6:ac:e7:b3:e2:f2:88:4a:3c:70:c3:
         b7:e1:72:99:11:f9:7c:c7:fc:4e:ff:53:3f:24:82:fb:d1:ed:
         bb:09:35:9d:43:3c:b3:8f:82:f6:7c:2e:0b:49:70:22:21:6c:
         7a:74:46:1e:f2:7b:11:30:8e:fa:fb:88:c6:43:e0:dc:c6:1d:
         08:db:ea:40:af:46:d0:34:74:79:ad:b7:75:d3:da:93:c7:35:
         0a:a3:d9:e5:fe:ec:14:d0:88:0e:dc:9b:04:d3:76:a4:cf:d7:
         ae:ec:96:85:79:e5:1b:5f:ad:9c:49:4c:b9:eb:6d:6c:7c:07:
         b0:fd:b5:64:a5:e9:ba:38:fd:50:04:5f:71:77:49:eb:4b:53:
         42:60:f5:8b:e8:cf:38:10:47:17:25:e8:28:15:ea:b3:fe:fd:
         bd:8a:f5:b0:42:09:6d:b1:7c:81:c6:c6:ed:5c:c6:b1:dc:a3:
         cb:96:66:3c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYJDj1uCCHPC4uvdib26i/OmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmQ3OTIzYWZkYmFlODdkMDdiMjMwOGRkMzg5ZDljZjA4
MmVkNmQwHhcNMjIwNzI4MDY0NzI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjJiMTI0ODI3Mzc0NTdjZDhhZjFjN2E1YzZmMzk1NzBjYzI3ZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyjwryUiR4FyhgeugDKCViCsDc0j
Mgi6LYyWvCKmqSFgX77xSCcHibs2C2ydWYnBPcmZkpr4I4MyNt9qKQ+IA4GrcyfU
/Ti5OKLu87dmInuKXYT36cVnWPieeJXukmtCCFJuZN6MmMFsyLx9WO1EWt51fmFT
SGf66g+RwbftuH0rD8GrwzCqbEsDGAfaJfuPQqWz5JObQKPG6s2cXEti4r5gymXq
lAFyUXtnPjp2NZGzgZbn+JCKU5agjOrNTPVhq+y9+gKwZhpwYxjq8wF7k54xyW65
rYFYThKpsz2FO2v56PUznW8+aN9FoodwlbJjC5IV3g/LvfYm5SKIbdhesQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLIrEkgnN0V82K8celxvOVcMwn4FMB8GA1UdIwQY
MBaAFOW9eSOv266H0HsjCN04nZzwgu1tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2Ut
MjZkMWU1NDU3OGYxLzEvc2lzU1NDYzNSWHpZcnh4NlhHODVWd3pDZmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2UtMjZkMWU1NDU3OGYx
LzEvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAP/o6AwQB
URwEAwQBU+VEAwQAU+VLAwQCuX8QAwQBue0MAwQBue1iAwQBwpIYAwQB1FZoMA0G
CSqGSIb3DQEBCwUAA4IBAQDLbmyXlvr/OVffemCVPWtaX+zI0UionKI2373e5oll
Pe+ryIdtFJi05obFpkmQdgRMLvazs0Dz6AgnsHfcq+0OJ6wcE+I3FhEq3OY/SRgg
1qzns+LyiEo8cMO34XKZEfl8x/xO/1M/JIL70e27CTWdQzyzj4L2fC4LSXAiIWx6
dEYe8nsRMI76+4jGQ+Dcxh0I2+pAr0bQNHR5rbd109qTxzUKo9nl/uwU0IgO3JsE
03akz9eu7JaFeeUbX62cSUy5621sfAew/bVkpem6OP1QBF9xd0nrS1NCYPWL6M84
EEcXJegoFeqz/v29ivWwQgltsXyBxsbtXMax3KPLlmY8
-----END CERTIFICATE-----