Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/C30GGM2qRpcqxX57ljA6wamIDTo.roa
File:                     C30GGM2qRpcqxX57ljA6wamIDTo.roa (raw, json)
Hash identifier:          LZ8BEeSQLFEUOhz0dSf81LQbjEfvK8rJpKHoLHvjTpI=
Subject key identifier:   0B:7D:06:18:CD:AA:46:97:2A:C5:7E:7B:96:30:3A:C1:A9:88:0D:3A
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       03F50FBF
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/C30GGM2qRpcqxX57ljA6wamIDTo.roa
Signing time:             Thu 03 Mar 2022 13:52:03 +0000
ROA not before:           Thu 03 Mar 2022 13:52:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        46.37.98.0/24 maxlen: 24
                          46.37.97.0/24 maxlen: 24
                          46.37.100.0/24 maxlen: 24
                          46.37.99.0/24 maxlen: 24
                          46.37.105.0/24 maxlen: 24
                          46.37.102.0/24 maxlen: 24
                          46.37.104.0/24 maxlen: 24
                          46.37.103.0/24 maxlen: 24
                          46.37.112.0/24 maxlen: 24
                          46.37.109.0/24 maxlen: 24
                          46.37.111.0/24 maxlen: 24
                          46.37.110.0/24 maxlen: 24
                          185.92.44.0/24 maxlen: 24
                          46.37.107.0/24 maxlen: 24
                          46.37.106.0/24 maxlen: 24
                          46.37.114.0/24 maxlen: 24
                          46.37.113.0/24 maxlen: 24
                          46.37.116.0/24 maxlen: 24
                          46.37.115.0/24 maxlen: 24
                          46.37.117.0/24 maxlen: 24
                          185.92.45.0/24 maxlen: 24
                          185.92.47.0/24 maxlen: 24
                          185.92.46.0/24 maxlen: 24
                          46.37.119.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 66391999 (0x3f50fbf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Mar  3 13:52:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0b7d0618cdaa46972ac57e7b96303ac1a9880d3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:04:86:a3:cf:e7:10:6d:0f:5b:bf:78:72:4c:
                    0d:db:5a:55:44:dc:7b:d5:19:c1:f2:47:c4:4a:52:
                    58:b8:0a:78:78:ec:d7:fe:fb:89:9a:44:39:67:95:
                    d4:ec:25:af:68:c0:1e:87:92:03:a5:91:0d:f5:4a:
                    9d:36:48:b6:59:30:9d:e3:21:e7:83:be:e3:a1:70:
                    18:be:7b:b6:7c:a5:f1:a7:51:34:6d:2a:5e:2c:78:
                    eb:4b:69:19:5a:11:97:10:79:12:bd:f2:0f:0e:82:
                    0e:98:25:d7:09:81:30:9e:71:af:eb:03:4b:cc:d7:
                    c4:bc:a2:39:a8:69:83:6a:1e:11:cc:16:6c:3b:15:
                    22:2f:9a:72:dd:a0:5f:fa:c4:8b:26:cd:63:88:30:
                    e2:5f:fe:c8:54:eb:82:f8:1c:7f:b3:16:9e:d9:3b:
                    87:01:08:2c:03:2f:9f:1d:47:3a:74:b1:fb:7a:5d:
                    11:76:06:66:52:84:b9:20:21:f1:a3:9d:88:44:e2:
                    50:27:76:3a:fc:5b:e9:a6:3b:dc:fb:95:a2:54:ea:
                    52:c4:36:7c:73:e2:34:7f:78:87:78:a1:de:dc:b5:
                    72:39:82:cc:ae:7c:fe:32:1a:c6:cb:01:f9:4d:dd:
                    9f:48:e9:2c:3b:0d:00:13:85:41:83:1f:75:8f:53:
                    d5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7D:06:18:CD:AA:46:97:2A:C5:7E:7B:96:30:3A:C1:A9:88:0D:3A
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/C30GGM2qRpcqxX57ljA6wamIDTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.97.0-46.37.100.255
                  46.37.102.0-46.37.107.255
                  46.37.109.0-46.37.117.255
                  46.37.119.0/24
                  185.92.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:fd:32:92:2d:2e:43:4d:76:fb:75:0c:37:88:8b:a0:80:85:
         f1:09:95:b7:13:97:16:41:ae:75:bc:af:5f:b2:4f:94:a5:b2:
         67:14:50:2f:ac:22:7b:46:4d:70:a8:0b:00:da:8a:97:aa:87:
         ec:89:96:77:2f:95:23:c0:bf:da:60:d6:06:c5:ef:29:5b:57:
         1f:cb:14:71:5c:af:52:28:ca:8d:44:f0:5d:97:3d:7d:bf:0c:
         71:d1:e6:f1:36:4f:7f:e2:a6:7b:dc:b3:47:56:b4:23:81:e4:
         73:a1:c0:f6:8a:47:c0:07:c4:d9:2f:ed:e8:cc:75:81:ab:8a:
         fa:e1:86:dc:6d:64:75:08:e6:6b:32:7b:e4:7e:72:2b:a8:3a:
         ec:b1:f1:70:97:16:66:82:a0:06:96:3b:f4:96:64:c5:61:42:
         32:49:24:82:8f:72:7a:3c:4f:9a:3c:ca:58:52:30:6d:1f:47:
         30:0d:eb:46:f4:27:e5:2a:7f:91:96:91:74:48:67:50:b6:21:
         cc:3c:7e:c8:46:22:cf:e6:7a:aa:e5:24:f6:4e:cd:69:8c:73:
         57:13:37:94:31:7f:4b:4d:56:d9:28:0f:db:f6:66:a6:3e:35:
         03:f9:68:17:da:29:ec:5f:f9:f7:8e:bf:d3:04:ad:c0:1a:84:
         cf:b1:05:a3
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEA/UPvzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
M2NmMDg4NDkxOGE1MDIzOWVmNzA1MThlZTlmYzA0ZjFhYWUxOTI5MB4XDTIyMDMw
MzEzNTIwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGI3ZDA2MThjZGFh
NDY5NzJhYzU3ZTdiOTYzMDNhYzFhOTg4MGQzYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN4EhqPP5xBtD1u/eHJMDdtaVUTce9UZwfJHxEpSWLgKeHjs
1/77iZpEOWeV1Owlr2jAHoeSA6WRDfVKnTZItlkwneMh54O+46FwGL57tnyl8adR
NG0qXix460tpGVoRlxB5Er3yDw6CDpgl1wmBMJ5xr+sDS8zXxLyiOahpg2oeEcwW
bDsVIi+act2gX/rEiybNY4gw4l/+yFTrgvgcf7MWntk7hwEILAMvnx1HOnSx+3pd
EXYGZlKEuSAh8aOdiETiUCd2Ovxb6aY73PuVolTqUsQ2fHPiNH94h3ih3ty1cjmC
zK58/jIaxssB+U3dn0jpLDsNABOFQYMfdY9T1SsCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBQLfQYYzapGlyrFfnuWMDrBqYgNOjAfBgNVHSMEGDAWgBTTzwiEkYpQI573
BRjun8BPGq4ZKTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzA4OEloSkdLVUNPZTl3VVk3cF9BVHhxdUdTay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTcvY2RmZjE2LTQ1OGEtNDdjMy04ZGZhLTIzMTU0OTQwOTcyMC8x
L0MzMEdHTTJxUnBjcXhYNTdsakE2d2FtSURUby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcv
Y2RmZjE2LTQ1OGEtNDdjMy04ZGZhLTIzMTU0OTQwOTcyMC8xLzA4OEloSkdLVUNP
ZTl3VVk3cF9BVHhxdUdTay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNjAMAwQALiVhAwQALiVkMAwDBAEuJWYD
BAIuJWgwDAMEAC4lbQMEAS4ldAMEAC4ldwMEArlcLDANBgkqhkiG9w0BAQsFAAOC
AQEAYv0yki0uQ012+3UMN4iLoICF8QmVtxOXFkGudbyvX7JPlKWyZxRQL6wie0ZN
cKgLANqKl6qH7ImWdy+VI8C/2mDWBsXvKVtXH8sUcVyvUijKjUTwXZc9fb8McdHm
8TZPf+Kme9yzR1a0I4Hkc6HA9opHwAfE2S/t6Mx1gauK+uGG3G1kdQjmazJ75H5y
K6g67LHxcJcWZoKgBpY79JZkxWFCMkkkgo9yejxPmjzKWFIwbR9HMA3rRvQn5Sp/
kZaRdEhnULYhzDx+yEYiz+Z6quUk9k7NaYxzVxM3lDF/S01W2SgP2/Zmpj41A/lo
F9op7F/5946/0wStwBqEz7EFow==
-----END CERTIFICATE-----