Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/xunWw1HjO1YDaD9q3L3iuuL2ntA.roa
File:                     xunWw1HjO1YDaD9q3L3iuuL2ntA.roa (raw, json)
Hash identifier:          QvEANexErWuqD/QCdgj+UYufYjJdsEskwhu3Lh7qmyw=
Subject key identifier:   C6:E9:D6:C3:51:E3:3B:56:03:68:3F:6A:DC:BD:E2:BA:E2:F6:9E:D0
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       04159CA1
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/xunWw1HjO1YDaD9q3L3iuuL2ntA.roa
Signing time:             Fri 11 Mar 2022 03:46:09 +0000
ROA not before:           Fri 11 Mar 2022 03:46:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        46.37.97.0/24 maxlen: 24
                          46.37.100.0/24 maxlen: 24
                          46.37.105.0/24 maxlen: 24
                          46.37.102.0/24 maxlen: 24
                          46.37.104.0/24 maxlen: 24
                          46.37.112.0/24 maxlen: 24
                          46.37.109.0/24 maxlen: 24
                          46.37.111.0/24 maxlen: 24
                          46.37.110.0/24 maxlen: 24
                          185.92.44.0/24 maxlen: 24
                          46.37.107.0/24 maxlen: 24
                          46.37.106.0/24 maxlen: 24
                          46.37.113.0/24 maxlen: 24
                          46.37.116.0/24 maxlen: 24
                          46.37.115.0/24 maxlen: 24
                          46.37.117.0/24 maxlen: 24
                          185.92.47.0/24 maxlen: 24
                          185.92.46.0/24 maxlen: 24
                          46.37.119.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 68525217 (0x4159ca1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Mar 11 03:46:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c6e9d6c351e33b5603683f6adcbde2bae2f69ed0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:99:98:fe:fa:31:08:4f:5f:d3:be:c6:ee:09:
                    29:8f:3a:20:d9:ce:2a:27:c6:f0:0e:8e:9a:32:31:
                    b8:2b:68:e0:97:41:64:2b:f8:8a:65:0c:b2:0d:92:
                    c0:72:c6:ae:b5:e4:81:a7:ec:55:64:5e:31:5c:0d:
                    5a:c6:52:9c:bf:3d:e9:8c:66:fc:81:f0:fe:cd:ea:
                    19:5e:de:d9:ae:69:58:0c:30:ce:4a:a2:de:05:ae:
                    ff:a8:86:64:7e:b1:2e:3b:8c:64:8c:71:0c:79:67:
                    4b:7f:8f:7c:c2:5e:8e:2b:f9:22:4e:98:b1:aa:43:
                    da:5a:b3:a6:d5:76:c3:11:63:30:47:63:45:ab:20:
                    3f:fb:26:f8:45:c9:24:d2:6a:bb:02:05:7c:3d:40:
                    f2:14:20:0f:08:43:f4:89:05:94:fd:7c:19:89:c4:
                    81:1b:7d:47:84:df:81:8c:f0:7c:14:df:c8:c2:33:
                    db:87:90:c1:60:3b:d3:c6:40:fa:78:3e:1a:d1:c8:
                    e2:e0:9c:e3:4a:86:ed:8a:54:cf:53:37:62:22:09:
                    40:f8:c2:07:bc:4b:f2:83:3a:5b:78:96:44:d3:c6:
                    30:18:d3:91:d8:49:13:e0:55:1b:30:83:c7:e2:dd:
                    ad:62:51:07:97:99:c2:49:7d:31:8b:8e:6c:df:e5:
                    ce:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E9:D6:C3:51:E3:3B:56:03:68:3F:6A:DC:BD:E2:BA:E2:F6:9E:D0
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/xunWw1HjO1YDaD9q3L3iuuL2ntA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.97.0/24
                  46.37.100.0/24
                  46.37.102.0/24
                  46.37.104.0/22
                  46.37.109.0-46.37.113.255
                  46.37.115.0-46.37.117.255
                  46.37.119.0/24
                  185.92.44.0/24
                  185.92.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:65:59:33:f7:6f:fa:bc:6f:d8:e7:96:89:c4:8d:48:45:73:
         5d:d6:fc:7f:7e:83:5b:b1:89:45:dc:e1:81:17:dc:8a:72:91:
         7a:df:12:8a:09:76:c4:46:31:f8:03:41:af:c4:38:e2:47:7d:
         85:b2:e5:f2:2a:99:cf:46:82:9f:8e:dd:2e:71:d4:4d:db:7f:
         8d:0f:31:17:23:be:cd:7d:38:7b:7d:ee:93:7d:e2:3a:75:5e:
         06:a4:fa:2c:50:4f:75:5d:b4:21:ab:de:dd:97:81:af:cb:f3:
         82:22:6d:77:9e:fd:e7:78:87:b0:d2:de:96:0a:8e:71:1d:38:
         56:b3:75:ee:fe:4b:db:80:86:6a:29:9d:a4:d4:05:78:58:40:
         4e:7b:e0:1f:42:0d:f5:ad:5d:35:86:a3:0a:8c:41:0c:63:96:
         33:f4:50:68:78:6f:7f:bd:0a:4f:f3:84:9c:fe:a0:f7:e9:98:
         34:ca:9a:b7:d5:ad:9e:89:46:3d:a8:0d:2f:82:b6:80:36:26:
         dc:e2:ea:a4:25:75:e9:5d:cd:2a:f7:e2:bd:12:94:df:b2:00:
         03:29:be:b1:30:c7:1e:15:a5:fe:14:c0:e1:f7:27:21:d7:e6:
         af:32:75:17:b0:84:ec:09:9e:97:58:47:92:99:fb:df:f5:1a:
         ca:39:16:fd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEBBWcoTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
M2NmMDg4NDkxOGE1MDIzOWVmNzA1MThlZTlmYzA0ZjFhYWUxOTI5MB4XDTIyMDMx
MTAzNDYwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzZlOWQ2YzM1MWUz
M2I1NjAzNjgzZjZhZGNiZGUyYmFlMmY2OWVkMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKGZmP76MQhPX9O+xu4JKY86INnOKifG8A6OmjIxuCto4JdB
ZCv4imUMsg2SwHLGrrXkgafsVWReMVwNWsZSnL896Yxm/IHw/s3qGV7e2a5pWAww
zkqi3gWu/6iGZH6xLjuMZIxxDHlnS3+PfMJejiv5Ik6YsapD2lqzptV2wxFjMEdj
RasgP/sm+EXJJNJquwIFfD1A8hQgDwhD9IkFlP18GYnEgRt9R4TfgYzwfBTfyMIz
24eQwWA708ZA+ng+GtHI4uCc40qG7YpUz1M3YiIJQPjCB7xL8oM6W3iWRNPGMBjT
kdhJE+BVGzCDx+LdrWJRB5eZwkl9MYuObN/lzn0CAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBTG6dbDUeM7VgNoP2rcveK64vae0DAfBgNVHSMEGDAWgBTTzwiEkYpQI573
BRjun8BPGq4ZKTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzA4OEloSkdLVUNPZTl3VVk3cF9BVHhxdUdTay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTcvY2RmZjE2LTQ1OGEtNDdjMy04ZGZhLTIzMTU0OTQwOTcyMC8x
L3h1bld3MUhqTzFZRGFEOXEzTDNpdXVMMm50QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcv
Y2RmZjE2LTQ1OGEtNDdjMy04ZGZhLTIzMTU0OTQwOTcyMC8xLzA4OEloSkdLVUNP
ZTl3VVk3cF9BVHhxdUdTay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wTAQCAAEwRgMEAC4lYQMEAC4lZAMEAC4lZgMEAi4l
aDAMAwQALiVtAwQBLiVwMAwDBAAuJXMDBAEuJXQDBAAuJXcDBAC5XCwDBAG5XC4w
DQYJKoZIhvcNAQELBQADggEBAF5lWTP3b/q8b9jnlonEjUhFc13W/H9+g1uxiUXc
4YEX3IpykXrfEooJdsRGMfgDQa/EOOJHfYWy5fIqmc9Ggp+O3S5x1E3bf40PMRcj
vs19OHt97pN94jp1Xgak+ixQT3VdtCGr3t2Xga/L84IibXee/ed4h7DS3pYKjnEd
OFazde7+S9uAhmopnaTUBXhYQE574B9CDfWtXTWGowqMQQxjljP0UGh4b3+9Ck/z
hJz+oPfpmDTKmrfVrZ6JRj2oDS+CtoA2Jtzi6qQldeldzSr34r0SlN+yAAMpvrEw
xx4Vpf4UwOH3JyHX5q8ydRewhOwJnpdYR5KZ+9/1Gso5Fv0=
-----END CERTIFICATE-----