Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/2wzTkQQ-4wHAAf9WBrX3NZlez6Q.roa
File:                     2wzTkQQ-4wHAAf9WBrX3NZlez6Q.roa (raw, json)
Hash identifier:          ZOKmP8yUmFnRbq7vbjaiM5QMMC9p3dCIsVdq/10Uh9w=
Subject key identifier:   DB:0C:D3:91:04:3E:E3:01:C0:01:FF:56:06:B5:F7:35:99:5E:CF:A4
Certificate issuer:       /CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
Certificate serial:       0184E5D7B1018543D6BA9F54DE34CD9D8EDB
Authority key identifier: BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/2wzTkQQ-4wHAAf9WBrX3NZlez6Q.roa
Signing time:             Tue 06 Dec 2022 05:10:28 +0000
ROA not before:           Tue 06 Dec 2022 05:10:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29286
IP address blocks:        185.71.116.0/24 maxlen: 24
                          185.71.118.0/24 maxlen: 24
                          185.71.117.0/24 maxlen: 24
                          185.71.119.0/24 maxlen: 24
                          212.50.35.0/24 maxlen: 24
                          212.50.43.0/24 maxlen: 24
                          212.50.42.0/24 maxlen: 24
                          212.50.51.0/24 maxlen: 24
                          212.50.50.0/24 maxlen: 24
                          212.50.47.0/24 maxlen: 24
                          212.50.46.0/24 maxlen: 24
                          212.50.49.0/24 maxlen: 24
                          212.50.48.0/24 maxlen: 24
                          212.50.45.0/24 maxlen: 24
                          212.50.52.0/24 maxlen: 24
                          212.50.58.0/24 maxlen: 24
                          212.50.57.0/24 maxlen: 24
                          212.50.53.0/24 maxlen: 24
                          212.50.56.0/24 maxlen: 24
                          212.50.60.0/24 maxlen: 24
                          212.50.63.0/24 maxlen: 24
                          212.50.62.0/24 maxlen: 24
                          212.50.59.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e5:d7:b1:01:85:43:d6:ba:9f:54:de:34:cd:9d:8e:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb8d64a0dc21996b1c99e68cc951694e293edefe
        Validity
            Not Before: Dec  6 05:10:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=db0cd391043ee301c001ff5606b5f735995ecfa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:09:22:5e:fc:c7:ea:42:98:17:7e:6a:c4:1b:
                    8b:70:29:c4:27:8a:bd:ec:a0:7c:6f:33:69:59:19:
                    ce:06:2e:7a:c6:3a:c6:1f:1a:5c:98:67:cb:65:9c:
                    8f:07:7c:a2:30:fb:11:70:7a:22:17:95:4f:3d:c0:
                    d2:96:e4:a8:97:e0:47:05:16:c2:6c:b1:b1:dc:f2:
                    80:4f:a9:d8:ce:f6:d9:84:e3:66:08:6d:4b:fc:e2:
                    fe:68:f9:a1:23:15:c4:93:bd:95:5c:0a:bb:bf:71:
                    09:b6:9d:6f:be:f1:83:69:09:3d:f7:54:be:78:f7:
                    52:8b:fd:d5:8b:14:f7:8a:25:0e:de:b8:b7:32:75:
                    66:31:48:8d:b9:77:e7:bc:ea:27:c9:5f:a5:1c:4f:
                    e2:5a:81:1d:b4:68:d6:94:99:4f:af:11:26:e2:11:
                    fb:e8:76:83:6f:f2:db:e1:47:e9:ab:c8:0a:b9:21:
                    f9:f6:3e:7f:b9:1f:bc:6c:54:3f:03:70:81:60:17:
                    cb:b6:ec:1b:08:67:96:50:d0:d7:1e:c4:21:bb:20:
                    2c:51:cf:66:b1:e4:ac:e2:9f:33:b5:88:26:58:83:
                    de:fe:b4:d7:9f:2e:7a:52:93:3a:39:06:a7:11:25:
                    36:f3:89:9f:dd:b6:9e:fb:77:f0:5b:3a:6f:92:2b:
                    8b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:0C:D3:91:04:3E:E3:01:C0:01:FF:56:06:B5:F7:35:99:5E:CF:A4
            X509v3 Authority Key Identifier:
                keyid:BB:8D:64:A0:DC:21:99:6B:1C:99:E6:8C:C9:51:69:4E:29:3E:DE:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u41koNwhmWscmeaMyVFpTik-3v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/2wzTkQQ-4wHAAf9WBrX3NZlez6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/220318-46f1-4ebf-a795-dd4a217d606b/1/u41koNwhmWscmeaMyVFpTik-3v4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.116.0/22
                  212.50.35.0/24
                  212.50.42.0/23
                  212.50.45.0-212.50.53.255
                  212.50.56.0-212.50.60.255
                  212.50.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:c7:6a:6d:7d:a4:ea:d3:a1:28:8e:be:a0:4e:a2:6c:38:07:
         41:95:97:4f:9e:e1:9b:00:2c:19:a7:18:d6:4f:40:63:98:97:
         33:2e:84:b4:6f:d0:11:4f:7d:66:4d:c9:2f:cd:b5:b0:33:78:
         1b:c9:27:d4:e8:e1:e2:53:2e:fa:cf:ad:d5:94:e0:ba:ff:b0:
         f1:58:d6:81:f1:ba:a2:0f:d3:70:e4:15:fd:cf:45:eb:20:8e:
         86:48:98:fb:0c:83:57:4b:3b:6d:95:25:91:e9:06:54:e0:5b:
         47:fb:b5:9b:3b:05:08:97:ba:1e:4c:9a:02:b3:25:a2:2a:96:
         a5:ff:98:20:63:ff:4c:e9:43:f8:b5:45:f0:df:9f:6b:94:5e:
         c5:1e:e4:d2:a7:87:04:0f:45:53:2a:70:d4:ed:d5:e5:e0:50:
         b0:0a:5b:64:d1:a1:3a:6f:50:21:90:58:5b:0a:99:6b:c8:70:
         a9:7d:e8:bd:f4:39:a6:00:da:02:5c:b8:78:53:23:ce:3d:85:
         4b:91:b8:e4:e4:92:ad:99:ac:20:33:2a:38:18:cd:d4:99:d6:
         cd:a5:58:33:81:44:3e:79:29:0a:6f:23:c9:de:ff:2e:b1:d6:
         a6:80:d1:db:38:b1:dd:21:a9:6d:27:e8:67:01:ee:63:04:22:
         24:c0:3e:10
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYTl17EBhUPWup9U3jTNnY7bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOGQ2NGEwZGMyMTk5NmIxYzk5ZTY4Y2M5NTE2OTRlMjkz
ZWRlZmUwHhcNMjIxMjA2MDUxMDI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjBjZDM5MTA0M2VlMzAxYzAwMWZmNTYwNmI1ZjczNTk5NWVjZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wkiXvzH6kKYF35qxBuLcCnEJ4q9
7KB8bzNpWRnOBi56xjrGHxpcmGfLZZyPB3yiMPsRcHoiF5VPPcDSluSol+BHBRbC
bLGx3PKAT6nYzvbZhONmCG1L/OL+aPmhIxXEk72VXAq7v3EJtp1vvvGDaQk991S+
ePdSi/3VixT3iiUO3ri3MnVmMUiNuXfnvOonyV+lHE/iWoEdtGjWlJlPrxEm4hH7
6HaDb/Lb4Ufpq8gKuSH59j5/uR+8bFQ/A3CBYBfLtuwbCGeWUNDXHsQhuyAsUc9m
seSs4p8ztYgmWIPe/rTXny56UpM6OQanESU284mf3bae+3fwWzpvkiuLcQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFNsM05EEPuMBwAH/Vga19zWZXs+kMB8GA1UdIwQY
MBaAFLuNZKDcIZlrHJnmjMlRaU4pPt7+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUt
ZGQ0YTIxN2Q2MDZiLzEvMnd6VGtRUS00d0hBQWY5V0JyWDNOWmxlejZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yMjAzMTgtNDZmMS00ZWJmLWE3OTUtZGQ0YTIxN2Q2MDZi
LzEvdTQxa29Od2htV3NjbWVhTXlWRnBUaWstM3Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQCuUd0AwQA
1DIjAwQB1DIqMAwDBADUMi0DBAHUMjQwDAMEA9QyOAMEANQyPAMEAdQyPjANBgkq
hkiG9w0BAQsFAAOCAQEAN8dqbX2k6tOhKI6+oE6ibDgHQZWXT57hmwAsGacY1k9A
Y5iXMy6EtG/QEU99Zk3JL821sDN4G8kn1Ojh4lMu+s+t1ZTguv+w8VjWgfG6og/T
cOQV/c9F6yCOhkiY+wyDV0s7bZUlkekGVOBbR/u1mzsFCJe6HkyaArMloiqWpf+Y
IGP/TOlD+LVF8N+fa5RexR7k0qeHBA9FUypw1O3V5eBQsApbZNGhOm9QIZBYWwqZ
a8hwqX3ovfQ5pgDaAly4eFMjzj2FS5G45OSSrZmsIDMqOBjN1JnWzaVYM4FEPnkp
Cm8jyd7/LrHWpoDR2zix3SGpbSfoZwHuYwQiJMA+EA==
-----END CERTIFICATE-----