Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/g07MWavZQ72Od7UmRsxK-qwIpE0.roa
File:                     g07MWavZQ72Od7UmRsxK-qwIpE0.roa (raw, json)
Hash identifier:          9kFn2k4igDukZzDg3e7WcoSQz/fwodje+gZ4JrppmcI=
Subject key identifier:   83:4E:CC:59:AB:D9:43:BD:8E:77:B5:26:46:CC:4A:FA:AC:08:A4:4D
Certificate issuer:       /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial:       04324A8D
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/g07MWavZQ72Od7UmRsxK-qwIpE0.roa
Signing time:             Sat 01 Jan 2022 14:06:34 +0000
ROA not before:           Sat 01 Jan 2022 14:06:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200350
IP address blocks:        84.201.128.0/18 maxlen: 24
                          217.28.224.0/20 maxlen: 24
                          62.84.112.0/20 maxlen: 24
                          130.193.32.0/19 maxlen: 24
                          185.206.164.0/22 maxlen: 24
                          45.133.96.0/22 maxlen: 24
                          185.216.194.0/23 maxlen: 24
                          193.32.216.0/22 maxlen: 24
                          46.21.244.0/22 maxlen: 24
                          178.154.192.0/18 maxlen: 24
                          84.252.128.0/20 maxlen: 24
                          51.250.0.0/17 maxlen: 24
                          217.198.168.0/21 maxlen: 24
                          2a0d:d6c0::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70404749 (0x4324a8d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
        Validity
            Not Before: Jan  1 14:06:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=834ecc59abd943bd8e77b52646cc4afaac08a44d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f9:60:fc:c6:e1:dd:a4:c9:4e:ca:2a:5b:b3:
                    68:99:6e:18:5d:25:ec:e7:87:1c:74:de:fd:7f:64:
                    d1:c2:11:bc:6c:95:ee:08:ea:92:dd:17:11:23:bd:
                    f7:9f:32:02:28:c1:6a:5f:9a:c9:8d:7d:d1:0a:c0:
                    32:f5:44:d9:da:ee:76:93:fa:9e:bd:11:7d:a0:6a:
                    db:08:e8:38:7b:d7:ca:ec:7b:60:2d:2a:13:44:7b:
                    b5:81:a6:08:93:09:a2:42:8d:77:99:63:0b:c1:69:
                    e0:cc:03:c5:de:13:6b:06:9c:92:ad:62:db:06:43:
                    82:3f:c5:47:7c:82:51:a0:12:b0:26:79:49:89:46:
                    7f:7a:74:f2:df:f0:45:07:f3:6a:c7:be:52:c0:6e:
                    5b:e5:02:cd:a8:1a:27:b9:f5:b0:7a:09:e5:8d:c6:
                    92:d7:67:17:6a:e3:07:ab:25:23:3c:1d:3d:16:78:
                    ff:0d:78:23:cb:3a:33:84:94:cc:b5:3e:9b:56:79:
                    83:4f:b9:55:c2:44:08:6b:0a:84:db:37:78:43:5d:
                    ab:55:67:9f:d9:88:22:af:6d:2d:3e:ca:48:88:2c:
                    81:d1:1c:ce:6e:d7:24:3b:89:e7:08:2c:10:d1:53:
                    ed:40:8d:0d:46:f5:f6:5b:db:4b:d1:2b:6e:31:1e:
                    2f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:4E:CC:59:AB:D9:43:BD:8E:77:B5:26:46:CC:4A:FA:AC:08:A4:4D
            X509v3 Authority Key Identifier:
                keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/g07MWavZQ72Od7UmRsxK-qwIpE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.96.0/22
                  46.21.244.0/22
                  51.250.0.0/17
                  62.84.112.0/20
                  84.201.128.0/18
                  84.252.128.0/20
                  130.193.32.0/19
                  178.154.192.0/18
                  185.206.164.0/22
                  185.216.194.0/23
                  193.32.216.0/22
                  217.28.224.0/20
                  217.198.168.0/21
                IPv6:
                  2a0d:d6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:74:1d:ca:f9:ec:1e:64:dd:71:b9:33:d7:b8:94:21:b4:7b:
         30:34:52:05:ab:0d:61:be:ab:2e:5d:32:6a:29:ca:27:ae:a7:
         00:93:9a:b9:be:3e:81:ac:7b:a6:36:a8:23:4b:53:48:d8:4a:
         46:58:52:04:a0:f2:d3:71:77:d5:03:3c:3c:c7:40:6d:e8:e6:
         11:12:6e:64:9d:f5:a8:1d:ca:41:24:27:74:b7:7f:50:f7:d1:
         52:72:d2:57:7a:b6:ba:e6:0f:1f:65:63:cd:cb:16:bc:d2:73:
         f9:99:b6:a1:a3:90:f8:62:b6:21:bc:14:3d:cf:ec:5c:65:77:
         0c:43:9d:28:fb:5a:3f:3b:97:04:42:f2:48:01:09:fd:01:74:
         33:77:83:69:16:0c:2f:82:21:dd:5c:5b:ba:4b:34:4e:e9:06:
         a1:b2:b0:4d:28:b6:7f:8e:c2:82:07:fb:88:58:f4:5c:46:38:
         b3:e0:80:9b:58:cd:8a:3c:cc:e2:76:26:f2:99:f4:f1:5b:e4:
         31:06:38:76:92:75:0c:d5:65:11:5b:67:20:90:31:5c:10:56:
         e0:74:6d:72:2f:f8:c4:27:a5:7e:e6:23:eb:70:46:3d:14:19:
         c2:84:85:a9:8f:e0:e2:80:29:99:ac:91:95:d7:d8:c4:b1:dd:
         1e:6d:09:38
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIEBDJKjTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
Yzg2ZTNlOTI4YzdmMGM5ZGI2OTUxNWZmM2FhMWY2NzhjZWU0M2MwMB4XDTIyMDEw
MTE0MDYzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODM0ZWNjNTlhYmQ5
NDNiZDhlNzdiNTI2NDZjYzRhZmFhYzA4YTQ0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM75YPzG4d2kyU7KKluzaJluGF0l7OeHHHTe/X9k0cIRvGyV
7gjqkt0XESO9958yAijBal+ayY190QrAMvVE2drudpP6nr0RfaBq2wjoOHvXyux7
YC0qE0R7tYGmCJMJokKNd5ljC8Fp4MwDxd4Tawackq1i2wZDgj/FR3yCUaASsCZ5
SYlGf3p08t/wRQfzase+UsBuW+UCzagaJ7n1sHoJ5Y3GktdnF2rjB6slIzwdPRZ4
/w14I8s6M4SUzLU+m1Z5g0+5VcJECGsKhNs3eENdq1Vnn9mIIq9tLT7KSIgsgdEc
zm7XJDuJ5wgsENFT7UCNDUb19lvbS9ErbjEeL7ECAwEAAaOCAmAwggJcMB0GA1Ud
DgQWBBSDTsxZq9lDvY53tSZGzEr6rAikTTAfBgNVHSMEGDAWgBTchuPpKMfwydtp
UV/zqh9njO5DwDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzNJYmo2U2pIOE1uYmFWRmY4Nm9mWjR6dVE4QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTgvNDcxYWE1LWMzZjctNGFmZC1iMTIyLTljOGU1OWMyNzcxYy8x
L2cwN01XYXZaUTcyT2Q3VW1Sc3hLLXF3SXBFMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTgv
NDcxYWE1LWMzZjctNGFmZC1iMTIyLTljOGU1OWMyNzcxYy8xLzNJYmo2U2pIOE1u
YmFWRmY4Nm9mWjR6dVE4QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB2
BggrBgEFBQcBBwEB/wRnMGUwVAQCAAEwTgMEAi2FYAMEAi4V9AMEBzP6AAMEBD5U
cAMEBlTJgAMEBFT8gAMEBYLBIAMEBrKawAMEArnOpAMEAbnYwgMEAsEg2AMEBNkc
4AMEA9nGqDANBAIAAjAHAwUDKg3WwDANBgkqhkiG9w0BAQsFAAOCAQEAQ3Qdyvns
HmTdcbkz17iUIbR7MDRSBasNYb6rLl0yainKJ66nAJOaub4+gax7pjaoI0tTSNhK
RlhSBKDy03F31QM8PMdAbejmERJuZJ31qB3KQSQndLd/UPfRUnLSV3q2uuYPH2Vj
zcsWvNJz+Zm2oaOQ+GK2IbwUPc/sXGV3DEOdKPtaPzuXBELySAEJ/QF0M3eDaRYM
L4Ih3Vxbuks0TukGobKwTSi2f47Cggf7iFj0XEY4s+CAm1jNijzM4nYm8pn08Vvk
MQY4dpJ1DNVlEVtnIJAxXBBW4HRtci/4xCelfuYj63BGPRQZwoSFqY/g4oApmayR
ldfYxLHdHm0JOA==
-----END CERTIFICATE-----