Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/7Z1wRp733cSAwwiIdDb69rV51iM.roa
File:                     7Z1wRp733cSAwwiIdDb69rV51iM.roa (raw, json)
Hash identifier:          DWc5K3wRgc8qpoBkft27JowIGh9/wcC418HfB4LZ+6w=
Subject key identifier:   ED:9D:70:46:9E:F7:DD:C4:80:C3:08:88:74:36:FA:F6:B5:79:D6:23
Certificate issuer:       /CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
Certificate serial:       0182401DADFA2DD35EF87174A943A539F20F
Authority key identifier: 5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/7Z1wRp733cSAwwiIdDb69rV51iM.roa
Signing time:             Wed 27 Jul 2022 14:44:23 +0000
ROA not before:           Wed 27 Jul 2022 14:44:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15987
IP address blocks:        185.112.252.0/22 maxlen: 24
                          188.246.17.0/24 maxlen: 24
                          188.246.23.0/24 maxlen: 24
                          46.41.14.0/24 maxlen: 24
                          46.41.32.0/24 maxlen: 24
                          46.41.47.0/24 maxlen: 24
                          217.144.128.0/24 maxlen: 24
                          217.144.129.0/24 maxlen: 24
                          217.144.128.0/20 maxlen: 20
                          217.144.143.0/24 maxlen: 24
                          46.41.0.0/18 maxlen: 22
                          2a02:a00:1009::/48 maxlen: 48
                          2a02:a00:1f::/48 maxlen: 48
                          2a02:a00:f::/48 maxlen: 48
                          2a02:a00:d::/48 maxlen: 48
                          2a02:a00::/34 maxlen: 34
                          2a02:a00:3000::/36 maxlen: 36
                          2a02:a00::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:40:1d:ad:fa:2d:d3:5e:f8:71:74:a9:43:a5:39:f2:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
        Validity
            Not Before: Jul 27 14:44:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ed9d70469ef7ddc480c308887436faf6b579d623
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:51:f5:47:d1:83:f3:42:f8:82:23:2f:25:73:
                    50:d1:72:9d:23:10:a1:f1:80:17:ab:ff:db:06:c3:
                    b5:30:f7:84:e9:15:b6:06:1a:eb:6c:02:48:f0:6a:
                    10:11:1f:02:5b:39:ef:9c:a0:95:50:85:ba:61:c1:
                    ea:1d:56:bb:fe:1a:0c:0c:21:3a:03:fd:7a:9f:b5:
                    39:c7:43:ca:f8:7e:22:6f:fc:f2:81:17:3e:e1:86:
                    91:55:a7:9b:83:e7:94:f0:ba:18:ae:14:19:4a:e0:
                    42:9b:c3:9d:7d:1f:b0:68:48:72:03:4d:b7:29:75:
                    0b:9e:c3:6b:1f:c2:fa:4e:2f:6d:74:54:11:79:29:
                    f1:c6:43:4b:33:9a:7e:fe:75:5f:fc:9b:c3:dd:18:
                    0d:9a:88:d6:91:8d:06:95:4e:3d:da:45:ee:76:99:
                    0a:f5:1e:8b:f8:2e:c3:c4:c8:73:15:8f:7f:cc:a4:
                    d3:68:9d:69:45:20:ee:c9:3b:c4:d8:fc:d3:ca:32:
                    ed:a3:47:af:a0:d5:9e:14:d5:00:a5:22:f8:69:d8:
                    aa:6d:c1:ea:84:af:51:bf:44:13:bd:db:6c:c0:17:
                    3a:26:80:74:cf:2b:1f:aa:f3:ee:eb:03:8e:00:8b:
                    97:f3:f3:76:19:99:1a:e2:85:0d:1e:5d:18:1e:91:
                    87:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:9D:70:46:9E:F7:DD:C4:80:C3:08:88:74:36:FA:F6:B5:79:D6:23
            X509v3 Authority Key Identifier:
                keyid:5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/7Z1wRp733cSAwwiIdDb69rV51iM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.41.0.0/18
                  185.112.252.0/22
                  188.246.17.0/24
                  188.246.23.0/24
                  217.144.128.0/20
                IPv6:
                  2a02:a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:8d:d6:7a:14:83:eb:fd:cf:91:80:9c:97:59:0d:33:60:35:
         8f:7c:d6:13:b6:d5:04:17:29:24:25:b8:39:ea:82:2f:cf:27:
         df:25:55:a4:60:fe:cb:4a:2c:85:e1:6e:a4:8a:74:89:1c:9b:
         31:ef:a8:40:1a:a5:52:07:37:03:0f:29:d3:7f:49:e5:a7:42:
         60:bd:73:39:0a:b4:6f:88:82:b4:7c:f2:8c:c4:35:1f:bc:f3:
         da:f5:29:d4:ed:31:4a:c6:7c:e1:00:32:e1:b0:87:a9:f6:ec:
         39:b9:31:f5:ab:52:65:af:06:bb:40:fe:6f:c1:9d:28:69:9f:
         ca:3f:e8:b5:67:61:69:7e:b1:62:12:9d:bb:c3:57:4c:dc:ca:
         81:36:2f:d2:65:6a:9f:17:5a:35:ab:ea:b2:82:90:7c:5d:4b:
         7f:28:85:69:46:1a:6f:a7:de:0e:12:cc:7b:d8:98:4a:23:ad:
         97:29:fc:5e:e3:e8:49:bf:01:8f:00:03:44:c2:c7:ec:9f:18:
         98:05:c0:8e:e1:f9:e2:05:c2:db:a3:3d:38:ef:2d:84:ad:b5:
         d2:3f:3f:88:96:41:f9:fd:30:f8:f2:9e:d4:89:8b:d4:b6:b3:
         2e:c6:16:3b:79:89:38:84:23:3b:b2:65:ab:9a:7a:18:0c:9b:
         eb:df:32:a9
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYJAHa36LdNe+HF0qUOlOfIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZWRkNmIwZTM2ZjRiZDhmMWQ1N2UyNmNjMWMyZDE4YzY5
OTNjMDQwHhcNMjIwNzI3MTQ0NDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDlkNzA0NjllZjdkZGM0ODBjMzA4ODg3NDM2ZmFmNmI1NzlkNjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VH1R9GD80L4giMvJXNQ0XKdIxCh
8YAXq//bBsO1MPeE6RW2BhrrbAJI8GoQER8CWznvnKCVUIW6YcHqHVa7/hoMDCE6
A/16n7U5x0PK+H4ib/zygRc+4YaRVaebg+eU8LoYrhQZSuBCm8OdfR+waEhyA023
KXULnsNrH8L6Ti9tdFQReSnxxkNLM5p+/nVf/JvD3RgNmojWkY0GlU492kXudpkK
9R6L+C7DxMhzFY9/zKTTaJ1pRSDuyTvE2PzTyjLto0evoNWeFNUApSL4adiqbcHq
hK9Rv0QTvdtswBc6JoB0zysfqvPu6wOOAIuX8/N2GZka4oUNHl0YHpGHUQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFO2dcEae993EgMMIiHQ2+va1edYjMB8GA1UdIwQY
MBaAFF3t1rDjb0vY8dV+JswcLRjGmTwEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODkt
YzY5ODcxZjVkMzA1LzEvN1oxd1JwNzMzY1NBd3dpSWREYjY5clY1MWlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODktYzY5ODcxZjVkMzA1
LzEvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQGLikAAwQC
uXD8AwQAvPYRAwQAvPYXAwQE2ZCAMA0EAgACMAcDBQAqAgoAMA0GCSqGSIb3DQEB
CwUAA4IBAQATjdZ6FIPr/c+RgJyXWQ0zYDWPfNYTttUEFykkJbg56oIvzyffJVWk
YP7LSiyF4W6kinSJHJsx76hAGqVSBzcDDynTf0nlp0JgvXM5CrRviIK0fPKMxDUf
vPPa9SnU7TFKxnzhADLhsIep9uw5uTH1q1Jlrwa7QP5vwZ0oaZ/KP+i1Z2FpfrFi
Ep27w1dM3MqBNi/SZWqfF1o1q+qygpB8XUt/KIVpRhpvp94OEsx72JhKI62XKfxe
4+hJvwGPAANEwsfsnxiYBcCO4fniBcLboz047y2ErbXSPz+IlkH5/TD48p7UiYvU
trMuxhY7eYk4hCM7smWrmnoYDJvr3zKp
-----END CERTIFICATE-----