Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/z2sIE1ENtUb5shP7ejTOPntzZaU.roa
File:                     z2sIE1ENtUb5shP7ejTOPntzZaU.roa (raw, json)
Hash identifier:          vOz2v5AMdZAfnmMvacBAbxtHTin9M37EeHDFt5eYW18=
Subject key identifier:   CF:6B:08:13:51:0D:B5:46:F9:B2:13:FB:7A:34:CE:3E:7B:73:65:A5
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       0181F3FE7BAD9711D184D3C3008524E78B24
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/z2sIE1ENtUb5shP7ejTOPntzZaU.roa
Signing time:             Tue 12 Jul 2022 19:59:10 +0000
ROA not before:           Tue 12 Jul 2022 19:59:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210654
IP address blocks:        164.215.103.0/24 maxlen: 24
                          46.23.103.0/24 maxlen: 24
                          46.23.102.0/24 maxlen: 24
                          164.215.101.0/24 maxlen: 24
                          46.23.101.0/24 maxlen: 24
                          46.23.105.0/24 maxlen: 24
                          46.23.104.0/24 maxlen: 24
                          46.23.100.0/24 maxlen: 24
                          46.23.107.0/24 maxlen: 24
                          46.23.106.0/24 maxlen: 24
                          37.128.205.0/24 maxlen: 24
                          37.128.204.0/24 maxlen: 24
                          37.128.206.0/24 maxlen: 24
                          37.128.207.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f3:fe:7b:ad:97:11:d1:84:d3:c3:00:85:24:e7:8b:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jul 12 19:59:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cf6b0813510db546f9b213fb7a34ce3e7b7365a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:cd:38:de:da:8b:40:7d:ea:0a:58:12:3e:4b:
                    96:2c:d5:c6:72:6f:63:ba:f1:14:c0:fd:24:35:e6:
                    ce:ce:5c:b7:7b:e4:2e:6d:53:7e:69:b3:2d:c9:e6:
                    02:4e:d7:4c:ad:a3:b6:79:9b:ce:13:04:36:03:23:
                    e0:ed:77:fd:27:09:2f:33:f7:62:9d:5c:af:17:92:
                    bd:1c:35:63:ea:a5:c7:16:92:44:4a:28:dc:e2:db:
                    de:f0:ac:55:35:69:53:97:dd:67:27:39:9f:6d:4c:
                    db:f1:8c:32:4a:20:38:13:43:65:63:7c:4d:a6:7c:
                    b1:32:eb:59:05:e3:9e:e6:06:ca:1b:6f:58:2b:55:
                    39:5c:64:03:91:54:2f:c3:47:3b:86:8d:a4:74:6b:
                    a7:06:cd:f6:b1:fd:88:46:f3:1c:aa:d2:d8:ce:79:
                    3a:14:0f:94:e5:c3:96:58:89:f0:01:e0:a9:6b:07:
                    78:26:8d:88:fe:be:b8:c4:2a:01:67:7a:bc:72:30:
                    ea:d2:02:7c:f7:a5:ed:95:7a:ee:b3:cd:7e:c4:d9:
                    b9:ce:ca:5a:72:b2:bf:2f:bd:4e:85:8a:f1:6f:78:
                    05:4e:a4:18:9b:45:e0:06:ce:91:2c:78:1b:5f:87:
                    82:c8:80:a3:94:28:20:d8:8a:02:d7:c0:00:b6:d0:
                    40:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6B:08:13:51:0D:B5:46:F9:B2:13:FB:7A:34:CE:3E:7B:73:65:A5
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/z2sIE1ENtUb5shP7ejTOPntzZaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.204.0/22
                  46.23.100.0-46.23.107.255
                  164.215.101.0/24
                  164.215.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:97:8a:70:02:59:c0:ad:b0:6c:f5:f2:c7:94:a5:36:e9:85:
         ea:3a:84:22:82:a4:de:39:0e:54:55:1e:cb:85:ef:e4:6c:95:
         86:f6:18:77:5a:f4:c5:a1:d1:4c:d5:07:06:32:d0:3d:2f:24:
         1a:fd:eb:65:0b:f9:6f:82:43:6f:63:f0:b0:30:5f:e2:e2:8e:
         9c:92:03:82:70:03:18:b7:17:07:38:4b:8d:d8:83:05:ed:83:
         70:8b:39:dc:9c:c7:73:53:79:8f:25:c7:69:be:9e:4c:b1:92:
         3c:fe:d1:a5:71:6a:c4:8c:d1:c2:41:0f:0c:db:97:4e:e8:d1:
         8f:b4:e4:26:08:c6:83:e4:57:44:22:64:25:00:58:44:39:51:
         e5:90:0e:76:49:fd:23:55:8a:5f:99:27:52:f4:35:63:28:dd:
         ce:2e:30:cb:61:27:65:26:6f:4e:2e:38:68:60:bb:78:ea:ff:
         61:1c:35:8d:a2:c2:1a:22:ae:5e:e8:ef:cd:6c:46:a7:20:b7:
         a8:fd:36:08:01:60:c1:b3:17:59:2d:86:b8:81:33:47:9d:ae:
         03:2c:21:6e:a5:bd:f9:ad:17:30:9d:0b:65:b7:e5:d4:c5:cc:
         6e:65:b7:2a:d5:7e:54:f8:3c:50:94:66:93:04:1d:9c:13:99:
         a8:e6:ee:d5
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYHz/nutlxHRhNPDAIUk54skMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjIwNzEyMTk1OTEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjZiMDgxMzUxMGRiNTQ2ZjliMjEzZmI3YTM0Y2UzZTdiNzM2NWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhc043tqLQH3qClgSPkuWLNXGcm9j
uvEUwP0kNebOzly3e+QubVN+abMtyeYCTtdMraO2eZvOEwQ2AyPg7Xf9JwkvM/di
nVyvF5K9HDVj6qXHFpJESijc4tve8KxVNWlTl91nJzmfbUzb8YwySiA4E0NlY3xN
pnyxMutZBeOe5gbKG29YK1U5XGQDkVQvw0c7ho2kdGunBs32sf2IRvMcqtLYznk6
FA+U5cOWWInwAeCpawd4Jo2I/r64xCoBZ3q8cjDq0gJ896XtlXrus81+xNm5zspa
crK/L71OhYrxb3gFTqQYm0XgBs6RLHgbX4eCyICjlCgg2IoC18AAttBA2QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFM9rCBNRDbVG+bIT+3o0zj57c2WlMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvejJzSUUxRU50VWI1c2hQN2VqVE9QbnR6WmFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCJYDMMAwD
BAIuF2QDBAIuF2gDBACk12UDBACk12cwDQYJKoZIhvcNAQELBQADggEBAEeXinAC
WcCtsGz18seUpTbpheo6hCKCpN45DlRVHsuF7+RslYb2GHda9MWh0UzVBwYy0D0v
JBr962UL+W+CQ29j8LAwX+LijpySA4JwAxi3Fwc4S43YgwXtg3CLOdycx3NTeY8l
x2m+nkyxkjz+0aVxasSM0cJBDwzbl07o0Y+05CYIxoPkV0QiZCUAWEQ5UeWQDnZJ
/SNVil+ZJ1L0NWMo3c4uMMthJ2Umb04uOGhgu3jq/2EcNY2iwhoirl7o781sRqcg
t6j9NggBYMGzF1kthriBM0edrgMsIW6lvfmtFzCdC2W35dTFzG5ltyrVflT4PFCU
ZpMEHZwTmajm7tU=
-----END CERTIFICATE-----