Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/V1h4CEgZqfjKsWOVYakLaCnAAUY.roa
File:                     V1h4CEgZqfjKsWOVYakLaCnAAUY.roa (raw, json)
Hash identifier:          O95hdkMvo2I7LEVrmTBeCAnCC29CwcWD0uDr8Vop/2Q=
Subject key identifier:   57:58:78:08:48:19:A9:F8:CA:B1:63:95:61:A9:0B:68:29:C0:01:46
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       018489CB79C28A202CB98CFC7F8FC576907E
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/V1h4CEgZqfjKsWOVYakLaCnAAUY.roa
Signing time:             Fri 18 Nov 2022 08:12:04 +0000
ROA not before:           Fri 18 Nov 2022 08:12:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8360
IP address blocks:        193.194.10.0/24 maxlen: 24
                          193.194.8.0/23 maxlen: 23
                          194.127.71.0/24 maxlen: 24
                          194.127.68.0/24 maxlen: 24
                          194.127.70.0/24 maxlen: 24
                          194.127.69.0/24 maxlen: 24
                          194.127.72.0/24 maxlen: 24
                          194.127.73.0/24 maxlen: 24
                          194.127.78.0/24 maxlen: 24
                          194.127.75.0/24 maxlen: 24
                          194.127.74.0/24 maxlen: 24
                          194.127.77.0/24 maxlen: 24
                          193.58.218.0/23 maxlen: 23
                          193.58.220.0/23 maxlen: 23
                          193.58.220.0/24 maxlen: 24
                          194.127.30.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:89:cb:79:c2:8a:20:2c:b9:8c:fc:7f:8f:c5:76:90:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Nov 18 08:12:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=575878084819a9f8cab1639561a90b6829c00146
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7b:bf:df:7d:f3:43:e1:b1:ce:1a:84:2b:96:
                    b5:47:2c:98:1d:4e:98:13:85:43:e1:8a:e2:34:98:
                    1e:f9:1d:6d:c4:32:3d:b0:b4:49:4f:70:ae:f9:11:
                    ae:4c:64:f1:90:78:2c:bb:04:27:da:5a:1a:3c:32:
                    29:f6:39:b3:94:59:27:68:a0:95:2b:e3:1c:ca:33:
                    55:a5:be:8d:fc:39:b8:c1:5b:d3:db:f5:cc:32:37:
                    6d:d3:db:1f:d0:28:d2:0d:82:f5:ff:e5:45:a6:5f:
                    d9:eb:f2:84:1c:b1:9a:cb:11:82:53:c1:27:1d:bd:
                    86:3a:c4:c2:9b:53:6a:45:9a:d3:2f:58:1c:06:35:
                    a3:43:65:8d:bc:5e:1d:98:cb:ba:59:7b:d7:51:6b:
                    6b:ef:bc:fc:5e:d3:42:f3:aa:09:1a:ae:fe:33:a2:
                    8a:75:0d:ff:07:f0:92:f7:9e:6c:95:d4:5a:60:43:
                    bc:12:eb:6c:c2:80:ce:ff:b6:2f:c6:92:90:55:99:
                    87:3c:bc:31:25:c1:7a:e6:7f:9e:51:41:44:df:de:
                    a5:04:80:22:2b:e1:fa:68:75:42:53:7c:6d:80:ca:
                    88:01:cc:0f:80:5d:47:6b:2a:de:f5:44:aa:b8:c6:
                    56:42:08:d7:ea:50:cd:6b:75:bf:4f:ad:c9:9f:f7:
                    f4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:58:78:08:48:19:A9:F8:CA:B1:63:95:61:A9:0B:68:29:C0:01:46
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/V1h4CEgZqfjKsWOVYakLaCnAAUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.218.0-193.58.221.255
                  193.194.8.0-193.194.10.255
                  194.127.30.0/24
                  194.127.68.0-194.127.75.255
                  194.127.77.0-194.127.78.255

    Signature Algorithm: sha256WithRSAEncryption
         34:fb:70:ac:d5:81:55:9a:e3:10:5d:85:13:39:7a:5c:d7:70:
         4a:99:71:b9:a5:69:2f:c6:35:62:57:65:5b:54:4b:d5:84:7b:
         ea:d2:e0:fb:bf:b9:a1:82:c0:91:e5:e5:5e:36:2f:64:79:b3:
         e8:75:1b:ec:0c:76:93:ba:a7:30:6a:4f:9d:28:84:2e:cd:d9:
         22:71:25:60:df:93:43:3d:cb:eb:b7:d7:8e:33:6b:ca:b9:dc:
         5e:a1:31:a6:85:a9:30:32:43:7f:c3:20:0a:b6:9a:4d:7c:91:
         12:94:05:f4:df:5d:11:ab:a8:3f:a7:d9:10:c5:5d:05:6a:0c:
         ec:2b:ba:c7:f5:51:08:a3:b5:03:0d:a2:16:68:32:39:eb:e7:
         4f:39:89:14:6b:bc:2d:ac:ea:0c:c5:34:98:ba:40:1f:e0:49:
         48:a6:8e:44:83:9d:2a:53:0e:11:e2:b5:30:c1:65:67:44:df:
         da:9d:b9:27:4a:92:60:45:57:1f:e6:a7:81:24:6b:f9:f4:c9:
         f1:e1:a9:b0:b0:26:11:e2:26:6e:6b:69:2f:0c:64:ae:72:dc:
         57:da:28:a3:cf:5a:9e:b1:33:d0:e9:3e:5e:f0:b4:73:ed:ea:
         c4:81:4f:d0:bc:ec:44:f0:5d:02:5a:96:22:cf:a0:4c:ff:63:
         98:ba:5f:90
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYSJy3nCiiAsuYz8f4/FdpB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjIxMTE4MDgxMjA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzU4NzgwODQ4MTlhOWY4Y2FiMTYzOTU2MWE5MGI2ODI5YzAwMTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXu/333zQ+GxzhqEK5a1RyyYHU6Y
E4VD4YriNJge+R1txDI9sLRJT3Cu+RGuTGTxkHgsuwQn2loaPDIp9jmzlFknaKCV
K+McyjNVpb6N/Dm4wVvT2/XMMjdt09sf0CjSDYL1/+VFpl/Z6/KEHLGayxGCU8En
Hb2GOsTCm1NqRZrTL1gcBjWjQ2WNvF4dmMu6WXvXUWtr77z8XtNC86oJGq7+M6KK
dQ3/B/CS955sldRaYEO8EutswoDO/7YvxpKQVZmHPLwxJcF65n+eUUFE396lBIAi
K+H6aHVCU3xtgMqIAcwPgF1Hayre9USquMZWQgjX6lDNa3W/T63Jn/f0UwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFFdYeAhIGan4yrFjlWGpC2gpwAFGMB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEvVjFoNENFZ1pxZmpLc1dPVllha0xhQ25BQVVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBAHBOtoD
BAHBOtwwDAMEA8HCCAMEAMHCCgMEAMJ/HjAMAwQCwn9EAwQCwn9IMAwDBADCf00D
BADCf04wDQYJKoZIhvcNAQELBQADggEBADT7cKzVgVWa4xBdhRM5elzXcEqZcbml
aS/GNWJXZVtUS9WEe+rS4Pu/uaGCwJHl5V42L2R5s+h1G+wMdpO6pzBqT50ohC7N
2SJxJWDfk0M9y+u3144za8q53F6hMaaFqTAyQ3/DIAq2mk18kRKUBfTfXRGrqD+n
2RDFXQVqDOwrusf1UQijtQMNohZoMjnr5085iRRrvC2s6gzFNJi6QB/gSUimjkSD
nSpTDhHitTDBZWdE39qduSdKkmBFVx/mp4Eka/n0yfHhqbCwJhHiJm5raS8MZK5y
3FfaKKPPWp6xM9DpPl7wtHPt6sSBT9C87ETwXQJaliLPoEz/Y5i6X5A=
-----END CERTIFICATE-----