Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/r47NfR9cZjbLShjZRpMwa_ujooc.roa
File:                     r47NfR9cZjbLShjZRpMwa_ujooc.roa (raw, json)
Hash identifier:          OBPWjxlgEZ0tYzGNJkEJW6vs6T1PBsLtiWOmymPl+9k=
Subject key identifier:   AF:8E:CD:7D:1F:5C:66:36:CB:4A:18:D9:46:93:30:6B:FB:A3:A2:87
Certificate issuer:       /CN=ce958f181fb507a0a2a821856b8be0d54b118b85
Certificate serial:       018283A3BE98FE198002E7DC13C57D66D97B
Authority key identifier: CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/r47NfR9cZjbLShjZRpMwa_ujooc.roa
Signing time:             Tue 09 Aug 2022 17:25:22 +0000
ROA not before:           Tue 09 Aug 2022 17:25:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207023
IP address blocks:        185.174.90.0/23 maxlen: 23
                          185.60.201.0/24 maxlen: 24
                          185.60.202.0/23 maxlen: 23
                          185.168.158.0/23 maxlen: 23
                          185.242.94.0/23 maxlen: 23
                          185.242.92.0/23 maxlen: 23
                          185.115.64.0/22 maxlen: 22
                          185.126.72.0/22 maxlen: 24
                          185.126.76.0/22 maxlen: 24
                          185.120.8.0/23 maxlen: 23
                          185.120.10.0/23 maxlen: 23
                          2a0a:d05::/32 maxlen: 32
                          2a0a:d01::/32 maxlen: 32
                          2a0a:d04::/32 maxlen: 32
                          2a0a:d02::/32 maxlen: 32
                          2a0a:d03::/32 maxlen: 32
                          2a0a:d07::/32 maxlen: 32
                          2a0a:d06::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:83:a3:be:98:fe:19:80:02:e7:dc:13:c5:7d:66:d9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce958f181fb507a0a2a821856b8be0d54b118b85
        Validity
            Not Before: Aug  9 17:25:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af8ecd7d1f5c6636cb4a18d94693306bfba3a287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:64:6c:6c:e0:ec:2e:8e:a6:61:4b:e7:2c:62:
                    37:06:3c:3c:d0:60:90:62:af:44:53:3a:ce:8e:c8:
                    51:87:42:d2:49:fa:1a:77:c0:4d:23:e1:68:d1:33:
                    17:dc:c1:68:0e:27:d2:2e:4e:c1:a4:b8:af:81:7d:
                    82:01:14:69:d7:9e:d0:bf:0e:e9:ef:73:76:3f:bc:
                    fc:d8:51:27:0b:11:06:2e:cd:2f:bb:d3:78:38:a2:
                    01:d7:e7:64:8c:0a:87:bb:e8:38:9b:33:3c:99:e5:
                    b6:b6:0a:37:b1:16:9a:ab:7f:6a:cd:11:45:a0:f3:
                    65:22:2d:55:9f:50:1b:f7:aa:bc:b9:b5:ef:b3:38:
                    99:6e:1e:c7:85:20:73:6f:de:e4:b2:03:c3:e7:17:
                    49:70:60:c7:ab:03:44:86:ee:58:34:d4:8a:b4:24:
                    ac:54:27:60:15:ec:f4:f7:8b:58:ef:3a:0b:47:ad:
                    4b:77:64:26:56:7d:70:d8:95:00:61:4a:25:cb:fc:
                    b1:33:b6:b9:7a:d2:6e:56:13:dd:30:40:a3:0a:4b:
                    49:9c:5c:25:70:54:63:93:de:cb:ea:2f:a7:49:b9:
                    8e:04:e0:11:b6:6b:8d:64:98:44:7d:8e:87:39:3b:
                    5c:83:5b:de:1a:ef:c0:d0:70:97:16:99:ea:78:01:
                    01:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:8E:CD:7D:1F:5C:66:36:CB:4A:18:D9:46:93:30:6B:FB:A3:A2:87
            X509v3 Authority Key Identifier:
                keyid:CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/r47NfR9cZjbLShjZRpMwa_ujooc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/zpWPGB-1B6CiqCGFa4vg1UsRi4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.201.0-185.60.203.255
                  185.115.64.0/22
                  185.120.8.0/22
                  185.126.72.0/21
                  185.168.158.0/23
                  185.174.90.0/23
                  185.242.92.0/22
                IPv6:
                  2a0a:d01::-2a0a:d07:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0d:e3:ce:96:ce:08:eb:96:45:8e:a4:a9:95:e3:f7:4a:8f:b5:
         d2:98:f5:28:20:ce:55:51:a8:ee:c6:bc:15:83:3c:73:e8:8c:
         73:c1:d8:25:44:7c:27:71:62:81:e8:a2:a8:b3:b3:97:d0:da:
         a0:29:fe:5b:64:78:b1:4d:77:fd:b2:43:62:d9:0b:59:e9:1b:
         47:ab:a0:f0:96:db:ff:f9:bb:3c:c3:1d:6e:dd:f8:5f:22:04:
         af:a1:90:4d:61:ef:1c:3c:5b:d6:21:97:28:8a:8e:f2:8f:91:
         d2:2b:33:1f:54:e3:43:c9:8a:f4:2c:a6:29:cf:74:a1:50:6f:
         da:18:fd:56:42:5d:b8:07:58:c5:a8:4a:25:d2:6c:90:da:fa:
         a1:7d:7f:1a:29:8e:30:8c:58:c2:43:74:3e:ff:68:d3:f0:45:
         bd:46:ec:a0:a5:3d:96:90:20:c7:3b:0f:da:02:fa:ea:b4:22:
         31:fe:b4:4b:49:aa:94:ed:1c:de:57:6d:fd:75:ee:87:07:38:
         e1:2c:ed:9f:2c:3c:ac:6c:36:07:86:f5:53:73:d6:36:ec:c7:
         2f:5e:fa:aa:e5:35:d1:b2:d6:1a:68:ec:3b:ba:93:be:13:98:
         6f:95:fe:ab:e1:82:ab:2a:7e:e4:3e:16:69:36:90:57:04:01:
         df:bb:f3:08
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYKDo76Y/hmAAufcE8V9Ztl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOTU4ZjE4MWZiNTA3YTBhMmE4MjE4NTZiOGJlMGQ1NGIx
MThiODUwHhcNMjIwODA5MTcyNTIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjhlY2Q3ZDFmNWM2NjM2Y2I0YTE4ZDk0NjkzMzA2YmZiYTNhMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2RsbODsLo6mYUvnLGI3Bjw80GCQ
Yq9EUzrOjshRh0LSSfoad8BNI+Fo0TMX3MFoDifSLk7BpLivgX2CARRp157Qvw7p
73N2P7z82FEnCxEGLs0vu9N4OKIB1+dkjAqHu+g4mzM8meW2tgo3sRaaq39qzRFF
oPNlIi1Vn1Ab96q8ubXvsziZbh7HhSBzb97ksgPD5xdJcGDHqwNEhu5YNNSKtCSs
VCdgFez094tY7zoLR61Ld2QmVn1w2JUAYUoly/yxM7a5etJuVhPdMECjCktJnFwl
cFRjk97L6i+nSbmOBOARtmuNZJhEfY6HOTtcg1veGu/A0HCXFpnqeAEBJwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFK+OzX0fXGY2y0oY2UaTMGv7o6KHMB8GA1UdIwQY
MBaAFM6VjxgftQegoqghhWuL4NVLEYuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUt
MGRiYjNiOGRiMTVmLzEvcjQ3TmZSOWNaamJMU2hqWlJwTXdhX3Vqb29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUtMGRiYjNiOGRiMTVm
LzEvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjA4BAIAATAyMAwDBAC5PMkD
BAK5PMgDBAK5c0ADBAK5eAgDBAO5fkgDBAG5qJ4DBAG5rloDBAK58lwwFgQCAAIw
EDAOAwUAKgoNAQMFAyoKDQAwDQYJKoZIhvcNAQELBQADggEBAA3jzpbOCOuWRY6k
qZXj90qPtdKY9SggzlVRqO7GvBWDPHPojHPB2CVEfCdxYoHooqizs5fQ2qAp/ltk
eLFNd/2yQ2LZC1npG0eroPCW2//5uzzDHW7d+F8iBK+hkE1h7xw8W9YhlyiKjvKP
kdIrMx9U40PJivQspinPdKFQb9oY/VZCXbgHWMWoSiXSbJDa+qF9fxopjjCMWMJD
dD7/aNPwRb1G7KClPZaQIMc7D9oC+uq0IjH+tEtJqpTtHN5Xbf117ocHOOEs7Z8s
PKxsNgeG9VNz1jbsxy9e+qrlNdGy1hpo7Du6k74TmG+V/qvhgqsqfuQ+Fmk2kFcE
Ad+78wg=
-----END CERTIFICATE-----