Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/DC81NwhkqCiQs1rZ-Fld5O8wfGQ.roa
File:                     DC81NwhkqCiQs1rZ-Fld5O8wfGQ.roa (raw, json)
Hash identifier:          Saji8HX0yT+h0pBIxs7UktA3dyq3BM2IxvWBK3qPRcM=
Subject key identifier:   0C:2F:35:37:08:64:A8:28:90:B3:5A:D9:F8:59:5D:E4:EF:30:7C:64
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       01840DF3E1505048A5F86691FF424FD8C29A
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/DC81NwhkqCiQs1rZ-Fld5O8wfGQ.roa
Signing time:             Tue 25 Oct 2022 07:03:17 +0000
ROA not before:           Tue 25 Oct 2022 07:03:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200088
IP address blocks:        94.228.122.0/24 maxlen: 24
                          188.225.60.0/24 maxlen: 24
                          185.104.112.0/24 maxlen: 24
                          185.104.115.0/24 maxlen: 24
                          217.25.91.0/24 maxlen: 24
                          217.25.95.0/24 maxlen: 24
                          193.201.115.0/24 maxlen: 24
                          87.249.50.0/24 maxlen: 24
                          78.40.216.0/24 maxlen: 24
                          85.193.93.0/24 maxlen: 24
                          85.193.92.0/24 maxlen: 24
                          85.193.95.0/24 maxlen: 24
                          176.57.221.0/24 maxlen: 24
                          2a03:6f00:8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:0d:f3:e1:50:50:48:a5:f8:66:91:ff:42:4f:d8:c2:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Oct 25 07:03:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0c2f35370864a82890b35ad9f8595de4ef307c64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b6:db:c8:76:c7:d6:53:bb:6d:e5:6f:80:8f:
                    c4:a1:8d:93:89:06:17:94:4b:09:ff:e5:c8:ad:70:
                    17:70:1a:30:06:73:cb:d9:41:1d:d0:78:a6:90:22:
                    0a:33:24:36:f2:69:f7:15:5f:e5:0a:dd:76:7d:5b:
                    5c:e6:6e:e0:72:e9:f7:ba:b0:d7:a2:26:2b:5a:e2:
                    98:1d:49:d4:42:93:c8:b0:35:e1:52:78:4b:d4:c5:
                    d4:b8:66:6f:b3:27:9b:b7:64:13:61:fc:30:9a:42:
                    56:3c:19:2b:14:4c:8a:c2:b3:2c:60:e9:e2:18:5b:
                    66:18:b0:65:18:e7:89:54:7b:33:aa:f2:81:28:16:
                    87:52:e5:13:db:f9:9b:16:9a:a3:c3:eb:06:a2:ec:
                    5a:0a:8a:6a:2e:1b:8e:d1:55:ff:93:7b:95:bb:1c:
                    e4:11:c4:92:40:66:67:46:05:35:74:9f:6c:54:44:
                    9d:55:10:45:ab:39:33:93:5e:8a:16:be:50:e3:75:
                    88:bd:ce:a7:e2:c4:e3:65:d3:00:9d:db:9c:48:35:
                    5f:39:a3:26:40:04:9b:0d:1f:67:42:21:56:c0:d2:
                    ae:28:3f:08:1c:b2:46:0f:06:66:f9:08:0a:1c:32:
                    cd:49:ef:40:2d:f6:55:06:ce:b6:88:69:46:1c:ed:
                    25:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:2F:35:37:08:64:A8:28:90:B3:5A:D9:F8:59:5D:E4:EF:30:7C:64
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/DC81NwhkqCiQs1rZ-Fld5O8wfGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.216.0/24
                  85.193.92.0/23
                  85.193.95.0/24
                  87.249.50.0/24
                  94.228.122.0/24
                  176.57.221.0/24
                  185.104.112.0/24
                  185.104.115.0/24
                  188.225.60.0/24
                  193.201.115.0/24
                  217.25.91.0/24
                  217.25.95.0/24
                IPv6:
                  2a03:6f00:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:6c:98:e0:24:98:a9:69:94:fc:48:4b:66:3c:83:ed:7e:42:
         f9:7d:a0:96:d3:e7:c2:a1:89:04:cc:d9:e0:ba:a1:13:f2:52:
         47:cf:4e:96:bf:0a:98:de:d2:06:ad:d2:fe:20:c2:88:5a:28:
         38:ad:5b:9f:66:9b:d1:31:04:dd:01:95:de:cc:c2:d5:7f:7a:
         8b:23:68:96:da:6f:44:46:c2:a1:f8:bc:99:be:01:e8:4b:d8:
         48:91:50:70:2e:c0:5f:85:9f:e2:2c:70:35:4d:0d:29:b9:81:
         32:35:87:fc:d2:67:19:ce:0b:b0:f1:05:25:04:c5:56:9f:53:
         42:5e:6c:74:53:c5:3b:62:21:55:6b:b4:48:81:23:24:15:c9:
         5f:75:7f:56:ab:a5:53:11:18:e3:c8:a8:6a:bc:f5:96:69:d8:
         72:bb:7a:76:b1:f0:21:22:01:b0:03:a4:03:42:31:34:2b:ca:
         dd:f3:51:b0:08:2a:b3:3c:05:58:72:b2:48:47:75:d2:c0:5d:
         44:41:0d:e8:82:14:4a:f4:d9:db:56:63:0e:09:4d:05:f9:ca:
         77:9d:b5:33:bc:cf:cf:8e:c7:d8:43:2f:16:a9:10:b8:f9:dd:
         44:eb:57:a8:26:07:d4:b6:4c:f6:82:ef:0a:7b:ff:ac:39:fc:
         1a:f7:e2:fe
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYQN8+FQUEil+GaR/0JP2MKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjIxMDI1MDcwMzE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzJmMzUzNzA4NjRhODI4OTBiMzVhZDlmODU5NWRlNGVmMzA3YzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7bbyHbH1lO7beVvgI/EoY2TiQYX
lEsJ/+XIrXAXcBowBnPL2UEd0HimkCIKMyQ28mn3FV/lCt12fVtc5m7gcun3urDX
oiYrWuKYHUnUQpPIsDXhUnhL1MXUuGZvsyebt2QTYfwwmkJWPBkrFEyKwrMsYOni
GFtmGLBlGOeJVHszqvKBKBaHUuUT2/mbFpqjw+sGouxaCopqLhuO0VX/k3uVuxzk
EcSSQGZnRgU1dJ9sVESdVRBFqzkzk16KFr5Q43WIvc6n4sTjZdMAnducSDVfOaMm
QASbDR9nQiFWwNKuKD8IHLJGDwZm+QgKHDLNSe9ALfZVBs62iGlGHO0ltwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFAwvNTcIZKgokLNa2fhZXeTvMHxkMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvREM4MU53aGtxQ2lRczFyWi1GbGQ1Tzh3ZkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBOBAIAATBIAwQATijYAwQB
VcFcAwQAVcFfAwQAV/kyAwQAXuR6AwQAsDndAwQAuWhwAwQAuWhzAwQAvOE8AwQA
wclzAwQA2RlbAwQA2RlfMA8EAgACMAkDBwAqA28AAAgwDQYJKoZIhvcNAQELBQAD
ggEBAJlsmOAkmKlplPxIS2Y8g+1+Qvl9oJbT58KhiQTM2eC6oRPyUkfPTpa/Cpje
0gat0v4gwohaKDitW59mm9ExBN0Bld7MwtV/eosjaJbab0RGwqH4vJm+AehL2EiR
UHAuwF+Fn+IscDVNDSm5gTI1h/zSZxnOC7DxBSUExVafU0JebHRTxTtiIVVrtEiB
IyQVyV91f1arpVMRGOPIqGq89ZZp2HK7enax8CEiAbADpANCMTQryt3zUbAIKrM8
BVhyskhHddLAXURBDeiCFEr02dtWYw4JTQX5ynedtTO8z8+Ox9hDLxapELj53UTr
V6gmB9S2TPaC7wp7/6w5/Br34v4=
-----END CERTIFICATE-----