Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/NP5GjgTOViypF_CC0ZkShdjsoME.roa
File:                     NP5GjgTOViypF_CC0ZkShdjsoME.roa (raw, json)
Hash identifier:          YgQKc20Vt2Z3wHMe1XrquMU7MKUc+z8gSOvIms83VW4=
Subject key identifier:   34:FE:46:8E:04:CE:56:2C:A9:17:F0:82:D1:99:12:85:D8:EC:A0:C1
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       0184511967B7958DB49F3556D3AADE95D8EF
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/NP5GjgTOViypF_CC0ZkShdjsoME.roa
Signing time:             Mon 07 Nov 2022 07:58:50 +0000
ROA not before:           Mon 07 Nov 2022 07:58:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200088
IP address blocks:        94.228.122.0/24 maxlen: 24
                          188.225.60.0/24 maxlen: 24
                          185.104.112.0/24 maxlen: 24
                          185.104.115.0/24 maxlen: 24
                          217.25.91.0/24 maxlen: 24
                          194.35.118.0/24 maxlen: 24
                          217.25.95.0/24 maxlen: 24
                          194.35.119.0/24 maxlen: 24
                          193.201.115.0/24 maxlen: 24
                          87.249.50.0/24 maxlen: 24
                          78.40.216.0/24 maxlen: 24
                          85.193.93.0/24 maxlen: 24
                          85.193.92.0/24 maxlen: 24
                          85.193.95.0/24 maxlen: 24
                          176.57.221.0/24 maxlen: 24
                          2a03:6f00:8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:51:19:67:b7:95:8d:b4:9f:35:56:d3:aa:de:95:d8:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Nov  7 07:58:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=34fe468e04ce562ca917f082d1991285d8eca0c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:69:48:d2:a2:58:c2:cd:90:1c:5f:23:b1:26:
                    b3:0f:3d:fa:e9:60:cf:ba:00:d3:89:8c:80:a8:34:
                    22:3d:43:c6:e8:ea:b4:26:2f:99:06:5f:ae:34:84:
                    9f:ed:62:90:54:88:52:d8:c6:73:43:b6:82:8b:21:
                    3d:db:1a:ff:0b:79:94:2f:ca:17:9c:e4:d3:48:42:
                    04:91:3f:79:ee:64:48:8d:38:36:79:ff:15:91:22:
                    42:07:e5:f3:9e:76:f4:84:ce:e5:f3:e2:12:ec:f5:
                    ce:5e:e1:a5:e8:37:6b:ae:73:0e:9b:38:8a:f1:19:
                    8d:d8:b4:63:a2:20:f3:8f:21:1f:3b:dd:86:53:f7:
                    61:82:91:61:46:79:a3:13:0e:6e:38:d4:66:47:a0:
                    11:8d:3e:c5:38:b1:7f:84:7e:ba:6e:9f:c4:ba:fb:
                    98:e7:a9:9e:d0:d7:3d:88:3f:17:44:50:77:8f:ec:
                    ec:fb:29:c2:ec:10:1a:fb:62:48:91:5f:8c:d9:25:
                    1c:21:8b:84:87:4e:19:e7:e7:ec:85:2d:e3:1d:77:
                    9b:e6:1d:d9:31:f4:28:d8:c9:d9:c7:ba:18:a6:5b:
                    09:66:69:d3:44:7f:60:d2:18:24:ff:c9:40:7e:cb:
                    4c:98:9a:de:7a:53:4a:0c:5f:ee:37:72:f4:16:49:
                    b4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:FE:46:8E:04:CE:56:2C:A9:17:F0:82:D1:99:12:85:D8:EC:A0:C1
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/NP5GjgTOViypF_CC0ZkShdjsoME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.216.0/24
                  85.193.92.0/23
                  85.193.95.0/24
                  87.249.50.0/24
                  94.228.122.0/24
                  176.57.221.0/24
                  185.104.112.0/24
                  185.104.115.0/24
                  188.225.60.0/24
                  193.201.115.0/24
                  194.35.118.0/23
                  217.25.91.0/24
                  217.25.95.0/24
                IPv6:
                  2a03:6f00:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:64:bd:03:78:f0:50:21:f0:8d:e0:09:6b:93:38:0b:f0:0f:
         9d:c3:d4:80:d1:f0:fb:1b:f4:6c:67:0d:17:f3:77:36:e8:76:
         25:75:df:35:97:03:35:78:5e:61:92:65:89:d1:9f:ff:f2:8b:
         51:d9:69:26:d9:69:b5:a2:fa:2f:48:63:1c:59:bd:34:fe:44:
         06:04:85:0c:49:65:ef:bb:20:08:52:fa:e0:fe:25:73:c0:29:
         7a:90:0e:5b:b6:19:62:b5:ef:bf:74:32:eb:47:00:5c:b7:bc:
         86:bf:13:8e:a5:74:02:7a:73:a8:5d:14:db:5f:20:87:36:5c:
         9c:27:98:b3:13:06:48:48:19:c6:2f:a9:b6:2f:d0:8b:20:ad:
         39:2a:56:7c:2f:91:82:9c:24:cd:86:6b:d5:9c:0c:58:f1:cd:
         01:bd:14:ff:e3:eb:1d:a8:cc:e4:81:e5:76:f6:9e:01:4e:4e:
         c0:5d:4b:b2:83:07:86:c2:96:f9:45:9e:83:79:36:38:85:24:
         94:0d:bd:6c:27:0d:67:d6:bd:85:c3:a3:6f:91:eb:c1:e4:85:
         27:57:c5:df:b7:af:a8:e7:17:cb:bc:21:b7:f6:be:d5:48:6d:
         62:fd:d8:37:98:26:31:38:74:6b:b3:81:50:37:17:b5:a4:6f:
         8b:61:06:ef
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYRRGWe3lY20nzVW06reldjvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjIxMTA3MDc1ODUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGZlNDY4ZTA0Y2U1NjJjYTkxN2YwODJkMTk5MTI4NWQ4ZWNhMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2lI0qJYws2QHF8jsSazDz366WDP
ugDTiYyAqDQiPUPG6Oq0Ji+ZBl+uNISf7WKQVIhS2MZzQ7aCiyE92xr/C3mUL8oX
nOTTSEIEkT957mRIjTg2ef8VkSJCB+Xznnb0hM7l8+IS7PXOXuGl6DdrrnMOmziK
8RmN2LRjoiDzjyEfO92GU/dhgpFhRnmjEw5uONRmR6ARjT7FOLF/hH66bp/EuvuY
56me0Nc9iD8XRFB3j+zs+ynC7BAa+2JIkV+M2SUcIYuEh04Z5+fshS3jHXeb5h3Z
MfQo2MnZx7oYplsJZmnTRH9g0hgk/8lAfstMmJreelNKDF/uN3L0Fkm09wIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFDT+Ro4EzlYsqRfwgtGZEoXY7KDBMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvTlA1R2pnVE9WaXlwRl9DQzBaa1NoZGpzb01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBUBAIAATBOAwQATijYAwQB
VcFcAwQAVcFfAwQAV/kyAwQAXuR6AwQAsDndAwQAuWhwAwQAuWhzAwQAvOE8AwQA
wclzAwQBwiN2AwQA2RlbAwQA2RlfMA8EAgACMAkDBwAqA28AAAgwDQYJKoZIhvcN
AQELBQADggEBALhkvQN48FAh8I3gCWuTOAvwD53D1IDR8Psb9GxnDRfzdzbodiV1
3zWXAzV4XmGSZYnRn//yi1HZaSbZabWi+i9IYxxZvTT+RAYEhQxJZe+7IAhS+uD+
JXPAKXqQDlu2GWK17790MutHAFy3vIa/E46ldAJ6c6hdFNtfIIc2XJwnmLMTBkhI
GcYvqbYv0IsgrTkqVnwvkYKcJM2Ga9WcDFjxzQG9FP/j6x2ozOSB5Xb2ngFOTsBd
S7KDB4bClvlFnoN5NjiFJJQNvWwnDWfWvYXDo2+R68HkhSdXxd+3r6jnF8u8Ibf2
vtVIbWL92DeYJjE4dGuzgVA3F7Wkb4thBu8=
-----END CERTIFICATE-----