Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/Q2w2pUktPmTgAMnosWHeDPVYI4w.roa
File:                     Q2w2pUktPmTgAMnosWHeDPVYI4w.roa (raw, json)
Hash identifier:          Hixk1ZLR2A8Bztj4NhwV2E7js1J/n3B839XFL98wJ1A=
Subject key identifier:   43:6C:36:A5:49:2D:3E:64:E0:00:C9:E8:B1:61:DE:0C:F5:58:23:8C
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       01848CBB4C7FB1B6FBA3CA8DB08A90F28378
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/Q2w2pUktPmTgAMnosWHeDPVYI4w.roa
Signing time:             Fri 18 Nov 2022 21:53:15 +0000
ROA not before:           Fri 18 Nov 2022 21:53:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12599
IP address blocks:        212.64.218.0/24 maxlen: 24
                          212.64.220.0/24 maxlen: 24
                          212.64.192.0/24 maxlen: 24
                          212.64.194.0/24 maxlen: 24
                          212.64.197.0/24 maxlen: 24
                          212.64.196.0/24 maxlen: 24
                          212.64.198.0/24 maxlen: 24
                          212.64.199.0/24 maxlen: 24
                          212.64.200.0/24 maxlen: 24
                          212.64.202.0/24 maxlen: 24
                          212.64.201.0/24 maxlen: 24
                          212.64.204.0/24 maxlen: 24
                          212.64.203.0/24 maxlen: 24
                          212.64.205.0/24 maxlen: 24
                          212.64.206.0/24 maxlen: 24
                          212.64.209.0/24 maxlen: 24
                          212.64.208.0/24 maxlen: 24
                          212.64.212.0/24 maxlen: 24
                          212.64.207.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:8c:bb:4c:7f:b1:b6:fb:a3:ca:8d:b0:8a:90:f2:83:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Nov 18 21:53:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=436c36a5492d3e64e000c9e8b161de0cf558238c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:92:d7:07:06:76:4c:dd:15:d3:c7:35:b2:69:
                    83:28:43:7b:6f:70:eb:19:92:33:55:9d:4d:85:d4:
                    dc:bb:27:68:34:1e:fb:00:10:a1:3d:f3:a8:78:2b:
                    da:95:1e:b5:46:e7:1b:a3:c3:e6:8a:49:69:23:13:
                    06:f8:be:d8:11:6c:45:5b:bf:67:ce:7b:67:dc:3b:
                    26:f8:67:ab:47:13:8c:4f:fe:13:1f:5c:bf:4a:0c:
                    5e:60:15:f2:ed:11:d6:4c:99:12:c8:d2:46:47:a0:
                    2a:de:20:63:da:d1:a7:b0:56:d1:6f:ab:48:7a:91:
                    4f:93:2b:6c:1d:da:cc:a2:5c:48:34:a8:03:73:e2:
                    0b:6c:f1:61:ea:32:96:5f:78:a7:54:eb:50:26:7b:
                    c9:fc:5e:3c:e5:5c:c1:0f:cf:7c:4a:b2:c3:a3:3f:
                    85:51:c3:ef:f7:f2:fc:14:35:72:eb:56:24:91:25:
                    d0:6a:89:0c:8d:37:c2:e2:b7:d3:fb:fa:c1:2b:b2:
                    1a:78:0c:21:3f:2e:05:71:e4:22:fe:62:c7:0b:94:
                    62:3d:78:05:67:4a:c9:69:70:45:e8:e6:86:b0:1f:
                    2c:94:30:87:49:ff:22:98:52:25:87:0c:18:c8:e7:
                    45:38:af:16:6b:e2:7b:87:b0:0a:59:04:ac:0f:b1:
                    12:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:6C:36:A5:49:2D:3E:64:E0:00:C9:E8:B1:61:DE:0C:F5:58:23:8C
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/Q2w2pUktPmTgAMnosWHeDPVYI4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.192.0/24
                  212.64.194.0/24
                  212.64.196.0-212.64.209.255
                  212.64.212.0/24
                  212.64.218.0/24
                  212.64.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:6d:0f:fe:84:50:33:d2:61:2e:87:d5:b6:10:59:eb:1e:ac:
         2d:e7:a8:ba:cb:c0:fa:40:6a:94:b1:91:40:b4:f4:18:80:58:
         bf:9c:1a:bb:03:45:8e:e8:a3:91:26:62:bd:14:81:13:5a:f5:
         d6:f7:9a:10:68:4e:b0:c8:ad:01:ce:1d:f0:af:c2:73:2b:75:
         9c:4d:f2:71:10:d8:54:86:df:f8:5f:00:b8:c8:4d:69:e1:d7:
         98:cf:47:e7:7b:cf:a6:af:54:be:8a:f6:22:1e:dc:a3:68:8f:
         43:ba:e7:c9:1c:22:3d:7d:8e:34:c6:c8:31:d3:c5:6f:2c:f0:
         27:60:34:fe:3f:98:a4:14:6f:3c:77:46:f9:40:59:70:0c:aa:
         f0:45:c5:31:f1:76:4f:6f:8d:c6:19:00:20:c0:3a:6e:57:c6:
         ed:05:c9:62:70:b7:ab:ba:90:63:3b:b9:e7:f4:eb:99:f3:0f:
         09:8a:6e:bb:2a:fe:e7:0e:0a:ec:d3:df:64:81:29:47:ee:60:
         98:be:40:ca:94:2a:dc:00:54:bd:b2:7d:a2:92:22:fe:1b:a0:
         12:eb:04:ca:f1:08:7a:38:d2:7e:f0:25:08:a4:2e:0b:eb:38:
         fc:0f:a7:6c:38:43:07:82:c5:20:20:f8:61:d3:f3:bc:da:d6:
         27:62:3f:ef
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYSMu0x/sbb7o8qNsIqQ8oN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjIxMTE4MjE1MzE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzZjMzZhNTQ5MmQzZTY0ZTAwMGM5ZThiMTYxZGUwY2Y1NTgyMzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5LXBwZ2TN0V08c1smmDKEN7b3Dr
GZIzVZ1NhdTcuydoNB77ABChPfOoeCvalR61Rucbo8PmiklpIxMG+L7YEWxFW79n
zntn3Dsm+GerRxOMT/4TH1y/SgxeYBXy7RHWTJkSyNJGR6Aq3iBj2tGnsFbRb6tI
epFPkytsHdrMolxINKgDc+ILbPFh6jKWX3inVOtQJnvJ/F485VzBD898SrLDoz+F
UcPv9/L8FDVy61YkkSXQaokMjTfC4rfT+/rBK7IaeAwhPy4FceQi/mLHC5RiPXgF
Z0rJaXBF6OaGsB8slDCHSf8imFIlhwwYyOdFOK8Wa+J7h7AKWQSsD7ESPwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFENsNqVJLT5k4ADJ6LFh3gz1WCOMMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvUTJ3MnBVa3RQbVRnQU1ub3NXSGVEUFZZSTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQA1EDAAwQA
1EDCMAwDBALUQMQDBAHUQNADBADUQNQDBADUQNoDBADUQNwwDQYJKoZIhvcNAQEL
BQADggEBAI9tD/6EUDPSYS6H1bYQWeserC3nqLrLwPpAapSxkUC09BiAWL+cGrsD
RY7oo5EmYr0UgRNa9db3mhBoTrDIrQHOHfCvwnMrdZxN8nEQ2FSG3/hfALjITWnh
15jPR+d7z6avVL6K9iIe3KNoj0O658kcIj19jjTGyDHTxW8s8CdgNP4/mKQUbzx3
RvlAWXAMqvBFxTHxdk9vjcYZACDAOm5Xxu0FyWJwt6u6kGM7uef065nzDwmKbrsq
/ucOCuzT32SBKUfuYJi+QMqUKtwAVL2yfaKSIv4boBLrBMrxCHo40n7wJQikLgvr
OPwPp2w4QweCxSAg+GHT87za1idiP+8=
-----END CERTIFICATE-----