Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/4/326130353a646663353a326635643a3a2f34382d3438203d3e20323033303639.roa
File:                     326130353a646663353a326635643a3a2f34382d3438203d3e20323033303639.roa (raw, json)
Hash identifier:          p3ZfLQLz49cWvf22+L2zZM+TpovPGjamF8lLoQMmQUk=
Subject key identifier:   8C:B8:21:3B:95:DD:EF:EF:93:A9:E4:53:E2:03:71:41:CA:04:E8:00
Certificate issuer:       /CN=847138B5401830B89B52403C777718BB40B2B6B5
Certificate serial:       12ED80084D9E2D6EEF46F303B9C145003AAB1E2A
Authority key identifier: 84:71:38:B5:40:18:30:B8:9B:52:40:3C:77:77:18:BB:40:B2:B6:B5
Authority info access:    rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/847138B5401830B89B52403C777718BB40B2B6B5.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/4/326130353a646663353a326635643a3a2f34382d3438203d3e20323033303639.roa
Signing time:             Fri 20 Jan 2023 16:33:28 +0000
ROA not before:           Fri 20 Jan 2023 16:28:28 +0000
ROA not after:            Fri 19 Jan 2024 16:33:28 +0000
asID:                     203069
IP address blocks:        2a05:dfc5:2f5d::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:ed:80:08:4d:9e:2d:6e:ef:46:f3:03:b9:c1:45:00:3a:ab:1e:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=847138B5401830B89B52403C777718BB40B2B6B5
        Validity
            Not Before: Jan 20 16:28:28 2023 GMT
            Not After : Jan 19 16:33:28 2024 GMT
        Subject: CN=8CB8213B95DDEFEF93A9E453E2037141CA04E800
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e4:4a:c6:c8:63:4f:19:73:10:5d:50:12:e3:
                    f7:9f:8d:4c:b7:89:93:8b:a4:93:fd:b2:1b:e7:91:
                    b8:8f:16:86:8e:d5:ec:13:f5:9d:d2:dd:3d:1f:10:
                    68:44:8b:9b:64:4a:1d:dd:97:83:9a:46:0c:67:32:
                    62:a1:ab:1b:9a:00:3d:b0:3e:91:91:e6:66:2a:89:
                    4e:b9:f2:26:c1:98:2b:83:a8:41:be:11:7c:6a:38:
                    f0:d6:cc:ef:d1:12:0c:bf:e9:dc:82:eb:f4:d8:5a:
                    c7:45:28:91:ad:3f:d4:4e:31:7c:06:1f:d9:bc:df:
                    2a:18:5e:f5:de:40:5b:3b:b1:b7:dd:39:8e:3f:34:
                    94:98:56:81:be:48:43:63:f5:39:1d:6f:e9:6a:af:
                    5f:7c:be:eb:25:49:98:32:3a:42:9b:09:e6:b9:f8:
                    cd:55:34:a5:57:46:1a:06:c0:90:bd:db:cf:a9:2f:
                    9a:2e:97:c5:86:2c:91:81:ee:f3:34:0b:5e:57:49:
                    b9:55:47:b9:9e:a7:f5:d9:87:32:10:65:e7:b6:c1:
                    c0:94:79:cf:94:06:41:c3:3f:c7:c3:69:f9:17:5d:
                    d2:8d:89:81:26:62:ec:c2:63:d2:48:fb:d6:ce:36:
                    56:3a:b8:e0:e8:e6:ef:81:b5:a9:16:5e:5a:18:b3:
                    2b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B8:21:3B:95:DD:EF:EF:93:A9:E4:53:E2:03:71:41:CA:04:E8:00
            X509v3 Authority Key Identifier:
                keyid:84:71:38:B5:40:18:30:B8:9B:52:40:3C:77:77:18:BB:40:B2:B6:B5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/4/847138B5401830B89B52403C777718BB40B2B6B5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/847138B5401830B89B52403C777718BB40B2B6B5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/4/326130353a646663353a326635643a3a2f34382d3438203d3e20323033303639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:dfc5:2f5d::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:23:6e:43:ec:74:ca:7f:05:a9:82:ea:db:bd:5b:61:c2:51:
         5d:94:82:28:9f:14:1f:e2:9d:f9:d2:5e:83:1e:af:04:aa:60:
         1d:5b:c7:76:7b:a8:55:6e:c4:6c:ea:b4:5b:d4:83:e1:32:e8:
         0b:cf:8b:58:22:37:78:b9:96:98:82:9a:f3:a5:e3:e2:8e:d7:
         d9:af:c3:e5:39:f6:95:30:a2:c1:89:df:07:98:d0:22:69:38:
         ee:63:cd:c7:34:4b:96:9b:0d:aa:0e:61:16:fa:c8:50:53:cb:
         17:83:38:25:f2:49:26:bf:cf:0d:c9:bb:ba:73:40:26:73:c5:
         e2:d0:5a:7d:1f:75:e0:41:a1:ea:c5:48:a6:c5:a9:b2:2d:e9:
         5a:8f:22:d1:69:32:59:47:ba:41:c3:34:75:cd:4a:36:c0:26:
         62:f5:20:05:5b:dc:cd:21:78:de:c1:d8:55:d2:e3:b1:1b:87:
         01:e1:8d:e4:c5:3e:8b:5a:b1:54:f3:14:9b:46:6a:3f:0f:c1:
         a6:a4:d1:00:c9:83:34:52:85:f6:aa:ca:c9:51:56:2b:33:19:
         ed:7b:97:f7:2f:25:c1:2b:ea:8d:53:50:dc:5f:35:07:c5:c6:
         d1:9f:eb:85:16:a2:41:22:08:77:ce:d1:a6:f6:1e:82:a6:ac:
         47:fb:44:56
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIUEu2ACE2eLW7vRvMDucFFADqrHiowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODQ3MTM4QjU0MDE4MzBCODlCNTI0MDNDNzc3NzE4QkI0
MEIyQjZCNTAeFw0yMzAxMjAxNjI4MjhaFw0yNDAxMTkxNjMzMjhaMDMxMTAvBgNV
BAMTKDhDQjgyMTNCOTVEREVGRUY5M0E5RTQ1M0UyMDM3MTQxQ0EwNEU4MDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa5ErGyGNPGXMQXVAS4/efjUy3
iZOLpJP9shvnkbiPFoaO1ewT9Z3S3T0fEGhEi5tkSh3dl4OaRgxnMmKhqxuaAD2w
PpGR5mYqiU658ibBmCuDqEG+EXxqOPDWzO/REgy/6dyC6/TYWsdFKJGtP9ROMXwG
H9m83yoYXvXeQFs7sbfdOY4/NJSYVoG+SENj9Tkdb+lqr198vuslSZgyOkKbCea5
+M1VNKVXRhoGwJC928+pL5oul8WGLJGB7vM0C15XSblVR7mep/XZhzIQZee2wcCU
ec+UBkHDP8fDafkXXdKNiYEmYuzCY9JI+9bONlY6uODo5u+BtakWXloYsys9AgMB
AAGjggJ6MIICdjAdBgNVHQ4EFgQUjLghO5Xd7++TqeRT4gNxQcoE6AAwHwYDVR0j
BBgwFoAUhHE4tUAYMLibUkA8d3cYu0CytrUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWJmOGU5NzctNzI3OC00NmNmLWFiZDEtOTljZDFmZDJi
ZTRlLzQvODQ3MTM4QjU0MDE4MzBCODlCNTI0MDNDNzc3NzE4QkI0MEIyQjZCNS5j
cmwwgZMGCCsGAQUFBwEBBIGGMIGDMIGABggrBgEFBQcwAoZ0cnN5bmM6Ly9ycGtp
LXJwcy5hcmluLm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1
YzkxYmUzZjlkLzIvODQ3MTM4QjU0MDE4MzBCODlCNTI0MDNDNzc3NzE4QkI0MEIy
QjZCNS5jZXIwgbcGCCsGAQUFBwELBIGqMIGnMIGkBggrBgEFBQcwC4aBl3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWJmOGU5Nzct
NzI3OC00NmNmLWFiZDEtOTljZDFmZDJiZTRlLzQvMzI2MTMwMzUzYTY0NjY2MzM1
M2EzMjY2MzU2NDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzAzMzMwMzYzOS5y
b2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEw
DwQCAAIwCQMHACoF38UvXTANBgkqhkiG9w0BAQsFAAOCAQEAoiNuQ+x0yn8FqYLq
271bYcJRXZSCKJ8UH+Kd+dJegx6vBKpgHVvHdnuoVW7EbOq0W9SD4TLoC8+LWCI3
eLmWmIKa86Xj4o7X2a/D5Tn2lTCiwYnfB5jQImk47mPNxzRLlpsNqg5hFvrIUFPL
F4M4JfJJJr/PDcm7unNAJnPF4tBafR914EGh6sVIpsWpsi3pWo8i0WkyWUe6QcM0
dc1KNsAmYvUgBVvczSF43sHYVdLjsRuHAeGN5MU+i1qxVPMUm0ZqPw/BpqTRAMmD
NFKF9qrKyVFWKzMZ7XuX9y8lwSvqjVNQ3F81B8XG0Z/rhRaiQSIId87RpvYegqas
R/tEVg==
-----END CERTIFICATE-----