Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/906768-cdeb-40d2-b2a2-63cd3c861d8e/1/Ay50F3eskl8FDG_fl6KUeng3RCE.roa
File:                     Ay50F3eskl8FDG_fl6KUeng3RCE.roa (raw, json)
Hash identifier:          tnLZETBZfktS6R6JfnEHy9RJPasoFIwUhxZVHPTFWjs=
Subject key identifier:   03:2E:74:17:77:AC:92:5F:05:0C:6F:DF:97:A2:94:7A:78:37:44:21
Certificate issuer:       /CN=0cb5d3e8ddcf524c20c32387ed3103d4cbf2a56a
Certificate serial:       0854576F
Authority key identifier: 0C:B5:D3:E8:DD:CF:52:4C:20:C3:23:87:ED:31:03:D4:CB:F2:A5:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DLXT6N3PUkwgwyOH7TED1MvypWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/906768-cdeb-40d2-b2a2-63cd3c861d8e/1/Ay50F3eskl8FDG_fl6KUeng3RCE.roa
Signing time:             Sat 01 Jan 2022 05:05:34 +0000
ROA not before:           Sat 01 Jan 2022 05:05:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3308
IP address blocks:        213.150.32.0/19 maxlen: 19
                          194.19.192.0/19 maxlen: 19
                          217.74.128.0/19 maxlen: 19
                          213.173.224.0/19 maxlen: 19
                          212.97.192.0/18 maxlen: 18
                          85.235.224.0/19 maxlen: 19
                          194.19.128.0/18 maxlen: 18
                          62.198.0.0/15 maxlen: 15
                          194.255.0.0/16 maxlen: 16
                          62.44.128.0/18 maxlen: 18
                          195.184.96.0/19 maxlen: 19
                          89.233.0.0/18 maxlen: 18
                          89.233.0.0/24 maxlen: 24
                          2a01:3a0::/32 maxlen: 32
                          2a01:3a0::/48 maxlen: 48
                          2a01:3a0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 139745135 (0x854576f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cb5d3e8ddcf524c20c32387ed3103d4cbf2a56a
        Validity
            Not Before: Jan  1 05:05:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=032e741777ac925f050c6fdf97a2947a78374421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:31:b9:d7:48:10:36:d9:f8:b7:2a:e0:c2:46:
                    47:96:b0:c4:81:d7:77:fb:b1:f4:40:8c:20:b4:ab:
                    cb:14:4b:73:76:52:47:c3:3c:5e:15:ec:cc:ca:e6:
                    21:34:e9:61:7a:5a:57:89:43:a1:98:71:dc:2f:81:
                    b2:ec:ea:af:36:b8:ac:9a:68:bc:70:74:42:bb:b1:
                    d1:36:28:7c:de:39:ba:5a:99:d7:56:09:78:58:72:
                    86:5a:b4:34:ca:34:98:66:4c:3a:89:52:61:80:83:
                    d6:b2:66:1c:d9:54:19:87:50:1f:97:11:e1:f5:27:
                    3b:ae:a6:06:56:e5:52:66:cf:c1:5f:3e:71:ba:67:
                    cf:23:d8:25:60:0c:6e:b8:ba:40:a6:cb:95:6c:c3:
                    f0:29:9c:cb:b8:c0:50:84:dd:eb:cd:45:79:7e:f6:
                    09:f3:2c:e7:f6:6d:bf:65:ed:fb:91:3c:54:63:c5:
                    88:2d:1e:bc:e6:68:95:e5:31:55:8f:da:51:cf:a4:
                    42:12:c9:d0:a1:1b:1a:cf:93:fe:b6:02:82:71:71:
                    c6:bc:9b:b5:6e:40:f0:07:08:1e:bc:1d:f6:81:d6:
                    66:5a:13:4e:16:66:f8:6c:d5:a9:e3:25:c7:81:25:
                    22:e6:05:a4:aa:45:90:e5:5c:81:34:d9:5f:ec:24:
                    57:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:2E:74:17:77:AC:92:5F:05:0C:6F:DF:97:A2:94:7A:78:37:44:21
            X509v3 Authority Key Identifier:
                keyid:0C:B5:D3:E8:DD:CF:52:4C:20:C3:23:87:ED:31:03:D4:CB:F2:A5:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DLXT6N3PUkwgwyOH7TED1MvypWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/906768-cdeb-40d2-b2a2-63cd3c861d8e/1/Ay50F3eskl8FDG_fl6KUeng3RCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/906768-cdeb-40d2-b2a2-63cd3c861d8e/1/DLXT6N3PUkwgwyOH7TED1MvypWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.44.128.0/18
                  62.198.0.0/15
                  85.235.224.0/19
                  89.233.0.0/18
                  194.19.128.0-194.19.223.255
                  194.255.0.0/16
                  195.184.96.0/19
                  212.97.192.0/18
                  213.150.32.0/19
                  213.173.224.0/19
                  217.74.128.0/19
                IPv6:
                  2a01:3a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:3f:f0:6a:ac:0e:08:22:88:f9:a2:76:b6:e3:13:e8:e5:28:
         42:31:ed:49:78:6d:d6:9c:3e:cf:33:66:bb:a6:57:a2:1e:f0:
         6c:5d:a6:3b:42:14:04:73:13:14:b0:9d:91:15:4b:60:80:7d:
         d2:59:1e:ff:ef:7c:be:0d:48:8b:f2:78:46:c4:1c:de:ee:ce:
         86:7e:b5:60:11:91:34:f2:84:be:e9:87:70:b6:d3:f6:cb:37:
         ee:a5:54:fd:cf:40:fe:55:fc:2a:ad:31:17:93:a7:58:dd:c7:
         52:d0:e8:52:db:59:ef:fe:00:45:76:56:c9:fc:fa:0c:2b:1c:
         05:73:a7:c1:80:74:b4:c7:aa:86:ed:94:56:e9:df:a5:94:1d:
         c2:d9:ed:c9:9f:fa:06:d8:c9:99:fe:ca:28:03:e9:b2:5f:ca:
         ca:7d:c4:c2:00:b0:95:f5:8a:96:9b:61:6d:06:93:2f:63:87:
         21:de:a3:72:4e:54:aa:d6:76:da:70:e0:3c:05:69:89:2c:46:
         f0:08:34:da:85:e8:e4:69:e2:f8:5e:fa:81:25:ac:d2:be:c7:
         21:ab:55:91:b5:e9:d9:1a:70:d3:e5:20:93:78:bd:71:c1:80:
         81:8c:86:61:fe:64:95:ef:c0:98:ff:f4:8a:26:69:32:31:9d:
         5d:d4:62:16
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIECFRXbzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
Y2I1ZDNlOGRkY2Y1MjRjMjBjMzIzODdlZDMxMDNkNGNiZjJhNTZhMB4XDTIyMDEw
MTA1MDUzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDMyZTc0MTc3N2Fj
OTI1ZjA1MGM2ZmRmOTdhMjk0N2E3ODM3NDQyMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMIxuddIEDbZ+Lcq4MJGR5awxIHXd/ux9ECMILSryxRLc3ZS
R8M8XhXszMrmITTpYXpaV4lDoZhx3C+Bsuzqrza4rJpovHB0Qrux0TYofN45ulqZ
11YJeFhyhlq0NMo0mGZMOolSYYCD1rJmHNlUGYdQH5cR4fUnO66mBlblUmbPwV8+
cbpnzyPYJWAMbri6QKbLlWzD8Cmcy7jAUITd681FeX72CfMs5/Ztv2Xt+5E8VGPF
iC0evOZoleUxVY/aUc+kQhLJ0KEbGs+T/rYCgnFxxrybtW5A8AcIHrwd9oHWZloT
ThZm+GzVqeMlx4ElIuYFpKpFkOVcgTTZX+wkV/ECAwEAAaOCAlowggJWMB0GA1Ud
DgQWBBQDLnQXd6ySXwUMb9+XopR6eDdEITAfBgNVHSMEGDAWgBQMtdPo3c9STCDD
I4ftMQPUy/KlajAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RMWFQ2TjNQVWt3Z3d5T0g3VEVEMU12eXBXby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDUvOTA2NzY4LWNkZWItNDBkMi1iMmEyLTYzY2QzYzg2MWQ4ZS8x
L0F5NTBGM2Vza2w4RkRHX2ZsNktVZW5nM1JDRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDUv
OTA2NzY4LWNkZWItNDBkMi1iMmEyLTYzY2QzYzg2MWQ4ZS8xL0RMWFQ2TjNQVWt3
Z3d5T0g3VEVEMU12eXBXby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBw
BggrBgEFBQcBBwEB/wRhMF8wTgQCAAEwSAMEBj4sgAMDAT7GAwQFVevgAwQGWekA
MAwDBAfCE4ADBAXCE8ADAwDC/wMEBcO4YAMEBtRhwAMEBdWWIAMEBdWt4AMEBdlK
gDANBAIAAjAHAwUDKgEDoDANBgkqhkiG9w0BAQsFAAOCAQEAEz/waqwOCCKI+aJ2
tuMT6OUoQjHtSXht1pw+zzNmu6ZXoh7wbF2mO0IUBHMTFLCdkRVLYIB90lke/+98
vg1Ii/J4RsQc3u7Ohn61YBGRNPKEvumHcLbT9ss37qVU/c9A/lX8Kq0xF5OnWN3H
UtDoUttZ7/4ARXZWyfz6DCscBXOnwYB0tMeqhu2UVunfpZQdwtntyZ/6BtjJmf7K
KAPpsl/Kyn3EwgCwlfWKlpthbQaTL2OHId6jck5UqtZ22nDgPAVpiSxG8Ag02oXo
5Gni+F76gSWs0r7HIatVkbXp2Rpw0+Ugk3i9ccGAgYyGYf5kle/AmP/0iiZpMjGd
XdRiFg==
-----END CERTIFICATE-----