Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8-PJnk51LmsRjEY_ffF_L64xTX4.roa
File:                     8-PJnk51LmsRjEY_ffF_L64xTX4.roa (raw, json)
Hash identifier:          k3HbHC+RnGfpLf/v2AueBtxUdGUWy6K4egjhvpLqJZg=
Subject key identifier:   F3:E3:C9:9E:4E:75:2E:6B:11:8C:46:3F:7D:F1:7F:2F:AE:31:4D:7E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018258D5CEDE6564349750D55EE96A121908
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8-PJnk51LmsRjEY_ffF_L64xTX4.roa
Signing time:             Mon 01 Aug 2022 09:56:23 +0000
ROA not before:           Mon 01 Aug 2022 09:56:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        2a0f:a203::/32 maxlen: 32
                          2a0f:3d86::/32 maxlen: 32
                          2a0e:2240:5::/48 maxlen: 48
                          2a0f:a207::/32 maxlen: 32
                          2a0f:3d83::/32 maxlen: 32
                          2a0f:3d87::/32 maxlen: 32
                          2a0e:2240:3::/48 maxlen: 48
                          2a0f:a200::/32 maxlen: 32
                          2a0f:3d81::/32 maxlen: 32
                          2a0f:a206::/32 maxlen: 32
                          2a0e:2240:4::/48 maxlen: 48
                          2a0f:3d84::/32 maxlen: 32
                          2a0f:a205::/32 maxlen: 32
                          2a0f:a201::/32 maxlen: 32
                          2a0f:a204::/32 maxlen: 32
                          2a0f:3d85::/32 maxlen: 32
                          2a0f:a202::/32 maxlen: 32
                          2a07:7880::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:58:d5:ce:de:65:64:34:97:50:d5:5e:e9:6a:12:19:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  1 09:56:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f3e3c99e4e752e6b118c463f7df17f2fae314d7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:73:e0:ea:49:10:d1:7e:56:8d:89:e8:b8:33:
                    f7:d7:8d:b4:5e:e5:9b:1c:46:33:c1:94:4c:8d:6f:
                    44:7c:32:39:58:69:df:3b:ec:d9:b5:70:e7:41:53:
                    40:03:3c:88:70:94:73:57:ad:52:b3:f1:f9:b6:52:
                    12:09:df:e2:48:e4:2b:97:e0:4f:68:a0:0a:50:26:
                    cc:04:f7:50:ce:67:f9:5f:3a:ec:6b:3e:3b:e1:91:
                    33:ea:8b:cd:ba:b2:5c:2a:49:68:0e:e5:68:fc:70:
                    67:be:76:b0:75:57:86:44:39:5f:50:0a:8b:f9:b9:
                    a2:a8:98:6d:c2:44:30:c3:38:d3:42:57:72:e7:68:
                    69:d3:3c:a0:09:b6:ad:1a:5e:46:ba:73:fb:93:5e:
                    a4:74:21:0a:23:63:d8:5d:9d:3c:8b:71:a2:69:34:
                    65:b8:ea:ce:61:f9:fd:27:ce:d0:77:7f:90:80:84:
                    5b:bf:94:00:86:83:f9:4c:ed:ea:3c:0c:02:ce:5c:
                    ca:9d:a3:3a:b0:b4:2d:d1:d4:5a:0f:90:b7:57:f5:
                    b3:b4:c4:54:ac:bb:d9:a8:2f:66:8c:e1:94:68:07:
                    50:89:2a:2d:45:8b:ef:34:2f:a4:e5:43:81:e2:4c:
                    74:7a:c8:53:0f:a4:ce:70:0c:de:9d:aa:36:23:82:
                    f7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:E3:C9:9E:4E:75:2E:6B:11:8C:46:3F:7D:F1:7F:2F:AE:31:4D:7E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8-PJnk51LmsRjEY_ffF_L64xTX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:7880::/32
                  2a0e:2240:3::-2a0e:2240:5:ffff:ffff:ffff:ffff:ffff
                  2a0f:3d81::/32
                  2a0f:3d83::-2a0f:3d87:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0f:a200::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:07:fd:f0:7e:d7:09:2a:c9:94:cd:bb:09:45:95:fc:09:f6:
         5c:ab:6a:9f:7c:7d:2d:d5:f1:e9:0c:1f:fc:61:2d:f2:59:90:
         65:d2:36:1b:8a:87:08:15:da:9b:95:e9:96:f1:39:d4:29:82:
         f6:04:a8:20:1c:87:10:dc:19:07:40:ab:7a:4e:e4:15:74:d2:
         3e:8d:87:1a:3c:89:48:57:86:f7:7a:46:66:fd:fa:23:bb:18:
         fa:70:b5:9f:42:b7:e2:92:3d:b8:b8:06:db:d9:c4:f6:0f:99:
         3e:7a:52:54:db:3e:c7:9f:6a:1b:73:c9:53:ad:9a:5c:0f:5d:
         27:45:10:71:c8:b1:43:05:2f:05:b3:a7:9b:eb:9d:57:32:2e:
         cf:c5:82:80:4c:f9:e5:8f:bc:8e:3a:de:2c:d6:fa:1f:d7:da:
         7c:27:33:92:08:b6:41:d7:fd:ac:12:e9:f0:b7:99:f6:b4:40:
         2a:71:ea:5b:32:8a:fd:49:cc:1f:b7:de:b2:c2:42:bc:57:ec:
         e1:e6:51:e8:c7:d2:cd:52:36:2f:07:56:b5:cf:7a:b9:aa:79:
         b6:97:c1:b1:23:08:42:35:f5:1a:41:80:ac:c1:ec:6c:f8:a8:
         09:a0:e9:cb:fc:43:5a:b4:21:25:da:39:ff:63:75:69:34:b8:
         53:83:54:46
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYJY1c7eZWQ0l1DVXulqEhkIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjIwODAxMDk1NjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2UzYzk5ZTRlNzUyZTZiMTE4YzQ2M2Y3ZGYxN2YyZmFlMzE0ZDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3Pg6kkQ0X5WjYnouDP31420XuWb
HEYzwZRMjW9EfDI5WGnfO+zZtXDnQVNAAzyIcJRzV61Ss/H5tlISCd/iSOQrl+BP
aKAKUCbMBPdQzmf5Xzrsaz474ZEz6ovNurJcKkloDuVo/HBnvnawdVeGRDlfUAqL
+bmiqJhtwkQwwzjTQldy52hp0zygCbatGl5GunP7k16kdCEKI2PYXZ08i3GiaTRl
uOrOYfn9J87Qd3+QgIRbv5QAhoP5TO3qPAwCzlzKnaM6sLQt0dRaD5C3V/WztMRU
rLvZqC9mjOGUaAdQiSotRYvvNC+k5UOB4kx0eshTD6TOcAzenao2I4L3iwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFPPjyZ5OdS5rEYxGP33xfy+uMU1+MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvOC1QSm5rNTFMbXNSakVZX2ZmRl9MNjR4VFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAAjA5AwUAKgd4gDAS
AwcAKg4iQAADAwcBKg4iQAAEAwUAKg89gTAOAwUAKg89gwMFAyoPPYADBQMqD6IA
MA0GCSqGSIb3DQEBCwUAA4IBAQAyB/3wftcJKsmUzbsJRZX8CfZcq2qffH0t1fHp
DB/8YS3yWZBl0jYbiocIFdqblemW8TnUKYL2BKggHIcQ3BkHQKt6TuQVdNI+jYca
PIlIV4b3ekZm/fojuxj6cLWfQrfikj24uAbb2cT2D5k+elJU2z7Hn2obc8lTrZpc
D10nRRBxyLFDBS8Fs6eb651XMi7PxYKATPnlj7yOOt4s1vof19p8JzOSCLZB1/2s
Eunwt5n2tEAqcepbMor9Scwft96ywkK8V+zh5lHox9LNUjYvB1a1z3q5qnm2l8Gx
IwhCNfUaQYCswexs+KgJoOnL/ENatCEl2jn/Y3VpNLhTg1RG
-----END CERTIFICATE-----