Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ea71d4-4dbb-4451-b26b-3b75a567f73a/1/DEd-IhNE4EXVUc75HrQhumYlbbI.roa
File:                     DEd-IhNE4EXVUc75HrQhumYlbbI.roa (raw, json)
Hash identifier:          rxHEwcyhTO2VetaahtrAIS3v1O/SL5W+rXzUAZpx7s4=
Subject key identifier:   0C:47:7E:22:13:44:E0:45:D5:51:CE:F9:1E:B4:21:BA:66:25:6D:B2
Certificate issuer:       /CN=d8ff71f2b1a8d62af446a92ba2bdea33f9b69ddc
Certificate serial:       26CB3E
Authority key identifier: D8:FF:71:F2:B1:A8:D6:2A:F4:46:A9:2B:A2:BD:EA:33:F9:B6:9D:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2P9x8rGo1ir0Rqkror3qM_m2ndw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ea71d4-4dbb-4451-b26b-3b75a567f73a/1/DEd-IhNE4EXVUc75HrQhumYlbbI.roa
Signing time:             Fri 08 Apr 2022 12:36:49 +0000
ROA not before:           Fri 08 Apr 2022 12:36:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16371
IP address blocks:        109.70.32.0/24 maxlen: 24
                          109.70.32.0/22 maxlen: 22
                          109.70.32.0/21 maxlen: 21
                          109.70.36.0/22 maxlen: 22
                          85.187.58.0/23 maxlen: 23
                          85.187.56.0/23 maxlen: 23
                          85.187.56.0/22 maxlen: 22
                          45.6.48.0/22 maxlen: 23
                          87.238.88.0/21 maxlen: 22
                          89.37.224.0/23 maxlen: 23
                          89.37.224.0/24 maxlen: 24
                          89.37.225.0/24 maxlen: 24
                          194.116.184.0/24 maxlen: 24
                          194.116.184.0/23 maxlen: 23
                          194.116.185.0/24 maxlen: 24
                          79.139.120.0/22 maxlen: 22
                          79.139.124.0/22 maxlen: 22
                          79.139.120.0/21 maxlen: 21
                          185.2.68.0/22 maxlen: 22
                          185.2.68.0/24 maxlen: 24
                          185.2.69.0/24 maxlen: 24
                          185.2.70.0/23 maxlen: 23
                          185.78.24.0/22 maxlen: 23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2542398 (0x26cb3e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8ff71f2b1a8d62af446a92ba2bdea33f9b69ddc
        Validity
            Not Before: Apr  8 12:36:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0c477e221344e045d551cef91eb421ba66256db2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:3c:5a:f1:89:26:72:11:7f:d9:e9:b4:94:bf:
                    bf:b5:ad:de:46:b7:fd:b8:ac:05:2c:5e:78:11:00:
                    c6:3b:e1:18:03:79:3d:52:72:19:93:09:3c:f2:3a:
                    cf:cc:9a:4f:9c:71:83:bc:54:d8:b0:fd:e2:a7:f5:
                    8b:2a:ed:f7:4f:af:0e:e8:f0:24:a1:a7:ba:b2:2f:
                    66:2e:8a:86:b7:a7:9b:ef:fa:8c:f4:5c:d3:96:d2:
                    bc:1f:4e:18:25:3b:f7:3b:6d:c4:49:73:73:8e:be:
                    c9:99:23:14:16:7d:5e:fe:52:a3:42:98:cf:d7:4f:
                    33:b0:db:31:67:43:d4:69:6f:47:1b:87:b8:22:8f:
                    64:ad:4e:70:91:50:cc:70:37:68:f3:52:90:7a:24:
                    c5:1c:c4:6f:64:7f:72:d0:d0:d7:e1:61:c9:18:8a:
                    0a:90:f9:c6:d8:b5:35:12:6e:6f:44:2a:f6:8c:96:
                    8f:a4:28:72:2c:f8:fc:70:be:d4:98:22:94:56:b2:
                    5e:e6:21:ed:05:ec:91:92:a4:a4:06:7d:2b:3d:01:
                    53:d2:b5:30:bc:06:de:d7:35:78:24:95:de:e2:da:
                    50:07:6e:07:b9:ea:06:51:a0:8b:72:2c:55:d5:32:
                    f9:a1:80:56:eb:dd:ea:07:0d:6a:27:24:b9:c6:79:
                    1c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:47:7E:22:13:44:E0:45:D5:51:CE:F9:1E:B4:21:BA:66:25:6D:B2
            X509v3 Authority Key Identifier:
                keyid:D8:FF:71:F2:B1:A8:D6:2A:F4:46:A9:2B:A2:BD:EA:33:F9:B6:9D:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2P9x8rGo1ir0Rqkror3qM_m2ndw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ea71d4-4dbb-4451-b26b-3b75a567f73a/1/DEd-IhNE4EXVUc75HrQhumYlbbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ea71d4-4dbb-4451-b26b-3b75a567f73a/1/2P9x8rGo1ir0Rqkror3qM_m2ndw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.6.48.0/22
                  79.139.120.0/21
                  85.187.56.0/22
                  87.238.88.0/21
                  89.37.224.0/23
                  109.70.32.0/21
                  185.2.68.0/22
                  185.78.24.0/22
                  194.116.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:b4:b0:52:31:a8:cc:e1:af:6a:58:ee:92:8d:46:70:0c:0c:
         71:bf:b3:7e:94:c6:73:08:5e:ac:71:0e:d4:c9:a9:76:a3:da:
         69:93:ce:e5:2b:ac:16:3c:8d:86:d4:cc:7b:d7:a5:31:65:07:
         94:e2:2b:84:26:58:e4:d5:f0:50:79:05:ad:21:67:c4:73:45:
         86:27:bf:d7:72:ba:be:e8:86:bd:0c:6c:c1:b7:96:ba:f7:c5:
         51:96:15:bf:43:d4:ac:50:da:c2:a5:2f:4c:e9:66:25:56:4c:
         bc:78:a7:b9:6c:11:f4:b7:1a:ba:65:2d:15:99:8d:e8:d7:04:
         8c:c8:7d:c1:16:3c:3a:bc:5f:fe:81:68:98:f6:9d:26:77:0a:
         a2:f8:22:53:c5:f3:14:2e:29:32:e5:56:78:6e:5e:ae:c9:9e:
         94:6c:a9:ea:d3:28:bb:21:79:1f:5e:b8:4a:27:cc:e8:8c:23:
         86:07:e5:66:d8:c7:51:a4:ab:65:77:85:1b:b7:b6:ae:ec:b0:
         76:31:6a:7b:72:cc:49:98:d1:74:e2:f2:08:6b:5d:fe:03:d5:
         32:9f:e5:ec:12:08:fc:10:70:5a:90:d2:70:58:bc:04:99:c0:
         d2:e6:dc:a8:eb:64:90:7c:67:f5:cc:59:c3:07:cd:69:dc:9b:
         ad:d6:f5:85
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIDJss+MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGQ4
ZmY3MWYyYjFhOGQ2MmFmNDQ2YTkyYmEyYmRlYTMzZjliNjlkZGMwHhcNMjIwNDA4
MTIzNjQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygwYzQ3N2UyMjEzNDRl
MDQ1ZDU1MWNlZjkxZWI0MjFiYTY2MjU2ZGIyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA6Dxa8YkmchF/2em0lL+/ta3eRrf9uKwFLF54EQDGO+EYA3k9
UnIZkwk88jrPzJpPnHGDvFTYsP3ip/WLKu33T68O6PAkoae6si9mLoqGt6eb7/qM
9FzTltK8H04YJTv3O23ESXNzjr7JmSMUFn1e/lKjQpjP108zsNsxZ0PUaW9HG4e4
Io9krU5wkVDMcDdo81KQeiTFHMRvZH9y0NDX4WHJGIoKkPnG2LU1Em5vRCr2jJaP
pChyLPj8cL7UmCKUVrJe5iHtBeyRkqSkBn0rPQFT0rUwvAbe1zV4JJXe4tpQB24H
ueoGUaCLcixV1TL5oYBW693qBw1qJyS5xnkcvwIDAQABo4ICOTCCAjUwHQYDVR0O
BBYEFAxHfiITROBF1VHO+R60IbpmJW2yMB8GA1UdIwQYMBaAFNj/cfKxqNYq9Eap
K6K96jP5tp3cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
MlA5eDhyR28xaXIwUnFrcm9yM3FNX20ybmR3LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9mZi9lYTcxZDQtNGRiYi00NDUxLWIyNmItM2I3NWE1NjdmNzNhLzEv
REVkLUloTkU0RVhWVWM3NUhyUWh1bVlsYmJJLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9l
YTcxZDQtNGRiYi00NDUxLWIyNmItM2I3NWE1NjdmNzNhLzEvMlA5eDhyR28xaXIw
UnFrcm9yM3FNX20ybmR3LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CME8G
CCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCLQYwAwQDT4t4AwQCVbs4AwQDV+5Y
AwQBWSXgAwQDbUYgAwQCuQJEAwQCuU4YAwQBwnS4MA0GCSqGSIb3DQEBCwUAA4IB
AQBWtLBSMajM4a9qWO6SjUZwDAxxv7N+lMZzCF6scQ7Uyal2o9ppk87lK6wWPI2G
1Mx716UxZQeU4iuEJljk1fBQeQWtIWfEc0WGJ7/Xcrq+6Ia9DGzBt5a698VRlhW/
Q9SsUNrCpS9M6WYlVky8eKe5bBH0txq6ZS0VmY3o1wSMyH3BFjw6vF/+gWiY9p0m
dwqi+CJTxfMULiky5VZ4bl6uyZ6UbKnq0yi7IXkfXrhKJ8zojCOGB+Vm2MdRpKtl
d4Ubt7au7LB2MWp7csxJmNF04vIIa13+A9Uyn+XsEgj8EHBakNJwWLwEmcDS5tyo
62SQfGf1zFnDB81p3Jut1vWF
-----END CERTIFICATE-----