Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/_qJ5DtX8PPNdcGyADwrETKyGdMM.roa
File:                     _qJ5DtX8PPNdcGyADwrETKyGdMM.roa (raw, json)
Hash identifier:          F+2Jk13Zq2CCuK/dfIIVfiKQgNShSzMy0jzbmFLfDTE=
Subject key identifier:   FE:A2:79:0E:D5:FC:3C:F3:5D:70:6C:80:0F:0A:C4:4C:AC:86:74:C3
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       018AA7E66A58235322DBE8979A9BE07A6E44
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/_qJ5DtX8PPNdcGyADwrETKyGdMM.roa
Signing time:             Mon 18 Sep 2023 10:46:50 +0000
ROA not before:           Mon 18 Sep 2023 10:46:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51088
IP address blocks:        77.246.245.0/24 maxlen: 24
                          178.249.152.0/21 maxlen: 21
                          31.134.200.0/21 maxlen: 21
                          46.244.0.0/19 maxlen: 19
                          5.10.192.0/24 maxlen: 24
                          185.51.52.0/23 maxlen: 23
                          31.41.255.0/24 maxlen: 24
                          185.205.52.0/22 maxlen: 22
                          2a02:1668::/32 maxlen: 32
                          2a02:166b::/32 maxlen: 32
                          2a0f:ba00::/29 maxlen: 29
                          2a06:2602::/32 maxlen: 32
                          2a0b:1c0::/29 maxlen: 29
                          2a0a:e80::/29 maxlen: 29
                          2a05:2900::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a7:e6:6a:58:23:53:22:db:e8:97:9a:9b:e0:7a:6e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Sep 18 10:46:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fea2790ed5fc3cf35d706c800f0ac44cac8674c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:b3:8a:ad:2c:9e:81:d9:8a:2b:69:62:d3:e1:
                    4b:32:3b:e2:7e:01:63:1c:62:e1:46:17:00:be:ad:
                    b8:f6:c0:dd:e6:45:88:d0:2c:cd:bd:1e:42:b3:ec:
                    27:59:cb:ad:95:6a:72:13:83:32:37:f7:90:92:bf:
                    a1:13:63:53:32:0f:46:fb:3e:d2:ce:36:76:16:67:
                    ff:0c:c1:f7:db:69:cc:9e:5e:ab:64:d2:12:a2:be:
                    82:90:68:73:7c:49:8f:9d:b2:6d:9c:fd:9a:f5:6b:
                    51:b9:8d:df:01:6f:42:36:fa:ab:f4:5c:f4:99:fb:
                    89:ce:18:48:a0:52:0c:a2:03:a9:e5:58:25:09:16:
                    6c:71:a8:f2:64:5b:be:8b:f0:84:d3:45:68:f1:31:
                    40:5d:80:7c:19:31:e2:80:88:ed:8e:25:34:87:50:
                    16:30:15:a2:4a:ba:5d:34:09:03:88:ab:b8:c7:ac:
                    31:03:2f:d0:42:5f:11:eb:8b:62:b9:d0:33:ec:23:
                    bb:4d:32:fb:71:fb:5f:d4:0b:b7:4a:71:d4:8d:4a:
                    ec:ac:b4:5c:18:91:98:cd:08:97:a1:51:a4:14:cc:
                    9a:9d:2a:3c:f5:65:82:f5:12:2f:73:e4:83:62:8a:
                    38:fc:21:e0:60:42:73:2d:2c:f0:d8:7d:a2:54:bc:
                    0e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A2:79:0E:D5:FC:3C:F3:5D:70:6C:80:0F:0A:C4:4C:AC:86:74:C3
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/_qJ5DtX8PPNdcGyADwrETKyGdMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.192.0/24
                  31.41.255.0/24
                  31.134.200.0/21
                  46.244.0.0/19
                  77.246.245.0/24
                  178.249.152.0/21
                  185.51.52.0/23
                  185.205.52.0/22
                IPv6:
                  2a02:1668::/32
                  2a02:166b::/32
                  2a05:2900::/29
                  2a06:2602::/32
                  2a0a:e80::/29
                  2a0b:1c0::/29
                  2a0f:ba00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:c4:f3:d5:f2:1f:fa:fc:32:92:d9:0c:d3:3f:bc:04:e6:99:
         bc:68:ce:22:5d:78:c1:02:d4:21:0b:ae:ba:4b:10:8f:64:2d:
         12:c9:1c:cb:2f:6e:f8:b5:a5:ef:7e:7c:1e:a8:4d:44:07:c6:
         05:76:52:61:50:94:50:b8:18:59:ca:59:eb:63:f2:1f:c8:6b:
         7d:b2:46:4d:55:1d:0c:b8:c4:cd:3d:be:b6:08:4b:92:fe:6c:
         92:4f:55:c2:85:1e:af:11:42:b9:78:c9:cb:44:1d:ae:8b:1d:
         d8:d1:52:9d:b0:de:00:b7:b5:8e:3f:4e:ba:1e:85:8e:72:86:
         db:83:87:82:83:d9:63:3d:07:72:17:17:95:8a:97:0a:81:bb:
         6d:2e:2c:84:8f:77:38:d0:0f:9a:0f:d3:20:3a:f6:f4:6e:24:
         81:20:f5:a2:f0:64:5b:0a:f3:16:af:6d:fc:8b:d6:17:43:3d:
         47:1c:04:c9:ad:09:a5:b8:3b:15:d6:00:32:ab:53:f5:f2:fb:
         99:bc:a8:62:06:32:13:22:9a:2f:e0:ce:e7:d8:fe:c1:e6:d4:
         0b:5c:72:af:37:bc:26:7d:50:5d:bd:5e:e6:98:75:d9:2a:16:
         b5:bf:20:e1:6d:fe:13:72:ae:dd:aa:09:cf:84:65:26:8b:16:
         f6:4b:01:71
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAYqn5mpYI1Mi2+iXmpvgem5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjMwOTE4MTA0NjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWEyNzkwZWQ1ZmMzY2YzNWQ3MDZjODAwZjBhYzQ0Y2FjODY3NGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirOKrSyegdmKK2li0+FLMjvifgFj
HGLhRhcAvq249sDd5kWI0CzNvR5Cs+wnWcutlWpyE4MyN/eQkr+hE2NTMg9G+z7S
zjZ2Fmf/DMH322nMnl6rZNISor6CkGhzfEmPnbJtnP2a9WtRuY3fAW9CNvqr9Fz0
mfuJzhhIoFIMogOp5VglCRZscajyZFu+i/CE00Vo8TFAXYB8GTHigIjtjiU0h1AW
MBWiSrpdNAkDiKu4x6wxAy/QQl8R64tiudAz7CO7TTL7cftf1Au3SnHUjUrsrLRc
GJGYzQiXoVGkFMyanSo89WWC9RIvc+SDYoo4/CHgYEJzLSzw2H2iVLwOYQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFP6ieQ7V/DzzXXBsgA8KxEyshnTDMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvX3FKNUR0WDhQUE5kY0d5QUR3ckVUS3lHZE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwNgQCAAEwMAMEAAUKwAME
AB8p/wMEAx+GyAMEBS70AAMEAE329QMEA7L5mAMEAbkzNAMEArnNNDA3BAIAAjAx
AwUAKgIWaAMFACoCFmsDBQMqBSkAAwUAKgYmAgMFAyoKDoADBQMqCwHAAwUDKg+6
ADANBgkqhkiG9w0BAQsFAAOCAQEAO8Tz1fIf+vwyktkM0z+8BOaZvGjOIl14wQLU
IQuuuksQj2QtEskcyy9u+LWl7358HqhNRAfGBXZSYVCUULgYWcpZ62PyH8hrfbJG
TVUdDLjEzT2+tghLkv5skk9VwoUerxFCuXjJy0Qdrosd2NFSnbDeALe1jj9Ouh6F
jnKG24OHgoPZYz0HchcXlYqXCoG7bS4shI93ONAPmg/TIDr29G4kgSD1ovBkWwrz
Fq9t/IvWF0M9RxwEya0Jpbg7FdYAMqtT9fL7mbyoYgYyEyKaL+DO59j+webUC1xy
rze8Jn1QXb1e5ph12SoWtb8g4W3+E3Ku3aoJz4RlJosW9ksBcQ==
-----END CERTIFICATE-----