Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MFD8tQ8dBZUJQPrvjehA6aGvhM4.roa
File:                     MFD8tQ8dBZUJQPrvjehA6aGvhM4.roa (raw, json)
Hash identifier:          27BYxOsPI+PtNG71SvXWevnA4lMGXA1kOeNcjN1OmhY=
Subject key identifier:   30:50:FC:B5:0F:1D:05:95:09:40:FA:EF:8D:E8:40:E9:A1:AF:84:CE
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       01857246D8413C8F7DC58CEDA2246281A118
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MFD8tQ8dBZUJQPrvjehA6aGvhM4.roa
Signing time:             Mon 02 Jan 2023 11:38:43 +0000
ROA not before:           Mon 02 Jan 2023 11:38:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209022
IP address blocks:        2a0c:9a40:c003::/48 maxlen: 48
                          2a10:a501:b00b::/48 maxlen: 48
                          2a10:a505:b00b::/48 maxlen: 48
                          2a0c:9a44:beef::/48 maxlen: 48
                          2a0c:9a40:c004::/48 maxlen: 48
                          2a10:a504:b00b::/48 maxlen: 48
                          2a10:a502:b00b::/48 maxlen: 48
                          2a0c:9a40:c002::/48 maxlen: 48
                          2a10:a503:b00b::/48 maxlen: 48
                          2a0c:9a40:c001::/48 maxlen: 48
                          2a10:a507:b00b::/48 maxlen: 48
                          2a10:a500:b00b::/48 maxlen: 48
                          2a10:a506:b00b::/48 maxlen: 48
                          2a0c:9a40:c000::/36 maxlen: 48
                          2a0c:9a40:c000::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:46:d8:41:3c:8f:7d:c5:8c:ed:a2:24:62:81:a1:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  2 11:38:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3050fcb50f1d05950940faef8de840e9a1af84ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5b:6e:3f:b5:47:6a:28:97:f4:07:a3:32:74:
                    42:78:20:c9:b7:c6:ce:c3:f7:d5:cb:c5:20:f6:d9:
                    0f:19:e3:cd:ae:21:45:0b:b6:71:1b:c6:6e:06:b7:
                    df:28:6e:ba:57:37:87:cf:68:f9:a7:ce:a9:fc:ef:
                    54:cc:88:5b:64:90:af:b2:33:5f:3b:32:98:83:65:
                    39:e8:55:3c:fb:c6:da:3e:cb:38:5b:f5:af:7c:c5:
                    dd:3c:fe:fb:38:3e:c2:51:2e:ec:c7:a2:68:3d:b1:
                    0d:60:74:3b:2d:49:02:c0:21:a0:e2:c9:6c:a9:a2:
                    f5:de:3b:92:1b:31:68:7b:0c:55:ea:37:39:0b:c9:
                    d2:e1:fc:5e:67:ca:53:c1:10:26:ed:b1:78:28:56:
                    ff:93:95:cd:ba:0b:58:c1:ef:5e:d2:11:95:f9:b8:
                    93:bd:8f:28:bf:48:df:ef:02:15:fb:64:78:43:ad:
                    6b:ad:c9:3d:f9:a4:b1:2d:fd:e0:c6:67:9f:b3:49:
                    ae:4e:2b:63:17:a7:fd:87:e6:ff:c9:b0:66:e4:1b:
                    03:f8:e1:64:19:a7:d4:29:19:12:fe:2f:bf:5a:d1:
                    fc:eb:75:51:cc:e9:c6:9f:59:07:e9:20:72:51:c5:
                    27:b9:cb:24:00:d6:50:78:72:c4:72:98:77:7e:35:
                    29:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:50:FC:B5:0F:1D:05:95:09:40:FA:EF:8D:E8:40:E9:A1:AF:84:CE
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MFD8tQ8dBZUJQPrvjehA6aGvhM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:c000::/36
                  2a0c:9a44:beef::/48
                  2a10:a500:b00b::/48
                  2a10:a501:b00b::/48
                  2a10:a502:b00b::/48
                  2a10:a503:b00b::/48
                  2a10:a504:b00b::/48
                  2a10:a505:b00b::/48
                  2a10:a506:b00b::/48
                  2a10:a507:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:57:61:b7:4b:b2:56:65:ce:f3:1f:3e:dc:8d:60:b1:84:f4:
         e2:c9:86:f1:9e:3f:39:80:19:4f:c4:53:87:49:85:e3:cd:d1:
         87:ff:f7:14:6a:f1:f5:18:bb:46:d3:a3:27:33:7d:60:e5:be:
         81:26:0a:99:d7:04:e4:2c:c5:e8:54:92:f5:ec:c5:15:06:b3:
         36:3c:b3:9b:bf:9e:43:3c:80:a7:f9:3c:bf:80:75:bf:80:fd:
         00:10:b6:72:1d:6a:9a:e0:59:07:9d:c5:df:98:03:72:f9:29:
         e4:10:ce:c3:4f:0d:4f:95:d9:60:3d:ad:ef:62:9b:ec:2f:1e:
         0e:32:a4:eb:da:80:33:99:ed:51:6b:a4:9e:56:95:1b:cf:db:
         75:b2:b9:6b:f1:58:25:1c:5c:0a:06:71:b6:cb:fb:62:36:f4:
         94:cd:66:b2:6f:78:80:b5:bd:69:12:1a:ce:38:25:89:be:91:
         1d:89:35:87:66:92:3e:6d:39:eb:46:62:7f:e9:eb:c0:f3:b4:
         31:2f:f3:2c:c0:35:60:cd:d8:de:9f:a4:1b:b4:2f:1a:22:ca:
         6c:49:71:2c:77:61:0b:80:f9:1b:27:99:1a:25:0e:af:e1:15:
         58:ae:a4:53:1e:9c:ab:27:09:57:76:1d:3c:6a:40:d9:5b:34:
         b7:d2:8c:7e
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYVyRthBPI99xYztoiRigaEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjMwMTAyMTEzODQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDUwZmNiNTBmMWQwNTk1MDk0MGZhZWY4ZGU4NDBlOWExYWY4NGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArltuP7VHaiiX9AejMnRCeCDJt8bO
w/fVy8Ug9tkPGePNriFFC7ZxG8ZuBrffKG66VzeHz2j5p86p/O9UzIhbZJCvsjNf
OzKYg2U56FU8+8baPss4W/WvfMXdPP77OD7CUS7sx6JoPbENYHQ7LUkCwCGg4sls
qaL13juSGzFoewxV6jc5C8nS4fxeZ8pTwRAm7bF4KFb/k5XNugtYwe9e0hGV+biT
vY8ov0jf7wIV+2R4Q61rrck9+aSxLf3gxmefs0muTitjF6f9h+b/ybBm5BsD+OFk
GafUKRkS/i+/WtH863VRzOnGn1kH6SByUcUnucskANZQeHLEcph3fjUpEwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFDBQ/LUPHQWVCUD6743oQOmhr4TOMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvTUZEOHRROGRCWlVKUVBydmplaEE2YUd2aE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBfBAIAAjBZAwYEKgyaQMAD
BwAqDJpEvu8DBwAqEKUAsAsDBwAqEKUBsAsDBwAqEKUCsAsDBwAqEKUDsAsDBwAq
EKUEsAsDBwAqEKUFsAsDBwAqEKUGsAsDBwAqEKUHsAswDQYJKoZIhvcNAQELBQAD
ggEBADRXYbdLslZlzvMfPtyNYLGE9OLJhvGePzmAGU/EU4dJhePN0Yf/9xRq8fUY
u0bToyczfWDlvoEmCpnXBOQsxehUkvXsxRUGszY8s5u/nkM8gKf5PL+Adb+A/QAQ
tnIdaprgWQedxd+YA3L5KeQQzsNPDU+V2WA9re9im+wvHg4ypOvagDOZ7VFrpJ5W
lRvP23WyuWvxWCUcXAoGcbbL+2I29JTNZrJveIC1vWkSGs44JYm+kR2JNYdmkj5t
OetGYn/p68DztDEv8yzANWDN2N6fpBu0LxoiymxJcSx3YQuA+RsnmRolDq/hFViu
pFMenKsnCVd2HTxqQNlbNLfSjH4=
-----END CERTIFICATE-----