Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/KdfN3Dqqjd_iRZDShyIW1YP8AqA.roa
File:                     KdfN3Dqqjd_iRZDShyIW1YP8AqA.roa (raw, json)
Hash identifier:          /8UQlAzTIKb4wsYXBjFnigR04ggIRa1a8ybz3MmnpGc=
Subject key identifier:   29:D7:CD:DC:3A:AA:8D:DF:E2:45:90:D2:87:22:16:D5:83:FC:02:A0
Certificate issuer:       /CN=3ac78f33e8e1187327667fa94fd7446b8d91e5b4
Certificate serial:       0181F29B445BDBDA20FD8BABA46935E2FFDD
Authority key identifier: 3A:C7:8F:33:E8:E1:18:73:27:66:7F:A9:4F:D7:44:6B:8D:91:E5:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OsePM-jhGHMnZn-pT9dEa42R5bQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/KdfN3Dqqjd_iRZDShyIW1YP8AqA.roa
Signing time:             Tue 12 Jul 2022 13:31:10 +0000
ROA not before:           Tue 12 Jul 2022 13:31:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203500
IP address blocks:        193.25.200.0/24 maxlen: 24
                          185.178.185.0/24 maxlen: 24
                          185.178.186.0/24 maxlen: 24
                          185.178.184.0/24 maxlen: 24
                          2a07:6780::/29 maxlen: 29
                          2a0a:6680:bee::/48 maxlen: 48
                          2a0a:6680:bee6::/48 maxlen: 48
                          2a0a:6680:1979::/48 maxlen: 48
                          2a0a:6680:bee1::/48 maxlen: 48
                          2a0a:6680:bee5::/48 maxlen: 48
                          2a0a:6680:1000::/36 maxlen: 36
                          2a0a:6680:2000::/36 maxlen: 36
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f2:9b:44:5b:db:da:20:fd:8b:ab:a4:69:35:e2:ff:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ac78f33e8e1187327667fa94fd7446b8d91e5b4
        Validity
            Not Before: Jul 12 13:31:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=29d7cddc3aaa8ddfe24590d2872216d583fc02a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3d:f4:a0:98:72:aa:23:21:0d:f8:5e:89:18:
                    90:c2:a1:13:d0:40:bd:b8:2d:47:1a:74:ec:72:b8:
                    33:c9:77:15:7b:1e:94:bc:4d:97:a5:a2:58:74:f5:
                    60:58:0a:d2:68:1f:9e:f8:c0:2c:cc:9d:47:8b:e2:
                    ca:d3:17:86:9f:6c:25:3b:52:52:90:f3:29:69:6a:
                    d6:0f:37:b1:c9:a0:9c:ff:0f:f8:be:d5:fd:82:b8:
                    a4:1c:7e:ff:a2:9f:cb:74:f7:cc:1d:93:46:ee:20:
                    8d:ed:ef:37:a1:ea:4e:2d:5c:ee:d5:3e:dc:d0:86:
                    0f:9a:a4:88:88:a1:4b:37:40:a8:6b:c3:44:06:fe:
                    69:8a:df:60:45:46:3f:63:b6:7a:6a:9f:e5:a1:84:
                    47:63:79:5f:a1:87:99:f9:64:ef:2c:74:19:1a:14:
                    76:77:08:3b:0f:27:87:57:a3:69:b1:13:61:8a:0a:
                    a9:56:84:bf:c6:15:7e:78:43:2d:63:eb:f8:38:98:
                    ec:b0:5d:10:ad:f3:7d:88:bf:4f:2f:6d:78:c6:32:
                    06:9c:e4:c9:3d:01:14:b4:be:25:8c:c4:7c:a8:1e:
                    17:14:fe:6a:dd:d7:99:93:86:73:01:68:db:51:1e:
                    bd:16:a2:f3:65:75:e8:06:dd:4a:9a:f9:52:36:cf:
                    a1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:D7:CD:DC:3A:AA:8D:DF:E2:45:90:D2:87:22:16:D5:83:FC:02:A0
            X509v3 Authority Key Identifier:
                keyid:3A:C7:8F:33:E8:E1:18:73:27:66:7F:A9:4F:D7:44:6B:8D:91:E5:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OsePM-jhGHMnZn-pT9dEa42R5bQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/KdfN3Dqqjd_iRZDShyIW1YP8AqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5edaaf-3327-43ed-90b1-dc01f4b4bae4/1/OsePM-jhGHMnZn-pT9dEa42R5bQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.184.0-185.178.186.255
                  193.25.200.0/24
                IPv6:
                  2a07:6780::/29
                  2a0a:6680:bee::/48
                  2a0a:6680:1000::-2a0a:6680:2fff:ffff:ffff:ffff:ffff:ffff
                  2a0a:6680:bee1::/48
                  2a0a:6680:bee5::-2a0a:6680:bee6:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         d9:d4:be:49:b4:4a:a6:9e:2a:0e:cd:7a:04:4a:87:61:d3:c5:
         28:d2:e8:ea:d2:f5:2a:7e:50:ae:41:a9:2e:d0:01:91:da:15:
         c7:01:a9:87:58:b1:be:37:8d:aa:e5:1c:f7:5e:ac:e4:58:a2:
         12:38:2d:2a:9a:73:d3:0a:33:be:86:91:11:97:28:61:6e:51:
         bf:32:5e:52:14:e0:e5:9d:29:e9:e4:0b:9c:b7:7a:98:79:6e:
         19:62:0c:6d:ff:74:76:51:c2:f8:44:53:7e:d7:d9:15:e3:8d:
         1c:2f:66:95:13:f2:a8:5f:0f:e7:ef:93:7a:e0:e7:4c:34:92:
         5a:48:27:1d:e9:2f:38:0c:15:f9:af:0f:50:33:dd:f7:48:99:
         4c:46:3f:88:4a:a0:74:f1:5f:f2:9a:7a:94:16:2b:6e:58:f9:
         e6:61:e3:93:37:f1:9e:e5:7f:1c:8a:26:72:b3:26:8b:ba:f9:
         c7:6f:60:39:68:6c:f6:d1:64:59:27:2c:4d:5a:8d:f3:21:16:
         9b:f0:4d:12:0f:d2:03:61:ef:50:25:45:af:8b:7f:33:fb:54:
         d7:86:e3:49:37:98:b6:45:27:11:45:fa:3f:72:02:8c:53:ea:
         1a:eb:79:e9:f3:68:2f:0e:58:0d:a0:96:25:a6:ba:c4:d9:99:
         99:c0:91:8d
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYHym0Rb29og/YurpGk14v/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYzc4ZjMzZThlMTE4NzMyNzY2N2ZhOTRmZDc0NDZiOGQ5
MWU1YjQwHhcNMjIwNzEyMTMzMTEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWQ3Y2RkYzNhYWE4ZGRmZTI0NTkwZDI4NzIyMTZkNTgzZmMwMmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgT30oJhyqiMhDfheiRiQwqET0EC9
uC1HGnTscrgzyXcVex6UvE2XpaJYdPVgWArSaB+e+MAszJ1Hi+LK0xeGn2wlO1JS
kPMpaWrWDzexyaCc/w/4vtX9grikHH7/op/LdPfMHZNG7iCN7e83oepOLVzu1T7c
0IYPmqSIiKFLN0Coa8NEBv5pit9gRUY/Y7Z6ap/loYRHY3lfoYeZ+WTvLHQZGhR2
dwg7DyeHV6NpsRNhigqpVoS/xhV+eEMtY+v4OJjssF0QrfN9iL9PL214xjIGnOTJ
PQEUtL4ljMR8qB4XFP5q3deZk4ZzAWjbUR69FqLzZXXoBt1KmvlSNs+hmwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFCnXzdw6qo3f4kWQ0ociFtWD/AKgMB8GA1UdIwQY
MBaAFDrHjzPo4RhzJ2Z/qU/XRGuNkeW0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3NlUE0tamhHSE1uWm4tcFQ5ZEVhNDJSNWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy81ZWRhYWYtMzMyNy00M2VkLTkwYjEt
ZGMwMWY0YjRiYWU0LzEvS2RmTjNEcXFqZF9pUlpEU2h5SVcxWVA4QXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy81ZWRhYWYtMzMyNy00M2VkLTkwYjEtZGMwMWY0YjRiYWU0
LzEvT3NlUE0tamhHSE1uWm4tcFQ5ZEVhNDJSNWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzAaBAIAATAUMAwDBAO5srgD
BAC5sroDBADBGcgwRQQCAAIwPwMFAyoHZ4ADBwAqCmaAC+4wEAMGBCoKZoAQAwYE
KgpmgCADBwAqCmaAvuEwEgMHACoKZoC+5QMHACoKZoC+5jANBgkqhkiG9w0BAQsF
AAOCAQEA2dS+SbRKpp4qDs16BEqHYdPFKNLo6tL1Kn5QrkGpLtABkdoVxwGph1ix
vjeNquUc916s5FiiEjgtKppz0wozvoaREZcoYW5RvzJeUhTg5Z0p6eQLnLd6mHlu
GWIMbf90dlHC+ERTftfZFeONHC9mlRPyqF8P5++TeuDnTDSSWkgnHekvOAwV+a8P
UDPd90iZTEY/iEqgdPFf8pp6lBYrblj55mHjkzfxnuV/HIomcrMmi7r5x29gOWhs
9tFkWScsTVqN8yEWm/BNEg/SA2HvUCVFr4t/M/tU14bjSTeYtkUnEUX6P3ICjFPq
Gut56fNoLw5YDaCWJaa6xNmZmcCRjQ==
-----END CERTIFICATE-----