Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/pq0i15vfCIgzZ35gwTl12yZ2fcU.roa
File:                     pq0i15vfCIgzZ35gwTl12yZ2fcU.roa (raw, json)
Hash identifier:          4Pr8E7N03bIXZSKKn2ZGEeQS4ebOe6mKE28bHCUnuGQ=
Subject key identifier:   A6:AD:22:D7:9B:DF:08:88:33:67:7E:60:C1:39:75:DB:26:76:7D:C5
Certificate issuer:       /CN=dc44e19e2bb4e7023cc1ba10d49b74ede4bf865c
Certificate serial:       018ACB946F0D52C86DE760BD4BADE9800E3C
Authority key identifier: DC:44:E1:9E:2B:B4:E7:02:3C:C1:BA:10:D4:9B:74:ED:E4:BF:86:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EThniu05wI8wboQ1Jt07eS_hlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/pq0i15vfCIgzZ35gwTl12yZ2fcU.roa
Signing time:             Mon 25 Sep 2023 09:03:37 +0000
ROA not before:           Mon 25 Sep 2023 09:03:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206747
IP address blocks:        25.26.27.0/24 maxlen: 24
                          25.129.198.0/23 maxlen: 23
                          25.129.196.0/23 maxlen: 23
                          25.25.25.0/24 maxlen: 24
                          195.130.30.0/24 maxlen: 24
                          195.130.31.0/24 maxlen: 24
                          195.130.28.0/24 maxlen: 24
                          195.130.29.0/24 maxlen: 24
                          2a08:600:ee::/47 maxlen: 47
                          2a08:600:99::/48 maxlen: 48
                          2a08:600:4::/48 maxlen: 48
                          2a08:600:ff::/48 maxlen: 48
                          2a08:600:2::/48 maxlen: 48
                          2a08:600:3::/48 maxlen: 48
                          2a08:600:1::/48 maxlen: 48
                          2a08:600::/48 maxlen: 48
                          2a08:600:e0::/47 maxlen: 47
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:cb:94:6f:0d:52:c8:6d:e7:60:bd:4b:ad:e9:80:0e:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc44e19e2bb4e7023cc1ba10d49b74ede4bf865c
        Validity
            Not Before: Sep 25 09:03:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a6ad22d79bdf088833677e60c13975db26767dc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:89:d5:7c:43:d2:66:45:5b:c2:06:e6:86:d1:
                    a1:06:d9:cc:d7:c0:fe:57:fd:48:3a:af:d5:08:40:
                    7b:1b:2c:ab:db:86:89:ab:e1:15:37:d3:5d:17:9e:
                    0b:6a:b7:6b:29:9c:c4:96:e8:01:f9:ce:fe:ea:46:
                    fd:62:bd:7c:23:e4:05:93:8f:c7:12:24:96:70:5c:
                    cc:86:31:76:d0:d3:b5:91:40:95:22:10:b1:2f:e6:
                    01:f3:63:05:6b:bb:5d:1b:eb:f8:eb:a1:c4:7e:fb:
                    11:39:07:fc:f0:81:23:ea:aa:c6:34:04:95:eb:38:
                    b6:f7:58:11:02:11:c1:5f:fe:7d:ab:ec:91:60:33:
                    af:19:96:de:69:9f:bd:34:d7:76:b4:f2:fb:6b:25:
                    b0:90:38:7c:8d:36:cf:27:8f:e4:2d:7b:23:67:26:
                    62:5f:81:17:56:35:3c:2f:f1:84:0a:63:cf:fc:ad:
                    64:0f:57:51:ac:a1:c4:01:44:31:3c:cf:15:3c:5a:
                    25:b0:ce:58:6e:4b:27:ef:e0:14:48:81:71:08:48:
                    1b:f8:bd:22:fd:1a:ea:e0:17:04:12:e5:4c:78:cc:
                    77:8c:56:94:e2:f5:1a:ec:fb:59:9c:69:25:88:23:
                    d6:f2:70:94:79:0d:fa:65:ec:7f:77:9f:ef:c9:86:
                    13:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:AD:22:D7:9B:DF:08:88:33:67:7E:60:C1:39:75:DB:26:76:7D:C5
            X509v3 Authority Key Identifier:
                keyid:DC:44:E1:9E:2B:B4:E7:02:3C:C1:BA:10:D4:9B:74:ED:E4:BF:86:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EThniu05wI8wboQ1Jt07eS_hlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/pq0i15vfCIgzZ35gwTl12yZ2fcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/3EThniu05wI8wboQ1Jt07eS_hlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  25.25.25.0/24
                  25.26.27.0/24
                  25.129.196.0/22
                  195.130.28.0/22
                IPv6:
                  2a08:600::-2a08:600:4:ffff:ffff:ffff:ffff:ffff
                  2a08:600:99::/48
                  2a08:600:e0::/47
                  2a08:600:ee::/47
                  2a08:600:ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:6c:81:40:9f:50:6a:a7:fe:d1:e1:43:d3:e1:c1:d8:5b:1d:
         de:17:f9:85:f8:b3:36:36:df:56:90:aa:88:88:4b:90:87:4c:
         c4:40:33:40:2b:cc:91:ac:13:b2:d7:fc:3b:68:32:89:41:57:
         0c:a0:9b:0a:fa:8c:cd:61:ae:1e:1a:91:b0:ee:09:6e:1a:73:
         ef:2e:e6:60:07:fd:39:f6:75:7a:c6:41:60:df:e5:57:39:91:
         3f:65:45:14:46:5e:b7:e7:58:8d:57:e0:3f:17:52:41:83:37:
         4b:6f:ed:b2:93:e7:fc:fd:ba:14:c5:b0:b4:55:c3:f8:91:e2:
         3d:75:0d:7f:3d:28:7d:94:75:2c:8f:f2:94:21:c6:6c:d2:6d:
         81:eb:9d:b4:64:63:52:0a:f3:57:51:31:34:18:9e:69:74:99:
         35:2f:fd:01:27:b1:e3:ee:36:f4:db:ad:47:5e:71:ff:1a:cd:
         c2:bf:e8:9c:7a:24:90:55:a6:cb:84:3a:fb:b8:e6:9e:05:80:
         a9:3d:f3:82:ca:7e:e2:b3:da:c1:57:ce:6b:2d:f5:40:03:1b:
         4b:60:19:2a:8a:29:25:07:c1:08:8f:68:1b:cd:fd:c0:73:84:
         34:0a:3d:ba:d5:96:2a:29:dd:9a:92:c4:82:89:09:3e:fc:a0:
         ab:8f:83:21
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYrLlG8NUsht52C9S63pgA48MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDRlMTllMmJiNGU3MDIzY2MxYmExMGQ0OWI3NGVkZTRi
Zjg2NWMwHhcNMjMwOTI1MDkwMzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmFkMjJkNzliZGYwODg4MzM2NzdlNjBjMTM5NzVkYjI2NzY3ZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAionVfEPSZkVbwgbmhtGhBtnM18D+
V/1IOq/VCEB7Gyyr24aJq+EVN9NdF54LardrKZzElugB+c7+6kb9Yr18I+QFk4/H
EiSWcFzMhjF20NO1kUCVIhCxL+YB82MFa7tdG+v466HEfvsROQf88IEj6qrGNASV
6zi291gRAhHBX/59q+yRYDOvGZbeaZ+9NNd2tPL7ayWwkDh8jTbPJ4/kLXsjZyZi
X4EXVjU8L/GECmPP/K1kD1dRrKHEAUQxPM8VPFolsM5Ybksn7+AUSIFxCEgb+L0i
/Rrq4BcEEuVMeMx3jFaU4vUa7PtZnGkliCPW8nCUeQ36Zex/d5/vyYYTxwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFKatIteb3wiIM2d+YME5ddsmdn3FMB8GA1UdIwQY
MBaAFNxE4Z4rtOcCPMG6ENSbdO3kv4ZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VUaG5pdTA1d0k4d2JvUTFKdDA3ZVNfaGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS80NmY1YjktNjAwMC00MDcyLTg5ZjIt
NGM4MmFjZTcyYzg1LzEvcHEwaTE1dmZDSWd6WjM1Z3dUbDEyeVoyZmNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS80NmY1YjktNjAwMC00MDcyLTg5ZjItNGM4MmFjZTcyYzg1
LzEvM0VUaG5pdTA1d0k4d2JvUTFKdDA3ZVNfaGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTAeBAIAATAYAwQAGRkZAwQA
GRobAwQCGYHEAwQCw4IcMDsEAgACMDUwDwMEASoIBgMHACoIBgAABAMHACoIBgAA
mQMHASoIBgAA4AMHASoIBgAA7gMHACoIBgAA/zANBgkqhkiG9w0BAQsFAAOCAQEA
SGyBQJ9Qaqf+0eFD0+HB2Fsd3hf5hfizNjbfVpCqiIhLkIdMxEAzQCvMkawTstf8
O2gyiUFXDKCbCvqMzWGuHhqRsO4Jbhpz7y7mYAf9OfZ1esZBYN/lVzmRP2VFFEZe
t+dYjVfgPxdSQYM3S2/tspPn/P26FMWwtFXD+JHiPXUNfz0ofZR1LI/ylCHGbNJt
geudtGRjUgrzV1ExNBieaXSZNS/9ASex4+429NutR15x/xrNwr/onHokkFWmy4Q6
+7jmngWAqT3zgsp+4rPawVfOay31QAMbS2AZKoopJQfBCI9oG839wHOENAo9utWW
KindmpLEgokJPvygq4+DIQ==
-----END CERTIFICATE-----