Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/SD36y8tlu-kF9q1O9iZZ4EQtJXA.roa
File:                     SD36y8tlu-kF9q1O9iZZ4EQtJXA.roa (raw, json)
Hash identifier:          3Dr1U3Ci8AW95CM9rhIXHB+Mp95dOdincB1UHWEaew4=
Subject key identifier:   48:3D:FA:CB:CB:65:BB:E9:05:F6:AD:4E:F6:26:59:E0:44:2D:25:70
Certificate issuer:       /CN=3deb104463e920b45542b6af1a27d5950e86e9a0
Certificate serial:       01856E0AF3A8F68101119B2B4F4C5D9A59F6
Authority key identifier: 3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/SD36y8tlu-kF9q1O9iZZ4EQtJXA.roa
Signing time:             Sun 01 Jan 2023 15:54:49 +0000
ROA not before:           Sun 01 Jan 2023 15:54:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43925
IP address blocks:        89.45.0.0/22 maxlen: 22
                          89.45.0.0/23 maxlen: 23
                          89.45.2.0/23 maxlen: 23
                          185.32.0.0/22 maxlen: 22
                          37.34.96.0/22 maxlen: 24
                          37.34.105.0/24 maxlen: 24
                          37.34.100.0/22 maxlen: 24
                          37.34.106.0/24 maxlen: 24
                          37.34.108.0/22 maxlen: 24
                          37.34.107.0/24 maxlen: 24
                          37.34.112.0/20 maxlen: 24
                          79.170.224.0/21 maxlen: 24
                          37.34.120.0/21 maxlen: 24
                          178.76.80.0/20 maxlen: 22
                          94.139.128.0/19 maxlen: 24
                          178.76.96.0/19 maxlen: 21
                          93.113.112.0/21 maxlen: 24
                          2a00:f900::/32 maxlen: 33
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:0a:f3:a8:f6:81:01:11:9b:2b:4f:4c:5d:9a:59:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3deb104463e920b45542b6af1a27d5950e86e9a0
        Validity
            Not Before: Jan  1 15:54:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=483dfacbcb65bbe905f6ad4ef62659e0442d2570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:6a:00:dd:4c:82:c2:0e:0c:47:19:9c:3f:17:
                    ba:24:69:18:dc:d3:44:ad:0d:86:80:89:78:87:25:
                    18:b6:5d:9e:cf:41:2f:99:d5:fc:fa:56:f5:f8:e0:
                    cb:68:90:dd:76:6a:11:8b:f4:93:3c:41:7e:e4:13:
                    ee:fd:e1:01:35:2a:4e:b6:88:5a:82:b0:8a:38:c0:
                    b6:95:89:7a:6f:12:85:85:df:81:a5:75:dc:c6:ab:
                    b8:81:49:2e:93:fc:c9:3b:f3:6f:7d:6c:13:a9:86:
                    75:6b:7b:7d:fd:38:b1:dd:86:51:2d:2f:fc:8b:dc:
                    b5:dc:06:b5:18:ff:49:3a:66:b4:31:99:ed:da:e1:
                    bb:a2:80:f3:52:cc:42:5b:ef:17:d4:2b:30:26:35:
                    b8:98:8a:7d:18:94:ea:b8:64:bf:f4:8a:63:82:83:
                    d0:52:3a:f0:2c:35:38:aa:59:70:8f:fa:7d:79:f5:
                    53:b7:11:ab:60:b6:b7:42:c0:54:6a:2a:57:96:24:
                    af:e8:ca:1c:2b:25:ad:93:8b:d8:42:95:4d:53:f4:
                    bf:87:fb:79:81:29:dd:48:4d:fe:ae:35:f3:fb:d3:
                    9e:f3:a9:d4:7c:ba:84:63:f0:49:a6:bc:4d:3c:a1:
                    1b:c0:69:c6:16:ab:b4:00:6f:f0:56:e5:20:80:b2:
                    98:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:3D:FA:CB:CB:65:BB:E9:05:F6:AD:4E:F6:26:59:E0:44:2D:25:70
            X509v3 Authority Key Identifier:
                keyid:3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/SD36y8tlu-kF9q1O9iZZ4EQtJXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.96.0/21
                  37.34.105.0-37.34.127.255
                  79.170.224.0/21
                  89.45.0.0/22
                  93.113.112.0/21
                  94.139.128.0/19
                  178.76.80.0-178.76.127.255
                  185.32.0.0/22
                IPv6:
                  2a00:f900::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:bc:ce:08:50:f2:a9:ae:5b:1a:8f:0d:06:3e:f3:a0:31:1b:
         64:29:25:35:ca:a9:1b:97:fc:15:3b:cf:cf:57:95:7c:44:79:
         0b:2a:16:86:f6:b8:0b:c2:3d:70:10:a3:d4:c4:84:74:9f:a1:
         f8:1c:0c:bf:04:8d:fd:7a:30:5a:7c:d2:d6:a1:8e:33:12:43:
         7f:d2:95:28:38:f8:aa:79:eb:23:f2:89:bb:ec:05:81:64:56:
         1c:5a:e8:62:d9:90:c4:e0:4a:e6:e6:fd:18:7f:d0:c3:dd:75:
         4b:bc:ab:e8:85:3e:3c:86:20:0d:d2:88:bd:1d:d9:7a:cc:8b:
         4f:e0:64:70:e3:b6:66:94:3c:5e:8e:31:28:38:a3:8a:d1:03:
         14:7f:bc:f7:26:78:91:74:f2:eb:0a:42:a6:4c:47:82:81:fa:
         ae:0c:5e:d5:49:31:77:e0:88:d1:66:8f:26:48:74:52:a4:73:
         3a:5c:14:18:24:5e:f6:3b:30:d6:cc:ba:db:82:de:99:29:ec:
         f3:d6:d1:24:42:74:e9:f8:84:a3:ec:98:69:0b:76:25:1b:96:
         41:6d:8d:3a:be:25:f9:b2:bc:3b:6e:32:d6:0e:eb:8d:4a:2b:
         fd:de:65:c5:95:08:b9:97:cb:0b:c3:62:f2:54:e2:93:a4:9c:
         ab:de:aa:ee
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYVuCvOo9oEBEZsrT0xdmln2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWIxMDQ0NjNlOTIwYjQ1NTQyYjZhZjFhMjdkNTk1MGU4
NmU5YTAwHhcNMjMwMTAxMTU1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODNkZmFjYmNiNjViYmU5MDVmNmFkNGVmNjI2NTllMDQ0MmQyNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWoA3UyCwg4MRxmcPxe6JGkY3NNE
rQ2GgIl4hyUYtl2ez0EvmdX8+lb1+ODLaJDddmoRi/STPEF+5BPu/eEBNSpOtoha
grCKOMC2lYl6bxKFhd+BpXXcxqu4gUkuk/zJO/NvfWwTqYZ1a3t9/Tix3YZRLS/8
i9y13Aa1GP9JOma0MZnt2uG7ooDzUsxCW+8X1CswJjW4mIp9GJTquGS/9IpjgoPQ
UjrwLDU4qllwj/p9efVTtxGrYLa3QsBUaipXliSv6MocKyWtk4vYQpVNU/S/h/t5
gSndSE3+rjXz+9Oe86nUfLqEY/BJprxNPKEbwGnGFqu0AG/wVuUggLKYEQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFEg9+svLZbvpBfatTvYmWeBELSVwMB8GA1UdIwQY
MBaAFD3rEERj6SC0VUK2rxon1ZUOhumgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMt
MTE5ZDhiZjcxN2JiLzEvU0QzNnk4dGx1LWtGOXExTzlpWlo0RVF0SlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMtMTE5ZDhiZjcxN2Ji
LzEvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQDJSJgMAwD
BAAlImkDBAclIgADBANPquADBAJZLQADBANdcXADBAVei4AwDAMEBLJMUAMEB7JM
AAMEArkgADANBAIAAjAHAwUAKgD5ADANBgkqhkiG9w0BAQsFAAOCAQEAq7zOCFDy
qa5bGo8NBj7zoDEbZCklNcqpG5f8FTvPz1eVfER5CyoWhva4C8I9cBCj1MSEdJ+h
+BwMvwSN/XowWnzS1qGOMxJDf9KVKDj4qnnrI/KJu+wFgWRWHFroYtmQxOBK5ub9
GH/Qw911S7yr6IU+PIYgDdKIvR3ZesyLT+BkcOO2ZpQ8Xo4xKDijitEDFH+89yZ4
kXTy6wpCpkxHgoH6rgxe1Ukxd+CI0WaPJkh0UqRzOlwUGCRe9jsw1sy624LemSns
89bRJEJ06fiEo+yYaQt2JRuWQW2NOr4l+bK8O24y1g7rjUor/d5lxZUIuZfLC8Ni
8lTik6Scq96q7g==
-----END CERTIFICATE-----