Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/zWFMUarPpK-mf7_WeHKfXxsk0Ns.roa
File:                     zWFMUarPpK-mf7_WeHKfXxsk0Ns.roa (raw, json)
Hash identifier:          vITOCF3CW07NKnWDm7x3td0Q+ckd6IGTUEtPJI4NDbE=
Subject key identifier:   CD:61:4C:51:AA:CF:A4:AF:A6:7F:BF:D6:78:72:9F:5F:1B:24:D0:DB
Certificate issuer:       /CN=3deb104463e920b45542b6af1a27d5950e86e9a0
Certificate serial:       01862C5CE06A7B0C573AFDC878532BDF7268
Authority key identifier: 3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/zWFMUarPpK-mf7_WeHKfXxsk0Ns.roa
Signing time:             Tue 07 Feb 2023 14:52:09 +0000
ROA not before:           Tue 07 Feb 2023 14:52:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43925
IP address blocks:        89.45.0.0/22 maxlen: 22
                          89.45.0.0/23 maxlen: 23
                          89.45.2.0/23 maxlen: 23
                          185.32.0.0/22 maxlen: 22
                          37.34.96.0/19 maxlen: 24
                          37.34.96.0/22 maxlen: 24
                          37.34.105.0/24 maxlen: 24
                          37.34.100.0/22 maxlen: 24
                          37.34.106.0/24 maxlen: 24
                          37.34.108.0/22 maxlen: 24
                          37.34.107.0/24 maxlen: 24
                          37.34.112.0/20 maxlen: 24
                          79.170.224.0/21 maxlen: 24
                          37.34.120.0/21 maxlen: 24
                          178.76.80.0/20 maxlen: 22
                          94.139.128.0/19 maxlen: 24
                          178.76.96.0/19 maxlen: 21
                          93.113.112.0/21 maxlen: 24
                          2a00:f900::/32 maxlen: 33
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:2c:5c:e0:6a:7b:0c:57:3a:fd:c8:78:53:2b:df:72:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3deb104463e920b45542b6af1a27d5950e86e9a0
        Validity
            Not Before: Feb  7 14:52:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cd614c51aacfa4afa67fbfd678729f5f1b24d0db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:49:d9:2d:38:6f:42:64:43:49:80:ef:92:1c:
                    02:f2:e1:31:09:69:6b:07:70:4a:be:65:97:6c:8a:
                    ef:72:b4:a2:8c:96:d6:97:f2:5f:df:2d:4f:b8:9f:
                    ab:ee:f4:28:2e:a0:6a:a8:ff:72:e8:02:49:e6:2b:
                    8c:45:c8:25:0b:40:7e:fe:4a:9f:29:4c:e0:0b:63:
                    89:69:09:62:21:7d:b6:b3:ed:39:1b:54:6b:95:d0:
                    e2:0b:ea:c1:82:7f:11:cd:eb:c6:a9:9e:dd:b0:a4:
                    25:b7:0d:27:71:08:1c:71:19:3f:3d:bb:99:f2:3c:
                    fc:22:e5:a2:94:9d:06:75:25:36:25:83:c3:ce:75:
                    18:23:db:6b:72:a0:63:fe:c1:83:02:78:08:0d:f2:
                    fc:69:1b:f0:25:a9:9a:e5:7f:cb:08:fd:38:74:93:
                    73:d8:4e:8e:53:f2:5e:80:25:78:bb:c9:47:6b:a9:
                    1b:31:2b:2c:68:12:20:50:f3:af:cc:b6:46:12:06:
                    a2:97:ea:8c:9b:10:78:b6:6b:a8:3c:6b:e9:53:30:
                    81:e6:82:37:70:cb:ed:91:5a:08:91:40:62:36:44:
                    a5:e5:2a:8b:c8:c3:50:f4:cf:2f:1b:02:da:b5:a8:
                    5e:3b:78:3e:ba:30:31:98:29:dc:75:be:c1:10:b9:
                    4b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:61:4C:51:AA:CF:A4:AF:A6:7F:BF:D6:78:72:9F:5F:1B:24:D0:DB
            X509v3 Authority Key Identifier:
                keyid:3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/zWFMUarPpK-mf7_WeHKfXxsk0Ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.96.0/19
                  79.170.224.0/21
                  89.45.0.0/22
                  93.113.112.0/21
                  94.139.128.0/19
                  178.76.80.0-178.76.127.255
                  185.32.0.0/22
                IPv6:
                  2a00:f900::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:d0:27:56:40:ae:28:5e:bd:ae:2f:12:f8:87:fa:f7:be:48:
         53:4d:2b:0a:9d:db:ff:fc:03:d3:a7:70:74:09:99:8e:69:dd:
         95:a5:0e:46:ba:5d:e8:ea:27:6d:6d:0e:15:b9:0f:b4:96:9b:
         32:11:99:1b:94:53:b4:54:ad:fd:8a:14:6b:21:b2:f8:f6:a8:
         0f:07:d8:92:72:f7:90:3e:fa:81:ac:2e:9e:ae:4a:1c:3d:07:
         12:dd:9a:37:77:d9:19:79:89:9a:05:dc:a6:7d:13:b4:df:25:
         5c:ee:2e:46:17:e2:ed:b3:5b:5a:2e:c2:b8:7f:a1:06:cf:a1:
         c9:57:94:d1:7a:ff:00:ed:7a:e8:de:7f:d4:f3:c9:34:ce:c5:
         63:01:8e:4e:c8:19:fa:71:85:bc:8d:b8:1f:21:42:38:18:a0:
         97:ac:5d:f4:c2:c7:7a:df:38:f2:11:b7:61:6d:65:2b:ae:e3:
         19:10:d3:31:6e:5f:af:eb:b4:cd:75:d0:cb:f6:37:d0:82:94:
         be:0e:62:78:e6:60:9b:f4:ed:82:01:73:c1:2c:3f:86:82:4a:
         74:59:59:5a:27:1c:52:81:43:60:2c:e3:4b:0c:c8:94:0b:f0:
         dc:da:d2:12:1a:32:4c:05:60:a6:21:9b:74:c1:44:32:a7:38:
         ed:92:b3:80
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYYsXOBqewxXOv3IeFMr33JoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWIxMDQ0NjNlOTIwYjQ1NTQyYjZhZjFhMjdkNTk1MGU4
NmU5YTAwHhcNMjMwMjA3MTQ1MjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDYxNGM1MWFhY2ZhNGFmYTY3ZmJmZDY3ODcyOWY1ZjFiMjRkMGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UnZLThvQmRDSYDvkhwC8uExCWlr
B3BKvmWXbIrvcrSijJbWl/Jf3y1PuJ+r7vQoLqBqqP9y6AJJ5iuMRcglC0B+/kqf
KUzgC2OJaQliIX22s+05G1RrldDiC+rBgn8RzevGqZ7dsKQltw0ncQgccRk/PbuZ
8jz8IuWilJ0GdSU2JYPDznUYI9trcqBj/sGDAngIDfL8aRvwJama5X/LCP04dJNz
2E6OU/JegCV4u8lHa6kbMSssaBIgUPOvzLZGEgail+qMmxB4tmuoPGvpUzCB5oI3
cMvtkVoIkUBiNkSl5SqLyMNQ9M8vGwLataheO3g+ujAxmCncdb7BELlL1QIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFM1hTFGqz6Svpn+/1nhyn18bJNDbMB8GA1UdIwQY
MBaAFD3rEERj6SC0VUK2rxon1ZUOhumgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMt
MTE5ZDhiZjcxN2JiLzEveldGTVVhclBwSy1tZjdfV2VIS2ZYeHNrME5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMtMTE5ZDhiZjcxN2Ji
LzEvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQFJSJgAwQD
T6rgAwQCWS0AAwQDXXFwAwQFXouAMAwDBASyTFADBAeyTAADBAK5IAAwDQQCAAIw
BwMFACoA+QAwDQYJKoZIhvcNAQELBQADggEBACPQJ1ZAriheva4vEviH+ve+SFNN
Kwqd2//8A9OncHQJmY5p3ZWlDka6XejqJ21tDhW5D7SWmzIRmRuUU7RUrf2KFGsh
svj2qA8H2JJy95A++oGsLp6uShw9BxLdmjd32Rl5iZoF3KZ9E7TfJVzuLkYX4u2z
W1ouwrh/oQbPoclXlNF6/wDteujef9TzyTTOxWMBjk7IGfpxhbyNuB8hQjgYoJes
XfTCx3rfOPIRt2FtZSuu4xkQ0zFuX6/rtM110Mv2N9CClL4OYnjmYJv07YIBc8Es
P4aCSnRZWVonHFKBQ2As40sMyJQL8Nza0hIaMkwFYKYhm3TBRDKnOO2Ss4A=
-----END CERTIFICATE-----