Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/6vY2YNtRUGC_V9hZTO1Gc_bsATU.roa
File:                     6vY2YNtRUGC_V9hZTO1Gc_bsATU.roa (raw, json)
Hash identifier:          1MGT9Up5ptTvDZFkz9cYzZ1nM3nmvh2TBDb9a7bgQhc=
Subject key identifier:   EA:F6:36:60:DB:51:50:60:BF:57:D8:59:4C:ED:46:73:F6:EC:01:35
Certificate issuer:       /CN=93b2981978885696ce1c2bbf4af99dadc2c618eb
Certificate serial:       0185719554BDA1CBAD6148F24BF045D61D27
Authority key identifier: 93:B2:98:19:78:88:56:96:CE:1C:2B:BF:4A:F9:9D:AD:C2:C6:18:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k7KYGXiIVpbOHCu_SvmdrcLGGOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/6vY2YNtRUGC_V9hZTO1Gc_bsATU.roa
Signing time:             Mon 02 Jan 2023 08:24:50 +0000
ROA not before:           Mon 02 Jan 2023 08:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199256
IP address blocks:        93.119.24.0/22 maxlen: 24
                          159.253.224.0/22 maxlen: 24
                          185.122.132.0/22 maxlen: 24
                          81.173.12.0/22 maxlen: 24
                          144.2.240.0/21 maxlen: 24
                          91.216.236.0/24 maxlen: 24
                          91.216.241.0/24 maxlen: 24
                          185.57.100.0/22 maxlen: 24
                          185.156.196.0/22 maxlen: 24
                          185.32.152.0/22 maxlen: 24
                          5.149.168.0/21 maxlen: 24
                          2a04:b00::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:95:54:bd:a1:cb:ad:61:48:f2:4b:f0:45:d6:1d:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93b2981978885696ce1c2bbf4af99dadc2c618eb
        Validity
            Not Before: Jan  2 08:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eaf63660db515060bf57d8594ced4673f6ec0135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1b:a2:3d:61:a3:86:65:bd:dd:24:1e:7b:c4:
                    e9:6a:0d:d3:6c:c6:23:2c:71:8a:e2:53:40:d8:de:
                    88:06:32:a7:41:3f:4e:25:fd:58:06:1b:31:aa:7b:
                    96:c2:0e:38:4b:16:63:f1:3a:ed:d3:bc:59:87:36:
                    42:6f:ba:0c:29:16:0a:a4:9b:f6:ad:79:5e:ca:d0:
                    08:2d:45:65:3a:14:42:96:ad:75:e8:08:d4:1d:05:
                    4a:11:57:a8:14:69:a2:65:17:84:c5:ca:d1:bc:c2:
                    bc:68:0c:7f:fe:9e:37:78:4c:fe:21:d5:19:b0:29:
                    4f:47:47:71:ca:fe:c0:f9:cf:61:8f:89:73:6c:27:
                    74:6e:d1:fe:b9:d1:c0:c9:2e:58:87:2c:44:12:2d:
                    04:87:5b:e0:76:c3:62:11:7b:43:f8:e8:e6:2f:0b:
                    98:9b:fb:97:2c:cc:46:83:7b:d0:78:c0:94:32:12:
                    ba:05:ee:2d:93:4a:61:64:9b:30:bf:4a:4c:2a:b8:
                    ba:d4:0a:50:8f:de:a8:2e:8b:d3:ee:45:40:36:73:
                    bc:85:90:bd:4a:4a:fb:c5:f0:a6:f4:cb:d8:33:8d:
                    c1:a6:24:c7:b0:a3:69:6e:21:23:0d:3e:50:05:59:
                    92:1b:fe:db:1c:ba:8d:d7:82:13:b2:ad:47:e3:03:
                    db:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:F6:36:60:DB:51:50:60:BF:57:D8:59:4C:ED:46:73:F6:EC:01:35
            X509v3 Authority Key Identifier:
                keyid:93:B2:98:19:78:88:56:96:CE:1C:2B:BF:4A:F9:9D:AD:C2:C6:18:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k7KYGXiIVpbOHCu_SvmdrcLGGOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/6vY2YNtRUGC_V9hZTO1Gc_bsATU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/k7KYGXiIVpbOHCu_SvmdrcLGGOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.168.0/21
                  81.173.12.0/22
                  91.216.236.0/24
                  91.216.241.0/24
                  93.119.24.0/22
                  144.2.240.0/21
                  159.253.224.0/22
                  185.32.152.0/22
                  185.57.100.0/22
                  185.122.132.0/22
                  185.156.196.0/22
                IPv6:
                  2a04:b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:1b:2d:c6:24:c7:15:32:3f:e6:79:04:f6:b1:63:cb:fa:01:
         9e:14:42:36:55:b2:66:92:42:7c:e7:f1:c2:44:c6:55:12:f0:
         22:f5:02:19:fb:18:6b:63:b6:c5:cf:10:e0:6c:dc:6d:1e:c5:
         e1:f8:49:05:a1:59:5a:56:57:e4:f0:3b:8c:e0:1f:9c:5a:45:
         98:34:0b:13:66:8b:d1:4b:32:54:77:8c:8f:80:e4:a0:97:78:
         bb:30:27:74:0f:22:43:2c:d2:e5:a0:e5:a9:aa:ba:30:3a:49:
         08:cc:22:e9:78:7e:c6:fb:40:ea:80:87:4b:5a:a8:85:98:82:
         7a:e3:5b:50:f5:39:70:47:76:fe:10:b5:92:4d:3f:13:79:89:
         3c:1f:2b:5a:f9:6a:9d:7e:2d:d0:c6:66:5c:43:c7:3a:b1:fd:
         ec:a9:60:65:f2:6e:33:51:e4:33:e1:fe:f1:56:8e:fc:67:1e:
         ae:38:ef:ab:a7:e9:e4:4b:e9:05:43:a5:76:75:01:63:d5:20:
         ee:82:a0:8d:c6:64:ab:7f:50:f7:27:06:c3:43:ec:05:12:3e:
         35:1e:ff:3c:1c:53:97:2b:90:b3:19:fc:31:dc:83:4a:a0:4f:
         19:dd:47:1d:92:8e:1e:3c:5a:92:cd:f9:4c:ed:5f:b9:7c:f6:
         28:f9:d1:18
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVxlVS9ocutYUjyS/BF1h0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYjI5ODE5Nzg4ODU2OTZjZTFjMmJiZjRhZjk5ZGFkYzJj
NjE4ZWIwHhcNMjMwMTAyMDgyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWY2MzY2MGRiNTE1MDYwYmY1N2Q4NTk0Y2VkNDY3M2Y2ZWMwMTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthuiPWGjhmW93SQee8Tpag3TbMYj
LHGK4lNA2N6IBjKnQT9OJf1YBhsxqnuWwg44SxZj8Trt07xZhzZCb7oMKRYKpJv2
rXleytAILUVlOhRClq116AjUHQVKEVeoFGmiZReExcrRvMK8aAx//p43eEz+IdUZ
sClPR0dxyv7A+c9hj4lzbCd0btH+udHAyS5YhyxEEi0Eh1vgdsNiEXtD+OjmLwuY
m/uXLMxGg3vQeMCUMhK6Be4tk0phZJswv0pMKri61ApQj96oLovT7kVANnO8hZC9
Skr7xfCm9MvYM43BpiTHsKNpbiEjDT5QBVmSG/7bHLqN14ITsq1H4wPbAQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFOr2NmDbUVBgv1fYWUztRnP27AE1MB8GA1UdIwQY
MBaAFJOymBl4iFaWzhwrv0r5na3CxhjrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazdLWUdYaUlWcGJPSEN1X1N2bWRyY0xHR09zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83OTg2YTktNGU0Ni00YzMzLTkyYzkt
MzFjOTVlMmExZDZmLzEvNnZZMllOdFJVR0NfVjloWlRPMUdjX2JzQVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83OTg2YTktNGU0Ni00YzMzLTkyYzktMzFjOTVlMmExZDZm
LzEvazdLWUdYaUlWcGJPSEN1X1N2bWRyY0xHR09zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDBZWoAwQC
Ua0MAwQAW9jsAwQAW9jxAwQCXXcYAwQDkALwAwQCn/3gAwQCuSCYAwQCuTlkAwQC
uXqEAwQCuZzEMA0EAgACMAcDBQMqBAsAMA0GCSqGSIb3DQEBCwUAA4IBAQBgGy3G
JMcVMj/meQT2sWPL+gGeFEI2VbJmkkJ85/HCRMZVEvAi9QIZ+xhrY7bFzxDgbNxt
HsXh+EkFoVlaVlfk8DuM4B+cWkWYNAsTZovRSzJUd4yPgOSgl3i7MCd0DyJDLNLl
oOWpqrowOkkIzCLpeH7G+0DqgIdLWqiFmIJ641tQ9TlwR3b+ELWSTT8TeYk8Hyta
+Wqdfi3QxmZcQ8c6sf3sqWBl8m4zUeQz4f7xVo78Zx6uOO+rp+nkS+kFQ6V2dQFj
1SDugqCNxmSrf1D3JwbDQ+wFEj41Hv88HFOXK5CzGfwx3INKoE8Z3Ucdko4ePFqS
zflM7V+5fPYo+dEY
-----END CERTIFICATE-----