Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/1VTJ9plBfqF-wdp3Z7gssCOy2TI.roa
File:                     1VTJ9plBfqF-wdp3Z7gssCOy2TI.roa (raw, json)
Hash identifier:          ish7nee0P1iLF6teyyqTmbh1rE9yPour0m6f3L8oN+Q=
Subject key identifier:   D5:54:C9:F6:99:41:7E:A1:7E:C1:DA:77:67:B8:2C:B0:23:B2:D9:32
Certificate issuer:       /CN=34e110b59362f673eae33b66ee7aea3c4028294e
Certificate serial:       018AD1C07B3D0B59B5C5D047A406D39A3D1D
Authority key identifier: 34:E1:10:B5:93:62:F6:73:EA:E3:3B:66:EE:7A:EA:3C:40:28:29:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NOEQtZNi9nPq4ztm7nrqPEAoKU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/1VTJ9plBfqF-wdp3Z7gssCOy2TI.roa
Signing time:             Tue 26 Sep 2023 13:49:27 +0000
ROA not before:           Tue 26 Sep 2023 13:49:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29028
IP address blocks:        141.105.124.0/23 maxlen: 24
                          141.105.124.0/24 maxlen: 24
                          141.105.125.0/24 maxlen: 24
                          141.105.120.0/22 maxlen: 24
                          141.105.120.0/21 maxlen: 24
                          141.105.126.0/23 maxlen: 24
                          178.21.118.0/24 maxlen: 24
                          178.21.112.0/21 maxlen: 24
                          193.200.132.0/24 maxlen: 24
                          194.145.200.0/23 maxlen: 24
                          185.2.44.0/22 maxlen: 24
                          2a02:2308::/32 maxlen: 32
                          2a02:2308::/48 maxlen: 48
                          2a02:2308:20::/48 maxlen: 48
                          2a02:2308:30::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d1:c0:7b:3d:0b:59:b5:c5:d0:47:a4:06:d3:9a:3d:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34e110b59362f673eae33b66ee7aea3c4028294e
        Validity
            Not Before: Sep 26 13:49:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d554c9f699417ea17ec1da7767b82cb023b2d932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3c:20:2c:67:72:a6:c4:3b:af:19:ef:7e:4f:
                    1a:b5:9c:6e:f9:79:a1:33:b3:ce:3e:f8:b5:96:77:
                    cd:ec:08:23:1c:39:19:d8:50:1b:43:e9:1b:6e:8e:
                    c7:8a:1d:0a:6d:5f:ff:66:6d:15:2f:7a:84:b8:ff:
                    94:a5:d6:22:d1:7b:5b:84:86:56:62:5c:8d:1d:98:
                    a5:90:52:10:0f:c2:21:b9:c4:55:1f:25:ca:9b:d5:
                    78:65:a8:88:d7:8f:d3:c0:7d:7c:a5:4f:f1:6f:71:
                    36:12:f1:b1:06:08:54:51:56:45:fe:fb:9d:25:16:
                    cc:cf:96:58:27:75:f5:d7:72:b9:2e:5d:b1:cb:3c:
                    23:90:8b:ac:3c:e8:c5:87:a8:02:44:c3:5b:92:d1:
                    27:39:5b:14:34:07:79:e8:b0:cd:01:a4:c3:13:10:
                    4c:8d:48:98:66:56:23:e2:b0:37:61:c6:19:06:da:
                    d0:7f:de:ff:44:3e:8b:82:1f:ad:79:cf:b0:35:ae:
                    39:90:f9:f5:e1:3a:74:e1:e5:42:4c:78:ed:92:04:
                    18:95:67:b7:50:47:e8:3b:5a:70:3c:35:61:35:63:
                    10:79:d7:41:fc:29:aa:20:b1:00:81:bf:cd:a6:18:
                    e0:4b:28:76:cf:c6:63:45:3a:fb:42:12:98:c1:19:
                    2c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:54:C9:F6:99:41:7E:A1:7E:C1:DA:77:67:B8:2C:B0:23:B2:D9:32
            X509v3 Authority Key Identifier:
                keyid:34:E1:10:B5:93:62:F6:73:EA:E3:3B:66:EE:7A:EA:3C:40:28:29:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NOEQtZNi9nPq4ztm7nrqPEAoKU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/1VTJ9plBfqF-wdp3Z7gssCOy2TI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/NOEQtZNi9nPq4ztm7nrqPEAoKU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.120.0/21
                  178.21.112.0/21
                  185.2.44.0/22
                  193.200.132.0/24
                  194.145.200.0/23
                IPv6:
                  2a02:2308::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:cb:03:23:0e:04:a0:b2:7a:5e:3b:3d:62:a3:ed:70:2a:f0:
         f8:2b:12:a2:54:f9:df:a8:92:a8:48:05:93:96:e4:64:b5:7b:
         40:5d:65:57:b3:6c:7a:85:34:09:4f:cd:6c:3d:45:a9:09:4f:
         ab:ed:59:c9:9c:f9:e8:88:99:8a:d1:37:d0:7f:98:bb:4a:7e:
         a0:b7:66:5f:d5:92:61:92:86:e5:0b:fe:1a:3d:d5:5b:fc:7b:
         99:5e:5b:9e:86:a8:4d:a2:6a:c1:dc:21:aa:41:d2:c2:a0:c8:
         76:80:08:9c:53:3f:05:4e:d8:6b:ff:d3:6d:0b:68:cf:77:4f:
         98:00:83:b6:6a:66:95:57:ef:0c:cd:31:8c:e6:3b:5a:6b:d1:
         37:ef:66:5a:f9:f9:a0:f3:16:67:e4:72:98:9f:c2:7f:16:f0:
         a4:b3:f4:b3:11:15:19:34:17:22:ea:63:50:a7:65:ac:a3:66:
         7c:b5:bf:e8:6a:d2:54:87:e2:74:51:e8:14:94:a5:f5:4b:51:
         c7:56:7f:4e:2e:42:b9:29:97:58:f1:75:27:31:ef:c0:7b:71:
         74:84:d8:a7:b8:9d:97:b3:87:ce:72:13:92:4c:e5:bf:64:b1:
         21:da:48:c9:cf:99:7c:c2:cd:7a:df:e3:8f:6c:82:dd:90:4c:
         c2:c3:12:22
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYrRwHs9C1m1xdBHpAbTmj0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZTExMGI1OTM2MmY2NzNlYWUzM2I2NmVlN2FlYTNjNDAy
ODI5NGUwHhcNMjMwOTI2MTM0OTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTU0YzlmNjk5NDE3ZWExN2VjMWRhNzc2N2I4MmNiMDIzYjJkOTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszwgLGdypsQ7rxnvfk8atZxu+Xmh
M7POPvi1lnfN7AgjHDkZ2FAbQ+kbbo7Hih0KbV//Zm0VL3qEuP+UpdYi0XtbhIZW
YlyNHZilkFIQD8IhucRVHyXKm9V4ZaiI14/TwH18pU/xb3E2EvGxBghUUVZF/vud
JRbMz5ZYJ3X113K5Ll2xyzwjkIusPOjFh6gCRMNbktEnOVsUNAd56LDNAaTDExBM
jUiYZlYj4rA3YcYZBtrQf97/RD6Lgh+tec+wNa45kPn14Tp04eVCTHjtkgQYlWe3
UEfoO1pwPDVhNWMQeddB/CmqILEAgb/NphjgSyh2z8ZjRTr7QhKYwRksJQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFNVUyfaZQX6hfsHad2e4LLAjstkyMB8GA1UdIwQY
MBaAFDThELWTYvZz6uM7Zu566jxAKClOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk9FUXRaTmk5blBxNHp0bTducnFQRUFvS1U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8wYmY4ZmItMTYwNC00Y2QxLTlkYTYt
MWJiMjdjNWQzOTdlLzEvMVZUSjlwbEJmcUYtd2RwM1o3Z3NzQ095MlRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8wYmY4ZmItMTYwNC00Y2QxLTlkYTYtMWJiMjdjNWQzOTdl
LzEvTk9FUXRaTmk5blBxNHp0bTducnFQRUFvS1U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDjWl4AwQD
shVwAwQCuQIsAwQAwciEAwQBwpHIMA0EAgACMAcDBQAqAiMIMA0GCSqGSIb3DQEB
CwUAA4IBAQBCywMjDgSgsnpeOz1io+1wKvD4KxKiVPnfqJKoSAWTluRktXtAXWVX
s2x6hTQJT81sPUWpCU+r7VnJnPnoiJmK0TfQf5i7Sn6gt2Zf1ZJhkoblC/4aPdVb
/HuZXluehqhNomrB3CGqQdLCoMh2gAicUz8FTthr/9NtC2jPd0+YAIO2amaVV+8M
zTGM5jtaa9E372Za+fmg8xZn5HKYn8J/FvCks/SzERUZNBci6mNQp2Wso2Z8tb/o
atJUh+J0UegUlKX1S1HHVn9OLkK5KZdY8XUnMe/Ae3F0hNinuJ2Xs4fOchOSTOW/
ZLEh2kjJz5l8ws163+OPbILdkEzCwxIi
-----END CERTIFICATE-----