Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/I6OtobKxAnZBS6CvgzFn_idRbEk.roa
File:                     I6OtobKxAnZBS6CvgzFn_idRbEk.roa (raw, json)
Hash identifier:          4HMsHIrLPmEYtEyOEE908CMToE+UlSdh3Pb7gaGiNCo=
Subject key identifier:   23:A3:AD:A1:B2:B1:02:76:41:4B:A0:AF:83:31:67:FE:27:51:6C:49
Certificate issuer:       /CN=6aa8fa75c5020cd6218cf7f109de420265204bac
Certificate serial:       018BE89D8DD67820451C07BB763CAAF1CF83
Authority key identifier: 6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/I6OtobKxAnZBS6CvgzFn_idRbEk.roa
Signing time:             Sun 19 Nov 2023 17:25:21 +0000
ROA not before:           Sun 19 Nov 2023 17:25:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        2a13:d040:1e::/48 maxlen: 48
                          2a13:d040:19::/48 maxlen: 48
                          2a13:d040:14::/48 maxlen: 48
                          2a13:d040:1f::/48 maxlen: 48
                          2a13:d040:12::/48 maxlen: 48
                          2a13:d040:2::/48 maxlen: 48
                          2a13:d040:1d::/48 maxlen: 48
                          2a13:d040:18::/48 maxlen: 48
                          2a13:d040:3::/48 maxlen: 48
                          2a13:d040:13::/48 maxlen: 48
                          2a13:d040:16::/48 maxlen: 48
                          2a13:d040:1::/48 maxlen: 48
                          2a13:d040:11::/48 maxlen: 48
                          2a13:d040:1c::/48 maxlen: 48
                          2a13:d040:17::/48 maxlen: 48
                          2a13:d040:1a::/48 maxlen: 48
                          2a13:d040:15::/48 maxlen: 48
                          2a13:d040:10::/48 maxlen: 48
                          2a13:d040:1b::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:e8:9d:8d:d6:78:20:45:1c:07:bb:76:3c:aa:f1:cf:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa8fa75c5020cd6218cf7f109de420265204bac
        Validity
            Not Before: Nov 19 17:25:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=23a3ada1b2b10276414ba0af833167fe27516c49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2e:75:87:8f:21:74:ad:45:26:c6:43:6c:19:
                    37:1c:e2:03:b1:e1:aa:25:ff:6e:1d:37:15:2c:10:
                    b7:69:d1:b8:e9:3a:87:84:d9:e1:fe:f7:3c:0c:d4:
                    ba:51:4b:d5:03:08:23:2d:62:45:9a:75:30:8b:3b:
                    87:60:6a:b7:e9:30:b6:ab:61:05:3d:1d:94:97:19:
                    8c:5c:ae:35:69:c3:77:40:99:04:75:6a:f7:0e:99:
                    50:12:c3:00:1a:92:65:ea:cb:1f:08:ff:8b:b6:a4:
                    03:e2:5e:29:78:ea:65:8c:d7:98:70:cb:01:49:e9:
                    e9:04:e1:d2:98:45:0e:02:33:b8:a9:07:bc:d6:66:
                    b4:04:cd:27:de:dc:5a:37:e0:ab:66:3f:56:30:66:
                    2b:f7:23:cd:c4:0d:3f:ee:1d:f3:35:ad:14:72:a0:
                    eb:71:98:7a:3a:33:25:4c:16:e1:ce:2f:75:97:7b:
                    6a:4a:d7:8b:15:f3:01:a2:f7:ec:11:91:df:ee:93:
                    75:1b:a1:c1:e7:f8:9f:b6:78:6c:10:dd:2e:47:d3:
                    ca:ee:f9:c2:e7:7d:26:49:1a:35:68:dd:0d:b5:35:
                    c4:9d:9b:0d:55:45:fd:23:85:67:fb:1f:07:a3:78:
                    83:10:a5:53:04:7d:24:b9:5e:9a:bb:5b:a8:3f:26:
                    8d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A3:AD:A1:B2:B1:02:76:41:4B:A0:AF:83:31:67:FE:27:51:6C:49
            X509v3 Authority Key Identifier:
                keyid:6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/I6OtobKxAnZBS6CvgzFn_idRbEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d040:1::-2a13:d040:3:ffff:ffff:ffff:ffff:ffff
                  2a13:d040:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:d0:51:10:1d:00:e5:41:ee:d4:c9:73:5a:c9:54:f8:02:d3:
         08:7c:a2:ca:14:e4:c0:b1:64:b7:2c:01:47:2e:5c:29:49:02:
         0f:00:46:74:90:66:e2:2f:e9:03:65:28:67:c1:53:16:99:39:
         24:6c:16:0f:c6:1d:c1:02:da:0d:7e:48:ca:4d:4d:bc:0a:ac:
         84:9b:7b:de:5b:e0:6b:dd:f8:ea:d4:82:e1:e6:5a:f5:13:e7:
         29:96:74:40:23:05:1b:a3:10:a2:58:6e:10:8d:4e:6e:25:69:
         d0:de:3b:aa:d9:ae:35:88:ba:a3:ea:05:e4:f3:06:ef:ec:04:
         ed:77:00:a0:3a:94:3d:0f:02:8a:05:2e:79:af:bd:e8:da:74:
         dd:56:9b:62:d4:9e:c6:9a:8a:27:3a:5b:07:06:5f:85:81:ef:
         22:37:4d:10:5c:01:c9:bd:5b:a1:b0:aa:06:5f:48:b3:ed:51:
         92:3d:de:ed:76:ae:f0:97:4d:b2:5c:e1:8f:81:15:7e:e5:11:
         6d:63:62:24:f8:83:0f:45:86:63:a3:14:f2:90:1e:e6:95:7a:
         e9:0b:93:25:9c:7d:4e:6b:8b:35:50:07:b7:eb:1c:9b:52:71:
         04:66:93:2a:d5:56:78:e5:c2:53:40:d3:73:60:53:a4:e6:df:
         6f:92:05:1a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYvonY3WeCBFHAe7djyq8c+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYThmYTc1YzUwMjBjZDYyMThjZjdmMTA5ZGU0MjAyNjUy
MDRiYWMwHhcNMjMxMTE5MTcyNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2EzYWRhMWIyYjEwMjc2NDE0YmEwYWY4MzMxNjdmZTI3NTE2YzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyC51h48hdK1FJsZDbBk3HOIDseGq
Jf9uHTcVLBC3adG46TqHhNnh/vc8DNS6UUvVAwgjLWJFmnUwizuHYGq36TC2q2EF
PR2UlxmMXK41acN3QJkEdWr3DplQEsMAGpJl6ssfCP+LtqQD4l4peOpljNeYcMsB
SenpBOHSmEUOAjO4qQe81ma0BM0n3txaN+CrZj9WMGYr9yPNxA0/7h3zNa0UcqDr
cZh6OjMlTBbhzi91l3tqSteLFfMBovfsEZHf7pN1G6HB5/iftnhsEN0uR9PK7vnC
530mSRo1aN0NtTXEnZsNVUX9I4Vn+x8Ho3iDEKVTBH0kuV6au1uoPyaNuQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCOjraGysQJ2QUugr4MxZ/4nUWxJMB8GA1UdIwQY
MBaAFGqo+nXFAgzWIYz38QneQgJlIEusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAt
MzVjNjNmYTc2NWEyLzEvSTZPdG9iS3hBblpCUzZDdmd6Rm5faWRSYkVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAtMzVjNjNmYTc2NWEy
LzEvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdMBIDBwAqE9BA
AAEDBwIqE9BAAAADBwQqE9BAABAwDQYJKoZIhvcNAQELBQADggEBAFjQURAdAOVB
7tTJc1rJVPgC0wh8osoU5MCxZLcsAUcuXClJAg8ARnSQZuIv6QNlKGfBUxaZOSRs
Fg/GHcEC2g1+SMpNTbwKrISbe95b4Gvd+OrUguHmWvUT5ymWdEAjBRujEKJYbhCN
Tm4ladDeO6rZrjWIuqPqBeTzBu/sBO13AKA6lD0PAooFLnmvvejadN1Wm2LUnsaa
iic6WwcGX4WB7yI3TRBcAcm9W6GwqgZfSLPtUZI93u12rvCXTbJc4Y+BFX7lEW1j
YiT4gw9FhmOjFPKQHuaVeukLkyWcfU5rizVQB7frHJtScQRmkyrVVnjlwlNA03Ng
U6Tm32+SBRo=
-----END CERTIFICATE-----