Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/o1LWIaV0ZoRr-O8ZEZjIsC25wR4.roa
File:                     o1LWIaV0ZoRr-O8ZEZjIsC25wR4.roa (raw, json)
Hash identifier:          zxLXaNCLTGEIvRFXFDLU3PSvWKt7e6bKYc4N+8L2h0E=
Subject key identifier:   A3:52:D6:21:A5:74:66:84:6B:F8:EF:19:11:98:C8:B0:2D:B9:C1:1E
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       01856D8197FFE4BA71103FF66C5ADD69AF22
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/o1LWIaV0ZoRr-O8ZEZjIsC25wR4.roa
Signing time:             Sun 01 Jan 2023 13:24:47 +0000
ROA not before:           Sun 01 Jan 2023 13:24:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48292
IP address blocks:        2a0f:6580:9::/48 maxlen: 48
                          2a0f:6580:4::/48 maxlen: 48
                          2a0f:6580:f::/48 maxlen: 48
                          2a0f:6580:a::/48 maxlen: 48
                          2a0f:6580:d::/48 maxlen: 48
                          2a0f:6580:8::/48 maxlen: 48
                          2a0f:6580:3::/48 maxlen: 48
                          2a0f:6580:103::/48 maxlen: 48
                          2a0f:6580:e::/48 maxlen: 48
                          2a0f:6580:1::/48 maxlen: 48
                          2a0f:6580:101::/48 maxlen: 48
                          2a0f:6580:c::/48 maxlen: 48
                          2a0f:6580:7::/48 maxlen: 48
                          2a0f:6580:2::/48 maxlen: 48
                          2a0f:6580:102::/48 maxlen: 48
                          2a0f:6580:5::/48 maxlen: 48
                          2a0f:6580::/48 maxlen: 48
                          2a0f:6580:b::/48 maxlen: 48
                          2a0f:6580:6::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:97:ff:e4:ba:71:10:3f:f6:6c:5a:dd:69:af:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  1 13:24:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a352d621a57466846bf8ef191198c8b02db9c11e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:11:f0:a4:08:e9:be:74:4c:92:96:5a:dc:ac:
                    5c:96:69:ca:63:cc:4c:35:bc:78:de:1b:1b:d8:14:
                    ff:26:b4:d4:33:18:8b:11:d7:d7:68:c1:fd:eb:67:
                    7a:fc:e9:be:03:11:e7:f7:40:d4:5c:02:66:92:d3:
                    8e:a3:e5:3e:9b:e2:3a:23:cf:f2:3c:6c:fa:7b:71:
                    7d:66:2c:3f:86:a4:ff:e1:2e:bd:f1:67:30:4b:63:
                    49:db:6d:11:e3:14:5e:6f:3c:16:c0:a7:28:3c:c1:
                    e2:e2:c6:4f:62:7a:96:04:9d:f9:e9:1d:2f:ce:65:
                    c4:75:75:5d:8b:d7:0d:b5:15:fb:de:55:2c:56:c5:
                    ec:45:63:74:3a:09:4c:80:8f:3c:e1:af:8d:48:d3:
                    c2:34:8b:d3:ab:a4:ab:00:79:46:72:09:c7:dd:bb:
                    0c:fa:ed:ab:32:a9:2f:56:4d:42:92:45:60:d9:eb:
                    2e:59:1a:ae:a9:a8:14:31:33:6c:a2:10:60:03:5d:
                    18:74:86:d8:73:0c:14:9d:49:cf:cf:f8:9b:f2:5f:
                    3c:5e:16:35:97:41:80:32:9c:ea:9b:87:48:4a:c9:
                    d9:96:51:bf:f5:de:3e:71:90:ce:10:bf:98:3c:a0:
                    cc:16:d2:01:a4:4e:43:a8:26:22:40:6a:f7:55:56:
                    f6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:52:D6:21:A5:74:66:84:6B:F8:EF:19:11:98:C8:B0:2D:B9:C1:1E
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/o1LWIaV0ZoRr-O8ZEZjIsC25wR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580::/44
                  2a0f:6580:101::-2a0f:6580:103:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         75:13:0b:d1:21:12:1f:59:63:1a:d2:01:15:5f:4e:b3:17:34:
         b2:70:00:c1:50:9d:ec:74:b5:98:92:46:47:b2:96:17:c5:d1:
         32:81:e0:58:b8:48:d9:78:95:f2:ea:cb:1b:0d:39:b1:3b:98:
         b2:a5:63:e6:23:cc:ef:ae:70:c7:3c:6d:72:3c:08:37:d3:3b:
         f9:52:d8:7d:a7:7e:2d:71:d8:95:0c:b0:86:a9:fe:05:ea:45:
         e9:d0:ec:f7:05:0d:e6:9d:22:f0:05:d8:35:c9:0a:cb:ea:87:
         c8:aa:ed:d6:74:de:9e:89:be:f7:54:85:e7:06:cc:46:0b:9e:
         8e:10:9d:20:ad:b3:a2:36:a7:72:43:ac:3e:4a:ee:15:6c:e9:
         e9:aa:0e:e5:90:bb:8c:aa:c8:04:a1:23:2f:8a:43:3c:30:73:
         70:54:cd:95:ef:61:4f:65:42:06:6d:99:07:a4:df:16:c7:e4:
         2d:48:d8:fc:a0:12:4a:76:01:59:62:47:0e:e5:ae:5e:3a:7b:
         14:5c:a1:c8:b3:f4:f3:50:58:aa:49:5d:62:e6:09:39:08:b6:
         0e:23:a8:f4:a2:93:ef:71:d7:a2:a2:15:6e:95:36:64:4b:c1:
         42:28:c5:3a:c0:34:66:97:0e:a7:dd:3a:f3:ff:41:a2:db:5b:
         3e:41:c4:8e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVtgZf/5LpxED/2bFrdaa8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjMwMTAxMTMyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzUyZDYyMWE1NzQ2Njg0NmJmOGVmMTkxMTk4YzhiMDJkYjljMTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhHwpAjpvnRMkpZa3KxclmnKY8xM
Nbx43hsb2BT/JrTUMxiLEdfXaMH962d6/Om+AxHn90DUXAJmktOOo+U+m+I6I8/y
PGz6e3F9Ziw/hqT/4S698WcwS2NJ220R4xRebzwWwKcoPMHi4sZPYnqWBJ356R0v
zmXEdXVdi9cNtRX73lUsVsXsRWN0OglMgI884a+NSNPCNIvTq6SrAHlGcgnH3bsM
+u2rMqkvVk1CkkVg2esuWRquqagUMTNsohBgA10YdIbYcwwUnUnPz/ib8l88XhY1
l0GAMpzqm4dISsnZllG/9d4+cZDOEL+YPKDMFtIBpE5DqCYiQGr3VVb2hwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFKNS1iGldGaEa/jvGRGYyLAtucEeMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvbzFMV0lhVjBab1JyLU84WkVaaklzQzI1d1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdAwcEKg9lgAAA
MBIDBwAqD2WAAQEDBwIqD2WAAQAwDQYJKoZIhvcNAQELBQADggEBAHUTC9EhEh9Z
YxrSARVfTrMXNLJwAMFQnex0tZiSRkeylhfF0TKB4Fi4SNl4lfLqyxsNObE7mLKl
Y+YjzO+ucMc8bXI8CDfTO/lS2H2nfi1x2JUMsIap/gXqRenQ7PcFDeadIvAF2DXJ
Csvqh8iq7dZ03p6JvvdUhecGzEYLno4QnSCts6I2p3JDrD5K7hVs6emqDuWQu4yq
yAShIy+KQzwwc3BUzZXvYU9lQgZtmQek3xbH5C1I2PygEkp2AVliRw7lrl46exRc
ociz9PNQWKpJXWLmCTkItg4jqPSik+9x16KiFW6VNmRLwUIoxTrANGaXDqfdOvP/
QaLbWz5BxI4=
-----END CERTIFICATE-----