Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/xoh1nJ3BG2B2vziG7amYBFtLhCE.roa
File:                     xoh1nJ3BG2B2vziG7amYBFtLhCE.roa (raw, json)
Hash identifier:          7N2OEX1z9YgbjuArlf18+bfAgGSbtvRyp/kXozYI+MY=
Subject key identifier:   C6:88:75:9C:9D:C1:1B:60:76:BF:38:86:ED:A9:98:04:5B:4B:84:21
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01837DEC6809A833433DE6E3B16ED162D0E9
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/xoh1nJ3BG2B2vziG7amYBFtLhCE.roa
Signing time:             Tue 27 Sep 2022 07:49:48 +0000
ROA not before:           Tue 27 Sep 2022 07:49:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35913
IP address blocks:        85.254.137.0/24 maxlen: 24
                          85.254.140.0/24 maxlen: 24
                          85.254.84.0/23 maxlen: 23
                          85.254.103.0/24 maxlen: 24
                          85.254.124.0/23 maxlen: 23
                          85.254.30.0/24 maxlen: 24
                          85.254.29.0/24 maxlen: 24
                          85.254.40.0/24 maxlen: 24
                          85.254.47.0/24 maxlen: 24
                          85.254.51.0/24 maxlen: 24
                          85.254.59.0/24 maxlen: 24
                          85.254.4.0/24 maxlen: 24
                          85.254.2.0/24 maxlen: 24
                          85.254.7.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:7d:ec:68:09:a8:33:43:3d:e6:e3:b1:6e:d1:62:d0:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Sep 27 07:49:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c688759c9dc11b6076bf3886eda998045b4b8421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2b:c7:55:c1:e3:08:5c:8e:f0:b5:4f:ed:54:
                    35:c9:76:96:62:36:08:fd:8e:76:13:42:70:5e:74:
                    33:13:fb:3a:75:5f:8a:5b:5c:e8:ca:cf:84:9b:ef:
                    d4:c8:6a:81:5f:88:15:1a:0f:43:69:79:43:60:a2:
                    ba:e6:40:b4:53:86:60:ac:88:e1:e7:35:68:2d:eb:
                    6f:a7:6e:ec:4c:47:7b:17:f5:8a:6c:8a:8c:04:f0:
                    8d:ac:f0:54:db:f0:a0:7c:58:e4:87:01:b0:4e:c9:
                    d1:07:83:5a:33:59:b6:a9:3e:54:69:3c:f4:39:2c:
                    d6:c7:15:fa:7a:31:03:24:84:cb:3b:32:9a:39:0b:
                    f0:22:c9:d2:6a:0e:3e:22:9b:66:58:3f:05:15:f3:
                    4f:64:a3:ad:6d:ec:7d:34:44:ff:d1:ec:90:05:3e:
                    6c:8f:71:7a:f3:cc:39:e6:34:e8:10:88:46:e9:b9:
                    4c:67:0d:1e:21:ef:9a:82:77:20:7c:2b:f1:1a:d6:
                    e1:bb:b0:1a:ac:c8:80:d5:96:4c:9c:b0:ee:d1:38:
                    0e:32:fa:16:1a:99:c7:2f:76:d9:36:a5:b1:57:5b:
                    0f:b9:1a:32:21:9a:bc:14:f2:0c:33:a4:18:e2:0a:
                    72:31:66:02:af:9c:aa:0b:c4:3e:0c:45:ce:2b:95:
                    c3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:88:75:9C:9D:C1:1B:60:76:BF:38:86:ED:A9:98:04:5B:4B:84:21
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/xoh1nJ3BG2B2vziG7amYBFtLhCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.2.0/24
                  85.254.4.0/24
                  85.254.7.0/24
                  85.254.29.0-85.254.30.255
                  85.254.40.0/24
                  85.254.47.0/24
                  85.254.51.0/24
                  85.254.59.0/24
                  85.254.84.0/23
                  85.254.103.0/24
                  85.254.124.0/23
                  85.254.137.0/24
                  85.254.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:c1:5f:e9:49:19:a1:d0:e9:15:c9:a0:b0:bf:e5:6e:c9:66:
         3f:9d:fd:23:2a:d4:ad:07:79:d1:18:7a:dd:69:4d:1b:19:49:
         21:79:93:63:40:f3:90:b6:6e:24:25:f1:e4:cb:0b:38:f6:2d:
         7e:e5:55:01:fd:f4:f9:aa:f2:62:07:54:22:36:e4:d1:30:08:
         4e:8b:48:c0:05:a2:5d:84:47:f4:b6:ea:a6:87:f0:5d:61:fe:
         e3:a9:8f:09:3f:02:f9:f5:de:28:39:ea:ba:e2:48:d0:56:1f:
         12:b7:c0:45:ac:81:89:8d:50:06:1a:bb:ec:62:7c:ef:8c:04:
         3f:47:b1:e3:c4:a5:17:30:82:41:75:a0:d2:a4:29:80:d5:20:
         c4:b0:a9:e4:16:37:cf:ae:f7:35:e9:dc:de:23:6d:dc:03:b7:
         02:d0:b0:52:1f:a8:93:f3:c0:7e:8f:ce:5d:b9:13:ee:cb:57:
         64:4d:5f:9c:d1:1b:48:68:bc:ec:b9:02:29:ee:5f:6f:e0:78:
         df:f6:49:b5:7d:19:2c:1d:60:dc:7f:b5:61:02:dd:36:80:23:
         37:3b:42:f7:ea:5c:d0:73:94:f8:37:da:60:3f:55:4f:a3:93:
         73:bb:3d:51:94:07:8a:c6:2e:51:e7:f6:3c:6b:89:c2:36:19:
         e5:41:1a:f2
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYN97GgJqDNDPebjsW7RYtDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjIwOTI3MDc0OTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjg4NzU5YzlkYzExYjYwNzZiZjM4ODZlZGE5OTgwNDViNGI4NDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjivHVcHjCFyO8LVP7VQ1yXaWYjYI
/Y52E0JwXnQzE/s6dV+KW1zoys+Em+/UyGqBX4gVGg9DaXlDYKK65kC0U4ZgrIjh
5zVoLetvp27sTEd7F/WKbIqMBPCNrPBU2/CgfFjkhwGwTsnRB4NaM1m2qT5UaTz0
OSzWxxX6ejEDJITLOzKaOQvwIsnSag4+IptmWD8FFfNPZKOtbex9NET/0eyQBT5s
j3F688w55jToEIhG6blMZw0eIe+agncgfCvxGtbhu7AarMiA1ZZMnLDu0TgOMvoW
GpnHL3bZNqWxV1sPuRoyIZq8FPIMM6QY4gpyMWYCr5yqC8Q+DEXOK5XDzwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFMaIdZydwRtgdr84hu2pmARbS4QhMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEveG9oMW5KM0JHMkIydnppRzdhbVlCRnRMaENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAVf4CAwQA
Vf4EAwQAVf4HMAwDBABV/h0DBABV/h4DBABV/igDBABV/i8DBABV/jMDBABV/jsD
BAFV/lQDBABV/mcDBAFV/nwDBABV/okDBABV/owwDQYJKoZIhvcNAQELBQADggEB
ACXBX+lJGaHQ6RXJoLC/5W7JZj+d/SMq1K0HedEYet1pTRsZSSF5k2NA85C2biQl
8eTLCzj2LX7lVQH99Pmq8mIHVCI25NEwCE6LSMAFol2ER/S26qaH8F1h/uOpjwk/
Avn13ig56rriSNBWHxK3wEWsgYmNUAYau+xifO+MBD9HsePEpRcwgkF1oNKkKYDV
IMSwqeQWN8+u9zXp3N4jbdwDtwLQsFIfqJPzwH6Pzl25E+7LV2RNX5zRG0hovOy5
AinuX2/geN/2SbV9GSwdYNx/tWEC3TaAIzc7QvfqXNBzlPg32mA/VU+jk3O7PVGU
B4rGLlHn9jxricI2GeVBGvI=
-----END CERTIFICATE-----