Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BzZnJpE3rk6xMqYCtGYjTvHwXTE.roa
File:                     BzZnJpE3rk6xMqYCtGYjTvHwXTE.roa (raw, json)
Hash identifier:          ppDuxxKFOAU1B+aRTUVLRb6pEEdxT5Bzb/eJuUdPjz0=
Subject key identifier:   07:36:67:26:91:37:AE:4E:B1:32:A6:02:B4:66:23:4E:F1:F0:5D:31
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0184134493C013BEBAD7CB90857357B2B0C8
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BzZnJpE3rk6xMqYCtGYjTvHwXTE.roa
Signing time:             Wed 26 Oct 2022 07:49:32 +0000
ROA not before:           Wed 26 Oct 2022 07:49:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        163.5.95.0/24 maxlen: 24
                          163.5.94.0/24 maxlen: 24
                          163.5.113.0/24 maxlen: 24
                          163.5.116.0/24 maxlen: 24
                          163.5.241.0/24 maxlen: 24
                          163.5.32.0/24 maxlen: 24
                          163.5.184.0/24 maxlen: 24
                          163.5.196.0/24 maxlen: 24
                          163.5.197.0/24 maxlen: 24
                          163.5.195.0/24 maxlen: 24
                          163.5.127.0/24 maxlen: 24
                          163.5.132.0/24 maxlen: 24
                          163.5.135.0/24 maxlen: 24
                          163.5.137.0/24 maxlen: 24
                          163.5.133.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:13:44:93:c0:13:be:ba:d7:cb:90:85:73:57:b2:b0:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct 26 07:49:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=073667269137ae4eb132a602b466234ef1f05d31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d6:42:c8:30:32:6f:4b:0b:47:0e:87:db:aa:
                    6a:5c:58:82:bb:4c:f7:64:2e:67:eb:22:1f:f7:7a:
                    e5:61:eb:7c:d2:4a:d6:5e:3d:1b:cf:5e:59:ba:44:
                    66:af:77:f6:77:86:85:93:7c:30:dd:c3:85:32:4a:
                    2a:d3:2c:3b:66:ed:38:8e:15:db:6b:e5:cc:59:25:
                    fb:54:ef:65:ae:80:42:a1:67:89:c8:be:c8:2b:95:
                    dc:12:c7:e1:0c:9b:50:20:c9:a6:b0:8e:0a:5a:bb:
                    7e:c5:c7:89:2d:1e:e3:bb:57:3f:84:8d:a4:e8:15:
                    19:7f:f7:94:39:dc:3c:cb:f0:d8:1f:64:a1:3e:9b:
                    4a:ff:ed:d7:af:d8:aa:3e:24:63:9e:c4:9d:34:cf:
                    d5:78:07:84:25:e1:5a:7e:07:a2:00:0e:d5:7f:ee:
                    8f:b1:ee:4e:58:5a:a5:fa:9a:dd:6e:71:8d:9b:93:
                    86:bb:6c:1e:c4:e1:63:8e:44:b8:47:53:65:70:21:
                    5d:cb:09:02:11:4a:bc:bd:d0:5d:c6:63:0b:09:19:
                    54:94:da:26:40:3f:c2:d2:33:b3:07:f9:f9:fd:cd:
                    d2:d7:b8:1e:a9:74:89:09:81:3a:ec:14:c1:14:e1:
                    0a:22:47:7b:56:44:66:8b:41:40:25:c6:32:40:17:
                    67:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:36:67:26:91:37:AE:4E:B1:32:A6:02:B4:66:23:4E:F1:F0:5D:31
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/BzZnJpE3rk6xMqYCtGYjTvHwXTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.32.0/24
                  163.5.94.0/23
                  163.5.113.0/24
                  163.5.116.0/24
                  163.5.127.0/24
                  163.5.132.0/23
                  163.5.135.0-163.5.137.255
                  163.5.143.0/24
                  163.5.184.0/24
                  163.5.195.0-163.5.197.255
                  163.5.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:c3:65:ac:f2:d6:3d:ea:cf:87:73:69:90:79:c7:61:06:a5:
         f5:ef:82:f1:48:fa:43:1f:26:73:e8:76:e9:a6:bc:c0:65:5f:
         e4:54:55:ab:55:d3:0f:47:4c:61:9a:af:38:a9:c7:66:68:8c:
         1e:ec:66:ff:81:c3:fa:10:64:29:f3:d4:fa:c5:f0:9f:8b:5a:
         fd:2e:4b:96:09:84:38:ee:f2:09:75:4f:84:92:7f:5e:89:3a:
         49:60:c8:ff:d9:a9:89:48:81:fd:6f:fb:5e:8e:b9:a2:21:a0:
         3e:62:d9:d7:d1:f8:99:cf:6f:21:c8:30:a3:70:77:d2:aa:48:
         09:7a:5e:b6:3d:b8:1b:f4:c8:ef:1b:37:9b:1a:52:bb:3b:4a:
         33:9b:7c:88:6a:b4:ad:c7:39:43:7f:5b:83:38:8c:e8:b1:0b:
         7a:11:fd:fb:ef:c9:83:3f:55:17:4a:20:e6:ef:7e:42:c3:d8:
         01:87:09:35:3c:17:34:be:89:07:51:9f:4f:aa:7b:e8:19:4c:
         b2:8e:4e:9e:5e:79:87:4b:7a:fe:c5:61:bc:8d:51:60:df:ad:
         ed:df:32:e6:04:d5:f8:a6:fc:19:33:71:3d:36:62:f0:3b:b3:
         90:67:35:fd:22:6a:b9:e7:f9:dc:95:93:7c:46:f9:1c:0b:41:
         7c:04:99:0d
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYQTRJPAE76618uQhXNXsrDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMDI2MDc0OTMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzM2NjcyNjkxMzdhZTRlYjEzMmE2MDJiNDY2MjM0ZWYxZjA1ZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNZCyDAyb0sLRw6H26pqXFiCu0z3
ZC5n6yIf93rlYet80krWXj0bz15ZukRmr3f2d4aFk3ww3cOFMkoq0yw7Zu04jhXb
a+XMWSX7VO9lroBCoWeJyL7IK5XcEsfhDJtQIMmmsI4KWrt+xceJLR7ju1c/hI2k
6BUZf/eUOdw8y/DYH2ShPptK/+3Xr9iqPiRjnsSdNM/VeAeEJeFafgeiAA7Vf+6P
se5OWFql+prdbnGNm5OGu2wexOFjjkS4R1NlcCFdywkCEUq8vdBdxmMLCRlUlNom
QD/C0jOzB/n5/c3S17geqXSJCYE67BTBFOEKIkd7VkRmi0FAJcYyQBdnzwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFAc2ZyaRN65OsTKmArRmI07x8F0xMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQnpabkpwRTNyazZ4TXFZQ3RHWWpUdkh3WFRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAowUgAwQB
owVeAwQAowVxAwQAowV0AwQAowV/AwQBowWEMAwDBACjBYcDBAGjBYgDBACjBY8D
BACjBbgwDAMEAKMFwwMEAaMFxAMEAKMF8TANBgkqhkiG9w0BAQsFAAOCAQEAhMNl
rPLWPerPh3NpkHnHYQal9e+C8Uj6Qx8mc+h26aa8wGVf5FRVq1XTD0dMYZqvOKnH
ZmiMHuxm/4HD+hBkKfPU+sXwn4ta/S5LlgmEOO7yCXVPhJJ/Xok6SWDI/9mpiUiB
/W/7Xo65oiGgPmLZ19H4mc9vIcgwo3B30qpICXpetj24G/TI7xs3mxpSuztKM5t8
iGq0rcc5Q39bgziM6LELehH9++/Jgz9VF0og5u9+QsPYAYcJNTwXNL6JB1GfT6p7
6BlMso5Onl55h0t6/sVhvI1RYN+t7d8y5gTV+Kb8GTNxPTZi8DuzkGc1/SJquef5
3JWTfEb5HAtBfASZDQ==
-----END CERTIFICATE-----