Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/n3GhNQ3YGyannfr2jFa-3q2-ikA.roa
File:                     n3GhNQ3YGyannfr2jFa-3q2-ikA.roa (raw, json)
Hash identifier:          WZxy8R4LUvSJ6Pi21b4QcIMyvVse83sP4zbFoug/BzM=
Subject key identifier:   9F:71:A1:35:0D:D8:1B:26:A7:9D:FA:F6:8C:56:BE:DE:AD:BE:8A:40
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       1AAC3015
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/n3GhNQ3YGyannfr2jFa-3q2-ikA.roa
Signing time:             Thu 21 Apr 2022 08:56:24 +0000
ROA not before:           Thu 21 Apr 2022 08:56:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8708
IP address blocks:        193.231.227.0/24 maxlen: 24
                          193.231.233.0/24 maxlen: 24
                          80.96.79.0/24 maxlen: 24
                          193.231.236.0/24 maxlen: 24
                          193.231.238.0/24 maxlen: 24
                          193.231.252.0/24 maxlen: 24
                          193.231.184.0/24 maxlen: 24
                          193.231.187.0/24 maxlen: 24
                          193.231.188.0/24 maxlen: 24
                          193.231.189.0/24 maxlen: 24
                          194.102.134.0/24 maxlen: 24
                          80.97.149.0/24 maxlen: 24
                          80.97.147.0/24 maxlen: 24
                          80.97.148.0/24 maxlen: 24
                          193.226.116.0/24 maxlen: 24
                          81.181.128.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 447492117 (0x1aac3015)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Apr 21 08:56:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9f71a1350dd81b26a79dfaf68c56bedeadbe8a40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:88:f0:d0:f9:be:0e:6c:9c:98:f5:01:1b:17:
                    47:12:ce:13:73:72:eb:ae:a7:7e:4f:c2:5a:1a:f5:
                    db:04:e0:d2:25:62:fe:bf:50:2d:7d:ca:45:7d:16:
                    8c:d2:e6:62:07:9f:15:a0:19:2e:dc:8c:30:cd:ee:
                    0c:30:8e:5f:e4:4a:23:f4:1b:60:41:b8:2c:2f:9e:
                    b7:9f:99:d6:2b:31:07:9e:f3:4c:7e:e6:29:1f:f5:
                    e5:33:a2:8d:49:62:c8:44:93:b9:7f:7c:25:2c:e6:
                    dd:ed:c2:a4:03:27:9a:50:78:60:30:c5:19:29:1f:
                    2b:b5:73:6d:19:76:bb:7a:d6:d9:b2:59:1a:76:95:
                    d2:2e:70:af:c0:b8:33:69:0f:68:0d:0e:97:20:3a:
                    d3:02:93:a3:de:8d:d5:39:12:bf:8b:ad:70:b1:ba:
                    4d:9a:22:87:b4:a0:2e:1e:7a:76:58:58:75:0d:30:
                    a6:57:cd:fb:41:f0:a2:18:87:5f:5e:46:eb:8f:36:
                    05:4e:21:28:83:d8:81:40:54:6d:70:e0:33:f6:73:
                    36:ea:04:09:c2:24:e8:63:6c:02:48:c7:97:4c:05:
                    4b:8f:e5:a8:9e:23:a3:ee:ac:ee:9e:cc:1d:11:ca:
                    95:30:df:e5:36:a8:5d:ff:dd:14:cb:ab:14:cd:6f:
                    d8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:71:A1:35:0D:D8:1B:26:A7:9D:FA:F6:8C:56:BE:DE:AD:BE:8A:40
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/n3GhNQ3YGyannfr2jFa-3q2-ikA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.79.0/24
                  80.97.147.0-80.97.149.255
                  81.181.128.0/24
                  193.226.116.0/24
                  193.231.184.0/24
                  193.231.187.0-193.231.189.255
                  193.231.227.0/24
                  193.231.233.0/24
                  193.231.236.0/24
                  193.231.238.0/24
                  193.231.252.0/24
                  194.102.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:4d:ac:31:23:86:87:d1:66:37:1a:86:9d:ad:66:78:5d:fd:
         69:4f:72:15:c7:34:83:7b:80:f3:45:e8:f5:de:f8:7a:f5:2c:
         31:ce:eb:e0:ca:61:e1:37:54:7b:7b:fd:b7:b9:fd:c8:91:d1:
         9a:1f:69:f0:2d:69:5d:f5:0c:9c:ad:9c:b2:f5:4f:2d:1a:04:
         44:5b:c0:a0:3b:91:9e:4a:2c:d3:61:3e:5f:e6:57:3f:7a:1d:
         59:ef:78:64:59:7c:e4:8c:5b:5f:b2:72:3a:5f:29:5d:37:60:
         ad:57:00:2f:15:00:17:a9:31:cb:c8:b7:0a:88:63:c7:0b:35:
         5d:ff:27:a2:7e:e1:bd:d5:65:4c:57:97:43:df:19:f2:3a:f6:
         88:ee:5c:74:7c:9a:1d:ed:57:ce:ec:41:36:e4:d5:94:40:90:
         e3:98:0d:2f:34:e7:3f:05:84:f7:3c:cb:04:c8:d1:8c:26:02:
         96:74:97:ee:9e:81:e0:ef:58:42:cc:06:6f:79:03:17:48:61:
         45:c9:7c:75:48:11:96:71:0b:8c:21:75:22:4c:10:31:9f:dd:
         5e:65:4f:32:ed:41:bb:2f:fe:7f:f3:2b:54:d1:07:6d:88:9d:
         59:b3:f1:05:86:02:45:b5:f3:69:72:db:dc:11:df:f9:c6:66:
         7c:6f:6e:ad
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgIEGqwwFTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
MTgzNzg1OTE2Y2Q5OGQ3Yzc3MGQ2ODUxNDU0OTlhOGEwYTE1NzIyMB4XDTIyMDQy
MTA4NTYyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWY3MWExMzUwZGQ4
MWIyNmE3OWRmYWY2OGM1NmJlZGVhZGJlOGE0MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALmI8ND5vg5snJj1ARsXRxLOE3Ny666nfk/CWhr12wTg0iVi
/r9QLX3KRX0WjNLmYgefFaAZLtyMMM3uDDCOX+RKI/QbYEG4LC+et5+Z1isxB57z
TH7mKR/15TOijUliyESTuX98JSzm3e3CpAMnmlB4YDDFGSkfK7VzbRl2u3rW2bJZ
GnaV0i5wr8C4M2kPaA0OlyA60wKTo96N1TkSv4utcLG6TZoih7SgLh56dlhYdQ0w
plfN+0HwohiHX15G6482BU4hKIPYgUBUbXDgM/ZzNuoECcIk6GNsAkjHl0wFS4/l
qJ4jo+6s7p7MHRHKlTDf5TaoXf/dFMurFM1v2PUCAwEAAaOCAlswggJXMB0GA1Ud
DgQWBBSfcaE1DdgbJqed+vaMVr7erb6KQDAfBgNVHSMEGDAWgBQxg3hZFs2Y18dw
1oUUVJmooKFXIjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L01ZTjRXUmJObU5mSGNOYUZGRlNacUtDaFZ5SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTUvNzE5M2RiLTdmODUtNDJiYi1iMDlhLWY1MmM0N2MyMjVkYi8x
L24zR2hOUTNZR3lhbm5mcjJqRmEtM3EyLWlrQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTUv
NzE5M2RiLTdmODUtNDJiYi1iMDlhLWY1MmM0N2MyMjVkYi8xL01ZTjRXUmJObU5m
SGNOYUZGRlNacUtDaFZ5SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBx
BggrBgEFBQcBBwEB/wRiMGAwXgQCAAEwWAMEAFBgTzAMAwQAUGGTAwQBUGGUAwQA
UbWAAwQAweJ0AwQAwee4MAwDBADB57sDBAHB57wDBADB5+MDBADB5+kDBADB5+wD
BADB5+4DBADB5/wDBADCZoYwDQYJKoZIhvcNAQELBQADggEBAJFNrDEjhofRZjca
hp2tZnhd/WlPchXHNIN7gPNF6PXe+Hr1LDHO6+DKYeE3VHt7/be5/ciR0ZofafAt
aV31DJytnLL1Ty0aBERbwKA7kZ5KLNNhPl/mVz96HVnveGRZfOSMW1+ycjpfKV03
YK1XAC8VABepMcvItwqIY8cLNV3/J6J+4b3VZUxXl0PfGfI69ojuXHR8mh3tV87s
QTbk1ZRAkOOYDS805z8FhPc8ywTI0YwmApZ0l+6egeDvWELMBm95AxdIYUXJfHVI
EZZxC4whdSJMEDGf3V5lTzLtQbsv/n/zK1TRB22InVmz8QWGAkW182ly29wR3/nG
Znxvbq0=
-----END CERTIFICATE-----