Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/C9RNYJ1NW3duryaENcRSjLrq2so.roa
File:                     C9RNYJ1NW3duryaENcRSjLrq2so.roa (raw, json)
Hash identifier:          QADzOVXEEmtlqt94SPpk8e2VJTuLE1tpQssL2cYS0yo=
Subject key identifier:   0B:D4:4D:60:9D:4D:5B:77:6E:AF:26:84:35:C4:52:8C:BA:EA:DA:CA
Certificate issuer:       /CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
Certificate serial:       018369BB565CD2C1ADB6A18B8CB7CB01404B
Authority key identifier: 58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/C9RNYJ1NW3duryaENcRSjLrq2so.roa
Signing time:             Fri 23 Sep 2022 09:43:48 +0000
ROA not before:           Fri 23 Sep 2022 09:43:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35228
IP address blocks:        82.132.138.0/23 maxlen: 24
                          82.132.216.0/22 maxlen: 24
                          82.132.220.0/22 maxlen: 24
                          82.132.224.0/22 maxlen: 24
                          82.132.232.0/22 maxlen: 24
                          82.132.228.0/22 maxlen: 24
                          82.132.164.0/23 maxlen: 24
                          82.132.162.0/23 maxlen: 24
                          82.132.160.0/23 maxlen: 24
                          82.132.172.0/23 maxlen: 24
                          82.132.168.0/23 maxlen: 24
                          82.132.166.0/23 maxlen: 24
                          82.132.174.0/23 maxlen: 24
                          82.132.184.0/22 maxlen: 24
                          82.132.182.0/23 maxlen: 24
                          82.132.180.0/23 maxlen: 24
                          82.132.199.0/24 maxlen: 24
                          82.132.212.0/22 maxlen: 24
                          82.132.210.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:69:bb:56:5c:d2:c1:ad:b6:a1:8b:8c:b7:cb:01:40:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
        Validity
            Not Before: Sep 23 09:43:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0bd44d609d4d5b776eaf268435c4528cbaeadaca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ef:f7:de:d1:c7:32:99:83:09:39:ef:4a:85:
                    a7:f1:02:2f:18:20:35:ce:43:6c:45:a3:37:14:d0:
                    6b:28:91:20:02:df:70:ae:ea:ad:b9:e0:52:c7:91:
                    b4:62:b8:9c:b9:c4:28:8d:5c:4b:e1:02:68:cc:cd:
                    2d:f1:ee:db:80:ee:17:85:6e:35:5c:58:e8:c6:c5:
                    01:a4:4f:4d:2d:42:f9:fc:ca:e6:64:d3:9f:a8:b7:
                    25:a0:9f:b9:9a:ec:16:9d:54:f5:5b:cc:11:57:ed:
                    60:b4:f4:6f:31:79:45:f5:51:fd:67:da:ac:0c:70:
                    a3:0d:49:f7:f3:29:74:a5:1d:3a:00:7e:ac:76:52:
                    16:cf:49:ea:4e:01:f6:d8:84:82:1b:e5:f2:3d:b8:
                    c7:63:a3:b3:b5:39:20:a7:d0:12:00:5e:61:1b:d5:
                    81:6b:f6:dd:ef:e4:7b:af:95:cc:fc:e3:9c:b8:4f:
                    70:40:3c:ae:81:99:33:38:3f:0e:33:6d:16:79:f5:
                    f1:ed:ac:00:e7:4d:78:52:6e:76:54:2f:bd:8b:f3:
                    4f:7d:e7:1d:79:df:d6:45:a5:2a:6d:c5:fe:22:fe:
                    82:3e:af:77:54:4a:4f:e7:dc:76:61:41:e5:18:2a:
                    03:fb:7d:c5:7c:47:ce:36:f5:1c:83:4e:09:4e:6d:
                    9c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:D4:4D:60:9D:4D:5B:77:6E:AF:26:84:35:C4:52:8C:BA:EA:DA:CA
            X509v3 Authority Key Identifier:
                keyid:58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/C9RNYJ1NW3duryaENcRSjLrq2so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.132.138.0/23
                  82.132.160.0-82.132.169.255
                  82.132.172.0/22
                  82.132.180.0-82.132.187.255
                  82.132.199.0/24
                  82.132.210.0-82.132.235.255

    Signature Algorithm: sha256WithRSAEncryption
         71:a1:23:79:90:c2:83:c3:2f:80:7b:10:f7:96:c1:6f:a9:a2:
         28:47:70:04:39:cb:76:79:e3:ea:6c:94:0c:fe:42:9f:44:0f:
         36:cc:68:b3:49:19:03:c4:46:4b:c2:76:b4:6e:e0:d1:18:4b:
         36:0d:f8:00:be:c1:3f:27:3c:d2:1d:0c:96:e0:da:15:05:46:
         71:8a:74:7f:4a:5b:fa:b0:f9:08:bc:18:6a:44:55:b6:ec:ba:
         a0:4f:13:00:bd:59:3a:b6:f8:0b:1e:ff:ea:ae:6d:73:58:13:
         f8:a6:c2:10:fa:70:61:9e:c0:76:97:85:12:b7:d6:be:2c:7e:
         4c:86:5c:37:77:6b:93:b0:69:5a:c5:8c:65:89:64:dd:6e:81:
         f3:73:35:34:2b:04:4e:22:28:5b:c0:df:80:18:b3:22:c4:74:
         bb:d2:42:40:fc:f8:cc:28:21:c4:ac:39:1b:2c:a7:a9:2e:cd:
         4e:ab:2c:a8:67:9e:84:74:30:da:44:c4:89:b9:11:65:07:5b:
         7a:f7:ae:42:a0:7d:57:dc:18:9d:bd:de:37:9d:97:10:40:05:
         c7:93:c5:ab:91:2f:fb:f5:bd:c5:a1:31:09:66:b9:88:44:36:
         de:15:c9:c3:f2:a2:f6:cd:0c:eb:af:b6:2a:54:92:f4:c3:ba:
         18:68:0b:2d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYNpu1Zc0sGttqGLjLfLAUBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjI5ZTdiOGEwZGRiOWMzNmM2ZTBlM2Y0OTU3NzgxN2Iw
ZWEzYTYwHhcNMjIwOTIzMDk0MzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmQ0NGQ2MDlkNGQ1Yjc3NmVhZjI2ODQzNWM0NTI4Y2JhZWFkYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/33tHHMpmDCTnvSoWn8QIvGCA1
zkNsRaM3FNBrKJEgAt9wruqtueBSx5G0YricucQojVxL4QJozM0t8e7bgO4XhW41
XFjoxsUBpE9NLUL5/MrmZNOfqLcloJ+5muwWnVT1W8wRV+1gtPRvMXlF9VH9Z9qs
DHCjDUn38yl0pR06AH6sdlIWz0nqTgH22ISCG+XyPbjHY6OztTkgp9ASAF5hG9WB
a/bd7+R7r5XM/OOcuE9wQDyugZkzOD8OM20WefXx7awA5014Um52VC+9i/NPfecd
ed/WRaUqbcX+Iv6CPq93VEpP59x2YUHlGCoD+33FfEfONvUcg04JTm2cVwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFAvUTWCdTVt3bq8mhDXEUoy66trKMB8GA1UdIwQY
MBaAFFiynnuKDducNsbg4/SVd4F7DqOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUt
ZWU3M2ZlMjFlZDIzLzEvQzlSTllKMU5XM2R1cnlhRU5jUlNqTHJxMnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUtZWU3M2ZlMjFlZDIz
LzEvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBUoSKMAwD
BAVShKADBAFShKgDBAJShKwwDAMEAlKEtAMEAlKEuAMEAFKExzAMAwQBUoTSAwQC
UoToMA0GCSqGSIb3DQEBCwUAA4IBAQBxoSN5kMKDwy+AexD3lsFvqaIoR3AEOct2
eePqbJQM/kKfRA82zGizSRkDxEZLwna0buDRGEs2DfgAvsE/JzzSHQyW4NoVBUZx
inR/Slv6sPkIvBhqRFW27LqgTxMAvVk6tvgLHv/qrm1zWBP4psIQ+nBhnsB2l4US
t9a+LH5Mhlw3d2uTsGlaxYxliWTdboHzczU0KwROIihbwN+AGLMixHS70kJA/PjM
KCHErDkbLKepLs1OqyyoZ56EdDDaRMSJuRFlB1t6965CoH1X3Bidvd43nZcQQAXH
k8WrkS/79b3FoTEJZrmIRDbeFcnD8qL2zQzrr7YqVJL0w7oYaAst
-----END CERTIFICATE-----