Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/EIg9Xt8TfP0Y0p1RfasBCPwZt68.roa
File:                     EIg9Xt8TfP0Y0p1RfasBCPwZt68.roa (raw, json)
Hash identifier:          ZdOrRbUycJxZvSxYMPNnyHJwaoPP8V24HjAsAdfTXmA=
Subject key identifier:   10:88:3D:5E:DF:13:7C:FD:18:D2:9D:51:7D:AB:01:08:FC:19:B7:AF
Certificate issuer:       /CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
Certificate serial:       01836947FAE0DA051427630C9A06366D13A3
Authority key identifier: 58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/EIg9Xt8TfP0Y0p1RfasBCPwZt68.roa
Signing time:             Fri 23 Sep 2022 07:37:48 +0000
ROA not before:           Fri 23 Sep 2022 07:37:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35228
IP address blocks:        82.132.138.0/23 maxlen: 24
                          82.132.216.0/22 maxlen: 24
                          82.132.220.0/22 maxlen: 24
                          82.132.164.0/23 maxlen: 24
                          82.132.162.0/23 maxlen: 24
                          82.132.160.0/23 maxlen: 24
                          82.132.172.0/23 maxlen: 24
                          82.132.168.0/23 maxlen: 24
                          82.132.166.0/23 maxlen: 24
                          82.132.174.0/23 maxlen: 24
                          82.132.184.0/22 maxlen: 24
                          82.132.182.0/23 maxlen: 24
                          82.132.180.0/23 maxlen: 24
                          82.132.199.0/24 maxlen: 24
                          82.132.212.0/22 maxlen: 24
                          82.132.210.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:69:47:fa:e0:da:05:14:27:63:0c:9a:06:36:6d:13:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
        Validity
            Not Before: Sep 23 07:37:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=10883d5edf137cfd18d29d517dab0108fc19b7af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4b:79:80:fd:6d:43:24:33:ee:cd:dc:70:55:
                    49:f8:77:27:80:00:67:ba:fe:8d:92:65:21:de:be:
                    01:42:5d:21:9c:03:fd:4e:3e:76:64:38:03:a4:25:
                    c2:82:b9:5a:7d:8f:37:1c:89:98:0f:a4:fb:34:fb:
                    17:65:45:a6:cf:dc:2f:ea:76:32:6a:e1:32:7b:dc:
                    29:d5:20:94:ef:1c:ad:41:f0:be:c5:78:c8:52:5b:
                    dc:29:69:4d:01:3a:13:70:04:76:44:43:a3:47:22:
                    5c:a1:8b:dc:fd:13:b3:b4:eb:0f:f9:15:a0:f8:9b:
                    49:92:50:65:f8:e5:95:60:e1:1e:2e:b0:48:99:b6:
                    34:52:fe:d7:a3:a1:20:d3:35:45:94:ca:6d:e8:d0:
                    d2:a7:d0:a8:d3:6e:8e:da:01:ab:09:a1:85:39:35:
                    b4:5f:f0:c1:c3:5b:97:db:48:ab:c4:c9:17:da:8f:
                    fb:ac:dd:2e:04:cf:b4:8b:83:b5:70:a8:50:b7:74:
                    6f:c6:7d:8f:3e:60:b9:4a:0c:d0:d9:63:fe:7d:6a:
                    be:3b:a4:99:04:5f:55:eb:bc:ee:74:5e:ba:ea:e9:
                    d2:6a:9b:13:2c:4b:b3:d2:1c:64:6c:5f:fe:03:f7:
                    94:d9:b5:0d:84:50:26:54:a7:74:e8:7d:25:47:48:
                    c8:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:88:3D:5E:DF:13:7C:FD:18:D2:9D:51:7D:AB:01:08:FC:19:B7:AF
            X509v3 Authority Key Identifier:
                keyid:58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/EIg9Xt8TfP0Y0p1RfasBCPwZt68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.132.138.0/23
                  82.132.160.0-82.132.169.255
                  82.132.172.0/22
                  82.132.180.0-82.132.187.255
                  82.132.199.0/24
                  82.132.210.0-82.132.223.255

    Signature Algorithm: sha256WithRSAEncryption
         0b:85:18:c4:e7:b6:9d:a5:88:78:73:ce:9e:04:c5:dd:d1:50:
         08:b2:b9:8f:91:ec:72:76:9f:4f:bb:4d:06:13:0e:d8:a7:90:
         a0:0b:31:30:85:41:05:92:ea:72:81:d1:5d:bd:af:42:5a:bd:
         2c:09:0a:1b:72:22:da:ad:38:64:20:82:49:ce:ec:bb:09:23:
         6a:39:24:e6:91:fc:11:57:60:32:5b:4a:98:6d:61:1c:c0:32:
         46:00:49:c8:9e:93:a6:22:45:b2:0c:bc:a5:13:0d:fc:fa:56:
         37:06:56:65:f6:79:fd:3c:e7:f6:0e:63:5a:2f:3d:0f:47:20:
         64:12:03:f5:f7:66:db:30:be:3f:32:e2:da:51:d4:3b:07:21:
         f4:54:ff:dc:44:d8:1d:fc:fa:f6:41:d1:24:cc:32:51:17:b6:
         7a:2a:bb:f9:d2:e7:20:29:d3:1e:15:4c:32:55:31:b5:3a:8c:
         ec:21:83:ba:d3:46:50:a5:ac:b5:9d:71:34:37:52:65:0b:c9:
         fc:4d:3d:16:f5:bd:d6:74:13:2a:60:a4:2e:c9:e8:3b:a9:fe:
         ea:89:53:2a:db:9b:4c:c6:b6:5b:34:54:c6:c4:e4:e6:82:30:
         3d:aa:39:49:d9:97:76:3d:98:e5:7c:e8:15:27:4e:60:b3:e1:
         b1:87:11:b6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYNpR/rg2gUUJ2MMmgY2bROjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjI5ZTdiOGEwZGRiOWMzNmM2ZTBlM2Y0OTU3NzgxN2Iw
ZWEzYTYwHhcNMjIwOTIzMDczNzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDg4M2Q1ZWRmMTM3Y2ZkMThkMjlkNTE3ZGFiMDEwOGZjMTliN2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEt5gP1tQyQz7s3ccFVJ+HcngABn
uv6NkmUh3r4BQl0hnAP9Tj52ZDgDpCXCgrlafY83HImYD6T7NPsXZUWmz9wv6nYy
auEye9wp1SCU7xytQfC+xXjIUlvcKWlNAToTcAR2REOjRyJcoYvc/ROztOsP+RWg
+JtJklBl+OWVYOEeLrBImbY0Uv7Xo6Eg0zVFlMpt6NDSp9Co026O2gGrCaGFOTW0
X/DBw1uX20irxMkX2o/7rN0uBM+0i4O1cKhQt3Rvxn2PPmC5SgzQ2WP+fWq+O6SZ
BF9V67zudF666unSapsTLEuz0hxkbF/+A/eU2bUNhFAmVKd06H0lR0jIUQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBCIPV7fE3z9GNKdUX2rAQj8GbevMB8GA1UdIwQY
MBaAFFiynnuKDducNsbg4/SVd4F7DqOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUt
ZWU3M2ZlMjFlZDIzLzEvRUlnOVh0OFRmUDBZMHAxUmZhc0JDUHdadDY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUtZWU3M2ZlMjFlZDIz
LzEvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBUoSKMAwD
BAVShKADBAFShKgDBAJShKwwDAMEAlKEtAMEAlKEuAMEAFKExzAMAwQBUoTSAwQF
UoTAMA0GCSqGSIb3DQEBCwUAA4IBAQALhRjE57adpYh4c86eBMXd0VAIsrmPkexy
dp9Pu00GEw7Yp5CgCzEwhUEFkupygdFdva9CWr0sCQobciLarThkIIJJzuy7CSNq
OSTmkfwRV2AyW0qYbWEcwDJGAEnInpOmIkWyDLylEw38+lY3BlZl9nn9POf2DmNa
Lz0PRyBkEgP192bbML4/MuLaUdQ7ByH0VP/cRNgd/Pr2QdEkzDJRF7Z6Krv50ucg
KdMeFUwyVTG1OozsIYO600ZQpay1nXE0N1JlC8n8TT0W9b3WdBMqYKQuyeg7qf7q
iVMq25tMxrZbNFTGxOTmgjA9qjlJ2Zd2PZjlfOgVJ05gs+GxhxG2
-----END CERTIFICATE-----