Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/aBQc4QgG3OctMe3IQDB37HmLOb0.roa
File:                     aBQc4QgG3OctMe3IQDB37HmLOb0.roa (raw, json)
Hash identifier:          cIDpWuSIKntQDZwTxH07jUD4w1N8cTt4X+G8CzuWpCw=
Subject key identifier:   68:14:1C:E1:08:06:DC:E7:2D:31:ED:C8:40:30:77:EC:79:8B:39:BD
Certificate issuer:       /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial:       018AD6822213DFEB1D1B118A7DCDA26E26D9
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/aBQc4QgG3OctMe3IQDB37HmLOb0.roa
Signing time:             Wed 27 Sep 2023 11:59:27 +0000
ROA not before:           Wed 27 Sep 2023 11:59:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     137502
IP address blocks:        213.248.219.0/24 maxlen: 24
                          213.248.218.0/24 maxlen: 24
                          213.248.217.0/24 maxlen: 24
                          213.248.216.0/24 maxlen: 24
                          213.248.254.0/24 maxlen: 24
                          213.248.255.0/24 maxlen: 24
                          2a01:618:405::/48 maxlen: 48
                          2a01:618:400::/48 maxlen: 48
                          2a01:618:403::/48 maxlen: 48
                          2a01:618:404::/48 maxlen: 48
                          2a01:618:407::/48 maxlen: 48
                          2a01:618:402::/48 maxlen: 48
                          2a01:618:406::/48 maxlen: 48
                          2a01:618:401::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d6:82:22:13:df:eb:1d:1b:11:8a:7d:cd:a2:6e:26:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
        Validity
            Not Before: Sep 27 11:59:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=68141ce10806dce72d31edc8403077ec798b39bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f4:61:c6:3a:9a:61:93:ab:50:5b:3f:dd:2e:
                    fb:54:4b:a4:27:7a:11:09:ea:b9:97:0b:60:ec:81:
                    ab:c1:b1:6b:a8:86:02:96:8b:2c:cd:2d:42:dd:64:
                    48:d2:c2:ac:d9:9a:72:e0:61:f7:6a:f3:f8:70:c5:
                    61:07:a3:3d:c9:0c:4d:d7:bf:27:57:a4:82:88:28:
                    9d:ac:60:f4:56:8a:3b:c4:5c:a1:5c:7e:2c:54:de:
                    3c:9d:47:22:e5:b5:8d:49:db:af:aa:59:48:60:07:
                    28:94:8a:ce:86:04:c4:70:bd:27:1d:fe:ca:c7:24:
                    8a:28:e5:06:3e:0e:02:39:32:b5:24:a3:0e:dd:a5:
                    58:ce:fd:0e:fb:ef:e4:33:b4:2a:7d:2c:f3:3f:0e:
                    9c:e5:89:43:c9:d1:6c:1e:03:5c:50:27:c4:ef:35:
                    0d:33:88:43:49:a0:32:77:95:91:84:23:0d:02:60:
                    14:27:10:69:51:c8:64:9b:c6:31:a6:6e:e6:d3:43:
                    ce:4f:a5:48:35:48:d4:3d:36:e3:e4:4b:51:39:47:
                    f7:be:56:4b:69:86:d4:4a:05:82:e3:50:3c:82:01:
                    85:5e:50:3e:17:f6:36:94:36:c2:d1:c0:96:94:0e:
                    86:1d:87:fc:a6:2b:2b:17:f4:60:14:09:e1:49:11:
                    18:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:14:1C:E1:08:06:DC:E7:2D:31:ED:C8:40:30:77:EC:79:8B:39:BD
            X509v3 Authority Key Identifier:
                keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/aBQc4QgG3OctMe3IQDB37HmLOb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.248.216.0/22
                  213.248.254.0/23
                IPv6:
                  2a01:618:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         23:a3:cd:7f:3e:57:16:b5:f7:c2:0e:8b:17:d7:6d:2f:47:76:
         ce:e1:f6:58:1c:16:35:e1:ab:be:a5:fc:68:18:b7:9e:32:14:
         9a:be:51:a6:db:f8:f4:9c:40:05:6b:77:4c:72:0d:55:ea:49:
         93:f5:40:05:98:d4:28:ff:4e:41:ba:3a:d4:d3:cd:eb:fe:8b:
         33:be:7d:04:35:bb:88:78:af:07:f9:71:4c:8a:9e:49:65:62:
         2c:fe:5f:62:a7:3a:9a:08:5f:a5:fe:13:68:ba:a1:29:3b:55:
         40:21:7b:e5:04:37:53:b9:e6:ec:b8:e2:46:6e:e3:69:dc:fd:
         e3:fb:1b:b3:1c:f3:0c:0a:5d:72:e2:7f:8c:82:a5:5c:ad:f3:
         ef:05:87:9f:66:fa:f8:d9:d1:df:fd:31:54:96:97:13:44:be:
         16:9e:ad:fe:29:8e:57:22:1f:11:fa:72:b5:f2:fd:d2:7d:df:
         1e:d3:bc:4b:e4:2d:fc:b0:5a:96:23:a6:d3:a9:5a:c9:bc:c8:
         90:15:80:dd:8d:c2:c5:3d:82:46:25:cd:22:47:4b:fa:5c:c4:
         32:0f:12:47:cd:b0:72:cb:2b:31:21:2e:c4:ec:49:7c:a6:1b:
         cb:5c:36:14:10:f8:94:77:98:50:27:d1:34:ea:7f:fb:f1:eb:
         85:67:6e:80
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYrWgiIT3+sdGxGKfc2ibibZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjMwOTI3MTE1OTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODE0MWNlMTA4MDZkY2U3MmQzMWVkYzg0MDMwNzdlYzc5OGIzOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvRhxjqaYZOrUFs/3S77VEukJ3oR
Ceq5lwtg7IGrwbFrqIYClosszS1C3WRI0sKs2Zpy4GH3avP4cMVhB6M9yQxN178n
V6SCiCidrGD0Voo7xFyhXH4sVN48nUci5bWNSduvqllIYAcolIrOhgTEcL0nHf7K
xySKKOUGPg4COTK1JKMO3aVYzv0O++/kM7QqfSzzPw6c5YlDydFsHgNcUCfE7zUN
M4hDSaAyd5WRhCMNAmAUJxBpUchkm8Yxpm7m00POT6VINUjUPTbj5EtROUf3vlZL
aYbUSgWC41A8ggGFXlA+F/Y2lDbC0cCWlA6GHYf8pisrF/RgFAnhSREYpwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGgUHOEIBtznLTHtyEAwd+x5izm9MB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvYUJRYzRRZ0czT2N0TWUzSVFEQjM3SG1MT2IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQC1fjYAwQB
1fj+MA8EAgACMAkDBwMqAQYYBAAwDQYJKoZIhvcNAQELBQADggEBACOjzX8+Vxa1
98IOixfXbS9Hds7h9lgcFjXhq76l/GgYt54yFJq+Uabb+PScQAVrd0xyDVXqSZP1
QAWY1Cj/TkG6OtTTzev+izO+fQQ1u4h4rwf5cUyKnkllYiz+X2KnOpoIX6X+E2i6
oSk7VUAhe+UEN1O55uy44kZu42nc/eP7G7Mc8wwKXXLif4yCpVyt8+8Fh59m+vjZ
0d/9MVSWlxNEvhaerf4pjlciHxH6crXy/dJ93x7TvEvkLfywWpYjptOpWsm8yJAV
gN2NwsU9gkYlzSJHS/pcxDIPEkfNsHLLKzEhLsTsSXymG8tcNhQQ+JR3mFAn0TTq
f/vx64VnboA=
-----END CERTIFICATE-----