Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/beef2f-ec5a-49ff-975b-8d34f557822a/1/07POt23d3b2ZBm7quQOuH-d7d94.roa
File:                     07POt23d3b2ZBm7quQOuH-d7d94.roa (raw, json)
Hash identifier:          Cz+NzV50t5oDZLTBoFCykEUjx0C///u2+ePqhUx7r/Y=
Subject key identifier:   D3:B3:CE:B7:6D:DD:DD:BD:99:06:6E:EA:B9:03:AE:1F:E7:7B:77:DE
Certificate issuer:       /CN=9770bf2375d59ba81a9955c07a2f0a23264b61a8
Certificate serial:       018BCE933BA636F473393639742D4D9DB447
Authority key identifier: 97:70:BF:23:75:D5:9B:A8:1A:99:55:C0:7A:2F:0A:23:26:4B:61:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l3C_I3XVm6gamVXAei8KIyZLYag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/beef2f-ec5a-49ff-975b-8d34f557822a/1/07POt23d3b2ZBm7quQOuH-d7d94.roa
Signing time:             Tue 14 Nov 2023 16:03:57 +0000
ROA not before:           Tue 14 Nov 2023 16:03:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50964
IP address blocks:        194.59.39.0/24 maxlen: 24
                          194.0.93.0/24 maxlen: 24
                          194.0.94.0/24 maxlen: 24
                          194.0.95.0/24 maxlen: 24
                          194.0.92.0/24 maxlen: 24
                          194.76.38.0/23 maxlen: 23
                          194.0.92.0/22 maxlen: 22
                          194.59.38.0/24 maxlen: 24
                          194.59.36.0/24 maxlen: 24
                          194.59.36.0/22 maxlen: 22
                          194.59.37.0/24 maxlen: 24
                          91.205.76.0/22 maxlen: 22
                          195.189.92.0/22 maxlen: 22
                          195.189.92.0/24 maxlen: 24
                          195.189.93.0/24 maxlen: 24
                          195.189.94.0/24 maxlen: 24
                          195.189.95.0/24 maxlen: 24
                          194.127.180.0/24 maxlen: 24
                          2001:67c:2dac::/48 maxlen: 48
                          2001:67c:2da8::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ce:93:3b:a6:36:f4:73:39:36:39:74:2d:4d:9d:b4:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9770bf2375d59ba81a9955c07a2f0a23264b61a8
        Validity
            Not Before: Nov 14 16:03:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d3b3ceb76dddddbd99066eeab903ae1fe77b77de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8b:fa:5d:94:0c:85:b0:07:30:c5:64:c0:ac:
                    d2:66:6e:73:c0:b2:1e:50:e7:53:0d:b2:2b:c1:83:
                    c2:2f:75:e8:06:7d:f9:88:73:b2:e0:f8:ef:c3:3f:
                    76:74:bd:1e:b8:b9:fd:20:1f:74:42:e5:e7:7e:d3:
                    4d:7d:1c:66:a5:9b:e7:d6:d6:89:01:3a:da:d8:45:
                    a3:ae:80:f6:b0:4d:aa:09:b4:3e:f5:96:15:f6:31:
                    10:d5:ca:a1:5a:1b:fc:3d:35:7d:39:32:61:2a:ce:
                    b2:3a:62:19:b9:41:8f:e6:07:50:08:1f:c1:d2:92:
                    bd:94:ba:73:3f:10:08:02:45:80:44:da:67:0f:e9:
                    53:7a:99:d0:73:a0:61:a5:38:af:b3:1a:2a:b9:b8:
                    23:3e:7e:5a:15:d9:0e:c6:bf:dd:da:05:4d:ff:52:
                    93:0f:bd:dc:d8:77:87:60:ee:a2:6b:0f:b4:15:fc:
                    35:52:a7:98:32:d6:2c:34:5d:ad:4c:e0:64:55:64:
                    07:81:e9:82:56:32:89:a4:03:38:6b:44:93:3c:b9:
                    22:2d:0f:30:71:9b:13:2a:db:f2:76:96:6a:45:5f:
                    17:65:ba:66:96:88:92:d1:96:07:e3:72:4e:8c:8c:
                    53:9c:b1:6f:3a:97:01:8d:20:da:ba:15:60:36:ae:
                    31:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B3:CE:B7:6D:DD:DD:BD:99:06:6E:EA:B9:03:AE:1F:E7:7B:77:DE
            X509v3 Authority Key Identifier:
                keyid:97:70:BF:23:75:D5:9B:A8:1A:99:55:C0:7A:2F:0A:23:26:4B:61:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l3C_I3XVm6gamVXAei8KIyZLYag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/beef2f-ec5a-49ff-975b-8d34f557822a/1/07POt23d3b2ZBm7quQOuH-d7d94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/beef2f-ec5a-49ff-975b-8d34f557822a/1/l3C_I3XVm6gamVXAei8KIyZLYag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.76.0/22
                  194.0.92.0/22
                  194.59.36.0/22
                  194.76.38.0/23
                  194.127.180.0/24
                  195.189.92.0/22
                IPv6:
                  2001:67c:2da8::/48
                  2001:67c:2dac::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:85:63:d5:e2:7a:c2:a4:6b:28:ef:5d:dc:39:d5:aa:ee:4e:
         c8:d2:01:4f:93:9e:13:bf:39:ea:31:82:61:3c:eb:c0:c0:d6:
         28:34:59:fb:0a:0d:be:27:ff:a3:73:19:f6:3a:f0:2a:23:b7:
         0d:f4:7a:89:15:35:a9:7a:5c:2e:85:8e:38:a1:0b:64:9d:86:
         e0:1a:49:e5:92:57:da:7c:88:10:ca:d5:72:af:77:62:84:f1:
         21:5c:41:7e:82:40:5a:ff:9e:4f:24:d4:1f:2c:6a:18:a6:89:
         32:2c:5e:04:e6:95:d9:7d:ac:34:5e:92:0a:f2:11:bb:c0:0d:
         df:b7:6d:aa:c6:8a:66:3b:17:cd:4a:4e:e0:d6:91:8f:91:1e:
         b6:9f:a9:c8:20:43:63:32:32:61:b8:51:94:60:1b:3b:de:a2:
         7d:4a:9b:d9:81:d4:9a:42:dc:66:27:73:92:34:aa:36:41:70:
         f1:ec:f0:8c:e6:78:eb:93:c0:4e:ff:58:0c:d8:b7:92:60:1f:
         e4:4d:c6:48:e4:17:39:51:b7:21:a8:a5:a4:d5:d8:3a:f6:94:
         bd:65:13:b3:76:e0:df:cb:64:dc:43:dc:c8:44:5a:78:e8:4d:
         5d:52:b2:44:ec:15:60:68:b8:36:b4:fa:b8:42:9e:2d:45:4a:
         c5:41:07:b0
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYvOkzumNvRzOTY5dC1NnbRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NzBiZjIzNzVkNTliYTgxYTk5NTVjMDdhMmYwYTIzMjY0
YjYxYTgwHhcNMjMxMTE0MTYwMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2IzY2ViNzZkZGRkZGJkOTkwNjZlZWFiOTAzYWUxZmU3N2I3N2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4v6XZQMhbAHMMVkwKzSZm5zwLIe
UOdTDbIrwYPCL3XoBn35iHOy4Pjvwz92dL0euLn9IB90QuXnftNNfRxmpZvn1taJ
ATra2EWjroD2sE2qCbQ+9ZYV9jEQ1cqhWhv8PTV9OTJhKs6yOmIZuUGP5gdQCB/B
0pK9lLpzPxAIAkWARNpnD+lTepnQc6BhpTivsxoqubgjPn5aFdkOxr/d2gVN/1KT
D73c2HeHYO6iaw+0Ffw1UqeYMtYsNF2tTOBkVWQHgemCVjKJpAM4a0STPLkiLQ8w
cZsTKtvydpZqRV8XZbpmloiS0ZYH43JOjIxTnLFvOpcBjSDauhVgNq4xmwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNOzzrdt3d29mQZu6rkDrh/ne3feMB8GA1UdIwQY
MBaAFJdwvyN11ZuoGplVwHovCiMmS2GoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDNDX0kzWFZtNmdhbVZYQWVpOEtJeVpMWWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9iZWVmMmYtZWM1YS00OWZmLTk3NWIt
OGQzNGY1NTc4MjJhLzEvMDdQT3QyM2QzYjJaQm03cXVRT3VILWQ3ZDk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9iZWVmMmYtZWM1YS00OWZmLTk3NWItOGQzNGY1NTc4MjJh
LzEvbDNDX0kzWFZtNmdhbVZYQWVpOEtJeVpMWWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAqBAIAATAkAwQCW81MAwQC
wgBcAwQCwjskAwQBwkwmAwQAwn+0AwQCw71cMBgEAgACMBIDBwAgAQZ8LagDBwAg
AQZ8LawwDQYJKoZIhvcNAQELBQADggEBAFCFY9XiesKkayjvXdw51aruTsjSAU+T
nhO/OeoxgmE868DA1ig0WfsKDb4n/6NzGfY68Cojtw30eokVNal6XC6FjjihC2Sd
huAaSeWSV9p8iBDK1XKvd2KE8SFcQX6CQFr/nk8k1B8sahimiTIsXgTmldl9rDRe
kgryEbvADd+3barGimY7F81KTuDWkY+RHrafqcggQ2MyMmG4UZRgGzveon1Km9mB
1JpC3GYnc5I0qjZBcPHs8IzmeOuTwE7/WAzYt5JgH+RNxkjkFzlRtyGopaTV2Dr2
lL1lE7N24N/LZNxD3MhEWnjoTV1SskTsFWBouDa0+rhCni1FSsVBB7A=
-----END CERTIFICATE-----