Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/GD8QacnsPP-hO1kKcbTMwT4Poxk.roa
File:                     GD8QacnsPP-hO1kKcbTMwT4Poxk.roa (raw, json)
Hash identifier:          KAg8W17X1mKqLUBEDvXzGdLo39N6qWNnMDZZmoeRwg4=
Subject key identifier:   18:3F:10:69:C9:EC:3C:FF:A1:3B:59:0A:71:B4:CC:C1:3E:0F:A3:19
Certificate issuer:       /CN=37fb004e397ddf04e7d05f3643a036f21836ff10
Certificate serial:       01879EF978B7F1AA0DE3F0565A6168E5202B
Authority key identifier: 37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/GD8QacnsPP-hO1kKcbTMwT4Poxk.roa
Signing time:             Thu 20 Apr 2023 14:02:42 +0000
ROA not before:           Thu 20 Apr 2023 14:02:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29134
IP address blocks:        185.102.76.0/22 maxlen: 22
                          37.46.80.0/21 maxlen: 21
                          62.109.128.0/19 maxlen: 19
                          217.31.48.0/20 maxlen: 20
                          213.109.164.0/22 maxlen: 24
                          185.100.92.0/22 maxlen: 22
                          130.193.8.0/21 maxlen: 24
                          185.102.20.0/22 maxlen: 22
                          171.33.136.0/21 maxlen: 21
                          2a03:b780::/32 maxlen: 32
                          2a09:ec00::/29 maxlen: 29
                          2001:1ab0::/32 maxlen: 32
                          2a00:ca80::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9e:f9:78:b7:f1:aa:0d:e3:f0:56:5a:61:68:e5:20:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37fb004e397ddf04e7d05f3643a036f21836ff10
        Validity
            Not Before: Apr 20 14:02:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=183f1069c9ec3cffa13b590a71b4ccc13e0fa319
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6c:f7:e6:01:7c:a9:13:21:44:61:89:1d:93:
                    ca:86:33:e1:d2:eb:49:a0:af:0b:59:f2:b6:10:a5:
                    62:d2:2e:2f:9c:42:7e:9c:98:e8:5a:60:9e:68:78:
                    6d:ca:33:c0:7f:1b:0b:32:5e:f6:cb:e0:b7:b0:06:
                    12:dc:3c:18:49:8b:97:50:11:17:5c:e3:52:64:c8:
                    f0:f1:90:03:5a:4b:30:58:81:39:7e:82:78:67:9d:
                    65:02:e4:12:77:e3:ab:5c:97:76:2c:1f:5c:1c:9d:
                    2c:ce:d6:df:44:b7:51:cb:27:06:46:27:c0:ff:5e:
                    70:bc:e0:c7:03:29:47:2c:93:79:ac:a0:d3:89:f8:
                    76:72:8a:72:c4:e1:1e:4f:4d:25:79:65:ba:4f:a9:
                    e9:57:ed:f6:65:a3:c3:a5:fd:69:35:ed:6b:d9:09:
                    37:c0:19:9b:1d:d5:94:ea:60:02:3f:26:d8:16:34:
                    fc:91:41:a9:3d:03:f3:14:47:31:b1:68:7f:bf:22:
                    22:cd:ba:dc:fc:97:4c:75:7a:ef:dd:81:b9:3d:d9:
                    75:35:54:64:f6:bc:45:33:1f:2c:2a:30:78:5f:1b:
                    13:3c:28:99:dc:0d:50:60:08:a8:e6:ce:72:9f:5c:
                    47:26:c4:3c:cc:ce:da:6c:cf:d6:05:2b:9e:ee:82:
                    b2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:3F:10:69:C9:EC:3C:FF:A1:3B:59:0A:71:B4:CC:C1:3E:0F:A3:19
            X509v3 Authority Key Identifier:
                keyid:37:FB:00:4E:39:7D:DF:04:E7:D0:5F:36:43:A0:36:F2:18:36:FF:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_sATjl93wTn0F82Q6A28hg2_xA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/GD8QacnsPP-hO1kKcbTMwT4Poxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/742299-f343-4321-b351-b53b64cf0d95/1/N_sATjl93wTn0F82Q6A28hg2_xA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.80.0/21
                  62.109.128.0/19
                  130.193.8.0/21
                  171.33.136.0/21
                  185.100.92.0/22
                  185.102.20.0/22
                  185.102.76.0/22
                  213.109.164.0/22
                  217.31.48.0/20
                IPv6:
                  2001:1ab0::/32
                  2a00:ca80::/32
                  2a03:b780::/32
                  2a09:ec00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:2b:56:12:b0:f2:7d:0c:d7:0a:da:8c:7e:04:7f:d6:26:18:
         90:81:95:51:ed:51:40:7a:7d:6f:92:ab:f9:83:06:49:26:6f:
         45:d9:82:d5:7e:93:e0:89:da:59:f7:ea:f8:4c:d6:fb:37:68:
         b8:3c:db:fa:dc:4f:4c:e0:b6:88:78:f7:9a:43:dd:6d:a4:1d:
         54:7b:ac:df:d8:c9:f9:8c:4b:da:9c:a4:e5:e4:76:52:ba:66:
         40:f0:66:9a:1b:cd:8d:22:cc:dd:17:b0:ab:b7:6d:89:c2:18:
         6a:b1:c4:f0:e2:da:08:af:17:06:02:97:4b:cc:b6:06:52:5c:
         63:ff:84:83:18:e8:07:ee:84:00:22:01:0f:53:62:67:9b:3f:
         f4:ac:39:92:53:83:af:84:aa:eb:0f:96:d6:b7:0b:3e:a4:28:
         39:ab:40:16:88:ab:ce:77:5c:a6:42:12:81:82:8e:56:2d:ae:
         89:6f:4f:34:4c:af:34:c0:89:f5:23:c9:71:a1:ca:f3:a7:4b:
         3f:37:7f:33:ea:56:1c:53:c8:a2:d8:b6:55:5d:11:f3:dd:5f:
         68:a6:5f:cb:5c:f9:f3:78:31:d8:53:d7:5c:29:2b:b0:3c:d7:
         f9:28:4a:d7:c0:02:49:84:d2:47:3a:b8:a3:ca:6a:bd:dc:45:
         93:7a:82:de
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYee+Xi38aoN4/BWWmFo5SArMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmIwMDRlMzk3ZGRmMDRlN2QwNWYzNjQzYTAzNmYyMTgz
NmZmMTAwHhcNMjMwNDIwMTQwMjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODNmMTA2OWM5ZWMzY2ZmYTEzYjU5MGE3MWI0Y2NjMTNlMGZhMzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmz35gF8qRMhRGGJHZPKhjPh0utJ
oK8LWfK2EKVi0i4vnEJ+nJjoWmCeaHhtyjPAfxsLMl72y+C3sAYS3DwYSYuXUBEX
XONSZMjw8ZADWkswWIE5foJ4Z51lAuQSd+OrXJd2LB9cHJ0sztbfRLdRyycGRifA
/15wvODHAylHLJN5rKDTifh2copyxOEeT00leWW6T6npV+32ZaPDpf1pNe1r2Qk3
wBmbHdWU6mACPybYFjT8kUGpPQPzFEcxsWh/vyIizbrc/JdMdXrv3YG5Pdl1NVRk
9rxFMx8sKjB4XxsTPCiZ3A1QYAio5s5yn1xHJsQ8zM7abM/WBSue7oKyBQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFBg/EGnJ7Dz/oTtZCnG0zME+D6MZMB8GA1UdIwQY
MBaAFDf7AE45fd8E59BfNkOgNvIYNv8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEt
YjUzYjY0Y2YwZDk1LzEvR0Q4UWFjbnNQUC1oTzFrS2NiVE13VDRQb3hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83NDIyOTktZjM0My00MzIxLWIzNTEtYjUzYjY0Y2YwZDk1
LzEvTl9zQVRqbDkzd1RuMEY4MlE2QTI4aGcyX3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjA8BAIAATA2AwQDJS5QAwQF
Pm2AAwQDgsEIAwQDqyGIAwQCuWRcAwQCuWYUAwQCuWZMAwQC1W2kAwQE2R8wMCIE
AgACMBwDBQAgARqwAwUAKgDKgAMFACoDt4ADBQMqCewAMA0GCSqGSIb3DQEBCwUA
A4IBAQA7K1YSsPJ9DNcK2ox+BH/WJhiQgZVR7VFAen1vkqv5gwZJJm9F2YLVfpPg
idpZ9+r4TNb7N2i4PNv63E9M4LaIePeaQ91tpB1Ue6zf2Mn5jEvanKTl5HZSumZA
8GaaG82NIszdF7Crt22JwhhqscTw4toIrxcGApdLzLYGUlxj/4SDGOgH7oQAIgEP
U2Jnmz/0rDmSU4OvhKrrD5bWtws+pCg5q0AWiKvOd1ymQhKBgo5WLa6Jb080TK80
wIn1I8lxocrzp0s/N38z6lYcU8ii2LZVXRHz3V9opl/LXPnzeDHYU9dcKSuwPNf5
KErXwAJJhNJHOrijymq93EWTeoLe
-----END CERTIFICATE-----