Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/Rt2RfVMJauEujeU9uXCZT93j8DY.roa
File:                     Rt2RfVMJauEujeU9uXCZT93j8DY.roa (raw, json)
Hash identifier:          Mpkt8i6au0BGqdOO9Z4vsHiUKSwzvxaz3GPmIzDg5J0=
Subject key identifier:   46:DD:91:7D:53:09:6A:E1:2E:8D:E5:3D:B9:70:99:4F:DD:E3:F0:36
Certificate issuer:       /CN=553ca7b2e6c1e17f5f3edbe375e19ece39533910
Certificate serial:       018C8814F1430A66F655B33F8052243DE124
Authority key identifier: 55:3C:A7:B2:E6:C1:E1:7F:5F:3E:DB:E3:75:E1:9E:CE:39:53:39:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VTynsubB4X9fPtvjdeGezjlTORA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/Rt2RfVMJauEujeU9uXCZT93j8DY.roa
Signing time:             Wed 20 Dec 2023 16:35:23 +0000
ROA not before:           Wed 20 Dec 2023 16:35:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49318
IP address blocks:        188.93.176.0/21 maxlen: 21
                          46.28.250.0/24 maxlen: 24
                          46.28.249.0/24 maxlen: 24
                          46.28.252.0/24 maxlen: 24
                          46.28.251.0/24 maxlen: 24
                          46.28.253.0/24 maxlen: 24
                          46.28.248.0/24 maxlen: 24
                          46.28.254.0/24 maxlen: 24
                          46.28.255.0/24 maxlen: 24
                          194.110.124.0/24 maxlen: 24
                          194.110.124.0/23 maxlen: 23
                          194.110.125.0/24 maxlen: 24
                          194.110.131.0/24 maxlen: 24
                          194.110.130.0/23 maxlen: 23
                          194.110.130.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:88:14:f1:43:0a:66:f6:55:b3:3f:80:52:24:3d:e1:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=553ca7b2e6c1e17f5f3edbe375e19ece39533910
        Validity
            Not Before: Dec 20 16:35:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=46dd917d53096ae12e8de53db970994fdde3f036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:65:e7:c8:41:e9:f1:ce:86:61:33:18:c3:b0:
                    32:48:e4:ea:ab:ef:18:83:b7:0c:04:27:f5:84:77:
                    c1:90:5e:ec:21:e4:04:fb:3a:53:99:2e:13:88:24:
                    5a:27:e1:8e:1a:c5:87:ac:1b:df:0d:2b:a5:33:1a:
                    97:a6:ba:ba:58:d5:39:d5:69:19:3b:dd:cc:e8:b7:
                    d9:f0:6a:dd:e4:d6:1a:85:0e:b0:2f:07:e5:41:09:
                    38:28:21:e3:22:53:a4:d1:fe:2f:13:b1:e4:ae:5c:
                    73:ef:09:94:11:ef:72:55:54:a2:22:73:76:90:3f:
                    fa:be:e5:4e:15:f1:85:bc:f2:c3:14:cc:b7:f1:09:
                    37:94:8f:81:db:6e:26:70:7e:7a:41:1a:29:55:d2:
                    8a:6b:ca:f1:75:60:a6:91:d9:51:6a:52:5a:a0:bd:
                    1e:b3:cf:3d:c3:40:65:fc:94:a0:8b:85:52:aa:f0:
                    d9:8c:fb:2b:70:98:f5:e0:2d:49:95:b3:91:4e:be:
                    dd:d5:ac:58:70:65:f0:2e:f3:bc:e0:61:0a:3b:9b:
                    6a:b7:51:52:72:ef:14:14:e1:6b:c5:bd:97:d3:ca:
                    6d:04:35:c7:cc:67:32:0a:8a:32:1a:0e:86:00:fc:
                    f5:4f:e1:30:d9:4f:1d:ea:1c:98:5d:95:e3:76:7f:
                    1d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:DD:91:7D:53:09:6A:E1:2E:8D:E5:3D:B9:70:99:4F:DD:E3:F0:36
            X509v3 Authority Key Identifier:
                keyid:55:3C:A7:B2:E6:C1:E1:7F:5F:3E:DB:E3:75:E1:9E:CE:39:53:39:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VTynsubB4X9fPtvjdeGezjlTORA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/Rt2RfVMJauEujeU9uXCZT93j8DY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d572c3-350f-479b-a7b3-153e9182af41/1/VTynsubB4X9fPtvjdeGezjlTORA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.248.0/21
                  188.93.176.0/21
                  194.110.124.0/23
                  194.110.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:63:5f:6b:f4:7e:80:eb:ab:7c:70:d4:0b:33:22:68:b9:40:
         f3:47:53:e8:b5:13:9c:47:ac:b8:e7:79:c0:09:6f:57:f8:0f:
         2d:19:e2:2b:1e:94:20:96:ea:5f:d7:9f:3a:1e:f9:a6:3a:c8:
         4a:6e:00:65:fb:1b:47:f3:ff:ae:8d:d6:ff:29:d2:3c:16:37:
         1b:bb:ca:c3:7d:fa:0a:b2:2e:2a:6c:03:75:2f:b0:65:34:77:
         c9:e8:69:0b:0d:66:8c:93:3f:fc:17:9a:8d:ce:d1:b8:34:2a:
         7a:6c:0f:7c:26:bc:c9:8a:a7:da:76:f9:08:83:e6:46:5b:de:
         60:61:15:f8:fa:67:d1:db:92:26:0e:29:c4:aa:0c:5b:1e:bb:
         09:44:4a:5a:e8:e9:1e:d5:30:e9:c2:4f:58:53:b7:26:21:37:
         0f:ed:76:fd:c4:a7:bf:21:64:d0:d0:e6:ff:17:30:56:c6:de:
         91:9e:92:83:07:68:09:b6:a1:b8:86:29:e4:cd:fb:85:b7:50:
         74:72:4d:98:fc:6d:87:a9:75:bd:f8:78:f7:a1:af:c6:64:5e:
         ba:1d:65:a2:5c:e3:c9:6f:a3:fd:d9:10:5d:e8:b7:31:6e:76:
         3c:7f:c7:34:5b:93:d9:3d:bc:b5:96:88:ad:ad:8f:41:d4:28:
         e1:df:d6:cb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYyIFPFDCmb2VbM/gFIkPeEkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1M2NhN2IyZTZjMWUxN2Y1ZjNlZGJlMzc1ZTE5ZWNlMzk1
MzM5MTAwHhcNMjMxMjIwMTYzNTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmRkOTE3ZDUzMDk2YWUxMmU4ZGU1M2RiOTcwOTk0ZmRkZTNmMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimXnyEHp8c6GYTMYw7AySOTqq+8Y
g7cMBCf1hHfBkF7sIeQE+zpTmS4TiCRaJ+GOGsWHrBvfDSulMxqXprq6WNU51WkZ
O93M6LfZ8Grd5NYahQ6wLwflQQk4KCHjIlOk0f4vE7Hkrlxz7wmUEe9yVVSiInN2
kD/6vuVOFfGFvPLDFMy38Qk3lI+B224mcH56QRopVdKKa8rxdWCmkdlRalJaoL0e
s889w0Bl/JSgi4VSqvDZjPsrcJj14C1JlbORTr7d1axYcGXwLvO84GEKO5tqt1FS
cu8UFOFrxb2X08ptBDXHzGcyCooyGg6GAPz1T+Ew2U8d6hyYXZXjdn8dSwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEbdkX1TCWrhLo3lPblwmU/d4/A2MB8GA1UdIwQY
MBaAFFU8p7LmweF/Xz7b43Xhns45UzkQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlR5bnN1YkI0WDlmUHR2amRlR2V6amxUT1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kNTcyYzMtMzUwZi00NzliLWE3YjMt
MTUzZTkxODJhZjQxLzEvUnQyUmZWTUphdUV1amVVOXVYQ1pUOTNqOERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kNTcyYzMtMzUwZi00NzliLWE3YjMtMTUzZTkxODJhZjQx
LzEvVlR5bnN1YkI0WDlmUHR2amRlR2V6amxUT1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDLhz4AwQD
vF2wAwQBwm58AwQBwm6CMA0GCSqGSIb3DQEBCwUAA4IBAQAnY19r9H6A66t8cNQL
MyJouUDzR1PotROcR6y453nACW9X+A8tGeIrHpQglupf1586HvmmOshKbgBl+xtH
8/+ujdb/KdI8Fjcbu8rDffoKsi4qbAN1L7BlNHfJ6GkLDWaMkz/8F5qNztG4NCp6
bA98JrzJiqfadvkIg+ZGW95gYRX4+mfR25ImDinEqgxbHrsJREpa6Oke1TDpwk9Y
U7cmITcP7Xb9xKe/IWTQ0Ob/FzBWxt6RnpKDB2gJtqG4hinkzfuFt1B0ck2Y/G2H
qXW9+Hj3oa/GZF66HWWiXOPJb6P92RBd6LcxbnY8f8c0W5PZPby1loitrY9B1Cjh
39bL
-----END CERTIFICATE-----