Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/tLzQwiL-2Ps77tTzF0aSA6LbH64.roa
File:                     tLzQwiL-2Ps77tTzF0aSA6LbH64.roa (raw, json)
Hash identifier:          6l7REI1V5OyexQ9IelAg8En/8vbAaj6KZzbZCYvbKjQ=
Subject key identifier:   B4:BC:D0:C2:22:FE:D8:FB:3B:EE:D4:F3:17:46:92:03:A2:DB:1F:AE
Certificate issuer:       /CN=da8a978b9ce5d26ebcaad0ccb67918a9df318f86
Certificate serial:       01856E144F9C5FBCC5D32025819A5D6D9705
Authority key identifier: DA:8A:97:8B:9C:E5:D2:6E:BC:AA:D0:CC:B6:79:18:A9:DF:31:8F:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2oqXi5zl0m68qtDMtnkYqd8xj4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/tLzQwiL-2Ps77tTzF0aSA6LbH64.roa
Signing time:             Sun 01 Jan 2023 16:05:02 +0000
ROA not before:           Sun 01 Jan 2023 16:05:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25455
IP address blocks:        91.107.72.0/21 maxlen: 21
                          91.107.88.0/21 maxlen: 21
                          185.79.40.0/22 maxlen: 22
                          159.253.124.0/22 maxlen: 22
                          83.143.68.0/22 maxlen: 22
                          31.210.169.0/24 maxlen: 24
                          91.90.200.0/21 maxlen: 21
                          92.43.164.0/23 maxlen: 23
                          94.232.30.0/24 maxlen: 24
                          185.91.132.0/22 maxlen: 22
                          2a05:7144::/30 maxlen: 30
                          2a05:7140::/32 maxlen: 32
                          2a05:7142::/31 maxlen: 31
                          2a05:7141::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:14:4f:9c:5f:bc:c5:d3:20:25:81:9a:5d:6d:97:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da8a978b9ce5d26ebcaad0ccb67918a9df318f86
        Validity
            Not Before: Jan  1 16:05:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b4bcd0c222fed8fb3beed4f317469203a2db1fae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e4:68:46:f6:15:4e:3a:72:e8:b7:40:14:a2:
                    fc:b3:5b:c6:70:f0:52:07:0a:5e:f7:5b:68:13:ab:
                    37:9e:01:fb:4d:79:c8:0c:22:1a:90:e9:1f:be:6d:
                    62:f6:af:be:a0:6b:64:24:46:45:a6:a3:4c:ba:4f:
                    06:bc:42:02:a8:4b:b3:51:42:81:8c:b0:a1:b6:0c:
                    6c:91:1d:83:b9:f3:76:ae:d5:39:32:ee:0c:ac:01:
                    4a:15:12:00:62:90:0a:78:ad:b7:a6:df:23:3d:85:
                    d3:9d:a3:2f:e1:1d:5e:0c:7c:cd:79:e8:8d:fe:b0:
                    66:3c:47:19:01:1e:ca:bb:6a:97:0d:e5:22:6f:13:
                    a4:c0:29:ef:c0:82:34:47:bb:85:99:fb:47:77:a6:
                    b7:7d:03:fa:9c:12:10:f6:9b:60:27:25:79:a9:da:
                    d3:e6:8f:f9:15:be:06:47:bd:4c:d2:34:ca:41:b4:
                    9a:cc:ab:1b:83:7e:3a:4e:b6:91:8f:65:fb:fc:ed:
                    8b:07:24:a6:ab:bc:85:17:9b:e0:66:a0:b6:23:e0:
                    2c:34:4a:f5:12:2c:e7:a2:5d:43:21:81:39:77:6d:
                    9b:d9:d3:68:fb:07:a6:f1:6c:4c:13:c5:39:ca:cb:
                    0c:d9:33:a0:52:c6:6f:8d:29:69:a5:2a:f1:bf:81:
                    9e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:BC:D0:C2:22:FE:D8:FB:3B:EE:D4:F3:17:46:92:03:A2:DB:1F:AE
            X509v3 Authority Key Identifier:
                keyid:DA:8A:97:8B:9C:E5:D2:6E:BC:AA:D0:CC:B6:79:18:A9:DF:31:8F:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2oqXi5zl0m68qtDMtnkYqd8xj4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/tLzQwiL-2Ps77tTzF0aSA6LbH64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/18e48f-5972-4d3f-bb6a-b78dac37eac8/1/2oqXi5zl0m68qtDMtnkYqd8xj4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.169.0/24
                  83.143.68.0/22
                  91.90.200.0/21
                  91.107.72.0/21
                  91.107.88.0/21
                  92.43.164.0/23
                  94.232.30.0/24
                  159.253.124.0/22
                  185.79.40.0/22
                  185.91.132.0/22
                IPv6:
                  2a05:7140::/29

    Signature Algorithm: sha256WithRSAEncryption
         b7:6a:80:04:04:39:5f:3c:4c:43:fb:42:6b:0c:ef:a0:88:af:
         07:1b:3b:46:61:d9:89:7e:37:08:f2:e7:f6:84:2d:7a:48:51:
         64:14:ec:6b:7a:8e:08:9a:ae:5f:6f:3b:98:c1:11:ea:e2:da:
         31:a8:d6:c6:65:d2:f6:91:52:3c:38:c0:4c:7f:fb:2c:f0:45:
         5d:3d:84:5d:35:ac:84:25:83:3e:00:56:3e:92:4b:92:e7:2e:
         2f:e7:74:dc:0e:99:99:12:24:a0:14:d0:93:78:fe:77:fd:9e:
         f2:16:d5:29:ad:5e:04:1f:18:89:18:01:4d:cb:89:b5:2d:bf:
         64:05:cd:17:1f:3a:5b:11:3f:e4:40:00:dc:d5:c9:19:8f:a8:
         5d:83:64:6a:d5:cf:48:88:8d:cd:5d:de:24:45:35:15:0d:3c:
         8a:ac:85:95:3a:0d:3a:55:4a:49:a2:e4:f3:66:21:df:71:9a:
         4d:5b:40:04:e1:81:ed:56:fe:5d:73:c3:da:3e:20:31:f9:21:
         26:c4:3b:b7:6f:e2:e2:40:2a:74:cb:7a:ff:04:b4:d2:c5:d8:
         f1:df:47:ce:a2:f7:c4:ca:42:cc:ce:99:65:a8:98:f0:ba:37:
         e2:cd:75:4b:3e:95:a9:ea:f1:7d:ce:3e:d7:8e:4f:fe:19:3f:
         16:22:cf:4b
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYVuFE+cX7zF0yAlgZpdbZcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGE5NzhiOWNlNWQyNmViY2FhZDBjY2I2NzkxOGE5ZGYz
MThmODYwHhcNMjMwMTAxMTYwNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGJjZDBjMjIyZmVkOGZiM2JlZWQ0ZjMxNzQ2OTIwM2EyZGIxZmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheRoRvYVTjpy6LdAFKL8s1vGcPBS
Bwpe91toE6s3ngH7TXnIDCIakOkfvm1i9q++oGtkJEZFpqNMuk8GvEICqEuzUUKB
jLChtgxskR2DufN2rtU5Mu4MrAFKFRIAYpAKeK23pt8jPYXTnaMv4R1eDHzNeeiN
/rBmPEcZAR7Ku2qXDeUibxOkwCnvwII0R7uFmftHd6a3fQP6nBIQ9ptgJyV5qdrT
5o/5Fb4GR71M0jTKQbSazKsbg346TraRj2X7/O2LBySmq7yFF5vgZqC2I+AsNEr1
Eiznol1DIYE5d22b2dNo+wem8WxME8U5yssM2TOgUsZvjSlppSrxv4Ge4QIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFLS80MIi/tj7O+7U8xdGkgOi2x+uMB8GA1UdIwQY
MBaAFNqKl4uc5dJuvKrQzLZ5GKnfMY+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm9xWGk1emwwbTY4cXRETXRua1lxZDh4ajRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8xOGU0OGYtNTk3Mi00ZDNmLWJiNmEt
Yjc4ZGFjMzdlYWM4LzEvdEx6UXdpTC0yUHM3N3RUekYwYVNBNkxiSDY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8xOGU0OGYtNTk3Mi00ZDNmLWJiNmEtYjc4ZGFjMzdlYWM4
LzEvMm9xWGk1emwwbTY4cXRETXRua1lxZDh4ajRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQAH9KpAwQC
U49EAwQDW1rIAwQDW2tIAwQDW2tYAwQBXCukAwQAXugeAwQCn/18AwQCuU8oAwQC
uVuEMA0EAgACMAcDBQMqBXFAMA0GCSqGSIb3DQEBCwUAA4IBAQC3aoAEBDlfPExD
+0JrDO+giK8HGztGYdmJfjcI8uf2hC16SFFkFOxreo4Imq5fbzuYwRHq4toxqNbG
ZdL2kVI8OMBMf/ss8EVdPYRdNayEJYM+AFY+kkuS5y4v53TcDpmZEiSgFNCTeP53
/Z7yFtUprV4EHxiJGAFNy4m1Lb9kBc0XHzpbET/kQADc1ckZj6hdg2Rq1c9IiI3N
Xd4kRTUVDTyKrIWVOg06VUpJouTzZiHfcZpNW0AE4YHtVv5dc8PaPiAx+SEmxDu3
b+LiQCp0y3r/BLTSxdjx30fOovfEykLMzpllqJjwujfizXVLPpWp6vF9zj7Xjk/+
GT8WIs9L
-----END CERTIFICATE-----