Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/KgW8W1UyatSZmaeOVeBFDssbuzY.roa
File:                     KgW8W1UyatSZmaeOVeBFDssbuzY.roa (raw, json)
Hash identifier:          6gL0w5T4xPY+UKX+GBfy37OkJ5PVUwxWZzlrsVOUp58=
Subject key identifier:   2A:05:BC:5B:55:32:6A:D4:99:99:A7:8E:55:E0:45:0E:CB:1B:BB:36
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       018A0473B03DD50D058041A01945E808FB27
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/KgW8W1UyatSZmaeOVeBFDssbuzY.roa
Signing time:             Thu 17 Aug 2023 17:03:25 +0000
ROA not before:           Thu 17 Aug 2023 17:03:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207713
IP address blocks:        2a05:541:125::/48 maxlen: 48
                          2a05:541:122::/48 maxlen: 48
                          2a05:541:132::/48 maxlen: 48
                          2a05:541:123::/48 maxlen: 48
                          2a05:541:129::/48 maxlen: 48
                          2a05:541:109::/48 maxlen: 48
                          2a05:541:119::/48 maxlen: 48
                          2a05:541:131::/48 maxlen: 48
                          2a05:541:121::/48 maxlen: 48
                          2a05:541:126::/48 maxlen: 48
                          2a05:541:127::/48 maxlen: 48
                          2a05:541:114::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:04:73:b0:3d:d5:0d:05:80:41:a0:19:45:e8:08:fb:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Aug 17 17:03:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a05bc5b55326ad49999a78e55e0450ecb1bbb36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:73:b7:7c:e8:cb:07:ac:d4:ea:34:36:2a:3f:
                    fe:e9:1c:c1:06:72:c1:91:e2:f7:7d:20:41:d8:51:
                    79:7f:1f:18:79:fe:df:f7:80:9b:c3:2e:84:52:22:
                    a1:cd:64:07:60:2e:3a:81:f8:74:a1:89:75:d6:d3:
                    92:11:34:3d:56:dc:26:e5:5f:1f:de:9e:bd:a9:11:
                    62:02:2e:4a:3c:59:ad:2f:1a:88:96:24:02:b3:cd:
                    ee:48:38:cd:14:d0:9a:36:5d:1e:d8:8f:65:85:ab:
                    33:4a:dc:71:6d:3f:bd:ca:51:ea:63:35:80:6e:6e:
                    65:99:24:70:29:ff:e1:f9:bc:4e:35:f9:ea:d2:ec:
                    09:6f:73:1d:1b:fe:53:c0:1d:ff:81:b6:cd:7c:43:
                    6a:93:c2:59:04:ea:2a:4e:19:47:f3:67:19:be:2f:
                    91:43:90:d7:9b:ab:b0:87:08:d2:1d:3b:3a:64:e6:
                    5d:39:61:b8:dd:e8:7d:f5:2a:10:b7:04:f1:4a:8b:
                    8f:43:83:cb:f9:6b:89:43:15:39:15:36:86:2d:13:
                    12:2c:4d:53:66:dd:e5:be:ed:71:df:c0:cc:ea:03:
                    44:e2:f2:83:ce:b0:b6:29:72:07:96:ec:98:5a:81:
                    a6:4b:94:f5:f7:27:2e:d2:69:dc:e9:f7:0f:ee:0d:
                    a4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:05:BC:5B:55:32:6A:D4:99:99:A7:8E:55:E0:45:0E:CB:1B:BB:36
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/KgW8W1UyatSZmaeOVeBFDssbuzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:541:109::/48
                  2a05:541:114::/48
                  2a05:541:119::/48
                  2a05:541:121::-2a05:541:123:ffff:ffff:ffff:ffff:ffff
                  2a05:541:125::-2a05:541:127:ffff:ffff:ffff:ffff:ffff
                  2a05:541:129::/48
                  2a05:541:131::-2a05:541:132:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         7f:44:f2:9b:64:50:20:24:b7:ed:a7:ba:a1:82:ca:6d:f2:8e:
         7b:a2:fe:d9:dc:5e:51:d7:c2:32:14:bb:f6:0b:87:3b:2f:ca:
         0e:ae:40:10:ca:50:0e:55:b1:85:3f:00:32:48:17:6a:46:f0:
         7e:86:21:23:69:8f:02:80:c9:94:12:4d:b4:04:f1:39:b8:9f:
         12:53:d9:1f:2d:c4:5e:ab:ca:ad:73:d6:47:f3:c2:06:4e:31:
         95:78:a3:a0:39:1f:73:e7:43:08:db:ae:0b:2b:00:ca:2c:0b:
         d2:86:2a:41:2c:3d:a9:c6:d4:a7:0f:15:e4:47:db:b6:4f:3b:
         6a:61:a5:1a:7b:96:4b:be:ac:05:b6:3a:10:3e:13:2f:b1:c1:
         b4:e1:ad:a1:b3:56:66:29:4f:3e:04:f6:8b:3e:44:fb:2d:db:
         43:b7:76:5f:df:b0:5e:c6:92:62:bd:f9:4a:57:f1:0c:37:cb:
         77:bf:5d:64:39:2c:59:9e:5c:d4:4b:be:35:64:68:89:f9:ce:
         89:b0:d2:a5:d1:b2:07:d4:40:00:47:f3:70:27:c7:81:a5:e0:
         d4:f2:e1:c8:09:8d:0a:99:d8:3e:c9:eb:5a:bb:7b:13:7b:ae:
         1f:34:1e:3e:ee:81:92:fe:dd:ca:94:60:69:20:a6:18:8c:9e:
         cd:89:2a:cf
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYoEc7A91Q0FgEGgGUXoCPsnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjMwODE3MTcwMzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTA1YmM1YjU1MzI2YWQ0OTk5OWE3OGU1NWUwNDUwZWNiMWJiYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3O3fOjLB6zU6jQ2Kj/+6RzBBnLB
keL3fSBB2FF5fx8Yef7f94Cbwy6EUiKhzWQHYC46gfh0oYl11tOSETQ9Vtwm5V8f
3p69qRFiAi5KPFmtLxqIliQCs83uSDjNFNCaNl0e2I9lhaszStxxbT+9ylHqYzWA
bm5lmSRwKf/h+bxONfnq0uwJb3MdG/5TwB3/gbbNfENqk8JZBOoqThlH82cZvi+R
Q5DXm6uwhwjSHTs6ZOZdOWG43eh99SoQtwTxSouPQ4PL+WuJQxU5FTaGLRMSLE1T
Zt3lvu1x38DM6gNE4vKDzrC2KXIHluyYWoGmS5T19ycu0mnc6fcP7g2kfQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFCoFvFtVMmrUmZmnjlXgRQ7LG7s2MB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvS2dXOFcxVXlhdFNabWFlT1ZlQkZEc3NidXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAAjBgAwcAKgUFQQEJ
AwcAKgUFQQEUAwcAKgUFQQEZMBIDBwAqBQVBASEDBwIqBQVBASAwEgMHACoFBUEB
JQMHAyoFBUEBIAMHACoFBUEBKTASAwcAKgUFQQExAwcAKgUFQQEyMA0GCSqGSIb3
DQEBCwUAA4IBAQB/RPKbZFAgJLftp7qhgspt8o57ov7Z3F5R18IyFLv2C4c7L8oO
rkAQylAOVbGFPwAySBdqRvB+hiEjaY8CgMmUEk20BPE5uJ8SU9kfLcReq8qtc9ZH
88IGTjGVeKOgOR9z50MI264LKwDKLAvShipBLD2pxtSnDxXkR9u2TztqYaUae5ZL
vqwFtjoQPhMvscG04a2hs1ZmKU8+BPaLPkT7LdtDt3Zf37BexpJivflKV/EMN8t3
v11kOSxZnlzUS741ZGiJ+c6JsNKl0bIH1EAAR/NwJ8eBpeDU8uHICY0Kmdg+yeta
u3sTe64fNB4+7oGS/t3KlGBpIKYYjJ7NiSrP
-----END CERTIFICATE-----