Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/a_r5DYVwzncxg-qRSvBc2nyHT3M.roa
File:                     a_r5DYVwzncxg-qRSvBc2nyHT3M.roa (raw, json)
Hash identifier:          mSpCeO9WMxB/MSct8yN4q06z6R8/G/15/8VqH2JZWLs=
Subject key identifier:   6B:FA:F9:0D:85:70:CE:77:31:83:EA:91:4A:F0:5C:DA:7C:87:4F:73
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018C40D64B949F84E79907A060960898F338
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/a_r5DYVwzncxg-qRSvBc2nyHT3M.roa
Signing time:             Wed 06 Dec 2023 20:33:55 +0000
ROA not before:           Wed 06 Dec 2023 20:33:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28884
IP address blocks:        213.87.224.0/23 maxlen: 23
                          213.87.184.0/23 maxlen: 23
                          213.87.112.0/23 maxlen: 23
                          213.87.118.0/23 maxlen: 23
                          213.87.114.0/23 maxlen: 23
                          213.87.116.0/23 maxlen: 23
                          213.87.124.0/23 maxlen: 23
                          213.87.120.0/23 maxlen: 23
                          213.87.122.0/23 maxlen: 23
                          213.87.126.0/23 maxlen: 23
                          85.140.96.0/21 maxlen: 21
                          85.140.96.0/20 maxlen: 20
                          85.140.104.0/21 maxlen: 21
                          2a00:1fa2:8000::/33 maxlen: 33
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:40:d6:4b:94:9f:84:e7:99:07:a0:60:96:08:98:f3:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Dec  6 20:33:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6bfaf90d8570ce773183ea914af05cda7c874f73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:31:1a:8f:df:b0:5c:8c:ac:15:3c:3c:0e:f2:
                    d3:98:e2:69:61:ca:de:54:fc:d5:70:fe:16:6d:a9:
                    75:c5:cb:31:0c:69:73:ee:2b:a4:0a:3e:31:7b:8f:
                    02:06:7f:f0:fe:a4:fe:92:23:79:19:d3:08:c1:c7:
                    43:bd:e0:22:c2:83:30:8b:84:ce:c9:3a:8e:fd:91:
                    d2:1a:27:06:d6:29:bc:86:d2:17:65:f7:dd:0a:fd:
                    bf:ee:da:6a:42:c3:4f:3c:b0:8c:ec:21:ad:cd:34:
                    1c:f9:48:cd:02:ab:b5:ec:a6:e0:eb:c3:bb:ce:f8:
                    6d:8d:d1:4b:fe:14:78:a9:91:ae:4f:e4:d3:b8:d1:
                    34:68:ab:b7:e3:7d:c6:26:5e:45:3a:d4:65:01:58:
                    23:8c:95:e6:5f:f7:59:17:b6:8f:26:95:c1:f5:6a:
                    3b:fb:67:f2:64:a4:92:67:38:1a:84:4c:ac:eb:4c:
                    ac:22:19:90:8d:59:84:e1:68:93:09:ea:80:d0:2e:
                    c1:3a:dd:cc:59:b3:13:d2:a0:7f:90:8c:9b:e5:20:
                    45:1f:8d:ca:9c:56:d4:30:24:06:05:a5:17:be:29:
                    18:65:ec:c5:c8:03:7c:e8:22:24:e8:14:3e:2f:0c:
                    64:d2:e3:cd:fa:ec:02:ab:d0:9a:41:86:44:ef:fd:
                    8b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:FA:F9:0D:85:70:CE:77:31:83:EA:91:4A:F0:5C:DA:7C:87:4F:73
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/a_r5DYVwzncxg-qRSvBc2nyHT3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.140.96.0/20
                  213.87.112.0/20
                  213.87.184.0/23
                  213.87.224.0/23
                IPv6:
                  2a00:1fa2:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         35:64:5d:5e:fd:e8:06:87:dd:a8:b7:01:51:ae:ea:73:b6:8e:
         ec:ac:74:f7:f0:16:fe:39:e9:2b:5d:b4:76:e3:19:52:ce:da:
         83:2d:6c:71:54:45:0a:9b:d5:4e:3c:70:92:3b:64:2a:fb:cc:
         ac:4e:bf:fd:1a:48:9d:2f:b1:39:10:fb:78:91:73:a2:cc:e2:
         8d:4d:3b:b0:d4:73:5f:56:5d:23:47:68:54:55:a6:a7:c7:fa:
         18:e4:0f:27:fb:da:bf:52:de:39:43:3f:97:26:ab:3a:87:ce:
         8a:17:95:df:1e:26:a7:15:0f:8f:0b:d7:d7:a1:c2:ed:d7:01:
         0c:fb:e6:1d:67:89:ba:bf:e7:a0:b4:78:2a:fb:c3:93:36:13:
         7f:9e:65:07:ca:08:88:a0:b7:3d:88:27:23:9d:1f:8a:dc:db:
         ee:c0:25:eb:92:77:44:d6:a3:74:38:ba:21:57:c6:19:a0:bd:
         19:9a:e3:88:72:a8:bb:94:43:d0:f1:1c:8a:3f:31:58:f1:a7:
         85:c3:8f:ef:d2:a5:5e:ab:bf:d7:49:b5:27:ed:73:6f:32:fc:
         36:80:a1:72:ef:05:4f:3d:99:44:e3:2f:df:dc:12:67:9c:79:
         63:25:68:33:e1:4e:a9:15:08:02:d1:93:b6:6f:b4:1c:5c:e3:
         2a:f0:33:15
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYxA1kuUn4TnmQegYJYImPM4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjMxMjA2MjAzMzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmZhZjkwZDg1NzBjZTc3MzE4M2VhOTE0YWYwNWNkYTdjODc0ZjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTEaj9+wXIysFTw8DvLTmOJpYcre
VPzVcP4Wbal1xcsxDGlz7iukCj4xe48CBn/w/qT+kiN5GdMIwcdDveAiwoMwi4TO
yTqO/ZHSGicG1im8htIXZffdCv2/7tpqQsNPPLCM7CGtzTQc+UjNAqu17Kbg68O7
zvhtjdFL/hR4qZGuT+TTuNE0aKu3433GJl5FOtRlAVgjjJXmX/dZF7aPJpXB9Wo7
+2fyZKSSZzgahEys60ysIhmQjVmE4WiTCeqA0C7BOt3MWbMT0qB/kIyb5SBFH43K
nFbUMCQGBaUXvikYZezFyAN86CIk6BQ+Lwxk0uPN+uwCq9CaQYZE7/2LEwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFGv6+Q2FcM53MYPqkUrwXNp8h09zMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvYV9yNURZVnd6bmN4Zy1xUlN2QmMybnlIVDNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQEVYxgAwQE
1VdwAwQB1Ve4AwQB1VfgMA4EAgACMAgDBgcqAB+igDANBgkqhkiG9w0BAQsFAAOC
AQEANWRdXv3oBofdqLcBUa7qc7aO7Kx09/AW/jnpK120duMZUs7agy1scVRFCpvV
TjxwkjtkKvvMrE6//RpInS+xORD7eJFzoszijU07sNRzX1ZdI0doVFWmp8f6GOQP
J/vav1LeOUM/lyarOofOiheV3x4mpxUPjwvX16HC7dcBDPvmHWeJur/noLR4KvvD
kzYTf55lB8oIiKC3PYgnI50fitzb7sAl65J3RNajdDi6IVfGGaC9GZrjiHKou5RD
0PEcij8xWPGnhcOP79KlXqu/10m1J+1zbzL8NoChcu8FTz2ZROMv39wSZ5x5YyVo
M+FOqRUIAtGTtm+0HFzjKvAzFQ==
-----END CERTIFICATE-----