Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/hwlLU6J4RNOwbS5KszsASuBfXoA.roa
File:                     hwlLU6J4RNOwbS5KszsASuBfXoA.roa (raw, json)
Hash identifier:          Zx3CbXPOvXOUFbkBBo0nTvQlc+bUSKGQ5hLXbsnNiRk=
Subject key identifier:   87:09:4B:53:A2:78:44:D3:B0:6D:2E:4A:B3:3B:00:4A:E0:5F:5E:80
Certificate issuer:       /CN=b87b766968716296e5bba0bce83856ae7165b8b8
Certificate serial:       018570E74D987DFCB397D0B8B947886AD570
Authority key identifier: B8:7B:76:69:68:71:62:96:E5:BB:A0:BC:E8:38:56:AE:71:65:B8:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uHt2aWhxYpblu6C86DhWrnFluLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/hwlLU6J4RNOwbS5KszsASuBfXoA.roa
Signing time:             Mon 02 Jan 2023 05:14:44 +0000
ROA not before:           Mon 02 Jan 2023 05:14:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        185.92.220.0/22 maxlen: 24
                          78.141.192.0/19 maxlen: 24
                          199.247.0.0/19 maxlen: 24
                          78.141.224.0/19 maxlen: 24
                          80.240.16.0/20 maxlen: 24
                          192.248.128.0/18 maxlen: 24
                          95.179.128.0/17 maxlen: 24
                          209.250.224.0/19 maxlen: 24
                          217.69.0.0/20 maxlen: 24
                          2a05:f480:1000::/38 maxlen: 38
                          2a05:f480:1400::/38 maxlen: 38
                          2a05:f480:1800::/38 maxlen: 38
                          2a05:f480:1c00::/38 maxlen: 38
                          2a05:f480:2000::/38 maxlen: 38
                          2a05:f480:3000::/38 maxlen: 38
                          2a05:f480:2800::/38 maxlen: 38
                          2a05:f480:2400::/38 maxlen: 38
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e7:4d:98:7d:fc:b3:97:d0:b8:b9:47:88:6a:d5:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b87b766968716296e5bba0bce83856ae7165b8b8
        Validity
            Not Before: Jan  2 05:14:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87094b53a27844d3b06d2e4ab33b004ae05f5e80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8a:43:70:ca:b0:70:1a:3d:9c:14:a1:ed:23:
                    ff:d7:88:51:ed:d1:ce:1b:3e:c8:1f:37:b6:bb:b2:
                    95:08:85:fc:49:0e:31:9e:5c:ad:98:6e:a9:db:9c:
                    40:23:15:6e:f5:c4:1f:ca:4e:31:63:5a:cc:05:5f:
                    9e:77:94:e7:f3:97:93:6a:06:fd:c3:a7:69:0d:f8:
                    f1:78:41:08:86:3f:96:66:d1:93:dd:4b:7e:c5:19:
                    2a:e5:49:ab:ee:bc:f1:2d:d9:7a:db:5b:bd:36:f9:
                    05:ce:90:31:0a:11:7d:05:f4:4e:04:c8:50:85:a3:
                    61:b2:39:3e:9f:34:97:01:d0:37:6d:3e:52:cd:bd:
                    71:99:53:92:63:9f:f6:08:8d:cc:c4:49:cb:d9:1a:
                    1a:e4:02:37:83:55:b8:6c:e1:89:51:fd:ab:96:e4:
                    aa:dc:78:57:e5:53:eb:7a:85:04:01:b8:3e:00:ce:
                    9d:57:c2:83:f5:15:80:d8:ee:d1:df:73:76:ed:38:
                    d1:03:c3:24:d8:05:fa:9b:f7:5e:50:cc:56:34:54:
                    63:f8:c0:c4:b8:6d:d6:d6:1d:75:de:e2:f9:61:38:
                    21:b0:7a:33:95:e0:2c:dc:68:ea:3b:f2:e7:5f:bf:
                    18:db:15:ba:48:4b:f7:e0:83:e1:28:25:02:4c:e0:
                    fa:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:09:4B:53:A2:78:44:D3:B0:6D:2E:4A:B3:3B:00:4A:E0:5F:5E:80
            X509v3 Authority Key Identifier:
                keyid:B8:7B:76:69:68:71:62:96:E5:BB:A0:BC:E8:38:56:AE:71:65:B8:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uHt2aWhxYpblu6C86DhWrnFluLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/hwlLU6J4RNOwbS5KszsASuBfXoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/uHt2aWhxYpblu6C86DhWrnFluLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.141.192.0/18
                  80.240.16.0/20
                  95.179.128.0/17
                  185.92.220.0/22
                  192.248.128.0/18
                  199.247.0.0/19
                  209.250.224.0/19
                  217.69.0.0/20
                IPv6:
                  2a05:f480:1000::-2a05:f480:2bff:ffff:ffff:ffff:ffff:ffff
                  2a05:f480:3000::/38

    Signature Algorithm: sha256WithRSAEncryption
         18:f1:c9:5b:dd:b1:31:a8:0e:0a:d8:f7:1e:05:ab:f9:92:6d:
         4b:fb:eb:7a:95:40:dd:09:5d:d1:66:f0:d0:b4:3a:78:41:22:
         bf:8d:a3:5f:39:20:a9:60:1e:fc:c2:85:db:80:84:36:db:63:
         54:97:ce:2a:3a:61:cf:be:3b:c6:cf:f4:8d:97:92:b1:7d:dd:
         97:c2:5d:8b:44:df:09:7b:6d:85:b0:45:5f:ee:8e:a2:d9:d7:
         0e:3d:99:07:f1:3c:31:a3:60:1f:43:49:e9:2c:74:c3:3c:a8:
         8b:2a:2b:84:bf:78:cf:66:b7:d9:2d:c8:0f:41:cf:5c:6f:bb:
         ed:a2:5d:54:9f:31:6e:db:3b:2b:ca:0e:7d:72:25:ec:f2:4d:
         c4:b2:a8:b1:f5:c8:06:55:66:3d:91:ee:25:f9:ce:fa:12:7c:
         e4:ee:ba:57:ad:c8:2f:0f:66:88:35:67:50:7d:7c:d4:ab:d6:
         43:66:55:af:ac:8f:7c:c8:94:17:f0:3d:08:f1:b3:b4:f8:c1:
         04:4a:0e:70:36:9f:4e:ff:8f:84:b1:ef:6e:5b:e6:55:71:a6:
         fb:f8:63:b5:30:52:72:e7:25:c2:b3:07:66:e4:75:8b:09:78:
         94:6e:0d:5b:a4:80:19:c2:05:35:26:f2:73:5a:e8:03:a4:5c:
         11:33:9d:b1
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYVw502Yffyzl9C4uUeIatVwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4N2I3NjY5Njg3MTYyOTZlNWJiYTBiY2U4Mzg1NmFlNzE2
NWI4YjgwHhcNMjMwMTAyMDUxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzA5NGI1M2EyNzg0NGQzYjA2ZDJlNGFiMzNiMDA0YWUwNWY1ZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhopDcMqwcBo9nBSh7SP/14hR7dHO
Gz7IHze2u7KVCIX8SQ4xnlytmG6p25xAIxVu9cQfyk4xY1rMBV+ed5Tn85eTagb9
w6dpDfjxeEEIhj+WZtGT3Ut+xRkq5Umr7rzxLdl621u9NvkFzpAxChF9BfROBMhQ
haNhsjk+nzSXAdA3bT5Szb1xmVOSY5/2CI3MxEnL2Roa5AI3g1W4bOGJUf2rluSq
3HhX5VPreoUEAbg+AM6dV8KD9RWA2O7R33N27TjRA8Mk2AX6m/deUMxWNFRj+MDE
uG3W1h113uL5YTghsHozleAs3GjqO/LnX78Y2xW6SEv34IPhKCUCTOD6rwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFIcJS1OieETTsG0uSrM7AErgX16AMB8GA1UdIwQY
MBaAFLh7dmlocWKW5bugvOg4Vq5xZbi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUh0MmFXaHhZcGJsdTZDODZEaFdybkZsdUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9hM2VkZTYtYmMzMS00ZDAwLTkyNWMt
M2Q2MTJmMzI0OTk2LzEvaHdsTFU2SjRSTk93YlM1S3N6c0FTdUJmWG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9hM2VkZTYtYmMzMS00ZDAwLTkyNWMtM2Q2MTJmMzI0OTk2
LzEvdUh0MmFXaHhZcGJsdTZDODZEaFdybkZsdUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjA2BAIAATAwAwQGTo3AAwQE
UPAQAwQHX7OAAwQCuVzcAwQGwPiAAwQFx/cAAwQF0frgAwQE2UUAMCAEAgACMBow
EAMGBCoF9IAQAwYCKgX0gCgDBgIqBfSAMDANBgkqhkiG9w0BAQsFAAOCAQEAGPHJ
W92xMagOCtj3HgWr+ZJtS/vrepVA3Qld0Wbw0LQ6eEEiv42jXzkgqWAe/MKF24CE
NttjVJfOKjphz747xs/0jZeSsX3dl8Jdi0TfCXtthbBFX+6OotnXDj2ZB/E8MaNg
H0NJ6Sx0wzyoiyorhL94z2a32S3ID0HPXG+77aJdVJ8xbts7K8oOfXIl7PJNxLKo
sfXIBlVmPZHuJfnO+hJ85O66V63ILw9miDVnUH181KvWQ2ZVr6yPfMiUF/A9CPGz
tPjBBEoOcDafTv+PhLHvblvmVXGm+/hjtTBScuclwrMHZuR1iwl4lG4NW6SAGcIF
NSbyc1roA6RcETOdsQ==
-----END CERTIFICATE-----