Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/wnlx8i0h3HXkG4lug7Yxijp9LpI.roa
File:                     wnlx8i0h3HXkG4lug7Yxijp9LpI.roa (raw, json)
Hash identifier:          TmfxonPOhKEKVADBnjbA69sHJT4O2XZQZX0i4KQpjoc=
Subject key identifier:   C2:79:71:F2:2D:21:DC:75:E4:1B:89:6E:83:B6:31:8A:3A:7D:2E:92
Certificate issuer:       /CN=34077b41e98873e7f06fb1df3f5d39c721b1343f
Certificate serial:       0183E4DBD9891B4B16A5BB44732A28EFDD51
Authority key identifier: 34:07:7B:41:E9:88:73:E7:F0:6F:B1:DF:3F:5D:39:C7:21:B1:34:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAd7QemIc-fwb7HfP105xyGxND8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/wnlx8i0h3HXkG4lug7Yxijp9LpI.roa
Signing time:             Mon 17 Oct 2022 07:32:36 +0000
ROA not before:           Mon 17 Oct 2022 07:32:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42837
IP address blocks:        212.42.105.0/24 maxlen: 24
                          212.42.103.0/24 maxlen: 24
                          212.42.124.0/24 maxlen: 24
                          212.42.125.0/24 maxlen: 24
                          212.42.126.0/24 maxlen: 24
                          212.42.127.0/24 maxlen: 24
                          77.95.56.0/24 maxlen: 24
                          77.95.57.0/24 maxlen: 24
                          77.95.58.0/24 maxlen: 24
                          77.95.61.0/24 maxlen: 24
                          31.192.252.0/24 maxlen: 24
                          31.192.253.0/24 maxlen: 24
                          31.192.255.0/24 maxlen: 24
                          31.192.254.0/24 maxlen: 24
                          94.143.196.0/24 maxlen: 24
                          94.143.198.0/24 maxlen: 24
                          94.143.197.0/24 maxlen: 24
                          94.143.199.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:e4:db:d9:89:1b:4b:16:a5:bb:44:73:2a:28:ef:dd:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34077b41e98873e7f06fb1df3f5d39c721b1343f
        Validity
            Not Before: Oct 17 07:32:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c27971f22d21dc75e41b896e83b6318a3a7d2e92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4a:2e:a9:a1:be:1c:8e:37:f3:0a:20:67:c2:
                    4e:e7:59:de:69:20:c1:55:5d:73:da:84:81:54:34:
                    8d:03:5b:56:d1:5f:0b:74:8c:16:d6:21:0f:ad:86:
                    4f:98:f3:41:c9:dc:45:bf:ab:72:ac:19:5d:8d:40:
                    9e:94:e6:2c:9e:f8:08:f8:a3:bc:48:29:cb:81:b3:
                    4d:f2:63:35:12:b2:6d:8a:b0:d5:db:af:67:ea:e6:
                    16:85:21:f5:de:98:89:70:f8:10:b1:90:89:03:af:
                    70:7e:a4:90:67:d9:79:c8:2f:d7:bf:08:f5:f3:38:
                    b6:39:fe:1d:19:7e:2b:96:fd:00:de:0a:ed:a6:ab:
                    21:ea:59:15:96:35:6c:d6:75:b8:59:36:e4:4f:e1:
                    d7:54:c4:26:0b:9b:8c:76:78:83:d7:0d:49:99:5f:
                    ca:33:9b:8a:39:d0:a8:03:d7:1d:78:bd:e7:0e:38:
                    77:02:d5:5d:0b:a3:4c:3f:08:55:99:48:a5:08:0f:
                    8e:9b:17:56:33:b5:ff:be:98:7b:17:55:35:a5:dc:
                    b3:97:16:78:de:a2:a6:59:3c:5b:b9:7d:22:7d:b8:
                    37:bb:0f:d5:d4:fb:e1:5e:5c:9e:23:dd:5a:86:4f:
                    89:84:b2:99:15:bc:96:9b:04:7b:b8:87:28:65:c5:
                    68:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:79:71:F2:2D:21:DC:75:E4:1B:89:6E:83:B6:31:8A:3A:7D:2E:92
            X509v3 Authority Key Identifier:
                keyid:34:07:7B:41:E9:88:73:E7:F0:6F:B1:DF:3F:5D:39:C7:21:B1:34:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAd7QemIc-fwb7HfP105xyGxND8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/wnlx8i0h3HXkG4lug7Yxijp9LpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/NAd7QemIc-fwb7HfP105xyGxND8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.252.0/22
                  77.95.56.0-77.95.58.255
                  77.95.61.0/24
                  94.143.196.0/22
                  212.42.103.0/24
                  212.42.105.0/24
                  212.42.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c5:52:4f:20:01:42:09:2c:d1:2d:0e:38:5b:a5:84:ce:5f:9d:
         9b:f9:f7:09:70:4a:2b:15:a9:80:0e:8d:4f:15:c2:3d:cf:f1:
         d0:9d:7c:e2:c4:23:a9:cf:cd:fb:99:21:63:06:3d:e1:b9:c3:
         e1:9a:e7:ab:17:0b:08:93:d9:34:cb:89:61:38:1b:3b:72:16:
         9a:57:fb:27:db:2c:61:e7:5a:de:5f:a8:e0:f1:2e:f9:30:5f:
         7e:ea:72:3c:ce:a6:fd:89:09:6f:94:35:27:3c:62:6d:3b:28:
         42:3c:6e:13:29:e8:be:d7:e8:05:8a:cd:35:6d:4a:22:40:87:
         3b:f8:1c:6b:6d:e3:83:5b:7b:a6:e8:b6:e6:c2:2f:e4:18:f4:
         7d:f6:ea:6b:f2:88:d2:64:be:e2:e4:df:82:39:3f:6f:4b:da:
         a7:a8:b8:20:57:62:68:1a:20:a6:2d:cc:c6:da:45:d8:3a:23:
         8a:5c:90:de:c5:34:4a:43:dc:b6:ca:35:54:bf:a6:99:e2:cc:
         cf:88:de:b4:70:b3:25:7e:2f:ca:ec:56:5e:bc:6a:6e:a8:cf:
         64:f0:78:37:a0:85:10:ce:4d:96:f5:6f:6b:50:23:17:a6:01:
         c4:cc:cd:57:19:77:bc:cb:da:2e:5f:25:20:25:64:03:89:f1:
         e5:c6:30:40
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYPk29mJG0sWpbtEcyoo791RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MDc3YjQxZTk4ODczZTdmMDZmYjFkZjNmNWQzOWM3MjFi
MTM0M2YwHhcNMjIxMDE3MDczMjM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjc5NzFmMjJkMjFkYzc1ZTQxYjg5NmU4M2I2MzE4YTNhN2QyZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkouqaG+HI438wogZ8JO51neaSDB
VV1z2oSBVDSNA1tW0V8LdIwW1iEPrYZPmPNBydxFv6tyrBldjUCelOYsnvgI+KO8
SCnLgbNN8mM1ErJtirDV269n6uYWhSH13piJcPgQsZCJA69wfqSQZ9l5yC/Xvwj1
8zi2Of4dGX4rlv0A3grtpqsh6lkVljVs1nW4WTbkT+HXVMQmC5uMdniD1w1JmV/K
M5uKOdCoA9cdeL3nDjh3AtVdC6NMPwhVmUilCA+OmxdWM7X/vph7F1U1pdyzlxZ4
3qKmWTxbuX0ifbg3uw/V1PvhXlyeI91ahk+JhLKZFbyWmwR7uIcoZcVonQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFMJ5cfItIdx15BuJboO2MYo6fS6SMB8GA1UdIwQY
MBaAFDQHe0HpiHPn8G+x3z9dOcchsTQ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkFkN1FlbUljLWZ3YjdIZlAxMDV4eUd4TkQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC80NDg4MDAtODI5ZS00YjdhLTkyYzQt
Y2I3Y2JjYTdjMWUwLzEvd25seDhpMGgzSFhrRzRsdWc3WXhpanA5THBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC80NDg4MDAtODI5ZS00YjdhLTkyYzQtY2I3Y2JjYTdjMWUw
LzEvTkFkN1FlbUljLWZ3YjdIZlAxMDV4eUd4TkQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCH8D8MAwD
BANNXzgDBABNXzoDBABNXz0DBAJej8QDBADUKmcDBADUKmkDBALUKnwwDQYJKoZI
hvcNAQELBQADggEBAMVSTyABQgks0S0OOFulhM5fnZv59wlwSisVqYAOjU8Vwj3P
8dCdfOLEI6nPzfuZIWMGPeG5w+Ga56sXCwiT2TTLiWE4GztyFppX+yfbLGHnWt5f
qODxLvkwX37qcjzOpv2JCW+UNSc8Ym07KEI8bhMp6L7X6AWKzTVtSiJAhzv4HGtt
44Nbe6botubCL+QY9H326mvyiNJkvuLk34I5P29L2qeouCBXYmgaIKYtzMbaRdg6
I4pckN7FNEpD3LbKNVS/ppnizM+I3rRwsyV+L8rsVl68am6oz2TweDeghRDOTZb1
b2tQIxemAcTMzVcZd7zL2i5fJSAlZAOJ8eXGMEA=
-----END CERTIFICATE-----