Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f891c4-19ac-437c-b782-e1487a54c1e5/1/GQgEBFlv6k5ICecKA6VwWmn-fCg.roa
File:                     GQgEBFlv6k5ICecKA6VwWmn-fCg.roa (raw, json)
Hash identifier:          J9sWBMBXLXtc8aPUc6mNJejZ2rg8ZGBYTWPoROfK5UA=
Subject key identifier:   19:08:04:04:59:6F:EA:4E:48:09:E7:0A:03:A5:70:5A:69:FE:7C:28
Certificate issuer:       /CN=94a32e445c24ded9b85212d479b88008165ebdba
Certificate serial:       0184F71D40CE4E7D21B43D951DDFD0BA0414
Authority key identifier: 94:A3:2E:44:5C:24:DE:D9:B8:52:12:D4:79:B8:80:08:16:5E:BD:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lKMuRFwk3tm4UhLUebiACBZevbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f891c4-19ac-437c-b782-e1487a54c1e5/1/GQgEBFlv6k5ICecKA6VwWmn-fCg.roa
Signing time:             Fri 09 Dec 2022 13:40:00 +0000
ROA not before:           Fri 09 Dec 2022 13:40:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29608
IP address blocks:        178.20.64.0/21 maxlen: 21
                          193.47.70.0/24 maxlen: 24
                          193.47.75.0/24 maxlen: 24
                          193.47.86.0/24 maxlen: 24
                          193.46.252.0/24 maxlen: 24
                          185.101.208.0/22 maxlen: 22
                          185.152.24.0/22 maxlen: 22
                          185.152.24.0/23 maxlen: 23
                          185.226.48.0/22 maxlen: 22
                          185.152.26.0/23 maxlen: 23
                          193.239.192.0/23 maxlen: 23
                          2a07:81c0::/29 maxlen: 29
                          2a01:40c0::/29 maxlen: 29
                          2a0f:8340::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:f7:1d:40:ce:4e:7d:21:b4:3d:95:1d:df:d0:ba:04:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94a32e445c24ded9b85212d479b88008165ebdba
        Validity
            Not Before: Dec  9 13:40:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=19080404596fea4e4809e70a03a5705a69fe7c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c1:d4:d7:9c:bc:f4:dd:ec:63:5a:b3:93:00:
                    38:3f:55:a0:91:f6:02:70:93:a7:3f:90:80:45:98:
                    7d:10:2f:d8:98:40:c0:bf:63:e4:33:17:b4:76:c2:
                    71:59:f1:68:68:b2:99:df:33:a4:34:eb:2e:53:73:
                    28:15:78:26:17:f2:83:ee:79:c4:11:af:8e:f7:f8:
                    53:c1:60:3a:43:0a:2e:72:4a:18:0b:a1:ad:b8:dc:
                    11:d5:c5:15:f2:26:e2:34:d3:bf:e5:47:a2:91:08:
                    14:c9:06:d7:b9:e0:83:35:ab:ca:b7:51:aa:62:7a:
                    9e:06:e1:a9:45:72:db:12:ad:b7:5c:90:c4:7f:38:
                    83:bd:a0:2f:e2:bd:ab:4f:2f:de:2f:b2:98:cc:2d:
                    a2:a8:68:39:e9:95:82:c6:22:f0:4e:c1:04:fd:22:
                    92:40:d7:2c:b0:db:47:de:ed:0f:ee:4b:d1:ed:fe:
                    e1:91:2b:38:13:4c:f4:a4:5d:2c:a0:f0:dd:1b:37:
                    c0:6c:da:55:10:75:f8:f6:02:5e:62:8c:94:48:3e:
                    0a:99:a6:b7:a4:4b:3d:55:41:78:93:b6:6b:8e:fa:
                    56:f8:e0:4c:f4:0c:36:5c:20:2b:16:4e:0c:bc:00:
                    9a:1b:a4:34:8f:25:02:9a:7f:6a:64:14:3c:fc:4d:
                    91:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:08:04:04:59:6F:EA:4E:48:09:E7:0A:03:A5:70:5A:69:FE:7C:28
            X509v3 Authority Key Identifier:
                keyid:94:A3:2E:44:5C:24:DE:D9:B8:52:12:D4:79:B8:80:08:16:5E:BD:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lKMuRFwk3tm4UhLUebiACBZevbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f891c4-19ac-437c-b782-e1487a54c1e5/1/GQgEBFlv6k5ICecKA6VwWmn-fCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f891c4-19ac-437c-b782-e1487a54c1e5/1/lKMuRFwk3tm4UhLUebiACBZevbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.64.0/21
                  185.101.208.0/22
                  185.152.24.0/22
                  185.226.48.0/22
                  193.46.252.0/24
                  193.47.70.0/24
                  193.47.75.0/24
                  193.47.86.0/24
                  193.239.192.0/23
                IPv6:
                  2a01:40c0::/29
                  2a07:81c0::/29
                  2a0f:8340::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:97:fc:be:00:cd:91:97:4a:79:fc:60:a1:c4:6a:d6:73:c7:
         e9:37:41:37:d0:18:58:46:39:cb:48:3c:a4:af:2c:4c:4d:fb:
         bc:f0:f6:cd:b2:bd:d7:4f:fa:03:0c:11:2a:23:27:12:a9:de:
         3d:e5:42:ee:94:ec:f2:7d:6b:5d:41:77:a7:67:be:44:62:02:
         95:8c:e6:31:60:1b:24:5c:10:72:bb:a1:8e:bd:6c:62:b4:ad:
         a9:af:42:e3:1e:9a:4c:98:87:54:60:53:25:dd:58:52:60:9a:
         7e:77:6f:9d:cd:bf:9e:ec:72:f2:cb:6a:b2:0a:f4:f2:23:00:
         5f:d6:a1:64:c9:8a:1d:62:03:c6:65:09:30:a6:a0:9f:29:e7:
         97:48:c6:fc:3e:65:4a:8b:c3:2f:08:66:3b:a4:a9:0e:d8:55:
         c9:33:4b:56:db:54:e6:5a:62:30:5f:70:26:c2:7b:44:d4:1a:
         b3:2c:61:35:95:89:47:70:f0:af:4f:86:ed:fe:50:78:90:5a:
         e6:5f:fa:f2:0c:6b:e3:ea:64:1d:17:cd:fe:b1:92:4b:7f:fc:
         b8:0b:a3:33:08:a3:ed:cc:ba:31:e2:83:04:79:e5:66:1d:30:
         50:f3:7c:70:f6:16:ea:45:98:aa:98:ef:d2:2a:26:4e:10:31:
         fa:62:0c:ee
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYT3HUDOTn0htD2VHd/QugQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YTMyZTQ0NWMyNGRlZDliODUyMTJkNDc5Yjg4MDA4MTY1
ZWJkYmEwHhcNMjIxMjA5MTM0MDAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTA4MDQwNDU5NmZlYTRlNDgwOWU3MGEwM2E1NzA1YTY5ZmU3YzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMHU15y89N3sY1qzkwA4P1WgkfYC
cJOnP5CARZh9EC/YmEDAv2PkMxe0dsJxWfFoaLKZ3zOkNOsuU3MoFXgmF/KD7nnE
Ea+O9/hTwWA6QwouckoYC6GtuNwR1cUV8ibiNNO/5UeikQgUyQbXueCDNavKt1Gq
YnqeBuGpRXLbEq23XJDEfziDvaAv4r2rTy/eL7KYzC2iqGg56ZWCxiLwTsEE/SKS
QNcssNtH3u0P7kvR7f7hkSs4E0z0pF0soPDdGzfAbNpVEHX49gJeYoyUSD4Kmaa3
pEs9VUF4k7ZrjvpW+OBM9Aw2XCArFk4MvACaG6Q0jyUCmn9qZBQ8/E2R+QIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFBkIBARZb+pOSAnnCgOlcFpp/nwoMB8GA1UdIwQY
MBaAFJSjLkRcJN7ZuFIS1Hm4gAgWXr26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEtNdVJGd2szdG00VWhMVWViaUFDQlpldmJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mODkxYzQtMTlhYy00MzdjLWI3ODIt
ZTE0ODdhNTRjMWU1LzEvR1FnRUJGbHY2azVJQ2VjS0E2VndXbW4tZkNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mODkxYzQtMTlhYy00MzdjLWI3ODItZTE0ODdhNTRjMWU1
LzEvbEtNdVJGd2szdG00VWhMVWViaUFDQlpldmJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzA8BAIAATA2AwQDshRAAwQC
uWXQAwQCuZgYAwQCueIwAwQAwS78AwQAwS9GAwQAwS9LAwQAwS9WAwQBwe/AMBsE
AgACMBUDBQMqAUDAAwUDKgeBwAMFAyoPg0AwDQYJKoZIhvcNAQELBQADggEBAIKX
/L4AzZGXSnn8YKHEatZzx+k3QTfQGFhGOctIPKSvLExN+7zw9s2yvddP+gMMESoj
JxKp3j3lQu6U7PJ9a11Bd6dnvkRiApWM5jFgGyRcEHK7oY69bGK0ramvQuMemkyY
h1RgUyXdWFJgmn53b53Nv57scvLLarIK9PIjAF/WoWTJih1iA8ZlCTCmoJ8p55dI
xvw+ZUqLwy8IZjukqQ7YVckzS1bbVOZaYjBfcCbCe0TUGrMsYTWViUdw8K9Phu3+
UHiQWuZf+vIMa+PqZB0Xzf6xkkt//LgLozMIo+3MujHigwR55WYdMFDzfHD2FupF
mKqY79IqJk4QMfpiDO4=
-----END CERTIFICATE-----