Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/IXbUxutuZL_9NnjYWq79VKckH48.roa
File:                     IXbUxutuZL_9NnjYWq79VKckH48.roa (raw, json)
Hash identifier:          O6gDJGuwchvrb/2KHuYcqprD+vdTh0zW4oLILIbXfNI=
Subject key identifier:   21:76:D4:C6:EB:6E:64:BF:FD:36:78:D8:5A:AE:FD:54:A7:24:1F:8F
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0186EB163F8396236E461C49D868BE7BD896
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/IXbUxutuZL_9NnjYWq79VKckH48.roa
Signing time:             Thu 16 Mar 2023 15:42:29 +0000
ROA not before:           Thu 16 Mar 2023 15:42:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8100
IP address blocks:        5.105.151.0/24 maxlen: 24
                          5.105.148.0/24 maxlen: 24
                          5.105.149.0/24 maxlen: 24
                          5.105.150.0/24 maxlen: 24
                          91.200.212.0/22 maxlen: 24
                          5.105.232.0/24 maxlen: 24
                          5.105.233.0/24 maxlen: 24
                          5.105.234.0/24 maxlen: 24
                          5.105.235.0/24 maxlen: 24
                          5.105.236.0/24 maxlen: 24
                          217.67.64.0/20 maxlen: 20
                          5.105.175.0/24 maxlen: 24
                          5.105.177.0/24 maxlen: 24
                          5.105.178.0/24 maxlen: 24
                          5.105.174.0/24 maxlen: 24
                          5.105.182.0/24 maxlen: 24
                          5.105.183.0/24 maxlen: 24
                          5.105.180.0/24 maxlen: 24
                          5.105.181.0/24 maxlen: 24
                          85.255.176.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:eb:16:3f:83:96:23:6e:46:1c:49:d8:68:be:7b:d8:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Mar 16 15:42:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2176d4c6eb6e64bffd3678d85aaefd54a7241f8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4e:88:3b:f5:00:3e:98:86:e7:db:f5:4c:6c:
                    48:2b:f6:50:4c:f6:f5:27:0d:2a:f4:fb:b8:68:63:
                    61:fe:12:cf:02:51:de:b7:7d:3e:5e:10:de:06:74:
                    79:a1:f2:55:d0:e0:83:c3:5d:e4:41:05:64:87:f1:
                    65:55:81:05:53:6f:ea:44:a8:24:d7:0e:82:e6:fe:
                    de:91:a3:2c:63:a3:cb:d9:8a:79:d6:27:44:52:cd:
                    2a:20:4e:ba:65:d1:b9:89:c5:9a:fc:02:80:23:54:
                    99:3b:f7:35:17:1e:3f:1a:c1:1e:93:47:2e:d9:04:
                    3f:ac:c2:5a:01:e8:e6:90:a4:bc:c3:7a:3f:4d:84:
                    be:ab:d3:9a:bd:f0:61:f9:84:9e:be:19:71:a1:bd:
                    f6:0e:46:4d:e3:f3:78:5a:78:9d:1c:39:fc:31:2c:
                    1a:4c:de:c9:76:6a:fa:51:e3:4f:d6:15:1c:da:5a:
                    91:42:14:3d:60:98:44:f0:8a:df:47:c4:92:e0:9d:
                    dc:63:2d:87:5b:8d:eb:48:a0:b1:3d:4e:a8:04:1f:
                    07:22:9a:67:97:13:c4:7b:dd:48:0e:ee:ad:ea:f0:
                    76:94:e4:66:d9:7a:7e:50:f4:42:4a:2f:ad:3e:e7:
                    36:dc:9c:3e:7d:b0:a6:a1:e8:b8:82:9d:98:c0:2e:
                    21:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:76:D4:C6:EB:6E:64:BF:FD:36:78:D8:5A:AE:FD:54:A7:24:1F:8F
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/IXbUxutuZL_9NnjYWq79VKckH48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.148.0/22
                  5.105.174.0/23
                  5.105.177.0-5.105.178.255
                  5.105.180.0/22
                  5.105.232.0-5.105.236.255
                  85.255.176.0/21
                  91.200.212.0/22
                  217.67.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         37:df:fa:06:6f:42:f6:da:25:c5:b7:b6:25:4a:2d:a2:ea:41:
         cd:4c:a1:d6:f7:c7:d3:3c:24:3e:44:83:50:e6:ae:b2:34:fa:
         2b:16:2e:20:2e:73:dd:5b:5d:8d:c1:0a:13:be:70:d9:89:ee:
         f0:5e:4c:5e:c6:38:a2:bd:8a:99:f3:cb:51:02:19:ff:02:35:
         a9:30:d2:b2:50:34:68:e7:58:08:84:b7:ef:69:68:b7:df:9d:
         77:72:63:1f:10:30:e5:a8:b9:fe:74:3c:99:7f:e2:a7:f4:c0:
         12:f8:69:41:17:9e:e1:5b:39:47:76:cc:8a:3a:61:53:c5:9a:
         4f:da:55:7e:7a:56:d6:5e:c4:93:63:ed:74:1b:d7:1e:16:1d:
         0e:d6:2a:d9:88:0e:e1:24:28:e1:09:24:57:97:36:3c:55:6a:
         5d:ce:e6:91:04:19:7f:ad:37:a0:3b:7c:36:34:99:9f:5a:c4:
         24:bb:ad:9a:87:20:eb:d5:d1:33:ef:51:2b:50:e3:0b:56:2b:
         12:ca:9a:ce:96:29:1f:47:71:ce:cc:22:f7:13:6e:9e:77:82:
         4f:ab:55:0d:04:1d:87:5a:05:cb:a0:3e:cf:4b:37:08:a7:82:
         86:02:88:7a:56:97:69:65:30:74:aa:8c:ba:6e:0f:16:8a:da:
         51:c7:b9:35
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYbrFj+DliNuRhxJ2Gi+e9iWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwMzE2MTU0MjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTc2ZDRjNmViNmU2NGJmZmQzNjc4ZDg1YWFlZmQ1NGE3MjQxZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo06IO/UAPpiG59v1TGxIK/ZQTPb1
Jw0q9Pu4aGNh/hLPAlHet30+XhDeBnR5ofJV0OCDw13kQQVkh/FlVYEFU2/qRKgk
1w6C5v7ekaMsY6PL2Yp51idEUs0qIE66ZdG5icWa/AKAI1SZO/c1Fx4/GsEek0cu
2QQ/rMJaAejmkKS8w3o/TYS+q9OavfBh+YSevhlxob32DkZN4/N4WnidHDn8MSwa
TN7Jdmr6UeNP1hUc2lqRQhQ9YJhE8IrfR8SS4J3cYy2HW43rSKCxPU6oBB8HIppn
lxPEe91IDu6t6vB2lORm2Xp+UPRCSi+tPuc23Jw+fbCmoei4gp2YwC4hSQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFCF21MbrbmS//TZ42Fqu/VSnJB+PMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvSVhiVXh1dHVaTF85Tm5qWVdxNzlWS2NrSDQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCBWmUAwQB
BWmuMAwDBAAFabEDBAAFabIDBAIFabQwDAMEAwVp6AMEAAVp7AMEA1X/sAMEAlvI
1AMEBNlDQDANBgkqhkiG9w0BAQsFAAOCAQEAN9/6Bm9C9tolxbe2JUotoupBzUyh
1vfH0zwkPkSDUOausjT6KxYuIC5z3VtdjcEKE75w2Ynu8F5MXsY4or2KmfPLUQIZ
/wI1qTDSslA0aOdYCIS372lot9+dd3JjHxAw5ai5/nQ8mX/ip/TAEvhpQRee4Vs5
R3bMijphU8WaT9pVfnpW1l7Ek2PtdBvXHhYdDtYq2YgO4SQo4QkkV5c2PFVqXc7m
kQQZf603oDt8NjSZn1rEJLutmocg69XRM+9RK1DjC1YrEsqazpYpH0dxzswi9xNu
nneCT6tVDQQdh1oFy6A+z0s3CKeChgKIelaXaWUwdKqMum4PForaUce5NQ==
-----END CERTIFICATE-----