Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Shf2soTFC9rho0W5mfGXMRBbeSs.roa
File:                     Shf2soTFC9rho0W5mfGXMRBbeSs.roa (raw, json)
Hash identifier:          pgZ6s9KmSst/JAx89iqeL+g0hJsFTZLuMOCZi8zkHto=
Subject key identifier:   4A:17:F6:B2:84:C5:0B:DA:E1:A3:45:B9:99:F1:97:31:10:5B:79:2B
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0187E6DA804E9C880C4101DF03FE0675346C
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Shf2soTFC9rho0W5mfGXMRBbeSs.roa
Signing time:             Thu 04 May 2023 13:01:32 +0000
ROA not before:           Thu 04 May 2023 13:01:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8100
IP address blocks:        5.105.151.0/24 maxlen: 24
                          5.105.148.0/24 maxlen: 24
                          5.105.149.0/24 maxlen: 24
                          5.105.150.0/24 maxlen: 24
                          5.105.232.0/24 maxlen: 24
                          5.105.233.0/24 maxlen: 24
                          5.105.234.0/24 maxlen: 24
                          5.105.235.0/24 maxlen: 24
                          5.105.236.0/24 maxlen: 24
                          217.67.64.0/20 maxlen: 20
                          5.105.175.0/24 maxlen: 24
                          5.105.177.0/24 maxlen: 24
                          5.105.178.0/24 maxlen: 24
                          5.105.174.0/24 maxlen: 24
                          5.105.182.0/24 maxlen: 24
                          5.105.183.0/24 maxlen: 24
                          5.105.180.0/24 maxlen: 24
                          5.105.181.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e6:da:80:4e:9c:88:0c:41:01:df:03:fe:06:75:34:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: May  4 13:01:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a17f6b284c50bdae1a345b999f19731105b792b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7f:66:0e:f5:49:9f:da:7b:a8:7c:e7:24:7e:
                    b1:2d:fd:ef:2a:15:8c:c8:d4:d4:2d:2d:e9:9d:01:
                    a7:00:70:45:78:27:bd:05:6b:8d:90:75:54:11:a1:
                    a9:c8:bc:77:dd:96:65:1d:6a:b1:50:c8:9c:cd:d8:
                    f6:5e:51:9c:ce:c9:99:22:a1:67:cf:a0:1e:93:c7:
                    73:e1:12:33:f1:ae:34:9d:fd:c2:20:84:07:fb:fa:
                    7c:99:05:a7:af:05:d5:8a:c1:7b:0d:f4:d5:f1:1f:
                    29:aa:a3:ff:cd:11:c5:4f:82:0b:c6:b7:89:76:06:
                    0e:5f:1c:0d:9c:95:32:b6:b4:2b:f8:3e:d6:d1:ff:
                    ec:c3:8b:e6:a7:6d:06:9c:36:a7:a5:9c:79:6d:84:
                    4c:ad:b1:e8:a6:b8:68:7a:f9:28:42:c9:f4:b0:ec:
                    01:f2:db:97:5a:bb:09:ad:34:53:b7:05:55:ca:2e:
                    18:1e:5a:b9:b6:f3:48:e0:7e:4e:2c:7a:cc:cf:06:
                    bd:9e:f5:0f:33:b5:b7:1b:f6:7f:0b:c4:bd:38:f5:
                    a1:b4:84:98:94:ab:6e:49:65:45:05:d0:00:51:f8:
                    a7:06:21:8e:e1:4f:c1:ec:29:1d:9d:3e:ad:fa:fa:
                    fc:21:b2:14:60:ee:00:aa:cf:a9:29:99:27:6d:6f:
                    f3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:17:F6:B2:84:C5:0B:DA:E1:A3:45:B9:99:F1:97:31:10:5B:79:2B
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Shf2soTFC9rho0W5mfGXMRBbeSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.148.0/22
                  5.105.174.0/23
                  5.105.177.0-5.105.178.255
                  5.105.180.0/22
                  5.105.232.0-5.105.236.255
                  217.67.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7d:bc:72:39:80:a3:49:3f:5a:a5:4b:4d:81:a0:72:b2:3d:dd:
         7a:f6:23:88:d4:1f:ab:5d:37:2a:77:f6:1c:31:18:a1:e2:6a:
         02:b7:f9:59:c7:2f:12:c2:a0:16:b4:87:f6:27:71:30:e6:52:
         f3:7a:c5:c9:b1:2d:3a:cb:81:48:5c:2a:42:47:e2:59:00:df:
         74:45:04:a0:56:01:38:a3:03:b6:e0:9c:e8:15:a0:59:be:df:
         41:2f:2d:da:4d:3f:72:57:06:70:ed:1e:29:6b:ce:90:20:41:
         af:28:42:10:1f:c8:af:09:0f:20:c9:71:1c:07:59:da:cd:a9:
         b0:6f:fa:f9:bc:60:ae:52:2e:ff:64:7a:87:99:e8:26:ff:c0:
         85:06:81:59:52:e2:ef:30:84:75:70:e6:1b:8c:91:92:60:75:
         90:8f:47:1e:f2:e8:1e:1d:56:a6:fd:62:18:40:81:cf:a6:ad:
         d6:36:a6:26:00:24:5e:fe:ff:ee:d3:1b:d2:a6:fa:53:34:f4:
         fa:71:45:b9:d0:cf:2a:0e:31:0f:85:55:bb:91:a0:02:ee:0c:
         19:79:86:ee:8f:ef:e5:f2:07:56:1e:c0:87:b4:a4:e4:5c:16:
         e9:62:96:2c:52:f1:ad:c1:da:4c:82:98:d4:83:fc:76:15:2c:
         9b:08:74:f9
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYfm2oBOnIgMQQHfA/4GdTRsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwNTA0MTMwMTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTE3ZjZiMjg0YzUwYmRhZTFhMzQ1Yjk5OWYxOTczMTEwNWI3OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1X9mDvVJn9p7qHznJH6xLf3vKhWM
yNTULS3pnQGnAHBFeCe9BWuNkHVUEaGpyLx33ZZlHWqxUMiczdj2XlGczsmZIqFn
z6Aek8dz4RIz8a40nf3CIIQH+/p8mQWnrwXVisF7DfTV8R8pqqP/zRHFT4ILxreJ
dgYOXxwNnJUytrQr+D7W0f/sw4vmp20GnDanpZx5bYRMrbHoprhoevkoQsn0sOwB
8tuXWrsJrTRTtwVVyi4YHlq5tvNI4H5OLHrMzwa9nvUPM7W3G/Z/C8S9OPWhtISY
lKtuSWVFBdAAUfinBiGO4U/B7CkdnT6t+vr8IbIUYO4Aqs+pKZknbW/zOQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFEoX9rKExQva4aNFuZnxlzEQW3krMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvU2hmMnNvVEZDOXJobzBXNW1mR1hNUkJiZVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQCBWmUAwQB
BWmuMAwDBAAFabEDBAAFabIDBAIFabQwDAMEAwVp6AMEAAVp7AMEBNlDQDANBgkq
hkiG9w0BAQsFAAOCAQEAfbxyOYCjST9apUtNgaBysj3devYjiNQfq103Knf2HDEY
oeJqArf5WccvEsKgFrSH9idxMOZS83rFybEtOsuBSFwqQkfiWQDfdEUEoFYBOKMD
tuCc6BWgWb7fQS8t2k0/clcGcO0eKWvOkCBBryhCEB/IrwkPIMlxHAdZ2s2psG/6
+bxgrlIu/2R6h5noJv/AhQaBWVLi7zCEdXDmG4yRkmB1kI9HHvLoHh1Wpv1iGECB
z6at1jamJgAkXv7/7tMb0qb6UzT0+nFFudDPKg4xD4VVu5GgAu4MGXmG7o/v5fIH
Vh7Ah7Sk5FwW6WKWLFLxrcHaTIKY1IP8dhUsmwh0+Q==
-----END CERTIFICATE-----