Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/wR7zWKiEZx5YMAAeaqsx2GD7aFY.roa
File:                     wR7zWKiEZx5YMAAeaqsx2GD7aFY.roa (raw, json)
Hash identifier:          CA/JESAwaWCa8yHlAy95Z65uixt6PsP32/DDu7+qNB8=
Subject key identifier:   C1:1E:F3:58:A8:84:67:1E:58:30:00:1E:6A:AB:31:D8:60:FB:68:56
Certificate issuer:       /CN=2037512e5355e815acf064603f8ae3f5528a5e3b
Certificate serial:       01856FA6E527E2C1CF77FD50CEB15F2F15DB
Authority key identifier: 20:37:51:2E:53:55:E8:15:AC:F0:64:60:3F:8A:E3:F5:52:8A:5E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IDdRLlNV6BWs8GRgP4rj9VKKXjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/wR7zWKiEZx5YMAAeaqsx2GD7aFY.roa
Signing time:             Sun 01 Jan 2023 23:24:46 +0000
ROA not before:           Sun 01 Jan 2023 23:24:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60404
IP address blocks:        5.255.96.0/19 maxlen: 19
                          192.76.163.0/24 maxlen: 24
                          192.76.160.0/24 maxlen: 24
                          150.129.8.0/22 maxlen: 22
                          103.251.164.0/22 maxlen: 22
                          192.76.150.0/24 maxlen: 24
                          192.76.153.0/24 maxlen: 24
                          185.31.172.0/22 maxlen: 22
                          5.2.64.0/20 maxlen: 20
                          5.2.67.0/24 maxlen: 24
                          5.2.70.0/24 maxlen: 24
                          2a01:6340::/29 maxlen: 29
                          2a0f:6bc0::/29 maxlen: 29
                          2a04:52c0::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:a6:e5:27:e2:c1:cf:77:fd:50:ce:b1:5f:2f:15:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2037512e5355e815acf064603f8ae3f5528a5e3b
        Validity
            Not Before: Jan  1 23:24:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c11ef358a884671e5830001e6aab31d860fb6856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ab:15:67:da:e8:84:10:ad:f8:2e:07:99:ed:
                    88:6d:38:7f:ab:e4:11:54:3a:c3:4a:4c:6d:67:ea:
                    9c:d5:32:53:53:81:67:a4:77:fb:91:8b:d8:1f:31:
                    21:39:80:27:21:3f:d0:08:57:66:18:d8:d2:75:02:
                    23:60:4a:6d:72:0f:e7:2e:ea:05:5b:69:7f:b3:31:
                    72:47:fc:36:36:82:a3:2d:31:8a:a2:e4:c4:bc:c4:
                    87:ce:e8:64:9e:5b:76:c9:78:82:8c:c7:42:14:d7:
                    a0:c3:4e:81:e9:03:b0:a7:79:8d:11:1f:50:8e:4e:
                    72:bc:c3:b2:13:9e:d7:7b:2a:8f:d2:23:0b:7b:95:
                    1c:83:db:06:fe:1c:2e:99:8c:74:64:21:ee:69:e2:
                    06:cb:96:2f:a2:30:89:ff:81:5a:c5:6f:d9:c4:b9:
                    12:09:55:ac:c0:29:e9:d5:84:d8:31:08:73:bf:e6:
                    ce:ab:1c:59:54:fd:12:80:d5:e6:1b:61:6a:15:25:
                    90:48:57:43:f5:9b:64:6d:24:b2:be:34:fc:c0:d3:
                    39:cc:4d:da:50:92:76:da:d5:83:7c:2f:68:7f:ab:
                    b6:60:7c:ef:94:a8:dc:0d:f1:6b:65:60:66:e0:99:
                    d0:74:d5:18:f9:fb:c6:84:60:66:42:6e:52:0a:0e:
                    5e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:1E:F3:58:A8:84:67:1E:58:30:00:1E:6A:AB:31:D8:60:FB:68:56
            X509v3 Authority Key Identifier:
                keyid:20:37:51:2E:53:55:E8:15:AC:F0:64:60:3F:8A:E3:F5:52:8A:5E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IDdRLlNV6BWs8GRgP4rj9VKKXjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/wR7zWKiEZx5YMAAeaqsx2GD7aFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/b1475d-fcc2-48bb-ae01-c2ba24653f7b/1/IDdRLlNV6BWs8GRgP4rj9VKKXjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.2.64.0/20
                  5.255.96.0/19
                  103.251.164.0/22
                  150.129.8.0/22
                  185.31.172.0/22
                  192.76.150.0/24
                  192.76.153.0/24
                  192.76.160.0/24
                  192.76.163.0/24
                IPv6:
                  2a01:6340::/29
                  2a04:52c0::/32
                  2a0f:6bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:30:06:7e:40:58:07:3e:91:f2:39:54:a7:02:e0:24:01:3d:
         61:65:3e:0d:fb:97:69:be:b0:24:91:a5:00:2a:98:81:dd:ed:
         30:e9:7d:88:a6:9d:71:99:51:49:e3:21:b3:17:59:a7:3d:49:
         2a:b7:96:80:d3:19:5f:58:c6:14:46:8f:c3:75:ba:eb:71:92:
         75:bf:7f:8e:e6:c9:a3:e3:72:f5:89:89:48:df:37:18:bc:31:
         4b:be:33:1a:de:2a:27:6b:fc:a1:ba:f5:a8:9c:f3:9f:8b:7b:
         aa:39:00:20:5d:19:b6:8e:6c:24:bc:93:54:6f:1c:7c:cb:a9:
         08:28:33:e5:8d:2a:f2:ea:aa:e0:73:f3:76:76:6d:bf:be:28:
         a0:a7:1e:7a:ab:7b:50:4e:13:9f:57:90:7f:9c:8d:e4:91:19:
         01:29:59:d0:d1:ff:c7:5b:91:19:a9:87:30:d5:81:e3:ee:f7:
         c0:56:70:2e:a4:10:0d:da:44:d9:11:e3:5b:4c:d0:93:04:6e:
         5e:d4:92:f6:93:b7:f6:75:47:56:05:14:68:12:c0:d1:7f:20:
         d1:87:30:e0:58:c6:1b:7c:39:3b:29:11:2f:4c:6e:c9:e5:40:
         b4:50:85:04:75:5b:14:cf:8d:9a:2c:f7:d2:5c:29:93:a1:ac:
         99:90:40:0b
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYVvpuUn4sHPd/1QzrFfLxXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMzc1MTJlNTM1NWU4MTVhY2YwNjQ2MDNmOGFlM2Y1NTI4
YTVlM2IwHhcNMjMwMTAxMjMyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTFlZjM1OGE4ODQ2NzFlNTgzMDAwMWU2YWFiMzFkODYwZmI2ODU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqsVZ9rohBCt+C4Hme2IbTh/q+QR
VDrDSkxtZ+qc1TJTU4FnpHf7kYvYHzEhOYAnIT/QCFdmGNjSdQIjYEptcg/nLuoF
W2l/szFyR/w2NoKjLTGKouTEvMSHzuhknlt2yXiCjMdCFNegw06B6QOwp3mNER9Q
jk5yvMOyE57XeyqP0iMLe5Ucg9sG/hwumYx0ZCHuaeIGy5YvojCJ/4FaxW/ZxLkS
CVWswCnp1YTYMQhzv+bOqxxZVP0SgNXmG2FqFSWQSFdD9ZtkbSSyvjT8wNM5zE3a
UJJ22tWDfC9of6u2YHzvlKjcDfFrZWBm4JnQdNUY+fvGhGBmQm5SCg5ewwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFMEe81iohGceWDAAHmqrMdhg+2hWMB8GA1UdIwQY
MBaAFCA3US5TVegVrPBkYD+K4/VSil47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSURkUkxsTlY2QldzOEdSZ1A0cmo5VktLWGpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9iMTQ3NWQtZmNjMi00OGJiLWFlMDEt
YzJiYTI0NjUzZjdiLzEvd1I3eldLaUVaeDVZTUFBZWFxc3gyR0Q3YUZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9iMTQ3NWQtZmNjMi00OGJiLWFlMDEtYzJiYTI0NjUzZjdi
LzEvSURkUkxsTlY2QldzOEdSZ1A0cmo5VktLWGpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzA8BAIAATA2AwQEBQJAAwQF
Bf9gAwQCZ/ukAwQCloEIAwQCuR+sAwQAwEyWAwQAwEyZAwQAwEygAwQAwEyjMBsE
AgACMBUDBQMqAWNAAwUAKgRSwAMFAyoPa8AwDQYJKoZIhvcNAQELBQADggEBAJUw
Bn5AWAc+kfI5VKcC4CQBPWFlPg37l2m+sCSRpQAqmIHd7TDpfYimnXGZUUnjIbMX
Wac9SSq3loDTGV9YxhRGj8N1uutxknW/f47myaPjcvWJiUjfNxi8MUu+MxreKidr
/KG69aic85+Le6o5ACBdGbaObCS8k1RvHHzLqQgoM+WNKvLqquBz83Z2bb++KKCn
Hnqre1BOE59XkH+cjeSRGQEpWdDR/8dbkRmphzDVgePu98BWcC6kEA3aRNkR41tM
0JMEbl7UkvaTt/Z1R1YFFGgSwNF/INGHMOBYxht8OTspES9MbsnlQLRQhQR1WxTP
jZos99JcKZOhrJmQQAs=
-----END CERTIFICATE-----