Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/3MplvQwrryNGHOry1suzZuKO5KY.roa
File:                     3MplvQwrryNGHOry1suzZuKO5KY.roa (raw, json)
Hash identifier:          CpfIpVYhBgACPbm4W2ZPEbAR0V8LRLc2yv1Y/FnhO+c=
Subject key identifier:   DC:CA:65:BD:0C:2B:AF:23:46:1C:EA:F2:D6:CB:B3:66:E2:8E:E4:A6
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       01849BA165C396E65373A35D3D49274D498A
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/3MplvQwrryNGHOry1suzZuKO5KY.roa
Signing time:             Mon 21 Nov 2022 19:19:16 +0000
ROA not before:           Mon 21 Nov 2022 19:19:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44477
IP address blocks:        185.231.205.0/24 maxlen: 24
                          185.231.204.0/24 maxlen: 24
                          185.231.207.0/24 maxlen: 24
                          193.57.138.0/24 maxlen: 24
                          93.185.166.0/24 maxlen: 24
                          45.87.154.0/24 maxlen: 24
                          45.8.145.0/24 maxlen: 24
                          45.8.144.0/24 maxlen: 24
                          45.84.0.0/24 maxlen: 24
                          45.84.1.0/24 maxlen: 24
                          194.4.48.0/24 maxlen: 24
                          194.4.51.0/24 maxlen: 24
                          194.4.49.0/24 maxlen: 24
                          45.159.250.0/24 maxlen: 24
                          45.159.248.0/24 maxlen: 24
                          45.67.35.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9b:a1:65:c3:96:e6:53:73:a3:5d:3d:49:27:4d:49:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Nov 21 19:19:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dcca65bd0c2baf23461ceaf2d6cbb366e28ee4a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:dc:8d:d2:97:4c:74:33:56:24:28:ae:47:7a:
                    73:08:cb:31:91:cc:a5:a8:03:c2:75:db:ca:c7:e2:
                    ee:16:14:fb:98:5f:a0:da:68:e8:f4:2d:a1:fb:3a:
                    38:61:12:93:ec:4d:87:11:31:af:64:66:9f:e7:9e:
                    f1:83:90:ae:25:99:c3:09:c3:c0:12:9c:b5:be:ef:
                    b1:a1:e1:8f:bf:a5:f3:66:ec:96:41:dc:78:65:6d:
                    d6:ce:69:ca:56:ed:2b:32:bb:c0:e1:a6:d6:6e:d3:
                    a2:bb:68:97:ed:10:58:6d:7d:76:24:fc:2b:45:8b:
                    43:28:85:e5:63:fd:57:3e:ea:0f:c7:03:d7:45:b3:
                    7b:9b:7f:43:94:ce:f3:60:26:76:17:8f:90:bd:42:
                    f0:e2:43:fd:5b:61:3f:05:e0:61:d9:4b:54:78:75:
                    79:61:55:47:70:5c:03:14:48:b0:1a:d8:04:47:b7:
                    00:f2:c0:69:a1:a2:bd:60:9d:ff:d3:29:4f:b4:13:
                    6f:2d:d9:55:c2:29:f7:26:ff:60:f9:39:eb:3e:21:
                    cb:53:30:eb:7b:9b:f7:95:d9:d6:e1:96:e6:f4:40:
                    c8:64:22:95:b8:48:99:68:cd:96:e8:49:e3:40:5e:
                    d1:c8:4b:ad:56:a0:e7:6b:f3:ec:53:ac:16:51:b6:
                    d5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:CA:65:BD:0C:2B:AF:23:46:1C:EA:F2:D6:CB:B3:66:E2:8E:E4:A6
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/3MplvQwrryNGHOry1suzZuKO5KY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.144.0/23
                  45.67.35.0/24
                  45.84.0.0/23
                  45.87.154.0/24
                  45.159.248.0/24
                  45.159.250.0/24
                  93.185.166.0/24
                  185.231.204.0/23
                  185.231.207.0/24
                  193.57.138.0/24
                  194.4.48.0/23
                  194.4.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:bf:b8:6b:a9:4b:7d:8c:69:71:81:64:5a:38:21:db:0c:e5:
         f4:7d:39:b7:d7:d2:88:4d:6b:b0:a8:c9:07:06:6a:9d:c3:1a:
         86:2d:a7:97:31:b4:72:0d:59:fd:8f:3c:2e:e2:18:85:f1:47:
         d3:68:1d:a7:ef:6c:6c:c8:f3:6c:ae:29:41:31:dc:4e:d6:54:
         ad:4d:56:92:00:9e:14:c8:a5:ad:2c:40:03:a0:7f:3f:ff:48:
         ec:42:8f:05:3b:06:72:81:34:e0:b9:65:f1:cb:04:13:28:f1:
         f4:19:69:86:eb:ce:02:8c:5e:92:9f:4b:87:d7:0c:14:e9:23:
         1c:24:61:c2:c7:3d:65:c2:c6:bf:57:26:77:27:72:b1:d9:82:
         b2:be:92:67:b0:8b:8c:5d:8e:71:5c:c5:6d:e8:70:29:08:9a:
         62:0c:40:89:4a:5e:aa:c8:0b:8e:c9:04:40:bc:9f:07:c4:e3:
         53:66:a3:32:cf:70:4e:2c:60:52:c2:26:03:c6:5b:ac:33:26:
         fc:9a:55:9d:29:35:78:c7:25:f5:7b:30:7c:d0:00:24:f4:35:
         2d:7b:56:a0:5e:d0:c3:37:63:32:2b:5d:6b:b5:96:fd:ed:c1:
         e7:ee:a7:f8:87:c0:a7:f3:b8:93:4d:74:5c:fd:76:69:6b:12:
         e1:bd:e4:16
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYSboWXDluZTc6NdPUknTUmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjIxMTIxMTkxOTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2NhNjViZDBjMmJhZjIzNDYxY2VhZjJkNmNiYjM2NmUyOGVlNGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidyN0pdMdDNWJCiuR3pzCMsxkcyl
qAPCddvKx+LuFhT7mF+g2mjo9C2h+zo4YRKT7E2HETGvZGaf557xg5CuJZnDCcPA
Epy1vu+xoeGPv6XzZuyWQdx4ZW3WzmnKVu0rMrvA4abWbtOiu2iX7RBYbX12JPwr
RYtDKIXlY/1XPuoPxwPXRbN7m39DlM7zYCZ2F4+QvULw4kP9W2E/BeBh2UtUeHV5
YVVHcFwDFEiwGtgER7cA8sBpoaK9YJ3/0ylPtBNvLdlVwin3Jv9g+TnrPiHLUzDr
e5v3ldnW4Zbm9EDIZCKVuEiZaM2W6EnjQF7RyEutVqDna/PsU6wWUbbV/QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNzKZb0MK68jRhzq8tbLs2bijuSmMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvM01wbHZRd3JyeU5HSE9yeTFzdXpadUtPNUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQBLQiQAwQA
LUMjAwQBLVQAAwQALVeaAwQALZ/4AwQALZ/6AwQAXbmmAwQBuefMAwQAuefPAwQA
wTmKAwQBwgQwAwQAwgQzMA0GCSqGSIb3DQEBCwUAA4IBAQA8v7hrqUt9jGlxgWRa
OCHbDOX0fTm319KITWuwqMkHBmqdwxqGLaeXMbRyDVn9jzwu4hiF8UfTaB2n72xs
yPNsrilBMdxO1lStTVaSAJ4UyKWtLEADoH8//0jsQo8FOwZygTTguWXxywQTKPH0
GWmG684CjF6Sn0uH1wwU6SMcJGHCxz1lwsa/VyZ3J3Kx2YKyvpJnsIuMXY5xXMVt
6HApCJpiDECJSl6qyAuOyQRAvJ8HxONTZqMyz3BOLGBSwiYDxlusMyb8mlWdKTV4
xyX1ezB80AAk9DUte1agXtDDN2MyK11rtZb97cHn7qf4h8Cn87iTTXRc/XZpaxLh
veQW
-----END CERTIFICATE-----