Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/fm7uQ_W-tx9FDkea2WnLqy_eC-s.roa
File:                     fm7uQ_W-tx9FDkea2WnLqy_eC-s.roa (raw, json)
Hash identifier:          DV8+0DLo0Y6flUnuWn6DqOHw3Mec+ke4ze+Rf6aYKX0=
Subject key identifier:   7E:6E:EE:43:F5:BE:B7:1F:45:0E:47:9A:D9:69:CB:AB:2F:DE:0B:EB
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01852ABADA66F2A766702B6407AC8EC4E8C3
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/fm7uQ_W-tx9FDkea2WnLqy_eC-s.roa
Signing time:             Mon 19 Dec 2022 14:12:46 +0000
ROA not before:           Mon 19 Dec 2022 14:12:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202496
IP address blocks:        104.239.92.0/23 maxlen: 23
                          104.143.254.0/23 maxlen: 23
                          216.173.78.0/23 maxlen: 23
                          104.233.20.0/24 maxlen: 24
                          104.249.30.0/23 maxlen: 23
                          216.173.80.0/23 maxlen: 23
                          216.173.88.0/23 maxlen: 23
                          45.43.176.0/20 maxlen: 20
                          104.239.13.0/24 maxlen: 24
                          104.143.235.0/24 maxlen: 24
                          104.143.252.0/24 maxlen: 24
                          104.249.60.0/23 maxlen: 23
                          104.143.248.0/22 maxlen: 22
                          104.238.4.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2a:ba:da:66:f2:a7:66:70:2b:64:07:ac:8e:c4:e8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Dec 19 14:12:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7e6eee43f5beb71f450e479ad969cbab2fde0beb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:57:88:c5:a5:26:95:2c:40:f8:35:2c:ac:02:
                    81:0e:07:1d:a0:12:b2:22:1b:59:7b:f7:d5:be:1d:
                    b9:bd:05:ba:3d:a7:ac:3c:81:d4:a7:5a:cc:45:1e:
                    a4:8e:ae:ee:72:5e:b5:85:71:8c:6b:b4:87:a5:c8:
                    8a:9c:27:bc:7b:6d:65:6d:ca:38:25:37:3a:c6:5b:
                    4f:da:21:a8:a6:31:5c:5e:1a:18:db:6d:d4:71:d0:
                    59:e6:44:73:a1:54:77:3f:59:33:cf:9f:0d:06:30:
                    e7:0d:10:86:59:5b:9d:3d:c3:a9:5a:df:80:5c:7f:
                    74:9e:d8:9d:d8:32:7b:73:72:79:d1:d6:ba:40:0a:
                    60:76:a6:e7:c0:97:d3:be:8b:e4:02:76:aa:e7:d4:
                    bd:a3:88:1a:17:b4:8d:c9:02:8c:66:d9:2b:16:32:
                    ce:13:66:42:99:e1:e3:12:01:3a:a6:c8:35:5f:3b:
                    8e:64:d8:6f:be:cd:0c:9a:cc:e5:07:13:28:c4:54:
                    2c:d0:90:7d:70:19:17:39:46:1d:44:21:9e:c9:ba:
                    95:90:41:e0:f5:73:95:73:a3:48:0d:57:a6:74:aa:
                    80:ca:a4:21:62:20:3d:b9:be:5a:8c:2f:e8:d9:f8:
                    6a:6d:60:c4:4f:e8:e0:84:ad:c9:89:83:25:4b:44:
                    d2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:6E:EE:43:F5:BE:B7:1F:45:0E:47:9A:D9:69:CB:AB:2F:DE:0B:EB
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/fm7uQ_W-tx9FDkea2WnLqy_eC-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.176.0/20
                  104.143.235.0/24
                  104.143.248.0-104.143.252.255
                  104.143.254.0/23
                  104.233.20.0/24
                  104.238.4.0/23
                  104.239.13.0/24
                  104.239.92.0/23
                  104.249.30.0/23
                  104.249.60.0/23
                  216.173.78.0-216.173.81.255
                  216.173.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:70:c7:ff:c6:42:dc:10:6c:9d:d3:f5:35:d2:c0:ce:2f:be:
         4f:23:5b:bb:1f:4d:23:b0:a4:57:07:6d:18:1b:ce:0d:72:55:
         7a:f1:25:23:90:ea:93:ec:30:6c:12:d8:5d:6a:04:53:d5:2e:
         69:ad:2d:4d:3b:ee:f5:44:1e:54:9b:11:5f:b5:9e:d5:e2:3a:
         6f:b3:ed:37:a5:bb:2a:34:c4:15:f6:22:98:b2:ad:4b:56:08:
         33:28:ec:20:ad:8d:6d:ec:87:56:47:42:c1:b9:f4:9a:fa:f3:
         ca:a3:de:cc:12:fe:53:bb:85:df:d0:02:29:1e:61:34:a5:c3:
         77:9f:83:dd:ea:5c:0c:ed:16:cc:a0:0e:e5:c3:2a:c8:bd:df:
         19:55:ec:f4:74:67:e8:cd:36:94:f3:72:e0:9c:c4:6e:8e:9a:
         b3:bc:a5:93:97:9d:86:ea:a4:ca:43:c5:b7:cf:28:6d:59:58:
         92:d1:4a:ed:6b:fa:bc:90:25:08:d0:cb:7c:fd:2a:84:9b:b5:
         de:94:ee:67:b2:1f:a1:6d:e9:53:f9:ab:c5:32:90:ee:20:aa:
         8c:ae:a1:56:98:0a:d9:33:ae:8f:db:e4:49:52:c3:a4:e2:74:
         d1:56:7d:fa:cb:25:75:6a:b9:c7:2c:4b:12:fd:1e:67:f9:a5:
         17:a4:63:7e
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYUqutpm8qdmcCtkB6yOxOjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjIxMjE5MTQxMjQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTZlZWU0M2Y1YmViNzFmNDUwZTQ3OWFkOTY5Y2JhYjJmZGUwYmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1eIxaUmlSxA+DUsrAKBDgcdoBKy
IhtZe/fVvh25vQW6PaesPIHUp1rMRR6kjq7ucl61hXGMa7SHpciKnCe8e21lbco4
JTc6xltP2iGopjFcXhoY223UcdBZ5kRzoVR3P1kzz58NBjDnDRCGWVudPcOpWt+A
XH90ntid2DJ7c3J50da6QApgdqbnwJfTvovkAnaq59S9o4gaF7SNyQKMZtkrFjLO
E2ZCmeHjEgE6psg1XzuOZNhvvs0MmszlBxMoxFQs0JB9cBkXOUYdRCGeybqVkEHg
9XOVc6NIDVemdKqAyqQhYiA9ub5ajC/o2fhqbWDET+jghK3JiYMlS0TSnwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFH5u7kP1vrcfRQ5Hmtlpy6sv3gvrMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvZm03dVFfVy10eDlGRGtlYTJXbkxxeV9lQy1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQELSuwAwQA
aI/rMAwDBANoj/gDBABoj/wDBAFoj/4DBABo6RQDBAFo7gQDBABo7w0DBAFo71wD
BAFo+R4DBAFo+TwwDAMEAditTgMEAditUAMEAditWDANBgkqhkiG9w0BAQsFAAOC
AQEAenDH/8ZC3BBsndP1NdLAzi++TyNbux9NI7CkVwdtGBvODXJVevElI5Dqk+ww
bBLYXWoEU9Uuaa0tTTvu9UQeVJsRX7We1eI6b7PtN6W7KjTEFfYimLKtS1YIMyjs
IK2NbeyHVkdCwbn0mvrzyqPezBL+U7uF39ACKR5hNKXDd5+D3epcDO0WzKAO5cMq
yL3fGVXs9HRn6M02lPNy4JzEbo6as7ylk5edhuqkykPFt88obVlYktFK7Wv6vJAl
CNDLfP0qhJu13pTuZ7IfoW3pU/mrxTKQ7iCqjK6hVpgK2TOuj9vkSVLDpOJ00VZ9
+ssldWq5xyxLEv0eZ/mlF6Rjfg==
-----END CERTIFICATE-----