Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/XabU60duhlS4xfGT2R5rptigx4A.roa
File:                     XabU60duhlS4xfGT2R5rptigx4A.roa (raw, json)
Hash identifier:          xMX2+QBHHDysGP84OBRJCV5WuAa2gM29fcLQ2o94MZ8=
Subject key identifier:   5D:A6:D4:EB:47:6E:86:54:B8:C5:F1:93:D9:1E:6B:A6:D8:A0:C7:80
Certificate issuer:       /CN=5bf81435ed13789895f375dc34d04ce91aca4744
Certificate serial:       018571955C63E6B429CA13F804DCEF4CE96A
Authority key identifier: 5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/XabU60duhlS4xfGT2R5rptigx4A.roa
Signing time:             Mon 02 Jan 2023 08:24:51 +0000
ROA not before:           Mon 02 Jan 2023 08:24:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201271
IP address blocks:        158.233.228.0/24 maxlen: 24
                          158.233.228.0/23 maxlen: 23
                          158.233.227.0/24 maxlen: 24
                          158.233.229.0/24 maxlen: 24
                          158.233.242.0/24 maxlen: 24
                          158.233.242.0/23 maxlen: 23
                          158.233.244.0/24 maxlen: 24
                          158.233.244.0/23 maxlen: 23
                          158.233.243.0/24 maxlen: 24
                          158.233.245.0/24 maxlen: 24
                          158.233.246.0/23 maxlen: 23
                          158.233.246.0/24 maxlen: 24
                          158.233.247.0/24 maxlen: 24
                          158.233.249.0/24 maxlen: 24
                          158.233.248.0/24 maxlen: 24
                          158.233.248.0/23 maxlen: 23
                          158.233.251.0/24 maxlen: 24
                          158.233.250.0/24 maxlen: 24
                          158.233.250.0/23 maxlen: 23
                          158.233.224.0/24 maxlen: 24
                          2001:67c:2af0::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:95:5c:63:e6:b4:29:ca:13:f8:04:dc:ef:4c:e9:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bf81435ed13789895f375dc34d04ce91aca4744
        Validity
            Not Before: Jan  2 08:24:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5da6d4eb476e8654b8c5f193d91e6ba6d8a0c780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d4:4d:cc:1b:4b:06:51:05:0c:41:68:4c:99:
                    07:46:9b:04:d0:35:8d:ef:ff:17:be:7d:0b:c9:da:
                    30:83:91:67:18:61:fd:2a:63:65:01:57:8b:75:c1:
                    f1:f1:f9:81:9c:14:86:cc:90:dc:2b:68:2e:eb:f7:
                    12:42:f9:06:9a:21:d0:85:b2:2c:d2:ff:6f:3b:38:
                    cd:f1:1f:56:d4:f9:53:e9:b1:05:d0:a9:b9:8a:65:
                    ad:ae:e4:95:f4:e5:df:c4:91:aa:cb:ef:84:ea:34:
                    06:38:46:b1:9a:e0:d0:5b:5d:f4:38:d1:2a:0c:fb:
                    55:56:bb:d9:66:67:35:2d:73:c0:c1:a5:fb:72:4e:
                    79:c1:2e:1a:00:47:6f:53:66:88:16:20:27:34:c4:
                    a2:ab:19:5e:e1:27:f9:2f:43:fe:14:97:36:ae:ee:
                    64:6c:c2:96:32:8e:b0:ea:84:cc:6f:67:77:98:c6:
                    3f:a7:98:ae:7f:50:e1:0a:cd:62:46:8e:89:3d:31:
                    cb:e8:c7:bb:50:9c:20:5d:ba:e9:a3:c3:66:1b:a3:
                    0f:13:fe:5b:7b:b5:15:87:47:a2:86:45:b6:64:02:
                    f8:09:c6:37:d0:1e:30:f0:13:27:26:d7:f5:cc:ef:
                    c9:2d:8a:30:d4:97:74:13:29:f0:99:f2:35:42:19:
                    c4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:A6:D4:EB:47:6E:86:54:B8:C5:F1:93:D9:1E:6B:A6:D8:A0:C7:80
            X509v3 Authority Key Identifier:
                keyid:5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/XabU60duhlS4xfGT2R5rptigx4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/W_gUNe0TeJiV83XcNNBM6RrKR0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.233.224.0/24
                  158.233.227.0-158.233.229.255
                  158.233.242.0-158.233.251.255
                IPv6:
                  2001:67c:2af0::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:fb:f5:0d:fc:36:e0:cf:d4:88:53:31:84:ba:29:03:9f:43:
         39:c9:d9:88:97:3e:23:cd:24:09:f5:b5:f6:07:00:40:61:1f:
         84:34:2f:5b:50:f7:96:58:37:8d:c2:d9:cb:a1:6e:73:49:b0:
         e2:7f:c7:78:0e:88:6e:6d:a0:51:90:76:78:03:68:ce:50:c3:
         ac:6d:00:15:93:d2:6b:a2:7a:b8:be:7d:7c:83:45:42:96:94:
         e1:2f:d1:9b:98:3d:28:39:89:25:76:07:ab:37:47:d6:12:75:
         3d:3a:f4:e4:c5:8b:0b:1b:4a:f0:0b:25:c2:60:c0:62:45:81:
         d8:7e:98:bf:9a:e3:d2:aa:28:5c:85:24:37:a4:9d:ce:f2:59:
         c1:43:eb:45:ce:ed:fc:ea:67:6f:35:2f:36:ca:cd:c5:b9:cd:
         e7:dd:2c:65:3f:25:dc:a9:d1:86:d6:68:1c:fd:06:23:6f:e4:
         c6:3b:e8:0f:6f:0d:0e:ac:bb:d6:eb:cc:a1:f1:30:a5:b5:f7:
         1c:ce:18:c9:37:e9:08:2a:e1:10:8f:04:de:b6:37:d0:7a:1d:
         12:ce:a6:0c:25:09:89:91:62:0b:cd:26:0b:44:2d:44:1e:b6:
         ad:89:25:1e:32:f2:ee:42:6b:ca:44:50:7f:64:a4:37:d7:07:
         a0:52:81:f6
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVxlVxj5rQpyhP4BNzvTOlqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZjgxNDM1ZWQxMzc4OTg5NWYzNzVkYzM0ZDA0Y2U5MWFj
YTQ3NDQwHhcNMjMwMTAyMDgyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGE2ZDRlYjQ3NmU4NjU0YjhjNWYxOTNkOTFlNmJhNmQ4YTBjNzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldRNzBtLBlEFDEFoTJkHRpsE0DWN
7/8Xvn0Lydowg5FnGGH9KmNlAVeLdcHx8fmBnBSGzJDcK2gu6/cSQvkGmiHQhbIs
0v9vOzjN8R9W1PlT6bEF0Km5imWtruSV9OXfxJGqy++E6jQGOEaxmuDQW130ONEq
DPtVVrvZZmc1LXPAwaX7ck55wS4aAEdvU2aIFiAnNMSiqxle4Sf5L0P+FJc2ru5k
bMKWMo6w6oTMb2d3mMY/p5iuf1DhCs1iRo6JPTHL6Me7UJwgXbrpo8NmG6MPE/5b
e7UVh0eihkW2ZAL4CcY30B4w8BMnJtf1zO/JLYow1Jd0EynwmfI1QhnEqwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFF2m1OtHboZUuMXxk9kea6bYoMeAMB8GA1UdIwQY
MBaAFFv4FDXtE3iYlfN13DTQTOkaykdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEt
NDhlNGNjNmIzM2EzLzEvWGFiVTYwZHVobFM0eGZHVDJSNXJwdGlneDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEtNDhlNGNjNmIzM2Ez
LzEvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAoBAIAATAiAwQAnungMAwD
BACe6eMDBAGe6eQwDAMEAZ7p8gMEAp7p+DAPBAIAAjAJAwcAIAEGfCrwMA0GCSqG
SIb3DQEBCwUAA4IBAQB0+/UN/Dbgz9SIUzGEuikDn0M5ydmIlz4jzSQJ9bX2BwBA
YR+ENC9bUPeWWDeNwtnLoW5zSbDif8d4DohubaBRkHZ4A2jOUMOsbQAVk9Jronq4
vn18g0VClpThL9GbmD0oOYkldgerN0fWEnU9OvTkxYsLG0rwCyXCYMBiRYHYfpi/
muPSqihchSQ3pJ3O8lnBQ+tFzu386mdvNS82ys3Fuc3n3SxlPyXcqdGG1mgc/QYj
b+TGO+gPbw0OrLvW68yh8TCltfcczhjJN+kIKuEQjwTetjfQeh0SzqYMJQmJkWIL
zSYLRC1EHratiSUeMvLuQmvKRFB/ZKQ31wegUoH2
-----END CERTIFICATE-----