Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Vtnz9GtkGoychyvII8BICJH_Sxk.roa
File:                     Vtnz9GtkGoychyvII8BICJH_Sxk.roa (raw, json)
Hash identifier:          REGs+SflVsGSKukJmV+oUG/YQ+JnNzMMYDE79ypViq4=
Subject key identifier:   56:D9:F3:F4:6B:64:1A:8C:9C:87:2B:C8:23:C0:48:08:91:FF:4B:19
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018A9E0FCD336E6082BB269F198972FE6F46
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Vtnz9GtkGoychyvII8BICJH_Sxk.roa
Signing time:             Sat 16 Sep 2023 12:55:50 +0000
ROA not before:           Sat 16 Sep 2023 12:55:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34458
IP address blocks:        46.20.108.0/24 maxlen: 24
                          46.20.106.0/24 maxlen: 24
                          46.20.111.0/24 maxlen: 24
                          46.20.97.0/24 maxlen: 24
                          46.20.104.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          46.20.101.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24
                          185.100.171.0/24 maxlen: 24
                          185.100.168.0/24 maxlen: 24
                          185.100.169.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:9e:0f:cd:33:6e:60:82:bb:26:9f:19:89:72:fe:6f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Sep 16 12:55:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=56d9f3f46b641a8c9c872bc823c0480891ff4b19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:73:f5:84:50:bc:81:15:d0:03:8b:9d:08:23:
                    52:bb:11:e2:b7:51:36:11:31:38:89:8f:ac:b7:d1:
                    1e:8e:df:68:92:b5:79:47:c8:97:4f:61:2e:0b:83:
                    cf:88:e5:b6:02:72:43:21:bb:71:d7:11:86:46:7a:
                    be:08:d7:90:8b:1f:9a:9c:50:b8:1b:7d:8f:d9:cc:
                    fe:bb:77:a2:80:59:8c:20:20:6b:51:84:59:0f:f5:
                    c4:4f:fb:ca:d3:3c:41:1e:f0:b0:36:d2:ba:4a:74:
                    b9:40:90:d1:2d:a1:42:85:54:ea:1c:c7:b2:b6:68:
                    f1:b2:89:c1:b3:ee:ce:9d:3c:5e:64:d4:b4:cc:17:
                    75:f9:14:d6:a6:44:fc:29:a9:5a:d0:2a:3f:ed:42:
                    e3:f7:84:7d:17:7c:ad:e2:21:e3:c7:e9:33:97:d8:
                    c1:e8:d8:1a:fb:2e:86:08:9d:3c:c3:d3:b0:48:67:
                    78:6a:a1:c3:55:da:71:4b:f1:6c:db:b0:f7:ba:97:
                    3b:b4:d4:a2:01:3d:1c:b9:b1:19:c3:b3:0f:22:f2:
                    ff:1f:26:00:0f:8c:c8:12:ab:24:a9:d8:69:d1:b6:
                    74:d7:91:53:5f:ef:46:10:b9:59:53:13:c3:ef:de:
                    fd:db:33:9e:ed:8b:95:c5:a8:22:8e:23:c6:bd:2b:
                    af:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:D9:F3:F4:6B:64:1A:8C:9C:87:2B:C8:23:C0:48:08:91:FF:4B:19
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Vtnz9GtkGoychyvII8BICJH_Sxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24
                  46.20.101.0/24
                  46.20.104.0-46.20.106.255
                  46.20.108.0/24
                  46.20.111.0/24
                  185.100.168.0/22
                  185.169.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:63:32:b6:5a:c7:51:8a:b8:45:42:20:13:58:1a:43:f4:33:
         1c:6b:c8:a3:44:03:a6:1a:bc:86:eb:93:74:11:6f:3a:5c:2a:
         9e:c3:12:c4:26:a0:bc:3a:08:4b:7a:b2:49:b9:54:e8:5b:70:
         d5:be:2e:1b:47:a3:19:4d:bd:aa:b8:6e:82:de:9d:2a:c8:30:
         d8:4c:b1:2f:bc:cb:55:89:03:51:55:a3:71:9b:8a:9f:30:04:
         8b:19:54:34:70:2a:62:49:ea:0e:27:8d:6b:94:8a:a0:9c:67:
         36:c9:9f:bf:17:d8:a1:a8:87:1f:8d:98:7a:f6:39:9b:0b:3b:
         51:c5:c0:71:c6:fd:0f:86:5f:3f:cf:b4:80:6f:4f:ff:5d:7f:
         40:1f:43:1a:60:89:56:cf:26:61:a9:e8:91:03:9e:33:08:b4:
         1a:04:a0:1a:54:1d:ea:14:f8:2e:37:0c:3f:3f:bc:9d:bb:af:
         b5:6a:56:5b:e8:94:ee:4e:0a:1b:05:e8:2f:52:37:33:7c:34:
         cd:70:d8:2e:40:0c:1c:bf:7a:2f:20:c4:d5:dc:61:e7:12:8c:
         57:a2:24:37:df:81:61:5f:73:f3:37:51:e8:78:a1:a1:50:bc:
         39:c1:37:af:55:0a:87:52:9e:47:81:b2:b2:b6:6c:c0:75:af:
         8f:eb:54:00
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYqeD80zbmCCuyafGYly/m9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjMwOTE2MTI1NTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmQ5ZjNmNDZiNjQxYThjOWM4NzJiYzgyM2MwNDgwODkxZmY0YjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknP1hFC8gRXQA4udCCNSuxHit1E2
ETE4iY+st9Eejt9okrV5R8iXT2EuC4PPiOW2AnJDIbtx1xGGRnq+CNeQix+anFC4
G32P2cz+u3eigFmMICBrUYRZD/XET/vK0zxBHvCwNtK6SnS5QJDRLaFChVTqHMey
tmjxsonBs+7OnTxeZNS0zBd1+RTWpkT8Kala0Co/7ULj94R9F3yt4iHjx+kzl9jB
6Nga+y6GCJ08w9OwSGd4aqHDVdpxS/Fs27D3upc7tNSiAT0cubEZw7MPIvL/HyYA
D4zIEqskqdhp0bZ015FTX+9GELlZUxPD79792zOe7YuVxagijiPGvSuvJwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFFbZ8/RrZBqMnIcryCPASAiR/0sZMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvVnRuejlHdGtHb3ljaHl2SUk4QklDSkhfU3hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALhRhAwQA
LhRlMAwDBAMuFGgDBAAuFGoDBAAuFGwDBAAuFG8DBAK5ZKgDBAG5qd4wDQYJKoZI
hvcNAQELBQADggEBAIJjMrZax1GKuEVCIBNYGkP0MxxryKNEA6YavIbrk3QRbzpc
Kp7DEsQmoLw6CEt6skm5VOhbcNW+LhtHoxlNvaq4boLenSrIMNhMsS+8y1WJA1FV
o3Gbip8wBIsZVDRwKmJJ6g4njWuUiqCcZzbJn78X2KGohx+NmHr2OZsLO1HFwHHG
/Q+GXz/PtIBvT/9df0AfQxpgiVbPJmGp6JEDnjMItBoEoBpUHeoU+C43DD8/vJ27
r7VqVlvolO5OChsF6C9SNzN8NM1w2C5ADBy/ei8gxNXcYecSjFeiJDffgWFfc/M3
Ueh4oaFQvDnBN69VCodSnkeBsrK2bMB1r4/rVAA=
-----END CERTIFICATE-----