Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/aNmwVn4fIIxQiSPw33G5BhSYnm8.roa
File:                     aNmwVn4fIIxQiSPw33G5BhSYnm8.roa (raw, json)
Hash identifier:          rrx7VQ4Mthv73sYdNxptOHuOrGyX+8dCQEWAizJpZwc=
Subject key identifier:   68:D9:B0:56:7E:1F:20:8C:50:89:23:F0:DF:71:B9:06:14:98:9E:6F
Certificate issuer:       /CN=510b419f0c17b4c8be217f64388d268d14dc261e
Certificate serial:       0186E9434CCAB649B9545475EA38ABB87E4C
Authority key identifier: 51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/aNmwVn4fIIxQiSPw33G5BhSYnm8.roa
Signing time:             Thu 16 Mar 2023 07:12:27 +0000
ROA not before:           Thu 16 Mar 2023 07:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207990
IP address blocks:        206.204.0.0/20 maxlen: 32
                          43.252.28.0/22 maxlen: 32
                          206.204.32.0/20 maxlen: 32
                          103.211.184.0/23 maxlen: 32
                          206.204.48.0/20 maxlen: 32
                          37.61.226.0/24 maxlen: 32
                          94.176.48.0/20 maxlen: 32
                          216.194.80.0/20 maxlen: 32
                          103.225.128.0/22 maxlen: 32
                          45.130.120.0/22 maxlen: 32
                          193.151.52.0/22 maxlen: 32
                          180.94.216.0/22 maxlen: 32
                          85.208.148.0/22 maxlen: 32
                          103.30.12.0/22 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e9:43:4c:ca:b6:49:b9:54:54:75:ea:38:ab:b8:7e:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=510b419f0c17b4c8be217f64388d268d14dc261e
        Validity
            Not Before: Mar 16 07:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=68d9b0567e1f208c508923f0df71b90614989e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b7:03:83:c8:49:e8:fe:a3:17:1e:6d:bc:0b:
                    e7:f9:98:86:36:ee:91:7b:e3:d7:94:6c:40:34:5e:
                    cd:16:f2:80:25:a6:1a:ab:d2:b0:4f:b4:41:8a:18:
                    79:02:48:51:67:97:6a:c4:4f:71:74:58:a5:a3:38:
                    55:43:57:ce:2d:ff:c5:85:8c:44:34:9b:d6:c6:00:
                    52:17:70:7b:60:16:25:18:8f:db:69:01:ec:2a:b4:
                    81:c1:5b:a1:77:2c:70:00:6c:59:e7:d9:0c:76:c2:
                    8e:36:bc:37:b3:99:d6:d0:6c:8d:10:c9:a7:8f:f2:
                    78:81:bc:0c:b2:5b:80:d4:be:57:51:d4:c4:d1:15:
                    7c:1f:e7:0d:03:fa:be:d6:2b:1e:c3:f9:91:2d:ee:
                    4f:ec:0b:b1:ef:af:d6:ab:6f:11:c6:ba:b3:8e:4d:
                    30:91:30:8a:a0:cd:02:28:4d:49:57:0d:d4:da:02:
                    02:1c:bd:06:a0:b9:b1:c7:25:71:cb:84:6f:7b:03:
                    7e:8e:1c:e8:28:b2:da:e3:68:aa:aa:18:cc:4a:2f:
                    a8:f3:01:45:a4:40:a3:98:16:40:ef:cb:ab:08:99:
                    7c:e5:94:77:c7:37:d3:ea:90:dd:c0:2d:89:43:b5:
                    c3:49:54:fd:19:36:42:c8:cd:13:b2:a2:51:74:03:
                    b5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D9:B0:56:7E:1F:20:8C:50:89:23:F0:DF:71:B9:06:14:98:9E:6F
            X509v3 Authority Key Identifier:
                keyid:51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/aNmwVn4fIIxQiSPw33G5BhSYnm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.226.0/24
                  43.252.28.0/22
                  45.130.120.0/22
                  85.208.148.0/22
                  94.176.48.0/20
                  103.30.12.0/22
                  103.211.184.0/23
                  103.225.128.0/22
                  180.94.216.0/22
                  193.151.52.0/22
                  206.204.0.0/20
                  206.204.32.0/19
                  216.194.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8b:58:6e:4d:b6:b3:7f:19:74:70:12:86:60:41:3e:1a:56:3e:
         10:20:bc:36:93:7e:68:cd:2b:e9:49:db:66:cc:e1:38:15:20:
         7f:41:2c:9e:b7:11:79:6b:f5:a4:3f:c3:f1:24:fa:2d:89:b6:
         a9:d3:44:17:63:fc:2e:e5:b6:2d:28:59:b2:36:25:99:52:78:
         b7:58:b5:cb:a8:32:99:d6:ea:bf:59:1e:79:58:50:b6:f6:dc:
         20:81:e4:d1:12:1c:e5:c9:65:8a:c4:1e:87:c0:4f:9a:92:a0:
         9d:45:9c:f2:11:16:d9:cb:84:c3:3e:e0:1f:5a:6e:f6:44:31:
         56:18:32:c7:d7:ef:cb:97:2c:a6:34:9f:37:29:c5:bd:c6:ad:
         7f:88:5c:f0:0f:17:ea:5d:7f:47:11:98:1a:f5:9c:56:a7:f2:
         77:7e:dd:80:2e:6f:8a:85:ed:67:bb:5f:13:e5:91:f0:2a:26:
         d0:f3:61:fc:9f:cb:2d:13:c4:38:b3:d3:fb:3b:c3:52:70:47:
         e0:6e:28:f6:7b:5b:2f:be:ea:6e:6b:3b:b8:94:5d:34:ec:1b:
         ae:f5:c1:09:ae:e9:a4:89:6f:a8:f2:fd:61:ba:20:f6:6d:73:
         03:c3:77:89:ba:d8:8a:ff:bc:78:e6:c5:1e:7a:be:fc:32:d9:
         54:00:fc:11
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYbpQ0zKtkm5VFR16jiruH5MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGI0MTlmMGMxN2I0YzhiZTIxN2Y2NDM4OGQyNjhkMTRk
YzI2MWUwHhcNMjMwMzE2MDcxMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQ5YjA1NjdlMWYyMDhjNTA4OTIzZjBkZjcxYjkwNjE0OTg5ZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrcDg8hJ6P6jFx5tvAvn+ZiGNu6R
e+PXlGxANF7NFvKAJaYaq9KwT7RBihh5AkhRZ5dqxE9xdFilozhVQ1fOLf/FhYxE
NJvWxgBSF3B7YBYlGI/baQHsKrSBwVuhdyxwAGxZ59kMdsKONrw3s5nW0GyNEMmn
j/J4gbwMsluA1L5XUdTE0RV8H+cNA/q+1isew/mRLe5P7Aux76/Wq28Rxrqzjk0w
kTCKoM0CKE1JVw3U2gICHL0GoLmxxyVxy4RvewN+jhzoKLLa42iqqhjMSi+o8wFF
pECjmBZA78urCJl85ZR3xzfT6pDdwC2JQ7XDSVT9GTZCyM0TsqJRdAO1tQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFGjZsFZ+HyCMUIkj8N9xuQYUmJ5vMB8GA1UdIwQY
MBaAFFELQZ8MF7TIviF/ZDiNJo0U3CYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYt
MTRhMDk5OTNkNjcxLzEvYU5td1ZuNGZJSXhRaVNQdzMzRzVCaFNZbm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYtMTRhMDk5OTNkNjcx
LzEvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAJT3iAwQC
K/wcAwQCLYJ4AwQCVdCUAwQEXrAwAwQCZx4MAwQBZ9O4AwQCZ+GAAwQCtF7YAwQC
wZc0AwQEzswAAwQFzswgAwQE2MJQMA0GCSqGSIb3DQEBCwUAA4IBAQCLWG5NtrN/
GXRwEoZgQT4aVj4QILw2k35ozSvpSdtmzOE4FSB/QSyetxF5a/WkP8PxJPotibap
00QXY/wu5bYtKFmyNiWZUni3WLXLqDKZ1uq/WR55WFC29twggeTREhzlyWWKxB6H
wE+akqCdRZzyERbZy4TDPuAfWm72RDFWGDLH1+/LlyymNJ83KcW9xq1/iFzwDxfq
XX9HEZga9ZxWp/J3ft2ALm+Khe1nu18T5ZHwKibQ82H8n8stE8Q4s9P7O8NScEfg
bij2e1svvupuazu4lF007Buu9cEJrumkiW+o8v1huiD2bXMDw3eJutiK/7x45sUe
er78MtlUAPwR
-----END CERTIFICATE-----