Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/75E5je0YSZ2JhJePWGiG1HH1nec.roa
File:                     75E5je0YSZ2JhJePWGiG1HH1nec.roa (raw, json)
Hash identifier:          UgIzQxSg3aN++0em4bFhjZe9T0A5OeDdS0mmMTeZpCg=
Subject key identifier:   EF:91:39:8D:ED:18:49:9D:89:84:97:8F:58:68:86:D4:71:F5:9D:E7
Certificate issuer:       /CN=2f3136ed10998580a517d9598abca33d9ba66599
Certificate serial:       018728D3E9F9C0D29B43501E0B8EF6499C18
Authority key identifier: 2F:31:36:ED:10:99:85:80:A5:17:D9:59:8A:BC:A3:3D:9B:A6:65:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LzE27RCZhYClF9lZiryjPZumZZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/75E5je0YSZ2JhJePWGiG1HH1nec.roa
Signing time:             Tue 28 Mar 2023 15:26:29 +0000
ROA not before:           Tue 28 Mar 2023 15:26:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14340
IP address blocks:        194.145.16.0/21 maxlen: 24
                          159.92.0.0/16 maxlen: 24
                          161.71.0.0/17 maxlen: 24
                          163.79.128.0/17 maxlen: 24
                          151.106.128.0/20 maxlen: 24
                          185.79.140.0/22 maxlen: 24
                          194.145.0.0/20 maxlen: 24
                          85.222.128.0/19 maxlen: 24
                          163.76.128.0/17 maxlen: 24
                          151.106.216.0/22 maxlen: 24
                          161.71.128.0/17 maxlen: 24
                          151.106.220.0/22 maxlen: 24
                          151.106.144.0/20 maxlen: 24
                          160.8.0.0/16 maxlen: 24
                          2a03:5d60::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:28:d3:e9:f9:c0:d2:9b:43:50:1e:0b:8e:f6:49:9c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f3136ed10998580a517d9598abca33d9ba66599
        Validity
            Not Before: Mar 28 15:26:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ef91398ded18499d8984978f586886d471f59de7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c8:c0:02:c5:31:56:b8:08:2e:2a:fe:aa:f6:
                    24:98:7b:46:8c:fa:45:c5:ba:fb:7f:4d:a8:f7:d9:
                    95:ca:29:7a:c9:12:d5:fd:d8:c4:90:32:79:c2:69:
                    c3:12:ea:62:7c:62:cb:51:ad:fd:c7:f7:77:c8:57:
                    42:85:a5:9a:6e:65:a8:48:89:6b:73:0b:1f:02:0b:
                    4c:12:71:30:89:ee:b8:8b:1f:76:cf:cf:cc:21:d0:
                    64:07:bf:fb:85:1b:30:3c:b4:60:72:50:74:0b:48:
                    a4:ef:ab:5d:26:b7:42:0d:19:fd:7f:86:81:ac:5f:
                    ea:14:f8:c4:1d:84:ab:8c:6f:d6:58:ae:40:3c:9a:
                    18:c2:c2:78:1b:58:4c:af:7c:78:af:37:3c:dc:ad:
                    a1:b2:7f:fa:42:58:03:df:2d:86:ef:f0:53:88:df:
                    76:3d:ce:e4:f2:f8:4e:25:8b:55:d4:61:45:5f:20:
                    53:77:a0:7a:00:f6:e4:1f:55:66:aa:53:22:96:d6:
                    fe:58:1b:5d:a0:f2:5c:25:cf:07:f2:c6:74:7c:a7:
                    e3:11:79:d4:c5:83:74:91:35:f1:9e:a8:55:d7:08:
                    7a:2f:c0:53:ca:6f:00:34:d5:c6:88:79:52:91:bf:
                    58:bb:92:2c:ee:84:c4:8d:fa:b7:28:65:e2:fb:46:
                    7b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:91:39:8D:ED:18:49:9D:89:84:97:8F:58:68:86:D4:71:F5:9D:E7
            X509v3 Authority Key Identifier:
                keyid:2F:31:36:ED:10:99:85:80:A5:17:D9:59:8A:BC:A3:3D:9B:A6:65:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LzE27RCZhYClF9lZiryjPZumZZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/75E5je0YSZ2JhJePWGiG1HH1nec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f90d83-02be-4e5f-bd0f-929f106630f1/1/LzE27RCZhYClF9lZiryjPZumZZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.222.128.0/19
                  151.106.128.0/19
                  151.106.216.0/21
                  159.92.0.0/16
                  160.8.0.0/16
                  161.71.0.0/16
                  163.76.128.0/17
                  163.79.128.0/17
                  185.79.140.0/22
                  194.145.0.0-194.145.23.255
                IPv6:
                  2a03:5d60::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:82:bd:9b:9a:65:f5:9f:a0:f9:9a:1a:5b:45:17:4b:c0:da:
         c2:22:6e:7a:79:50:dc:7d:0e:a4:56:8a:0f:1f:63:b5:d7:c5:
         f5:93:f9:97:62:7c:b0:59:30:51:6a:79:36:cc:91:bf:f3:37:
         b7:c8:c3:26:67:02:b5:65:a9:73:3f:68:87:66:cb:96:f0:10:
         74:da:4f:f2:f1:3f:ff:aa:b6:b7:31:fb:0a:69:b2:6a:59:13:
         11:fe:53:72:ec:b9:8e:39:f0:bd:67:e7:f2:94:65:b1:c8:e2:
         e3:c4:c0:dc:b6:f1:be:77:8b:81:14:36:7c:67:0b:4c:8d:43:
         1f:14:f2:6a:5d:eb:5a:0e:84:14:a1:8f:b0:a6:ef:f6:33:58:
         8d:bf:0e:ad:a3:da:11:9e:6d:29:4a:36:94:c0:63:88:bd:d3:
         18:83:09:4f:76:e3:96:fa:52:15:76:69:0b:d0:43:48:7f:cb:
         94:90:3a:c8:2e:dd:05:d2:41:4a:da:be:7f:46:fe:f8:bf:b5:
         0e:ab:05:5b:53:4b:99:b4:e4:d6:d4:89:1c:5f:fa:4f:93:eb:
         2d:e4:4b:07:aa:02:87:4b:36:af:8d:61:3a:10:e9:b8:a0:74:
         a4:50:8b:b3:33:a7:69:17:88:a9:fc:6b:97:52:cf:12:4e:c7:
         cf:57:fa:cc
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYco0+n5wNKbQ1AeC472SZwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMzEzNmVkMTA5OTg1ODBhNTE3ZDk1OThhYmNhMzNkOWJh
NjY1OTkwHhcNMjMwMzI4MTUyNjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjkxMzk4ZGVkMTg0OTlkODk4NDk3OGY1ODY4ODZkNDcxZjU5ZGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMjAAsUxVrgILir+qvYkmHtGjPpF
xbr7f02o99mVyil6yRLV/djEkDJ5wmnDEupifGLLUa39x/d3yFdChaWabmWoSIlr
cwsfAgtMEnEwie64ix92z8/MIdBkB7/7hRswPLRgclB0C0ik76tdJrdCDRn9f4aB
rF/qFPjEHYSrjG/WWK5APJoYwsJ4G1hMr3x4rzc83K2hsn/6QlgD3y2G7/BTiN92
Pc7k8vhOJYtV1GFFXyBTd6B6APbkH1VmqlMiltb+WBtdoPJcJc8H8sZ0fKfjEXnU
xYN0kTXxnqhV1wh6L8BTym8ANNXGiHlSkb9Yu5Is7oTEjfq3KGXi+0Z7fQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFO+ROY3tGEmdiYSXj1hohtRx9Z3nMB8GA1UdIwQY
MBaAFC8xNu0QmYWApRfZWYq8oz2bpmWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHpFMjdSQ1poWUNsRjlsWmlyeWpQWnVtWlprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mOTBkODMtMDJiZS00ZTVmLWJkMGYt
OTI5ZjEwNjYzMGYxLzEvNzVFNWplMFlTWjJKaEplUFdHaUcxSEgxbmVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mOTBkODMtMDJiZS00ZTVmLWJkMGYtOTI5ZjEwNjYzMGYx
LzEvTHpFMjdSQ1poWUNsRjlsWmlyeWpQWnVtWlprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQFVd6AAwQF
l2qAAwQDl2rYAwMAn1wDAwCgCAMDAKFHAwQHo0yAAwQHo0+AAwQCuU+MMAsDAwDC
kQMEA8KREDANBAIAAjAHAwUDKgNdYDANBgkqhkiG9w0BAQsFAAOCAQEAdoK9m5pl
9Z+g+ZoaW0UXS8DawiJuenlQ3H0OpFaKDx9jtdfF9ZP5l2J8sFkwUWp5NsyRv/M3
t8jDJmcCtWWpcz9oh2bLlvAQdNpP8vE//6q2tzH7CmmyalkTEf5Tcuy5jjnwvWfn
8pRlscji48TA3LbxvneLgRQ2fGcLTI1DHxTyal3rWg6EFKGPsKbv9jNYjb8OraPa
EZ5tKUo2lMBjiL3TGIMJT3bjlvpSFXZpC9BDSH/LlJA6yC7dBdJBStq+f0b++L+1
DqsFW1NLmbTk1tSJHF/6T5PrLeRLB6oCh0s2r41hOhDpuKB0pFCLszOnaReIqfxr
l1LPEk7Hz1f6zA==
-----END CERTIFICATE-----