Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/FJ3G_GsyXvoUM8s_y2b7a14-Pkw.roa
File:                     FJ3G_GsyXvoUM8s_y2b7a14-Pkw.roa (raw, json)
Hash identifier:          m/5Ri+tIKlsxq7Q8xAm6UGMO5sG4Bb4GGgmOUgzECuM=
Subject key identifier:   14:9D:C6:FC:6B:32:5E:FA:14:33:CB:3F:CB:66:FB:6B:5E:3E:3E:4C
Certificate issuer:       /CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
Certificate serial:       01857315CF0C2899AF85BFF361CD69DC6F6F
Authority key identifier: 4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/FJ3G_GsyXvoUM8s_y2b7a14-Pkw.roa
Signing time:             Mon 02 Jan 2023 15:24:47 +0000
ROA not before:           Mon 02 Jan 2023 15:24:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8508
IP address blocks:        83.230.64.0/21 maxlen: 21
                          83.230.64.0/20 maxlen: 20
                          213.227.96.0/19 maxlen: 19
                          213.227.80.0/20 maxlen: 20
                          213.227.88.0/21 maxlen: 21
                          185.126.188.0/22 maxlen: 22
                          83.230.96.0/19 maxlen: 19
                          83.230.110.0/24 maxlen: 24
                          83.230.118.0/23 maxlen: 23
                          157.158.0.0/16 maxlen: 16
                          83.230.123.0/24 maxlen: 24
                          212.106.176.0/20 maxlen: 20
                          212.106.184.0/22 maxlen: 22
                          212.106.183.0/24 maxlen: 24
                          2a01:1d8::/30 maxlen: 30
                          2a01:1de::/32 maxlen: 32
                          2a01:1dd::/32 maxlen: 32
                          2a01:1dc::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:15:cf:0c:28:99:af:85:bf:f3:61:cd:69:dc:6f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
        Validity
            Not Before: Jan  2 15:24:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=149dc6fc6b325efa1433cb3fcb66fb6b5e3e3e4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1a:75:a8:49:97:80:dd:79:fb:fd:d1:38:07:
                    63:bf:f2:62:df:3d:53:88:e0:86:f6:96:8a:f3:4a:
                    e6:70:f0:15:17:3e:df:1f:84:bb:33:89:7b:6e:bb:
                    02:d9:30:4c:44:b2:03:c1:d4:25:20:c0:50:df:eb:
                    76:e5:76:21:0d:f5:cc:f7:a8:02:f9:d0:38:bf:39:
                    85:df:00:f0:f5:8c:ed:d1:20:ba:41:1b:d3:5c:ca:
                    a7:31:0f:0b:c5:b4:93:bd:fd:96:75:30:91:77:8f:
                    a7:15:7d:64:dc:6f:4e:a3:4d:79:ab:57:cb:91:eb:
                    eb:7f:f2:6b:12:17:1d:c5:8e:41:5e:fc:81:cf:5e:
                    fb:82:cc:b7:98:1b:9e:71:aa:0d:c9:d6:c6:fb:30:
                    d7:31:52:f7:0c:c7:67:63:6d:6c:d5:5f:d3:b5:83:
                    ea:eb:6b:98:b4:a1:fe:ca:ff:86:7a:50:cb:21:28:
                    9a:0c:a1:25:05:94:d8:25:93:3b:c9:9f:2e:78:66:
                    54:0a:80:06:4c:62:69:f6:00:01:0f:36:41:3f:71:
                    d8:8a:b2:f0:70:ee:76:25:28:fa:e8:3e:e9:2b:a6:
                    01:b1:8e:cd:c7:32:d4:c2:14:c1:2b:b8:ac:c7:0f:
                    97:ac:fa:01:eb:a1:f2:1b:a2:15:80:64:c3:04:d6:
                    b5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:9D:C6:FC:6B:32:5E:FA:14:33:CB:3F:CB:66:FB:6B:5E:3E:3E:4C
            X509v3 Authority Key Identifier:
                keyid:4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/FJ3G_GsyXvoUM8s_y2b7a14-Pkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.230.64.0/20
                  83.230.96.0/19
                  157.158.0.0/16
                  185.126.188.0/22
                  212.106.176.0/20
                  213.227.80.0-213.227.127.255
                IPv6:
                  2a01:1d8::-2a01:1de:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         10:55:ca:50:13:72:fb:66:dd:74:18:30:a6:5d:cb:c2:8f:ab:
         a0:64:3a:17:c2:53:25:59:43:7c:14:6d:85:f3:33:cb:a2:91:
         4f:22:db:d0:62:b8:e5:4f:72:f0:84:d8:c8:23:e7:b3:b7:2c:
         80:8f:20:c5:25:47:d9:de:2a:b6:b5:7f:fc:d8:bb:c9:30:85:
         20:61:53:2c:98:bf:b4:38:0f:69:e4:45:93:47:6e:4e:71:db:
         10:09:f6:67:b8:4c:73:68:c0:46:97:cd:92:87:59:25:dd:50:
         56:ff:a0:0d:e6:1e:cd:1c:e0:53:fd:7b:9e:07:b6:ae:38:8a:
         13:09:7c:de:82:e4:8b:20:25:87:cb:bd:66:f9:aa:77:b9:40:
         55:40:9d:d1:30:5b:c9:8d:fc:c5:13:6b:b6:24:42:8a:a5:d3:
         97:c4:b5:df:4c:08:e8:88:59:65:0c:df:95:a5:d8:24:e0:db:
         ec:d5:f7:14:a4:91:97:a6:4c:92:fb:10:74:23:8a:8d:06:cd:
         b5:21:d3:26:f9:8a:b1:0c:2a:78:2c:1f:c2:56:c9:6d:30:7f:
         4f:55:60:95:46:bd:a1:e2:bd:eb:16:b3:17:04:ef:5d:22:04:
         54:ea:2f:a8:14:da:b0:8a:71:bc:6f:bf:25:4f:cb:fb:69:44:
         67:8d:05:dc
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYVzFc8MKJmvhb/zYc1p3G9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDA1Y2FhYjM0YmJmZGU2YjhlZTY2YzYwMDg2MGM2Y2U5
NmYzMmIwHhcNMjMwMTAyMTUyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDlkYzZmYzZiMzI1ZWZhMTQzM2NiM2ZjYjY2ZmI2YjVlM2UzZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxp1qEmXgN15+/3ROAdjv/Ji3z1T
iOCG9paK80rmcPAVFz7fH4S7M4l7brsC2TBMRLIDwdQlIMBQ3+t25XYhDfXM96gC
+dA4vzmF3wDw9Yzt0SC6QRvTXMqnMQ8LxbSTvf2WdTCRd4+nFX1k3G9Oo015q1fL
kevrf/JrEhcdxY5BXvyBz177gsy3mBuecaoNydbG+zDXMVL3DMdnY21s1V/TtYPq
62uYtKH+yv+GelDLISiaDKElBZTYJZM7yZ8ueGZUCoAGTGJp9gABDzZBP3HYirLw
cO52JSj66D7pK6YBsY7NxzLUwhTBK7isxw+XrPoB66HyG6IVgGTDBNa1bwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFBSdxvxrMl76FDPLP8tm+2tePj5MMB8GA1UdIwQY
MBaAFEtAXKqzS7/ea47mbGAIYMbOlvMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYt
ZDg3YWZmYjhiYzYxLzEvRkozR19Hc3lYdm9VTThzX3kyYjdhMTQtUGt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYtZDg3YWZmYjhiYzYx
LzEvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzAxBAIAATArAwQEU+ZAAwQF
U+ZgAwMAnZ4DBAK5frwDBATUarAwDAMEBNXjUAMEB9XjADAWBAIAAjAQMA4DBQMq
AQHYAwUAKgEB3jANBgkqhkiG9w0BAQsFAAOCAQEAEFXKUBNy+2bddBgwpl3Lwo+r
oGQ6F8JTJVlDfBRthfMzy6KRTyLb0GK45U9y8ITYyCPns7csgI8gxSVH2d4qtrV/
/Ni7yTCFIGFTLJi/tDgPaeRFk0duTnHbEAn2Z7hMc2jARpfNkodZJd1QVv+gDeYe
zRzgU/17nge2rjiKEwl83oLkiyAlh8u9Zvmqd7lAVUCd0TBbyY38xRNrtiRCiqXT
l8S130wI6IhZZQzflaXYJODb7NX3FKSRl6ZMkvsQdCOKjQbNtSHTJvmKsQwqeCwf
wlbJbTB/T1VglUa9oeK96xazFwTvXSIEVOovqBTasIpxvG+/JU/L+2lEZ40F3A==
-----END CERTIFICATE-----