Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/L--a6Y3VrpP1blZep2T5n6Rl1OY.roa
File:                     L--a6Y3VrpP1blZep2T5n6Rl1OY.roa (raw, json)
Hash identifier:          ws3e0HFLUhxh0G2fWDdiv3LEpWmyvflk3wNJcnL87E4=
Subject key identifier:   2F:EF:9A:E9:8D:D5:AE:93:F5:6E:56:5E:A7:64:F9:9F:A4:65:D4:E6
Certificate issuer:       /CN=5fe58e732a0f71f4f01302d62167173bd9b17cc1
Certificate serial:       01833BA7D631647A030831D5744604FB55DC
Authority key identifier: 5F:E5:8E:73:2A:0F:71:F4:F0:13:02:D6:21:67:17:3B:D9:B1:7C:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-WOcyoPcfTwEwLWIWcXO9mxfME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/L--a6Y3VrpP1blZep2T5n6Rl1OY.roa
Signing time:             Wed 14 Sep 2022 10:59:58 +0000
ROA not before:           Wed 14 Sep 2022 10:59:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6085
IP address blocks:        57.55.0.0/16 maxlen: 16
                          57.226.0.0/16 maxlen: 16
                          57.50.0.0/16 maxlen: 16
                          57.61.0.0/16 maxlen: 16
                          57.13.0.0/16 maxlen: 16
                          57.0.0.0/16 maxlen: 16
                          57.192.0.0/16 maxlen: 16
                          57.27.0.0/16 maxlen: 16
                          57.54.0.0/16 maxlen: 16
                          57.49.0.0/16 maxlen: 16
                          57.33.0.0/16 maxlen: 16
                          57.52.0.0/16 maxlen: 16
                          57.63.0.0/16 maxlen: 16
                          57.62.0.0/16 maxlen: 16
                          57.9.0.0/16 maxlen: 16

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:3b:a7:d6:31:64:7a:03:08:31:d5:74:46:04:fb:55:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe58e732a0f71f4f01302d62167173bd9b17cc1
        Validity
            Not Before: Sep 14 10:59:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2fef9ae98dd5ae93f56e565ea764f99fa465d4e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e6:23:42:af:83:cf:06:d9:f8:fc:f2:eb:6e:
                    05:cb:c3:db:5f:2c:d7:f8:15:81:72:60:20:3e:29:
                    0e:13:15:2d:c1:9b:e4:63:57:71:15:5f:d0:d3:09:
                    b6:b6:ad:78:a5:6a:1a:a8:3c:fe:ac:9f:49:9d:9d:
                    d0:51:22:5e:31:55:b3:a0:2c:7b:29:61:be:01:99:
                    73:64:66:9a:f6:31:46:da:16:04:31:ba:d3:d4:03:
                    42:2d:b3:25:bf:3c:31:f9:ae:9f:ee:64:f3:e3:01:
                    db:ed:ae:6b:e6:5d:72:6f:1d:b7:d6:c0:e1:10:50:
                    03:3d:25:a6:67:e4:59:29:14:1b:82:48:f4:2e:9a:
                    10:2f:af:ff:b7:37:eb:ba:05:bc:cf:54:87:e6:0a:
                    5d:a2:f2:aa:f1:08:f5:f2:f2:0e:2f:cb:67:87:0a:
                    05:30:5b:20:dd:24:d9:41:e0:00:89:d3:c9:11:76:
                    9b:a0:fa:47:59:44:90:19:f7:41:cd:dc:5f:2a:12:
                    d1:b3:d8:41:e4:fb:c1:dd:7b:1e:6b:a5:96:59:e3:
                    30:23:41:80:66:84:45:c1:de:d0:22:ea:11:9b:96:
                    a7:7c:ac:a3:88:14:5f:65:e4:bc:1f:3f:ee:6c:08:
                    84:99:25:d6:ab:d8:13:f3:21:45:73:0b:77:3a:50:
                    29:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:EF:9A:E9:8D:D5:AE:93:F5:6E:56:5E:A7:64:F9:9F:A4:65:D4:E6
            X509v3 Authority Key Identifier:
                keyid:5F:E5:8E:73:2A:0F:71:F4:F0:13:02:D6:21:67:17:3B:D9:B1:7C:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-WOcyoPcfTwEwLWIWcXO9mxfME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/L--a6Y3VrpP1blZep2T5n6Rl1OY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/X-WOcyoPcfTwEwLWIWcXO9mxfME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.0.0.0/16
                  57.9.0.0/16
                  57.13.0.0/16
                  57.27.0.0/16
                  57.33.0.0/16
                  57.49.0.0-57.50.255.255
                  57.52.0.0/16
                  57.54.0.0/15
                  57.61.0.0-57.63.255.255
                  57.192.0.0/16
                  57.226.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:29:c5:aa:a3:78:68:35:66:35:bf:39:3e:4c:e6:07:a3:a9:
         7a:a3:b5:22:27:9b:ac:d0:e5:d9:be:e3:ec:55:e2:65:f6:6c:
         34:5e:57:50:26:62:55:48:89:3e:0c:97:1e:c9:36:18:67:e7:
         e1:39:68:0c:b5:c7:29:6f:5d:e9:be:75:2d:1b:79:f9:da:e4:
         6e:d6:65:2f:6e:ca:20:a0:51:a7:a7:0c:fb:f1:22:79:31:82:
         74:f9:38:d4:41:00:8b:83:d7:30:3b:13:71:6e:2f:09:05:4f:
         91:a4:67:3b:bb:39:4e:a8:c4:19:db:be:da:b2:f8:bd:79:b1:
         81:17:56:b8:34:83:a3:63:b3:8c:43:38:ec:a1:11:9e:cd:0a:
         0d:37:07:09:c8:6f:9c:56:2a:0e:23:8c:e2:e2:fe:43:aa:ed:
         e0:9d:26:de:f4:91:56:99:1a:f3:b4:0b:c3:47:21:69:fb:e4:
         78:51:3f:a7:2d:16:50:df:d3:c4:1f:3b:41:ae:6e:8f:b2:f5:
         8d:36:2f:01:d4:48:c8:34:fc:a3:4a:2c:20:e1:a0:94:35:4f:
         e2:0e:bf:2d:19:40:1c:ef:07:fe:f1:86:ee:a7:49:dc:d6:55:
         71:89:00:51:ff:e3:4e:5a:66:26:b8:d4:86:62:b8:6b:e1:57:
         20:47:f8:72
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYM7p9YxZHoDCDHVdEYE+1XcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTU4ZTczMmEwZjcxZjRmMDEzMDJkNjIxNjcxNzNiZDli
MTdjYzEwHhcNMjIwOTE0MTA1OTU4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmVmOWFlOThkZDVhZTkzZjU2ZTU2NWVhNzY0Zjk5ZmE0NjVkNGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+YjQq+DzwbZ+Pzy624Fy8PbXyzX
+BWBcmAgPikOExUtwZvkY1dxFV/Q0wm2tq14pWoaqDz+rJ9JnZ3QUSJeMVWzoCx7
KWG+AZlzZGaa9jFG2hYEMbrT1ANCLbMlvzwx+a6f7mTz4wHb7a5r5l1ybx231sDh
EFADPSWmZ+RZKRQbgkj0LpoQL6//tzfrugW8z1SH5gpdovKq8Qj18vIOL8tnhwoF
MFsg3STZQeAAidPJEXaboPpHWUSQGfdBzdxfKhLRs9hB5PvB3Xsea6WWWeMwI0GA
ZoRFwd7QIuoRm5anfKyjiBRfZeS8Hz/ubAiEmSXWq9gT8yFFcwt3OlApYQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFC/vmumN1a6T9W5WXqdk+Z+kZdTmMB8GA1UdIwQY
MBaAFF/ljnMqD3H08BMC1iFnFzvZsXzBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1XT2N5b1BjZlR3RXdMV0lXY1hPOW14Zk1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8wZDg0MGMtOTUyZC00NzAyLWFiYTMt
YjZlNThmOWM4MmUxLzEvTC0tYTZZM1ZycFAxYmxaZXAyVDVuNlJsMU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8wZDg0MGMtOTUyZC00NzAyLWFiYTMtYjZlNThmOWM4MmUx
LzEvWC1XT2N5b1BjZlR3RXdMV0lXY1hPOW14Zk1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTBLBAIAATBFAwMAOQADAwA5
CQMDADkNAwMAORsDAwA5ITAKAwMAOTEDAwA5MgMDADk0AwMBOTYwCgMDADk9AwMG
OQADAwA5wAMDADniMA0GCSqGSIb3DQEBCwUAA4IBAQCkKcWqo3hoNWY1vzk+TOYH
o6l6o7UiJ5us0OXZvuPsVeJl9mw0XldQJmJVSIk+DJceyTYYZ+fhOWgMtccpb13p
vnUtG3n52uRu1mUvbsogoFGnpwz78SJ5MYJ0+TjUQQCLg9cwOxNxbi8JBU+RpGc7
uzlOqMQZ277asvi9ebGBF1a4NIOjY7OMQzjsoRGezQoNNwcJyG+cVioOI4zi4v5D
qu3gnSbe9JFWmRrztAvDRyFp++R4UT+nLRZQ39PEHztBrm6PsvWNNi8B1EjINPyj
Siwg4aCUNU/iDr8tGUAc7wf+8Ybup0nc1lVxiQBR/+NOWmYmuNSGYrhr4VcgR/hy
-----END CERTIFICATE-----