Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/P16_p0_C-1dG1EH3qqgmhFRIW4w.roa
File:                     P16_p0_C-1dG1EH3qqgmhFRIW4w.roa (raw, json)
Hash identifier:          uBvmrqui2AmRN+0XQgt5tJgyzkfjpSTdksia7JXXpws=
Subject key identifier:   3F:5E:BF:A7:4F:C2:FB:57:46:D4:41:F7:AA:A8:26:84:54:48:5B:8C
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       0184F5DAFD7BBEC7C7FCCD4E0ABFA926646E
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/P16_p0_C-1dG1EH3qqgmhFRIW4w.roa
Signing time:             Fri 09 Dec 2022 07:48:00 +0000
ROA not before:           Fri 09 Dec 2022 07:48:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14576
IP address blocks:        213.108.3.0/24 maxlen: 24
                          213.108.1.0/24 maxlen: 24
                          213.108.0.0/24 maxlen: 24
                          5.183.252.0/24 maxlen: 24
                          185.77.220.0/22 maxlen: 24
                          83.171.225.0/24 maxlen: 24
                          77.220.192.0/24 maxlen: 24
                          77.220.195.0/24 maxlen: 24
                          141.98.84.0/24 maxlen: 24
                          194.104.9.0/24 maxlen: 24
                          194.104.8.0/24 maxlen: 24
                          45.10.165.0/24 maxlen: 24
                          45.10.164.0/24 maxlen: 24
                          45.10.167.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:f5:da:fd:7b:be:c7:c7:fc:cd:4e:0a:bf:a9:26:64:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Dec  9 07:48:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3f5ebfa74fc2fb5746d441f7aaa8268454485b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:45:33:dd:36:0b:91:d1:c6:9c:ad:a8:e8:43:
                    8d:62:38:86:e6:f5:54:cd:44:6d:26:08:f8:10:7c:
                    d5:00:98:33:d7:e6:30:9d:1f:6a:b2:89:90:54:ab:
                    95:0c:22:75:4b:15:48:6b:77:4a:3f:20:ea:92:bd:
                    88:b1:34:e9:3e:7f:3d:a5:eb:8b:41:5f:57:03:ae:
                    a0:17:bf:db:17:de:b1:8c:77:98:49:f2:35:d8:eb:
                    0a:08:30:94:a6:45:8e:f7:4c:de:cb:40:5e:88:c7:
                    6d:b9:ae:d3:8e:38:bd:d8:1f:a8:56:c5:d4:16:f4:
                    33:72:0c:cd:dc:7f:7a:e6:98:1f:85:d6:be:26:60:
                    f2:56:85:1e:49:b8:78:89:9c:d1:44:2c:91:96:08:
                    d6:38:97:29:c5:2c:58:dc:7b:b6:93:14:88:3e:e3:
                    21:79:f0:16:ed:2c:c4:05:d1:27:eb:02:21:08:00:
                    ea:21:75:0f:9f:18:89:c2:8a:4f:f3:04:f4:f0:e8:
                    55:d8:37:9e:47:ce:ec:2a:9c:92:10:4c:f9:d0:9f:
                    e7:db:2e:87:c8:27:57:62:d2:80:d8:b7:a1:47:cd:
                    f3:f3:4c:c1:f6:80:af:98:24:ed:9c:84:42:f4:3b:
                    54:6f:1d:34:94:27:fe:72:d5:58:41:55:74:91:0e:
                    06:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:5E:BF:A7:4F:C2:FB:57:46:D4:41:F7:AA:A8:26:84:54:48:5B:8C
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/P16_p0_C-1dG1EH3qqgmhFRIW4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.252.0/24
                  45.10.164.0/23
                  45.10.167.0/24
                  77.220.192.0/24
                  77.220.195.0/24
                  83.171.225.0/24
                  141.98.84.0/24
                  185.77.220.0/22
                  194.104.8.0/23
                  213.108.0.0/23
                  213.108.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:b8:04:66:dd:b8:9a:94:7d:3d:ec:1b:b4:bc:9f:13:5b:85:
         05:4e:fe:fa:55:97:1f:6d:a8:b9:72:c3:34:7f:18:bd:a3:6d:
         d0:e9:86:90:3b:9f:64:0d:4c:5a:63:36:ad:a3:be:4a:1e:1d:
         4e:8b:59:93:d6:d2:fc:9d:de:6e:6c:3c:32:74:84:c7:e9:18:
         30:9e:ea:b2:db:48:ce:ac:66:d2:f4:fb:7a:01:13:d1:94:cb:
         a2:44:98:a1:38:d0:f8:e6:0b:39:97:2a:98:dc:7e:38:98:28:
         d3:2d:ed:fc:60:50:87:47:c3:c3:87:e6:3f:62:1a:ee:bf:28:
         8a:57:7c:9d:22:c8:91:74:74:f6:25:61:f1:0f:5b:85:40:a6:
         ea:15:4c:6b:7f:6f:d6:9d:9f:cf:87:02:22:c5:05:92:56:a4:
         9a:bf:73:f8:0e:1b:49:d3:d0:e4:45:16:f0:8e:f5:ab:80:c6:
         13:ca:8f:9a:c3:cb:6c:21:01:50:c5:c7:9f:fe:53:5f:5d:09:
         48:a3:af:aa:ed:96:8f:23:69:3e:ad:55:cf:51:04:ec:27:ca:
         94:65:0c:2d:4d:77:e6:9e:f5:1b:22:0f:18:f4:12:c5:fc:96:
         16:66:55:c9:a5:56:1d:7c:2a:93:de:86:26:db:f3:04:66:38:
         68:f8:92:0c
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYT12v17vsfH/M1OCr+pJmRuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjIxMjA5MDc0ODAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjVlYmZhNzRmYzJmYjU3NDZkNDQxZjdhYWE4MjY4NDU0NDg1YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUUz3TYLkdHGnK2o6EONYjiG5vVU
zURtJgj4EHzVAJgz1+YwnR9qsomQVKuVDCJ1SxVIa3dKPyDqkr2IsTTpPn89peuL
QV9XA66gF7/bF96xjHeYSfI12OsKCDCUpkWO90zey0BeiMdtua7Tjji92B+oVsXU
FvQzcgzN3H965pgfhda+JmDyVoUeSbh4iZzRRCyRlgjWOJcpxSxY3Hu2kxSIPuMh
efAW7SzEBdEn6wIhCADqIXUPnxiJwopP8wT08OhV2DeeR87sKpySEEz50J/n2y6H
yCdXYtKA2LehR83z80zB9oCvmCTtnIRC9DtUbx00lCf+ctVYQVV0kQ4GpQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFD9ev6dPwvtXRtRB96qoJoRUSFuMMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvUDE2X3AwX0MtMWRHMUVIM3FxZ21oRlJJVzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABbf8AwQB
LQqkAwQALQqnAwQATdzAAwQATdzDAwQAU6vhAwQAjWJUAwQCuU3cAwQBwmgIAwQB
1WwAAwQA1WwDMA0GCSqGSIb3DQEBCwUAA4IBAQAruARm3bialH097Bu0vJ8TW4UF
Tv76VZcfbai5csM0fxi9o23Q6YaQO59kDUxaYzato75KHh1Oi1mT1tL8nd5ubDwy
dITH6Rgwnuqy20jOrGbS9Pt6ARPRlMuiRJihOND45gs5lyqY3H44mCjTLe38YFCH
R8PDh+Y/YhruvyiKV3ydIsiRdHT2JWHxD1uFQKbqFUxrf2/WnZ/PhwIixQWSVqSa
v3P4DhtJ09DkRRbwjvWrgMYTyo+aw8tsIQFQxcef/lNfXQlIo6+q7ZaPI2k+rVXP
UQTsJ8qUZQwtTXfmnvUbIg8Y9BLF/JYWZlXJpVYdfCqT3oYm2/MEZjho+JIM
-----END CERTIFICATE-----