Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/QBapD1yd3lS7lnqfg_bSOVCdn_A.roa
File:                     QBapD1yd3lS7lnqfg_bSOVCdn_A.roa (raw, json)
Hash identifier:          vX2PR/BQ2HbGCqaCszAityn143/oqzjE5qFotdU1U+g=
Subject key identifier:   40:16:A9:0F:5C:9D:DE:54:BB:96:7A:9F:83:F6:D2:39:50:9D:9F:F0
Certificate issuer:       /CN=0a41a925f8d6684c86107d2756b4aa93881f02ae
Certificate serial:       018737A37E23615972119479A825720808DE
Authority key identifier: 0A:41:A9:25:F8:D6:68:4C:86:10:7D:27:56:B4:AA:93:88:1F:02:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/QBapD1yd3lS7lnqfg_bSOVCdn_A.roa
Signing time:             Fri 31 Mar 2023 12:27:54 +0000
ROA not before:           Fri 31 Mar 2023 12:27:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12601
IP address blocks:        185.113.40.0/22 maxlen: 22
                          80.94.176.0/22 maxlen: 22
                          80.94.185.0/24 maxlen: 24
                          80.94.182.0/23 maxlen: 23
                          80.94.184.0/24 maxlen: 24
                          185.211.140.0/22 maxlen: 22
                          185.194.80.0/22 maxlen: 22
                          213.159.9.0/24 maxlen: 24
                          64.126.192.0/23 maxlen: 23
                          80.94.188.0/23 maxlen: 23
                          64.126.194.0/23 maxlen: 23
                          194.5.134.0/24 maxlen: 24
                          64.126.200.0/22 maxlen: 22
                          64.126.208.0/24 maxlen: 24
                          64.126.212.0/22 maxlen: 22
                          64.126.212.0/24 maxlen: 24
                          64.126.209.0/24 maxlen: 24
                          194.126.236.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:37:a3:7e:23:61:59:72:11:94:79:a8:25:72:08:08:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a41a925f8d6684c86107d2756b4aa93881f02ae
        Validity
            Not Before: Mar 31 12:27:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4016a90f5c9dde54bb967a9f83f6d239509d9ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d3:c3:55:bd:fd:ee:81:90:96:16:73:f0:ec:
                    5a:4f:65:a4:b7:34:19:5c:88:9f:51:ec:2c:9d:d3:
                    49:60:b6:25:23:48:ce:c8:9f:9e:4b:03:f5:ac:05:
                    69:f6:8b:1f:33:6f:0c:7c:f5:57:8c:07:1f:56:32:
                    a6:58:d9:2c:bf:ef:76:4e:3c:82:9e:87:44:ed:1b:
                    de:92:87:7b:19:c3:ac:57:75:41:c2:4b:ff:30:a8:
                    f8:1b:c7:f6:7c:59:8c:c8:e3:dc:e8:ee:e4:ad:4d:
                    24:5b:cd:68:74:14:c1:fb:cc:03:94:a1:20:e2:10:
                    29:39:ab:af:dc:fe:ac:b4:c2:23:a0:c9:d1:e8:02:
                    aa:ba:ee:2d:79:d2:93:30:2e:e6:f7:99:ae:fe:b4:
                    30:71:31:75:ac:3b:1e:6d:9a:89:5b:8a:02:4f:d2:
                    eb:7b:4d:af:c3:70:b4:6a:66:e3:4c:23:f4:3c:2d:
                    cb:c6:38:3a:15:43:fd:8c:2a:c1:c9:50:7b:63:48:
                    fc:2b:28:cf:07:4e:0b:c3:56:05:0a:44:74:5f:b8:
                    94:c3:bb:01:ae:16:9a:05:79:de:55:47:51:4f:96:
                    30:1f:54:89:4d:88:9e:ca:91:f7:9a:72:95:bf:a2:
                    e9:22:aa:f0:90:a8:ae:90:e8:f3:6e:00:f7:cb:ba:
                    4c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:16:A9:0F:5C:9D:DE:54:BB:96:7A:9F:83:F6:D2:39:50:9D:9F:F0
            X509v3 Authority Key Identifier:
                keyid:0A:41:A9:25:F8:D6:68:4C:86:10:7D:27:56:B4:AA:93:88:1F:02:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/QBapD1yd3lS7lnqfg_bSOVCdn_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/CkGpJfjWaEyGEH0nVrSqk4gfAq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.126.192.0/22
                  64.126.200.0/22
                  64.126.208.0/23
                  64.126.212.0/22
                  80.94.176.0/22
                  80.94.182.0-80.94.185.255
                  80.94.188.0/23
                  185.113.40.0/22
                  185.194.80.0/22
                  185.211.140.0/22
                  194.5.134.0/24
                  194.126.236.0/24
                  213.159.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:fc:fb:ea:bd:88:ca:02:2d:6f:1d:15:0c:5a:d6:a4:0e:67:
         29:f5:9f:30:2c:d3:20:07:a4:70:f7:f7:1e:cf:6c:27:c7:e5:
         ca:ba:45:48:27:61:35:d6:92:a0:f3:fc:09:1e:07:45:14:4f:
         5f:fa:78:1d:b1:6a:7c:c2:57:7b:3b:30:76:bc:dc:e7:d6:62:
         ff:f6:e2:39:e3:a7:17:11:85:22:bb:5c:53:ee:54:50:28:f7:
         c1:ee:89:99:af:4b:33:2f:69:21:76:75:97:5e:9b:f6:27:01:
         79:4d:99:6c:35:d8:76:50:f2:43:2b:2a:4b:77:07:03:cb:a8:
         97:2b:a6:ce:bf:bc:fe:db:0d:c8:45:4f:90:ea:86:38:69:14:
         42:4b:ed:7e:f7:05:ea:f6:80:b1:e5:f5:1d:3a:7f:03:9a:3c:
         c2:f5:0d:9d:8b:c4:c7:a0:da:1b:10:d1:fc:1a:65:49:80:2b:
         08:1e:58:d0:87:de:59:5b:95:0d:11:96:08:7e:c2:5f:4c:52:
         3c:c0:a6:b8:6c:10:06:cf:aa:ab:4c:9d:ba:31:3a:7f:b1:76:
         73:c0:5f:d0:7b:d8:fb:fe:04:f5:d4:32:76:ef:52:8e:87:41:
         e8:e2:b4:16:27:86:53:43:22:05:db:20:a5:49:2b:bb:8b:cf:
         93:f3:7b:71
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYc3o34jYVlyEZR5qCVyCAjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNDFhOTI1ZjhkNjY4NGM4NjEwN2QyNzU2YjRhYTkzODgx
ZjAyYWUwHhcNMjMwMzMxMTIyNzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDE2YTkwZjVjOWRkZTU0YmI5NjdhOWY4M2Y2ZDIzOTUwOWQ5ZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdPDVb397oGQlhZz8OxaT2WktzQZ
XIifUewsndNJYLYlI0jOyJ+eSwP1rAVp9osfM28MfPVXjAcfVjKmWNksv+92TjyC
nodE7Rvekod7GcOsV3VBwkv/MKj4G8f2fFmMyOPc6O7krU0kW81odBTB+8wDlKEg
4hApOauv3P6stMIjoMnR6AKquu4tedKTMC7m95mu/rQwcTF1rDsebZqJW4oCT9Lr
e02vw3C0ambjTCP0PC3Lxjg6FUP9jCrByVB7Y0j8KyjPB04Lw1YFCkR0X7iUw7sB
rhaaBXneVUdRT5YwH1SJTYieypH3mnKVv6LpIqrwkKiukOjzbgD3y7pMSQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFEAWqQ9cnd5Uu5Z6n4P20jlQnZ/wMB8GA1UdIwQY
MBaAFApBqSX41mhMhhB9J1a0qpOIHwKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2tHcEpmaldhRXlHRUgwblZyU3FrNGdmQXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9lMzdkMWQtZDRmYi00OTZjLWFmNDkt
MzQyMDY4NGM3ZTQxLzEvUUJhcEQxeWQzbFM3bG5xZmdfYlNPVkNkbl9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9lMzdkMWQtZDRmYi00OTZjLWFmNDktMzQyMDY4NGM3ZTQx
LzEvQ2tHcEpmaldhRXlHRUgwblZyU3FrNGdmQXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQCQH7AAwQC
QH7IAwQBQH7QAwQCQH7UAwQCUF6wMAwDBAFQXrYDBAFQXrgDBAFQXrwDBAK5cSgD
BAK5wlADBAK504wDBADCBYYDBADCfuwDBADVnwkwDQYJKoZIhvcNAQELBQADggEB
AJP8++q9iMoCLW8dFQxa1qQOZyn1nzAs0yAHpHD39x7PbCfH5cq6RUgnYTXWkqDz
/AkeB0UUT1/6eB2xanzCV3s7MHa83OfWYv/24jnjpxcRhSK7XFPuVFAo98HuiZmv
SzMvaSF2dZdem/YnAXlNmWw12HZQ8kMrKkt3BwPLqJcrps6/vP7bDchFT5Dqhjhp
FEJL7X73Ber2gLHl9R06fwOaPML1DZ2LxMeg2hsQ0fwaZUmAKwgeWNCH3llblQ0R
lgh+wl9MUjzAprhsEAbPqqtMnboxOn+xdnPAX9B72Pv+BPXUMnbvUo6HQejitBYn
hlNDIgXbIKVJK7uLz5Pze3E=
-----END CERTIFICATE-----