Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/XgGq54eXKfhfmM8p_AtvDQfrxrg.roa
File:                     XgGq54eXKfhfmM8p_AtvDQfrxrg.roa (raw, json)
Hash identifier:          NNWYYeHUYS/hP1TBvQ3M1uEvRqAZc6a0vD22fwZoYss=
Subject key identifier:   5E:01:AA:E7:87:97:29:F8:5F:98:CF:29:FC:0B:6F:0D:07:EB:C6:B8
Certificate issuer:       /CN=2dc291b8db6cfddf6dd2a1d55b226d49492a2705
Certificate serial:       01856EEFE2AEAF9CA7105ACBFF7286990DAA
Authority key identifier: 2D:C2:91:B8:DB:6C:FD:DF:6D:D2:A1:D5:5B:22:6D:49:49:2A:27:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcKRuNts_d9t0qHVWyJtSUkqJwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/XgGq54eXKfhfmM8p_AtvDQfrxrg.roa
Signing time:             Sun 01 Jan 2023 20:04:52 +0000
ROA not before:           Sun 01 Jan 2023 20:04:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211393
IP address blocks:        45.9.23.0/24 maxlen: 24
                          2a0b:6dc1:1::/48 maxlen: 48
                          2a0b:6dc3::/48 maxlen: 48
                          2a0b:6dc0:123::/48 maxlen: 48
                          2a0b:6dc0::/46 maxlen: 46
                          2a0b:6dc0:6::/48 maxlen: 48
                          2a0b:6dc1:2::/48 maxlen: 48
                          2a0b:6dc2::/45 maxlen: 45
                          2a0b:6dc7::/32 maxlen: 32
                          2a0b:6dc3:a::/47 maxlen: 47
                          2a0b:6dc3:c::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:ef:e2:ae:af:9c:a7:10:5a:cb:ff:72:86:99:0d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc291b8db6cfddf6dd2a1d55b226d49492a2705
        Validity
            Not Before: Jan  1 20:04:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e01aae7879729f85f98cf29fc0b6f0d07ebc6b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a1:dd:d5:2e:60:52:26:c1:80:ba:4c:12:89:
                    26:c4:2b:a7:e5:61:16:bc:dc:a3:4d:c5:39:64:2e:
                    2e:a6:54:14:84:a7:cb:22:05:75:65:bd:fb:a4:3d:
                    6a:7d:1d:84:47:48:78:fd:59:79:61:3e:5d:98:89:
                    a2:eb:5b:5c:1d:5a:02:0a:08:19:2f:48:0f:8e:ef:
                    64:48:8f:de:1c:7e:02:7b:68:83:89:83:81:ea:09:
                    b2:20:20:6a:a0:78:5a:72:a1:42:4a:41:14:35:bd:
                    ed:25:27:0c:aa:ae:61:3f:88:1e:64:40:82:41:e6:
                    de:ac:b4:63:70:23:d3:4f:62:f1:8c:48:71:5d:80:
                    fa:24:65:ce:40:5a:4f:61:cc:4e:75:16:23:c5:71:
                    15:40:e2:c5:d1:ae:93:0f:6a:0f:36:49:42:d0:2e:
                    36:28:2d:92:98:7f:c4:2e:47:4b:3f:f0:59:f5:53:
                    3d:83:5a:26:f8:b5:f1:37:c0:08:8f:86:8e:73:fa:
                    44:b0:66:a5:9f:1c:10:49:aa:bb:0c:87:5e:6c:80:
                    ca:02:91:3d:98:5d:56:72:01:82:48:94:af:0e:42:
                    a5:75:af:35:52:a5:ab:5e:03:87:28:76:43:3d:b6:
                    e9:9a:c7:37:b3:bb:5f:f8:55:64:19:d8:0a:0e:d4:
                    bd:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:01:AA:E7:87:97:29:F8:5F:98:CF:29:FC:0B:6F:0D:07:EB:C6:B8
            X509v3 Authority Key Identifier:
                keyid:2D:C2:91:B8:DB:6C:FD:DF:6D:D2:A1:D5:5B:22:6D:49:49:2A:27:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcKRuNts_d9t0qHVWyJtSUkqJwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/XgGq54eXKfhfmM8p_AtvDQfrxrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/41a843-7524-455b-be22-2b170e95c2b7/1/LcKRuNts_d9t0qHVWyJtSUkqJwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.23.0/24
                IPv6:
                  2a0b:6dc0::/46
                  2a0b:6dc0:6::/48
                  2a0b:6dc0:123::/48
                  2a0b:6dc1:1::-2a0b:6dc1:2:ffff:ffff:ffff:ffff:ffff
                  2a0b:6dc2::/45
                  2a0b:6dc3::/48
                  2a0b:6dc3:a::-2a0b:6dc3:c:ffff:ffff:ffff:ffff:ffff
                  2a0b:6dc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:56:57:27:de:ff:2d:04:43:b2:15:db:dd:b9:5b:38:ff:79:
         4b:7e:3e:95:fd:2d:b8:42:bc:9b:f6:a7:ec:99:80:76:37:3c:
         bd:be:cc:c3:d8:de:d1:cd:c2:12:7c:f8:7f:1f:c6:b7:b7:9f:
         02:2d:54:a1:0b:e5:12:fc:c8:17:33:a9:f6:15:ae:01:4e:4e:
         c2:33:23:df:c7:d9:62:e6:d3:57:3b:ed:97:79:4e:50:57:6e:
         74:cb:13:ed:70:a2:ec:14:6b:20:67:7e:48:4d:38:57:81:89:
         99:e8:d8:ec:80:99:7a:36:c6:51:77:12:16:39:70:b1:01:91:
         8e:be:c1:2b:32:83:2d:91:b2:e0:5b:f7:9f:de:2b:b5:cb:b7:
         bf:03:e2:89:67:15:92:a1:db:d0:eb:fa:d4:ea:1d:24:f8:6c:
         23:d2:03:aa:06:49:b8:31:cf:50:26:50:9a:e9:a0:c6:90:69:
         74:1e:cc:6c:71:b5:0e:86:92:db:54:78:8d:f3:f0:63:90:97:
         43:bd:1d:c3:29:f8:c0:88:5b:8a:db:7e:cc:cc:ab:2b:97:f7:
         57:3c:a3:44:14:0d:9b:b1:19:91:ad:5a:51:b5:9d:e2:ee:19:
         e3:8c:f9:bf:3e:db:30:f1:01:1f:a8:ba:21:ed:2c:b6:91:87:
         f2:bd:c0:cb
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYVu7+Kur5ynEFrL/3KGmQ2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzI5MWI4ZGI2Y2ZkZGY2ZGQyYTFkNTViMjI2ZDQ5NDky
YTI3MDUwHhcNMjMwMTAxMjAwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTAxYWFlNzg3OTcyOWY4NWY5OGNmMjlmYzBiNmYwZDA3ZWJjNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqHd1S5gUibBgLpMEokmxCun5WEW
vNyjTcU5ZC4uplQUhKfLIgV1Zb37pD1qfR2ER0h4/Vl5YT5dmImi61tcHVoCCggZ
L0gPju9kSI/eHH4Ce2iDiYOB6gmyICBqoHhacqFCSkEUNb3tJScMqq5hP4geZECC
QeberLRjcCPTT2LxjEhxXYD6JGXOQFpPYcxOdRYjxXEVQOLF0a6TD2oPNklC0C42
KC2SmH/ELkdLP/BZ9VM9g1om+LXxN8AIj4aOc/pEsGalnxwQSaq7DIdebIDKApE9
mF1WcgGCSJSvDkKlda81UqWrXgOHKHZDPbbpmsc3s7tf+FVkGdgKDtS9XQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFF4BqueHlyn4X5jPKfwLbw0H68a4MB8GA1UdIwQY
MBaAFC3CkbjbbP3fbdKh1VsibUlJKicFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNLUnVOdHNfZDl0MHFIVld5SnRTVWtxSndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MWE4NDMtNzUyNC00NTViLWJlMjIt
MmIxNzBlOTVjMmI3LzEvWGdHcTU0ZVhLZmhmbU04cF9BdHZEUWZyeHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80MWE4NDMtNzUyNC00NTViLWJlMjItMmIxNzBlOTVjMmI3
LzEvTGNLUnVOdHNfZDl0MHFIVld5SnRTVWtxSndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwDAQCAAEwBgMEAC0JFzBi
BAIAAjBcAwcCKgttwAAAAwcAKgttwAAGAwcAKgttwAEjMBIDBwAqC23BAAEDBwAq
C23BAAIDBwMqC23CAAADBwAqC23DAAAwEgMHASoLbcMACgMHACoLbcMADAMFACoL
bccwDQYJKoZIhvcNAQELBQADggEBAJtWVyfe/y0EQ7IV2925Wzj/eUt+PpX9LbhC
vJv2p+yZgHY3PL2+zMPY3tHNwhJ8+H8fxre3nwItVKEL5RL8yBczqfYVrgFOTsIz
I9/H2WLm01c77Zd5TlBXbnTLE+1wouwUayBnfkhNOFeBiZno2OyAmXo2xlF3EhY5
cLEBkY6+wSsygy2RsuBb95/eK7XLt78D4olnFZKh29Dr+tTqHST4bCPSA6oGSbgx
z1AmUJrpoMaQaXQezGxxtQ6GkttUeI3z8GOQl0O9HcMp+MCIW4rbfszMqyuX91c8
o0QUDZuxGZGtWlG1neLuGeOM+b8+2zDxAR+ouiHtLLaRh/K9wMs=
-----END CERTIFICATE-----