Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/GAmAO664KmXOoWpFEUc2ZaS-Ve0.roa
File:                     GAmAO664KmXOoWpFEUc2ZaS-Ve0.roa (raw, json)
Hash identifier:          kSjAZzjPPbCVP1cqhklHDh702cIHFeAf+Z7SKVWRBGs=
Subject key identifier:   18:09:80:3B:AE:B8:2A:65:CE:A1:6A:45:11:47:36:65:A4:BE:55:ED
Certificate issuer:       /CN=58d2d2715f43f747bea762dce166bca4b8e965eb
Certificate serial:       018CABBA8A32C30BBDB9E55D51BBEB849A27
Authority key identifier: 58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/GAmAO664KmXOoWpFEUc2ZaS-Ve0.roa
Signing time:             Wed 27 Dec 2023 14:42:58 +0000
ROA not before:           Wed 27 Dec 2023 14:42:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8560
IP address blocks:        85.215.200.0/22 maxlen: 24
                          85.215.204.0/22 maxlen: 24
                          85.215.208.0/21 maxlen: 24
                          85.215.216.0/22 maxlen: 24
                          85.215.224.0/20 maxlen: 24
                          85.215.220.0/22 maxlen: 24
                          85.215.240.0/22 maxlen: 24
                          85.215.32.0/19 maxlen: 24
                          85.215.248.0/22 maxlen: 24
                          85.215.160.0/19 maxlen: 24
                          185.56.148.0/22 maxlen: 24
                          85.215.192.0/21 maxlen: 24
                          85.215.64.0/20 maxlen: 24
                          2a01:239:100::/40 maxlen: 48
                          2a01:239:200::/39 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ab:ba:8a:32:c3:0b:bd:b9:e5:5d:51:bb:eb:84:9a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58d2d2715f43f747bea762dce166bca4b8e965eb
        Validity
            Not Before: Dec 27 14:42:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1809803baeb82a65cea16a4511473665a4be55ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ba:e9:73:48:d8:6b:f8:01:7b:12:e7:49:a6:
                    b4:d5:27:a1:a9:df:c1:71:fa:29:a9:4c:d5:4f:11:
                    34:3e:dd:7b:89:bc:9c:66:10:83:ed:d5:ce:05:07:
                    3b:03:6a:22:b7:84:a7:73:4c:c6:29:0e:f5:a2:91:
                    58:c4:47:05:18:0f:74:c6:fc:a1:58:d3:65:da:5e:
                    38:50:ab:f2:49:2c:ff:b9:df:23:62:a8:1c:83:92:
                    73:82:cf:89:23:7f:26:62:27:b0:85:ca:d4:9c:c1:
                    91:96:77:ef:22:cf:b7:ef:cf:83:5f:c2:0d:79:d9:
                    bd:b3:9d:b2:52:ea:1f:de:38:06:d9:a2:65:0a:ae:
                    da:af:f4:c9:91:c4:61:5e:2d:99:4c:6f:f8:39:fd:
                    aa:4f:f3:49:bc:7e:c3:65:e7:d2:4f:90:6a:b8:74:
                    d9:1d:be:30:b5:a4:07:18:34:09:c8:95:76:90:2f:
                    df:cd:94:88:97:ba:16:ef:19:75:1b:84:c5:c5:2a:
                    2d:a1:35:e0:c2:6f:ec:c6:1b:3c:aa:46:42:1c:9f:
                    cc:5e:5c:65:00:39:b8:0b:b9:28:81:95:ef:e0:21:
                    e1:17:1e:79:1f:37:29:7d:71:44:bd:e9:8d:a2:c7:
                    fd:88:cd:0c:4b:51:41:92:10:95:c8:47:c6:fe:27:
                    1d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:09:80:3B:AE:B8:2A:65:CE:A1:6A:45:11:47:36:65:A4:BE:55:ED
            X509v3 Authority Key Identifier:
                keyid:58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/GAmAO664KmXOoWpFEUc2ZaS-Ve0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/WNLScV9D90e-p2Lc4Wa8pLjpZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.215.32.0-85.215.79.255
                  85.215.160.0-85.215.243.255
                  85.215.248.0/22
                  185.56.148.0/22
                IPv6:
                  2a01:239:100::-2a01:239:3ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1d:00:7b:8d:21:1e:3a:e2:2a:ea:5c:31:83:2f:4b:6b:ac:52:
         bc:a8:34:1e:d0:a0:0b:90:11:5e:cd:17:d7:a0:02:93:6f:ee:
         fd:46:e1:db:49:aa:d2:bf:1e:29:f3:d5:30:5f:e1:59:f3:a0:
         ea:6b:ee:56:74:87:b6:91:44:29:76:5d:48:7c:81:ff:63:13:
         6f:55:b2:df:4f:06:3b:45:51:4a:8c:ee:4b:e9:81:ab:74:2e:
         db:57:5d:ab:cc:03:c3:f0:5f:b4:60:b4:5b:2f:37:2e:71:55:
         89:92:f2:9e:f3:92:ce:de:58:2a:2c:fa:75:21:b9:76:97:d5:
         dd:cd:a9:8a:c0:97:eb:e5:d0:42:4d:37:1b:f1:7f:a4:3f:f8:
         04:0e:22:04:e9:eb:9b:5e:b7:3b:97:ed:09:e9:ce:eb:3f:96:
         32:dd:a7:84:31:e7:30:d9:c5:90:1a:66:4d:d3:84:bd:ee:37:
         42:5d:2d:f6:81:4b:fa:1e:f8:39:cd:da:65:62:e5:d0:cd:54:
         ef:1d:b9:91:5f:50:08:25:7b:53:01:ee:df:5e:03:2b:47:b1:
         b4:a1:5d:ad:3f:5c:4a:30:68:cb:25:e4:69:82:1b:11:d2:4a:
         17:cb:2a:d8:21:d2:aa:c5:7c:ad:7a:34:02:a6:f8:0c:50:1d:
         a6:ed:76:75
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYyruooywwu9ueVdUbvrhJonMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZDJkMjcxNWY0M2Y3NDdiZWE3NjJkY2UxNjZiY2E0Yjhl
OTY1ZWIwHhcNMjMxMjI3MTQ0MjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA5ODAzYmFlYjgyYTY1Y2VhMTZhNDUxMTQ3MzY2NWE0YmU1NWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7rpc0jYa/gBexLnSaa01Sehqd/B
cfopqUzVTxE0Pt17ibycZhCD7dXOBQc7A2oit4Snc0zGKQ71opFYxEcFGA90xvyh
WNNl2l44UKvySSz/ud8jYqgcg5Jzgs+JI38mYiewhcrUnMGRlnfvIs+378+DX8IN
edm9s52yUuof3jgG2aJlCq7ar/TJkcRhXi2ZTG/4Of2qT/NJvH7DZefST5BquHTZ
Hb4wtaQHGDQJyJV2kC/fzZSIl7oW7xl1G4TFxSotoTXgwm/sxhs8qkZCHJ/MXlxl
ADm4C7kogZXv4CHhFx55HzcpfXFEvemNosf9iM0MS1FBkhCVyEfG/icd7QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFBgJgDuuuCplzqFqRRFHNmWkvlXtMB8GA1UdIwQY
MBaAFFjS0nFfQ/dHvqdi3OFmvKS46WXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjkt
ZTM4MzQ1MTZmYzA4LzEvR0FtQU82NjRLbVhPb1dwRkVVYzJaYVMtVmUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjktZTM4MzQ1MTZmYzA4
LzEvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAuBAIAATAoMAwDBAVV1yAD
BARV10AwDAMEBVXXoAMEAlXX8AMEAlXX+AMEArk4lDAYBAIAAjASMBADBgAqAQI5
AQMGAioBAjkAMA0GCSqGSIb3DQEBCwUAA4IBAQAdAHuNIR464irqXDGDL0trrFK8
qDQe0KALkBFezRfXoAKTb+79RuHbSarSvx4p89UwX+FZ86Dqa+5WdIe2kUQpdl1I
fIH/YxNvVbLfTwY7RVFKjO5L6YGrdC7bV12rzAPD8F+0YLRbLzcucVWJkvKe85LO
3lgqLPp1Ibl2l9XdzamKwJfr5dBCTTcb8X+kP/gEDiIE6eubXrc7l+0J6c7rP5Yy
3aeEMecw2cWQGmZN04S97jdCXS32gUv6Hvg5zdplYuXQzVTvHbmRX1AIJXtTAe7f
XgMrR7G0oV2tP1xKMGjLJeRpghsR0koXyyrYIdKqxXytejQCpvgMUB2m7XZ1
-----END CERTIFICATE-----