Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/cuG1dejqN1LYYS6Yr001TqnxpRg.roa
File:                     cuG1dejqN1LYYS6Yr001TqnxpRg.roa (raw, json)
Hash identifier:          6WYZCZYw31XIPf1tjzbn/FwEelaRZ8ZjH5S386nqb+w=
Subject key identifier:   72:E1:B5:75:E8:EA:37:52:D8:61:2E:98:AF:4D:35:4E:A9:F1:A5:18
Certificate issuer:       /CN=cfeace714c29568ef197007b141d12758cc415d5
Certificate serial:       018A2662E0D104146B0CF4CA2A007C03AA32
Authority key identifier: CF:EA:CE:71:4C:29:56:8E:F1:97:00:7B:14:1D:12:75:8C:C4:15:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/cuG1dejqN1LYYS6Yr001TqnxpRg.roa
Signing time:             Thu 24 Aug 2023 07:12:08 +0000
ROA not before:           Thu 24 Aug 2023 07:12:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1299
IP address blocks:        185.57.168.0/22 maxlen: 24
                          185.56.212.0/22 maxlen: 24
                          193.41.118.0/23 maxlen: 24
                          185.114.104.0/22 maxlen: 24
                          188.65.152.0/21 maxlen: 24
                          193.254.192.0/23 maxlen: 24
                          45.137.208.0/22 maxlen: 24
                          81.201.208.0/20 maxlen: 24
                          2a0b:fd80::/32 maxlen: 48
                          2a02:5120::/32 maxlen: 48
                          2a00:e900::/29 maxlen: 48
                          2a01:4400::/32 maxlen: 48
                          2a0b:fd82::/32 maxlen: 48
                          2a0b:fd81::/32 maxlen: 48
                          2a0b:fd87::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:26:62:e0:d1:04:14:6b:0c:f4:ca:2a:00:7c:03:aa:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfeace714c29568ef197007b141d12758cc415d5
        Validity
            Not Before: Aug 24 07:12:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72e1b575e8ea3752d8612e98af4d354ea9f1a518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:08:47:40:78:57:07:90:38:c8:aa:18:6e:16:
                    af:72:9a:22:90:36:30:c9:c8:20:9a:03:80:66:26:
                    42:49:2a:ec:48:4e:e8:86:84:40:c8:3a:a6:48:b1:
                    87:c2:3d:39:f8:fc:3f:54:ee:35:f0:58:42:e6:72:
                    9d:ff:18:26:cd:ee:41:e8:f5:88:43:b6:af:a5:b1:
                    42:c8:52:3c:a8:a9:df:e4:b6:26:fa:b8:c8:19:f0:
                    f5:12:59:b8:61:8d:a6:25:6f:fe:17:34:6a:9f:1f:
                    d6:54:ad:ea:b0:4f:f8:b2:ba:74:4b:93:c4:be:a0:
                    c2:18:bf:8d:c7:8c:e6:a5:8a:33:ae:e1:41:f9:cd:
                    9a:95:82:74:78:b0:54:22:04:b3:af:f7:d7:47:ff:
                    79:f1:9f:91:15:d7:0d:85:1b:cd:45:ac:ad:f6:5c:
                    8d:17:c3:b1:2e:62:c7:34:85:20:eb:f0:ad:79:96:
                    d6:77:ef:42:00:f5:e5:27:b0:a3:f7:9f:fc:fd:35:
                    25:91:06:cc:38:24:0c:c3:75:fd:ed:cc:0a:1e:a1:
                    01:f1:fe:29:6e:c1:8f:83:59:28:68:fe:08:74:16:
                    d7:18:06:6e:2e:90:0d:67:8f:38:80:30:bd:eb:55:
                    b7:26:66:ee:6c:64:69:0e:1e:34:b3:4f:c6:ec:0e:
                    f9:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E1:B5:75:E8:EA:37:52:D8:61:2E:98:AF:4D:35:4E:A9:F1:A5:18
            X509v3 Authority Key Identifier:
                keyid:CF:EA:CE:71:4C:29:56:8E:F1:97:00:7B:14:1D:12:75:8C:C4:15:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/cuG1dejqN1LYYS6Yr001TqnxpRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/z-rOcUwpVo7xlwB7FB0SdYzEFdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.208.0/22
                  81.201.208.0/20
                  185.56.212.0/22
                  185.57.168.0/22
                  185.114.104.0/22
                  188.65.152.0/21
                  193.41.118.0/23
                  193.254.192.0/23
                IPv6:
                  2a00:e900::/29
                  2a01:4400::/32
                  2a02:5120::/32
                  2a0b:fd80::-2a0b:fd82:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0b:fd87::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:79:9f:15:e1:57:2a:0a:0b:40:77:a7:db:79:13:f8:e4:3a:
         8d:ab:7c:12:65:6a:5d:a2:6e:98:d0:0b:0a:14:32:a3:2b:57:
         ee:2e:c4:4a:4a:0a:ec:ed:ca:db:b4:69:3c:64:8b:fa:a8:2c:
         62:7f:c9:2d:e6:82:84:50:4c:4d:a0:f3:cd:c2:01:8a:fc:aa:
         f2:f3:2d:ef:4f:2e:7f:67:f7:a2:e5:66:e5:e8:d9:56:28:19:
         1b:b2:d5:b4:3c:8f:11:62:ef:93:cb:d3:29:29:87:a6:cd:e8:
         71:e2:83:70:3f:3c:aa:7d:d4:2e:25:5f:d5:84:ba:73:6f:86:
         2f:e7:f8:9e:04:88:0c:35:f7:00:0b:36:96:7e:c5:c4:2a:f8:
         99:b4:a2:ff:ec:32:cf:73:e7:21:d0:b0:aa:61:e5:e6:16:95:
         34:c3:0b:68:ed:0e:75:6d:dc:d0:48:88:dd:a3:ae:45:d8:4f:
         de:28:1b:72:51:0b:f0:0c:17:7f:13:d0:1c:b2:47:00:7b:cc:
         5c:ec:6b:09:2f:db:4a:2a:9c:68:16:89:88:65:92:e2:2a:f1:
         92:3c:9d:41:06:f7:5e:61:07:7f:86:b8:c7:55:da:ab:f5:c4:
         10:7d:84:4f:56:d6:f3:af:87:55:d9:08:98:96:32:87:fb:fd:
         b7:9d:57:82
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYomYuDRBBRrDPTKKgB8A6oyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZWFjZTcxNGMyOTU2OGVmMTk3MDA3YjE0MWQxMjc1OGNj
NDE1ZDUwHhcNMjMwODI0MDcxMjA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmUxYjU3NWU4ZWEzNzUyZDg2MTJlOThhZjRkMzU0ZWE5ZjFhNTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAughHQHhXB5A4yKoYbhavcpoikDYw
ycggmgOAZiZCSSrsSE7ohoRAyDqmSLGHwj05+Pw/VO418FhC5nKd/xgmze5B6PWI
Q7avpbFCyFI8qKnf5LYm+rjIGfD1Elm4YY2mJW/+FzRqnx/WVK3qsE/4srp0S5PE
vqDCGL+Nx4zmpYozruFB+c2alYJ0eLBUIgSzr/fXR/958Z+RFdcNhRvNRayt9lyN
F8OxLmLHNIUg6/CteZbWd+9CAPXlJ7Cj95/8/TUlkQbMOCQMw3X97cwKHqEB8f4p
bsGPg1koaP4IdBbXGAZuLpANZ484gDC961W3JmbubGRpDh40s0/G7A755wIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFHLhtXXo6jdS2GEumK9NNU6p8aUYMB8GA1UdIwQY
MBaAFM/qznFMKVaO8ZcAexQdEnWMxBXVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1yT2NVd3BWbzd4bHdCN0ZCMFNkWXpFRmRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mYzFiZWYtZTcyYi00YTQ1LTk0NjMt
OGZkMzk0YjUzNTdjLzEvY3VHMWRlanFOMUxZWVM2WXIwMDFUcW54cFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mYzFiZWYtZTcyYi00YTQ1LTk0NjMtOGZkMzk0YjUzNTdj
LzEvei1yT2NVd3BWbzd4bHdCN0ZCMFNkWXpFRmRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDA2BAIAATAwAwQCLYnQAwQE
UcnQAwQCuTjUAwQCuTmoAwQCuXJoAwQDvEGYAwQBwSl2AwQBwf7AMDIEAgACMCwD
BQMqAOkAAwUAKgFEAAMFACoCUSAwDgMFByoL/YADBQAqC/2CAwUAKgv9hzANBgkq
hkiG9w0BAQsFAAOCAQEAT3mfFeFXKgoLQHen23kT+OQ6jat8EmVqXaJumNALChQy
oytX7i7ESkoK7O3K27RpPGSL+qgsYn/JLeaChFBMTaDzzcIBivyq8vMt708uf2f3
ouVm5ejZVigZG7LVtDyPEWLvk8vTKSmHps3oceKDcD88qn3ULiVf1YS6c2+GL+f4
ngSIDDX3AAs2ln7FxCr4mbSi/+wyz3PnIdCwqmHl5haVNMMLaO0OdW3c0EiI3aOu
RdhP3igbclEL8AwXfxPQHLJHAHvMXOxrCS/bSiqcaBaJiGWS4irxkjydQQb3XmEH
f4a4x1Xaq/XEEH2ET1bW86+HVdkImJYyh/v9t51Xgg==
-----END CERTIFICATE-----