Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/8233f2-d3c0-4501-a9c7-138c8417ae93/1/8C3oLKNaV1-lPzu1fIsdel8iHZM.roa
File:                     8C3oLKNaV1-lPzu1fIsdel8iHZM.roa (raw, json)
Hash identifier:          h2WHVMXyZL3PvGljF+Zi+4W2E/791ct+WCdWpx5NVjQ=
Subject key identifier:   F0:2D:E8:2C:A3:5A:57:5F:A5:3F:3B:B5:7C:8B:1D:7A:5F:22:1D:93
Certificate issuer:       /CN=72633388a7a5cfe9a7ca19fd74c922dcb12569d3
Certificate serial:       018655B0C36B7930CBAF0727F1B7F57FB58D
Authority key identifier: 72:63:33:88:A7:A5:CF:E9:A7:CA:19:FD:74:C9:22:DC:B1:25:69:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cmMziKelz-mnyhn9dMki3LEladM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/8233f2-d3c0-4501-a9c7-138c8417ae93/1/8C3oLKNaV1-lPzu1fIsdel8iHZM.roa
Signing time:             Wed 15 Feb 2023 15:28:12 +0000
ROA not before:           Wed 15 Feb 2023 15:28:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34863
IP address blocks:        85.204.24.0/23 maxlen: 23
                          85.204.21.0/24 maxlen: 24
                          85.204.20.0/23 maxlen: 23
                          85.204.25.0/24 maxlen: 24
                          81.23.34.0/24 maxlen: 24
                          81.23.32.0/20 maxlen: 24
                          89.35.96.0/20 maxlen: 24
                          185.63.48.0/22 maxlen: 22
                          185.252.195.0/24 maxlen: 24
                          46.226.128.0/21 maxlen: 24
                          185.2.252.0/22 maxlen: 22
                          188.94.202.0/23 maxlen: 23
                          188.94.201.0/24 maxlen: 24
                          188.94.200.0/24 maxlen: 24
                          188.94.200.0/21 maxlen: 21
                          188.94.206.0/24 maxlen: 24
                          188.94.204.0/22 maxlen: 22
                          2a00:fc8::/32 maxlen: 32
                          2a00:7820::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:55:b0:c3:6b:79:30:cb:af:07:27:f1:b7:f5:7f:b5:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72633388a7a5cfe9a7ca19fd74c922dcb12569d3
        Validity
            Not Before: Feb 15 15:28:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f02de82ca35a575fa53f3bb57c8b1d7a5f221d93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d5:ef:7d:38:0e:a9:df:44:15:57:9d:f3:86:
                    d5:ee:7e:10:02:35:2d:e7:30:5c:f5:4c:4f:cf:90:
                    0e:6d:82:9d:2a:3e:41:a0:96:85:b8:8f:cd:c9:22:
                    72:22:00:3d:84:73:ab:7c:81:13:ee:fd:ee:c8:9f:
                    0d:5d:ec:2e:8b:a6:2d:3b:39:bd:26:72:53:0c:a7:
                    e1:7f:ac:19:f7:56:44:5e:38:02:db:59:a1:60:5a:
                    8d:6a:6f:f0:6c:a0:2f:1f:7e:0d:fe:ad:8b:d3:94:
                    37:af:21:d6:c6:06:74:32:b8:c9:b6:37:e1:c1:fa:
                    22:1c:cb:84:1d:83:b2:86:6e:55:d7:93:ea:d5:de:
                    c9:3d:7d:54:fd:41:82:5f:d0:71:21:f4:f9:75:e1:
                    0b:d3:56:3e:1c:f5:bf:a8:f5:f2:9d:64:ea:06:80:
                    63:2b:a6:ff:e5:c2:c3:2d:d3:3c:56:be:3c:58:d7:
                    3d:f4:e2:dc:58:f1:4b:cd:07:06:68:40:ad:67:68:
                    73:97:12:ad:25:4d:66:8f:35:63:26:a1:bd:fa:8d:
                    4d:8e:ca:8a:ac:2e:09:12:4c:23:37:bc:66:9e:3d:
                    97:8d:43:c5:55:05:05:ee:0a:88:50:9b:21:db:ef:
                    4e:40:d5:55:00:0a:a9:a5:6b:9c:7e:df:9d:dd:e0:
                    b7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:2D:E8:2C:A3:5A:57:5F:A5:3F:3B:B5:7C:8B:1D:7A:5F:22:1D:93
            X509v3 Authority Key Identifier:
                keyid:72:63:33:88:A7:A5:CF:E9:A7:CA:19:FD:74:C9:22:DC:B1:25:69:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cmMziKelz-mnyhn9dMki3LEladM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8233f2-d3c0-4501-a9c7-138c8417ae93/1/8C3oLKNaV1-lPzu1fIsdel8iHZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8233f2-d3c0-4501-a9c7-138c8417ae93/1/cmMziKelz-mnyhn9dMki3LEladM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.128.0/21
                  81.23.32.0/20
                  85.204.20.0/23
                  85.204.24.0/23
                  89.35.96.0/20
                  185.2.252.0/22
                  185.63.48.0/22
                  185.252.195.0/24
                  188.94.200.0/21
                IPv6:
                  2a00:fc8::/32
                  2a00:7820::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:02:f6:53:58:91:8a:61:28:20:8b:be:53:a8:f4:3c:2c:50:
         33:68:35:d3:8d:e0:29:72:09:f0:76:9a:fa:2c:b7:1a:47:50:
         33:13:c9:87:4b:1f:69:a7:d5:47:55:8b:3a:f7:03:7d:75:a5:
         e0:12:85:ed:6c:9d:b5:8b:76:35:77:40:1c:40:2d:51:4b:62:
         30:61:71:7b:19:eb:bc:61:c0:d6:b0:bc:29:00:c9:64:ea:4a:
         e4:4e:a1:83:f3:91:e8:f0:8d:09:1e:05:ea:e3:1d:74:13:a5:
         5f:bd:65:ca:61:7e:67:3d:6b:e8:5c:1d:b1:04:3a:03:52:f2:
         d2:44:19:8c:cd:11:18:c3:08:44:66:d0:de:bf:ce:fb:48:4d:
         a7:0f:04:cb:dd:59:78:e3:44:2a:5c:08:e9:ad:93:ec:2b:d5:
         67:31:40:87:ff:92:2b:3c:65:16:76:2c:01:bf:5e:e9:a6:83:
         06:3e:82:9f:38:17:fa:28:d1:d9:44:b7:18:b1:49:9b:07:1d:
         6f:53:69:f3:10:64:45:1d:00:70:e5:a0:e2:94:30:9e:17:d3:
         60:1f:3d:6d:21:10:6c:33:49:6a:a2:f0:a0:75:d9:7b:7d:a9:
         cb:41:96:91:2a:f0:d1:5b:88:78:fa:a2:5b:59:cf:e5:7d:89:
         b5:3c:29:80
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYZVsMNreTDLrwcn8bf1f7WNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNjMzMzg4YTdhNWNmZTlhN2NhMTlmZDc0YzkyMmRjYjEy
NTY5ZDMwHhcNMjMwMjE1MTUyODEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDJkZTgyY2EzNWE1NzVmYTUzZjNiYjU3YzhiMWQ3YTVmMjIxZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9XvfTgOqd9EFVed84bV7n4QAjUt
5zBc9UxPz5AObYKdKj5BoJaFuI/NySJyIgA9hHOrfIET7v3uyJ8NXewui6YtOzm9
JnJTDKfhf6wZ91ZEXjgC21mhYFqNam/wbKAvH34N/q2L05Q3ryHWxgZ0MrjJtjfh
wfoiHMuEHYOyhm5V15Pq1d7JPX1U/UGCX9BxIfT5deEL01Y+HPW/qPXynWTqBoBj
K6b/5cLDLdM8Vr48WNc99OLcWPFLzQcGaECtZ2hzlxKtJU1mjzVjJqG9+o1NjsqK
rC4JEkwjN7xmnj2XjUPFVQUF7gqIUJsh2+9OQNVVAAqppWucft+d3eC3iQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFPAt6CyjWldfpT87tXyLHXpfIh2TMB8GA1UdIwQY
MBaAFHJjM4inpc/pp8oZ/XTJItyxJWnTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY21NemlLZWx6LW1ueWhuOWRNa2kzTEVsYWRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS84MjMzZjItZDNjMC00NTAxLWE5Yzct
MTM4Yzg0MTdhZTkzLzEvOEMzb0xLTmFWMS1sUHp1MWZJc2RlbDhpSFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS84MjMzZjItZDNjMC00NTAxLWE5YzctMTM4Yzg0MTdhZTkz
LzEvY21NemlLZWx6LW1ueWhuOWRNa2kzTEVsYWRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDLuKAAwQE
URcgAwQBVcwUAwQBVcwYAwQEWSNgAwQCuQL8AwQCuT8wAwQAufzDAwQDvF7IMBQE
AgACMA4DBQAqAA/IAwUAKgB4IDANBgkqhkiG9w0BAQsFAAOCAQEAUwL2U1iRimEo
IIu+U6j0PCxQM2g1043gKXIJ8Haa+iy3GkdQMxPJh0sfaafVR1WLOvcDfXWl4BKF
7WydtYt2NXdAHEAtUUtiMGFxexnrvGHA1rC8KQDJZOpK5E6hg/OR6PCNCR4F6uMd
dBOlX71lymF+Zz1r6FwdsQQ6A1Ly0kQZjM0RGMMIRGbQ3r/O+0hNpw8Ey91ZeONE
KlwI6a2T7CvVZzFAh/+SKzxlFnYsAb9e6aaDBj6CnzgX+ijR2US3GLFJmwcdb1Np
8xBkRR0AcOWg4pQwnhfTYB89bSEQbDNJaqLwoHXZe32py0GWkSrw0VuIePqiW1nP
5X2JtTwpgA==
-----END CERTIFICATE-----