Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/CUmUtKO7hcvCZmqVZ7VkD1fchec.roa
File:                     CUmUtKO7hcvCZmqVZ7VkD1fchec.roa (raw, json)
Hash identifier:          9vZIb2ioTiToUG2Uc6amXmLHjzNcRy9LVB2onLuYxUk=
Subject key identifier:   09:49:94:B4:A3:BB:85:CB:C2:66:6A:95:67:B5:64:0F:57:DC:85:E7
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01833305A1236B737C937707F391D4B9E72A
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/CUmUtKO7hcvCZmqVZ7VkD1fchec.roa
Signing time:             Mon 12 Sep 2022 18:45:50 +0000
ROA not before:           Mon 12 Sep 2022 18:45:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197343
IP address blocks:        185.215.230.0/24 maxlen: 24
                          5.56.130.0/23 maxlen: 23
                          5.56.128.0/22 maxlen: 22
                          5.56.128.0/23 maxlen: 23
                          37.32.44.0/24 maxlen: 24
                          37.32.42.0/24 maxlen: 24
                          37.32.41.0/24 maxlen: 24
                          37.32.40.0/22 maxlen: 24
                          37.32.45.0/24 maxlen: 24
                          37.32.47.0/24 maxlen: 24
                          5.57.32.0/21 maxlen: 24
                          185.212.48.0/24 maxlen: 24
                          185.212.48.0/22 maxlen: 22
                          185.212.49.0/24 maxlen: 24
                          178.239.149.0/24 maxlen: 24
                          178.239.150.0/24 maxlen: 24
                          178.239.156.0/23 maxlen: 23
                          178.239.156.0/22 maxlen: 22
                          178.239.155.0/24 maxlen: 24
                          178.239.154.0/23 maxlen: 23
                          178.239.154.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:33:05:a1:23:6b:73:7c:93:77:07:f3:91:d4:b9:e7:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Sep 12 18:45:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=094994b4a3bb85cbc2666a9567b5640f57dc85e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ed:90:c0:fd:d4:13:c8:6c:15:59:59:7a:bb:
                    66:c5:03:65:b2:11:a3:79:ee:23:e4:65:f9:33:f4:
                    05:8a:55:19:66:f9:3b:53:0c:7a:41:8a:d9:07:c4:
                    5c:31:c7:9a:57:12:75:3f:0e:db:67:f4:68:73:b9:
                    25:d4:5e:49:ae:69:d1:ed:81:4f:52:6e:7a:65:f0:
                    96:5b:45:d9:25:90:bc:78:9a:c2:c2:74:c6:71:4e:
                    64:22:db:94:72:3f:a2:40:7a:29:db:9b:d7:98:e5:
                    5f:d6:d8:64:1f:12:88:ba:9d:8a:2e:a2:e1:e6:a9:
                    66:96:3e:2f:82:49:05:93:1b:e4:b0:34:53:96:ce:
                    4e:d8:4c:2b:1f:b3:ff:86:ec:f9:42:1e:ba:43:e9:
                    5a:f3:17:86:fb:b6:b0:30:3b:93:be:88:07:3b:e4:
                    eb:0a:f5:44:11:eb:5a:b6:54:d1:e1:f1:1c:6a:ee:
                    8b:ae:ae:4a:2f:54:7b:4b:13:18:5d:19:16:af:38:
                    5c:04:93:f3:93:e0:f7:1f:d8:0c:34:42:38:fc:7c:
                    27:5c:0e:49:89:2d:c4:57:f7:d1:68:89:8c:84:35:
                    aa:20:df:35:df:6f:94:a7:71:5e:2a:41:35:94:96:
                    4b:78:a1:ac:de:4c:a2:da:81:d8:96:23:60:1b:56:
                    b0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:49:94:B4:A3:BB:85:CB:C2:66:6A:95:67:B5:64:0F:57:DC:85:E7
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/CUmUtKO7hcvCZmqVZ7VkD1fchec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.128.0/22
                  5.57.32.0/21
                  37.32.40.0-37.32.45.255
                  37.32.47.0/24
                  178.239.149.0-178.239.150.255
                  178.239.154.0-178.239.159.255
                  185.212.48.0/22
                  185.215.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:3c:a5:4b:2f:14:b7:0e:2c:29:d1:a8:1d:84:09:8f:ce:d1:
         a4:f5:27:c9:09:73:b3:01:56:05:3b:f9:5d:80:44:5e:f1:31:
         50:ec:c2:39:c7:30:fc:7e:b0:d5:81:4d:96:e8:08:e1:8c:bf:
         96:7e:33:90:ab:e8:ac:26:3d:40:ab:dc:1d:15:4b:76:d7:97:
         28:60:5d:bb:c0:2e:ff:8d:71:0a:7b:f9:65:94:52:57:8e:1f:
         98:c8:2e:f6:26:82:bd:fa:61:12:a2:5c:7a:2e:02:ff:fe:1e:
         e4:44:99:96:9e:50:06:3b:b9:d0:59:04:09:ed:83:be:bc:10:
         48:4c:13:d3:fd:ce:cf:c1:d5:82:57:9d:46:a0:f5:18:c0:91:
         d3:aa:ee:94:9c:d3:af:29:f6:41:ea:a4:7d:ac:e4:10:d5:bf:
         0c:bd:95:5d:63:e4:a0:a5:73:28:c4:e4:8b:42:ba:0d:8f:86:
         4e:2e:df:c2:f5:ef:e1:18:e4:a8:0b:06:f4:07:90:c3:09:f6:
         eb:3f:7c:96:c3:07:1c:58:94:00:3d:29:a1:d1:86:d4:ee:79:
         8b:25:d9:f4:3a:08:3d:b5:21:c0:f8:12:9d:2a:af:0c:eb:c1:
         91:63:21:b9:da:6d:cc:55:1a:52:77:3d:7a:d1:5a:36:6a:af:
         7e:ae:c8:64
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYMzBaEja3N8k3cH85HUuecqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjIwOTEyMTg0NTUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTQ5OTRiNGEzYmI4NWNiYzI2NjZhOTU2N2I1NjQwZjU3ZGM4NWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAle2QwP3UE8hsFVlZertmxQNlshGj
ee4j5GX5M/QFilUZZvk7Uwx6QYrZB8RcMceaVxJ1Pw7bZ/Roc7kl1F5JrmnR7YFP
Um56ZfCWW0XZJZC8eJrCwnTGcU5kItuUcj+iQHop25vXmOVf1thkHxKIup2KLqLh
5qlmlj4vgkkFkxvksDRTls5O2EwrH7P/huz5Qh66Q+la8xeG+7awMDuTvogHO+Tr
CvVEEetatlTR4fEcau6Lrq5KL1R7SxMYXRkWrzhcBJPzk+D3H9gMNEI4/HwnXA5J
iS3EV/fRaImMhDWqIN8132+Up3FeKkE1lJZLeKGs3kyi2oHYliNgG1awUQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAlJlLSju4XLwmZqlWe1ZA9X3IXnMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvQ1VtVXRLTzdoY3ZDWm1xVlo3VmtEMWZjaGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCBTiAAwQD
BTkgMAwDBAMlICgDBAElICwDBAAlIC8wDAMEALLvlQMEALLvljAMAwQBsu+aAwQF
su+AAwQCudQwAwQAudfmMA0GCSqGSIb3DQEBCwUAA4IBAQCAPKVLLxS3Diwp0agd
hAmPztGk9SfJCXOzAVYFO/ldgERe8TFQ7MI5xzD8frDVgU2W6AjhjL+WfjOQq+is
Jj1Aq9wdFUt215coYF27wC7/jXEKe/lllFJXjh+YyC72JoK9+mESolx6LgL//h7k
RJmWnlAGO7nQWQQJ7YO+vBBITBPT/c7PwdWCV51GoPUYwJHTqu6UnNOvKfZB6qR9
rOQQ1b8MvZVdY+SgpXMoxOSLQroNj4ZOLt/C9e/hGOSoCwb0B5DDCfbrP3yWwwcc
WJQAPSmh0YbU7nmLJdn0Ogg9tSHA+BKdKq8M68GRYyG52m3MVRpSdz160Vo2aq9+
rshk
-----END CERTIFICATE-----