Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/akO3sXsv0WgsiqGUOW37gm4ZP-8.roa
File:                     akO3sXsv0WgsiqGUOW37gm4ZP-8.roa (raw, json)
Hash identifier:          fg6jSBTBCkXa23nRli9zomtW363ThbvyKSAgC9aeY+Y=
Subject key identifier:   6A:43:B7:B1:7B:2F:D1:68:2C:8A:A1:94:39:6D:FB:82:6E:19:3F:EF
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       01870D301353E52A15B66C028DB51217D473
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/akO3sXsv0WgsiqGUOW37gm4ZP-8.roa
Signing time:             Thu 23 Mar 2023 06:37:47 +0000
ROA not before:           Thu 23 Mar 2023 06:37:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28907
IP address blocks:        77.87.192.0/21 maxlen: 21
                          195.39.197.0/24 maxlen: 24
                          195.39.196.0/24 maxlen: 24
                          195.39.196.0/23 maxlen: 23
                          89.184.64.0/19 maxlen: 24
                          89.184.72.0/21 maxlen: 21
                          89.184.88.0/21 maxlen: 21
                          78.27.192.0/19 maxlen: 24
                          5.149.120.0/21 maxlen: 21
                          2a02:2278:235::/48 maxlen: 48
                          2a02:2278::/32 maxlen: 32
                          2a02:2278:220::/48 maxlen: 48
                          2a02:2278:234::/48 maxlen: 48
                          2a02:2278:204::/48 maxlen: 48
                          2a02:2278:208::/48 maxlen: 48
                          2a02:2278:236::/48 maxlen: 48
                          2a02:2278:221::/48 maxlen: 48
                          2a02:2278:237::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0d:30:13:53:e5:2a:15:b6:6c:02:8d:b5:12:17:d4:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Mar 23 06:37:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a43b7b17b2fd1682c8aa194396dfb826e193fef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:22:07:a3:17:14:6f:f3:61:c1:a0:e7:7b:cf:
                    88:28:a1:aa:f9:d2:17:b5:4a:c7:20:86:5e:89:4a:
                    9e:cd:92:c0:06:48:9c:9c:c8:85:5f:7a:37:9f:36:
                    26:b2:ec:4b:31:b6:0f:1a:47:90:95:3b:ab:d8:d9:
                    3b:b2:02:72:a4:f1:0d:93:d9:47:f7:4e:26:72:a0:
                    4c:8a:d2:4e:ba:4b:21:05:15:0d:18:d3:71:45:ac:
                    e6:23:47:a9:cf:37:d8:72:41:9f:90:6a:da:e5:b3:
                    45:f3:d0:51:68:9c:fc:b9:9d:fc:93:c0:c8:c8:f8:
                    f5:8d:b9:53:22:d2:6b:a6:fc:51:18:78:2b:f4:f2:
                    68:d7:7e:9c:bd:e2:3c:82:20:10:5f:7c:d0:b5:61:
                    ed:b3:1a:e3:dd:e1:7d:29:29:99:2c:0d:96:1f:4b:
                    a9:9d:53:4c:5e:49:b4:df:35:b3:d6:a3:a0:60:25:
                    b7:ae:6c:f7:49:eb:d8:a9:47:eb:e8:4a:9a:63:f5:
                    11:80:0f:f1:53:a4:e3:9c:00:c2:83:55:8f:16:5a:
                    e1:5f:2c:2c:30:a7:e7:6c:8b:00:7e:c2:32:f7:85:
                    29:d2:36:8e:37:24:e4:02:0b:40:85:9a:b9:e5:48:
                    42:14:2a:2a:b3:19:71:a9:c1:f8:ea:d5:89:bf:48:
                    36:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:43:B7:B1:7B:2F:D1:68:2C:8A:A1:94:39:6D:FB:82:6E:19:3F:EF
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/akO3sXsv0WgsiqGUOW37gm4ZP-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.120.0/21
                  77.87.192.0/21
                  78.27.192.0/19
                  89.184.64.0/19
                  195.39.196.0/23
                IPv6:
                  2a02:2278::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:c2:4b:36:5f:83:7a:ce:4f:fe:34:16:bf:72:a1:24:d6:da:
         f6:f3:23:df:b9:a4:d8:c2:31:1d:ec:75:29:1f:32:c0:86:e6:
         ae:bb:36:70:c2:96:ce:98:18:27:8f:9b:8f:84:ad:ca:a8:81:
         96:b7:ef:c6:33:f0:27:7a:da:31:7d:2b:e5:4f:6a:75:f6:23:
         5e:4c:8f:ea:35:76:79:64:f9:8e:8f:62:ec:1b:2a:19:8f:cd:
         ba:9c:67:a3:4e:13:4b:3f:0b:db:b1:93:e4:c8:4a:92:ff:6e:
         33:27:a0:74:4c:1f:38:15:eb:32:f9:10:2a:43:c8:c6:ed:60:
         01:98:87:cb:9a:a1:58:c1:27:07:a3:af:96:a8:cb:d4:6d:a3:
         77:8d:7f:c7:a7:ee:cd:2a:56:1f:d6:7b:e5:14:61:06:7a:fa:
         d2:ad:d2:3e:b1:4e:43:7b:06:fd:e8:74:10:e7:84:75:e6:a6:
         d7:77:e0:2c:e2:24:b6:67:4e:dc:e4:61:6d:33:22:da:8c:33:
         b2:df:d2:85:5c:5f:ca:b5:85:d1:e5:57:7c:e3:32:74:fd:98:
         6d:99:c2:22:6b:8a:b3:9f:3a:6b:7f:8d:01:cf:b1:c4:de:c5:
         bf:81:52:17:81:3e:13:10:b0:9e:71:09:9f:8e:e6:b7:9e:ea:
         2e:2c:53:7a
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYcNMBNT5SoVtmwCjbUSF9RzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjMwMzIzMDYzNzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQzYjdiMTdiMmZkMTY4MmM4YWExOTQzOTZkZmI4MjZlMTkzZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSIHoxcUb/NhwaDne8+IKKGq+dIX
tUrHIIZeiUqezZLABkicnMiFX3o3nzYmsuxLMbYPGkeQlTur2Nk7sgJypPENk9lH
904mcqBMitJOukshBRUNGNNxRazmI0epzzfYckGfkGra5bNF89BRaJz8uZ38k8DI
yPj1jblTItJrpvxRGHgr9PJo136cveI8giAQX3zQtWHtsxrj3eF9KSmZLA2WH0up
nVNMXkm03zWz1qOgYCW3rmz3SevYqUfr6EqaY/URgA/xU6TjnADCg1WPFlrhXyws
MKfnbIsAfsIy94Up0jaONyTkAgtAhZq55UhCFCoqsxlxqcH46tWJv0g2rwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFGpDt7F7L9FoLIqhlDlt+4JuGT/vMB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvYWtPM3NYc3YwV2dzaXFHVU9XMzdnbTRaUC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBZV4AwQD
TVfAAwQFThvAAwQFWbhAAwQBwyfEMA0EAgACMAcDBQAqAiJ4MA0GCSqGSIb3DQEB
CwUAA4IBAQCkwks2X4N6zk/+NBa/cqEk1tr28yPfuaTYwjEd7HUpHzLAhuauuzZw
wpbOmBgnj5uPhK3KqIGWt+/GM/AnetoxfSvlT2p19iNeTI/qNXZ5ZPmOj2LsGyoZ
j826nGejThNLPwvbsZPkyEqS/24zJ6B0TB84Fesy+RAqQ8jG7WABmIfLmqFYwScH
o6+WqMvUbaN3jX/Hp+7NKlYf1nvlFGEGevrSrdI+sU5Dewb96HQQ54R15qbXd+As
4iS2Z07c5GFtMyLajDOy39KFXF/KtYXR5Vd84zJ0/ZhtmcIia4qznzprf40Bz7HE
3sW/gVIXgT4TELCecQmfjua3nuouLFN6
-----END CERTIFICATE-----