Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/6SqfoBXbfdzP6QDQ9qriVQimbfw.roa
File:                     6SqfoBXbfdzP6QDQ9qriVQimbfw.roa (raw, json)
Hash identifier:          h10ZeDK8Vpxk4dTaxSnGD5X5FQjsTgHbNTN+lO4eHGU=
Subject key identifier:   E9:2A:9F:A0:15:DB:7D:DC:CF:E9:00:D0:F6:AA:E2:55:08:A6:6D:FC
Certificate issuer:       /CN=d25f2cd1a9f0da435f2e3b3ee70e64fdaf4b6121
Certificate serial:       018571957D71CCD0AD51040CA0D9EBE4C7C0
Authority key identifier: D2:5F:2C:D1:A9:F0:DA:43:5F:2E:3B:3E:E7:0E:64:FD:AF:4B:61:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0l8s0anw2kNfLjs-5w5k_a9LYSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/6SqfoBXbfdzP6QDQ9qriVQimbfw.roa
Signing time:             Mon 02 Jan 2023 08:25:00 +0000
ROA not before:           Mon 02 Jan 2023 08:25:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     38176
IP address blocks:        31.47.93.0/24 maxlen: 24
                          31.47.92.0/24 maxlen: 24
                          31.47.95.0/24 maxlen: 24
                          31.47.94.0/24 maxlen: 24
                          31.47.91.0/24 maxlen: 24
                          31.47.90.0/24 maxlen: 24
                          31.47.89.0/24 maxlen: 24
                          31.47.88.0/24 maxlen: 24
                          31.47.88.0/21 maxlen: 21
                          185.198.105.0/24 maxlen: 24
                          185.198.104.0/24 maxlen: 24
                          185.198.107.0/24 maxlen: 24
                          185.198.106.0/24 maxlen: 24
                          2a0a:1a40::/34 maxlen: 34
                          2a0a:1a40:4000::/34 maxlen: 34
                          2a0a:1a40:8000::/34 maxlen: 34
                          2a0a:1a40:c000::/34 maxlen: 34
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:95:7d:71:cc:d0:ad:51:04:0c:a0:d9:eb:e4:c7:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25f2cd1a9f0da435f2e3b3ee70e64fdaf4b6121
        Validity
            Not Before: Jan  2 08:25:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e92a9fa015db7ddccfe900d0f6aae25508a66dfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c0:9d:da:30:14:26:a6:b0:95:30:53:54:b9:
                    5e:0e:a8:c5:0d:71:c7:46:2f:10:b1:c7:65:dd:2c:
                    e0:c3:93:4f:dd:94:6a:84:2a:7d:78:89:c2:f2:fb:
                    fd:9d:19:c0:8e:08:fd:4f:18:9b:16:3f:94:b7:db:
                    5e:c9:3e:ce:85:24:eb:f4:a1:ee:69:e0:a5:af:f6:
                    3e:dc:2b:94:bd:22:ba:9e:e5:ce:c2:86:df:f2:fb:
                    e3:3b:4c:63:37:ce:e7:d4:83:c2:b8:cf:a3:ad:0a:
                    36:da:94:ea:9c:3f:f0:8e:b4:a6:3e:d0:42:60:0a:
                    45:85:10:7e:7d:9f:68:63:6b:f6:14:0b:6b:2d:43:
                    c1:97:43:a5:10:6a:a4:33:f5:7e:de:2f:e4:a5:90:
                    76:05:c8:bf:6a:fe:f0:bc:96:7d:43:19:87:2d:66:
                    32:59:39:13:08:1f:1a:e7:a8:9f:77:15:e1:db:dc:
                    bc:83:65:bd:4d:2c:b3:59:b4:49:66:4e:ff:6a:91:
                    71:63:2a:f1:b5:aa:d7:68:3b:a9:d0:e4:b2:89:65:
                    97:21:42:a3:42:da:18:77:6c:5d:28:86:ec:5a:d7:
                    81:8a:9e:09:1c:ba:97:6d:7c:28:a0:d2:32:2d:1f:
                    4f:2e:35:51:82:4e:48:86:d9:0d:3f:7f:49:7a:76:
                    8d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:2A:9F:A0:15:DB:7D:DC:CF:E9:00:D0:F6:AA:E2:55:08:A6:6D:FC
            X509v3 Authority Key Identifier:
                keyid:D2:5F:2C:D1:A9:F0:DA:43:5F:2E:3B:3E:E7:0E:64:FD:AF:4B:61:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0l8s0anw2kNfLjs-5w5k_a9LYSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/6SqfoBXbfdzP6QDQ9qriVQimbfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/0l8s0anw2kNfLjs-5w5k_a9LYSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.47.88.0/21
                  185.198.104.0/22
                IPv6:
                  2a0a:1a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:88:dd:12:2c:fd:f1:e5:98:ee:c0:93:6f:23:17:e1:c2:fa:
         9c:c5:80:51:d1:49:80:2e:a6:d1:01:6f:62:7a:f6:e1:f6:7a:
         e6:bc:06:ff:64:fc:b2:16:ad:0e:2b:e2:70:fe:f8:97:31:d6:
         b8:2b:e3:93:9c:f0:20:a5:aa:1a:f2:1c:ed:6e:33:aa:07:b8:
         f9:57:dd:bb:91:03:f7:81:26:d7:b6:c0:a1:bb:c4:ca:d6:f1:
         3b:32:0d:ee:b7:1c:a3:02:81:b9:6d:12:29:df:8d:88:dd:ed:
         88:ad:95:a5:f5:37:b2:66:77:58:62:f5:31:79:fa:63:e2:fa:
         17:a5:ff:e6:b2:40:34:26:de:ee:19:69:0d:1e:c9:0c:31:18:
         84:08:2d:60:44:cd:07:47:ce:4c:24:42:02:70:d5:c8:33:38:
         e9:bc:76:75:49:df:72:ef:8a:b4:58:0b:d4:8c:be:81:b0:da:
         71:9d:b7:fb:61:bc:8c:7c:82:a3:dc:35:35:f9:e9:59:68:3c:
         f4:28:5a:2f:fd:26:2e:c3:e4:78:d7:f5:0c:eb:b1:cf:77:79:
         17:fa:1c:a5:62:08:49:f6:45:13:91:e9:ee:41:04:ff:f4:3b:
         be:aa:06:44:cd:96:1a:b0:5b:ae:ae:ef:18:14:b1:a5:ed:9a:
         bf:f2:c8:ea
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVxlX1xzNCtUQQMoNnr5MfAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNWYyY2QxYTlmMGRhNDM1ZjJlM2IzZWU3MGU2NGZkYWY0
YjYxMjEwHhcNMjMwMTAyMDgyNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTJhOWZhMDE1ZGI3ZGRjY2ZlOTAwZDBmNmFhZTI1NTA4YTY2ZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMCd2jAUJqawlTBTVLleDqjFDXHH
Ri8Qscdl3Szgw5NP3ZRqhCp9eInC8vv9nRnAjgj9TxibFj+Ut9teyT7OhSTr9KHu
aeClr/Y+3CuUvSK6nuXOwobf8vvjO0xjN87n1IPCuM+jrQo22pTqnD/wjrSmPtBC
YApFhRB+fZ9oY2v2FAtrLUPBl0OlEGqkM/V+3i/kpZB2Bci/av7wvJZ9QxmHLWYy
WTkTCB8a56ifdxXh29y8g2W9TSyzWbRJZk7/apFxYyrxtarXaDup0OSyiWWXIUKj
QtoYd2xdKIbsWteBip4JHLqXbXwooNIyLR9PLjVRgk5IhtkNP39JenaNcQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOkqn6AV233cz+kA0Paq4lUIpm38MB8GA1UdIwQY
MBaAFNJfLNGp8NpDXy47PucOZP2vS2EhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGw4czBhbncya05mTGpzLTV3NWtfYTlMWVNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yZDEyNWYtMWE2MC00NjhkLWE5M2Et
YzViNmFlY2I2YzljLzEvNlNxZm9CWGJmZHpQNlFEUTlxcmlWUWltYmZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yZDEyNWYtMWE2MC00NjhkLWE5M2EtYzViNmFlY2I2Yzlj
LzEvMGw4czBhbncya05mTGpzLTV3NWtfYTlMWVNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDHy9YAwQC
ucZoMA0EAgACMAcDBQAqChpAMA0GCSqGSIb3DQEBCwUAA4IBAQBeiN0SLP3x5Zju
wJNvIxfhwvqcxYBR0UmALqbRAW9ievbh9nrmvAb/ZPyyFq0OK+Jw/viXMda4K+OT
nPAgpaoa8hztbjOqB7j5V927kQP3gSbXtsChu8TK1vE7Mg3utxyjAoG5bRIp342I
3e2IrZWl9TeyZndYYvUxefpj4voXpf/mskA0Jt7uGWkNHskMMRiECC1gRM0HR85M
JEICcNXIMzjpvHZ1Sd9y74q0WAvUjL6BsNpxnbf7YbyMfIKj3DU1+elZaDz0KFov
/SYuw+R41/UM67HPd3kX+hylYghJ9kUTkenuQQT/9Du+qgZEzZYasFuuru8YFLGl
7Zq/8sjq
-----END CERTIFICATE-----