Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/ae3bac-3da2-4e49-bdab-13ef1c455cc4/1/HRGDZ3036LdeJ8ifr36Vr8wMKBw.roa
File:                     HRGDZ3036LdeJ8ifr36Vr8wMKBw.roa (raw, json)
Hash identifier:          SX9CKcLsvqIu8lAM/Sjn4fjcGg9EpltG63pvL/YqEa8=
Subject key identifier:   1D:11:83:67:7D:37:E8:B7:5E:27:C8:9F:AF:7E:95:AF:CC:0C:28:1C
Certificate issuer:       /CN=92660b23fe3b8642d6bf475f8eb7fcad9d13c413
Certificate serial:       018CA7692E89F1B588105B866FDB7C198E63
Authority key identifier: 92:66:0B:23:FE:3B:86:42:D6:BF:47:5F:8E:B7:FC:AD:9D:13:C4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kmYLI_47hkLWv0dfjrf8rZ0TxBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/ae3bac-3da2-4e49-bdab-13ef1c455cc4/1/HRGDZ3036LdeJ8ifr36Vr8wMKBw.roa
Signing time:             Tue 26 Dec 2023 18:35:37 +0000
ROA not before:           Tue 26 Dec 2023 18:35:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44076
IP address blocks:        45.141.72.0/22 maxlen: 24
                          192.214.160.0/19 maxlen: 24
                          45.129.40.0/21 maxlen: 24
                          45.135.244.0/22 maxlen: 24
                          45.137.172.0/22 maxlen: 24
                          193.148.160.0/19 maxlen: 24
                          45.142.4.0/22 maxlen: 24
                          193.19.129.0/24 maxlen: 24
                          193.19.130.0/24 maxlen: 24
                          188.34.64.0/18 maxlen: 24
                          213.17.0.0/18 maxlen: 24
                          2a05:b540::/29 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:a7:69:2e:89:f1:b5:88:10:5b:86:6f:db:7c:19:8e:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92660b23fe3b8642d6bf475f8eb7fcad9d13c413
        Validity
            Not Before: Dec 26 18:35:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d1183677d37e8b75e27c89faf7e95afcc0c281c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f5:c5:7a:ec:35:ef:ea:61:7b:17:6e:e2:30:
                    dd:3c:93:99:93:2c:ca:40:49:4b:e8:0c:47:ea:5a:
                    f8:4b:01:90:af:09:fd:32:6c:5d:16:44:fe:f3:ea:
                    13:08:24:8b:5f:b5:c1:82:b1:1b:80:dd:e0:6f:60:
                    76:ac:06:a2:5d:cf:8c:b3:06:66:96:d0:a8:c8:7b:
                    07:18:19:88:14:06:7d:f7:e8:89:f8:49:f5:6c:37:
                    36:25:50:34:67:a9:fa:a2:d0:79:d3:31:00:1e:1f:
                    d3:f1:ed:40:03:51:84:d0:34:8b:52:db:05:44:fd:
                    45:44:89:73:88:4c:79:6d:ef:de:c4:39:22:d2:33:
                    29:4d:04:af:fd:dc:47:e2:c1:2b:d3:ca:c5:03:6d:
                    38:d9:c7:4e:af:b1:d4:85:8c:2f:3f:0e:74:a3:20:
                    f2:38:17:86:1b:ea:5b:29:75:e8:44:19:f8:09:d9:
                    e6:bc:ff:35:59:03:ae:c0:61:6b:d4:fa:5a:79:5a:
                    31:7c:cd:94:1f:00:82:53:cc:f2:0e:81:37:04:06:
                    e9:8f:97:f2:5e:33:32:ee:7c:f8:84:6c:49:c3:d2:
                    21:56:d2:c0:c1:b3:89:19:d9:5a:d6:a7:e0:3a:01:
                    85:fe:15:af:8d:91:ed:d4:55:37:60:de:9b:98:75:
                    6f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:11:83:67:7D:37:E8:B7:5E:27:C8:9F:AF:7E:95:AF:CC:0C:28:1C
            X509v3 Authority Key Identifier:
                keyid:92:66:0B:23:FE:3B:86:42:D6:BF:47:5F:8E:B7:FC:AD:9D:13:C4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kmYLI_47hkLWv0dfjrf8rZ0TxBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ae3bac-3da2-4e49-bdab-13ef1c455cc4/1/HRGDZ3036LdeJ8ifr36Vr8wMKBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ae3bac-3da2-4e49-bdab-13ef1c455cc4/1/kmYLI_47hkLWv0dfjrf8rZ0TxBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.40.0/21
                  45.135.244.0/22
                  45.137.172.0/22
                  45.141.72.0/22
                  45.142.4.0/22
                  188.34.64.0/18
                  192.214.160.0/19
                  193.19.129.0-193.19.130.255
                  193.148.160.0/19
                  213.17.0.0/18
                IPv6:
                  2a05:b540::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:b8:c0:b8:90:12:db:b8:c4:42:1d:da:bd:2f:9d:67:ab:0d:
         ae:43:1b:8f:7b:67:c4:a9:4c:17:7f:15:cf:0f:8e:79:ee:08:
         43:ff:d8:3d:9f:63:fe:fa:e2:b0:c0:3b:cc:cc:80:97:f5:bd:
         e8:ac:d8:59:01:ba:a2:a0:05:f5:03:0d:92:05:b1:70:f7:e6:
         df:3c:42:2c:69:43:c4:a5:f0:f4:5b:43:fa:9e:8a:d5:4d:b7:
         de:2a:9b:f9:9d:ac:31:57:39:27:e7:49:08:04:97:ab:05:04:
         63:93:72:e5:e1:e5:77:e5:33:79:af:db:1d:0f:36:85:b2:5d:
         d9:52:ab:fe:e4:64:62:a5:ca:8f:eb:88:7b:1f:e3:40:fc:33:
         47:91:99:c7:8f:a3:82:1a:96:37:b2:d1:0d:68:22:7c:6b:5c:
         96:98:6b:e2:6c:03:fb:e0:62:aa:02:7d:19:a2:9c:b9:57:4c:
         e9:cc:1f:e1:7f:0b:82:2e:fb:61:4a:48:cd:d5:ba:3d:10:20:
         a1:e5:a3:08:89:06:d8:34:9e:cc:5b:72:d7:41:77:4e:b2:8f:
         bb:02:51:6d:19:26:05:ac:e3:7d:3d:48:96:c2:d2:61:23:4b:
         81:ec:2b:9e:50:a7:6b:09:6a:12:81:1e:69:b5:a4:4e:9e:d5:
         05:fb:49:7a
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYynaS6J8bWIEFuGb9t8GY5jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNjYwYjIzZmUzYjg2NDJkNmJmNDc1ZjhlYjdmY2FkOWQx
M2M0MTMwHhcNMjMxMjI2MTgzNTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDExODM2NzdkMzdlOGI3NWUyN2M4OWZhZjdlOTVhZmNjMGMyODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvXFeuw17+phexdu4jDdPJOZkyzK
QElL6AxH6lr4SwGQrwn9MmxdFkT+8+oTCCSLX7XBgrEbgN3gb2B2rAaiXc+MswZm
ltCoyHsHGBmIFAZ99+iJ+En1bDc2JVA0Z6n6otB50zEAHh/T8e1AA1GE0DSLUtsF
RP1FRIlziEx5be/exDki0jMpTQSv/dxH4sEr08rFA2042cdOr7HUhYwvPw50oyDy
OBeGG+pbKXXoRBn4CdnmvP81WQOuwGFr1PpaeVoxfM2UHwCCU8zyDoE3BAbpj5fy
XjMy7nz4hGxJw9IhVtLAwbOJGdla1qfgOgGF/hWvjZHt1FU3YN6bmHVvYwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFB0Rg2d9N+i3XifIn69+la/MDCgcMB8GA1UdIwQY
MBaAFJJmCyP+O4ZC1r9HX463/K2dE8QTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva21ZTElfNDdoa0xXdjBkZmpyZjhyWjBUeEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hZTNiYWMtM2RhMi00ZTQ5LWJkYWIt
MTNlZjFjNDU1Y2M0LzEvSFJHRFozMDM2TGRlSjhpZnIzNlZyOHdNS0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hZTNiYWMtM2RhMi00ZTQ5LWJkYWItMTNlZjFjNDU1Y2M0
LzEva21ZTElfNDdoa0xXdjBkZmpyZjhyWjBUeEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQDLYEoAwQC
LYf0AwQCLYmsAwQCLY1IAwQCLY4EAwQGvCJAAwQFwNagMAwDBADBE4EDBADBE4ID
BAXBlKADBAbVEQAwDQQCAAIwBwMFAyoFtUAwDQYJKoZIhvcNAQELBQADggEBAGO4
wLiQEtu4xEId2r0vnWerDa5DG497Z8SpTBd/Fc8PjnnuCEP/2D2fY/764rDAO8zM
gJf1veis2FkBuqKgBfUDDZIFsXD35t88QixpQ8Sl8PRbQ/qeitVNt94qm/mdrDFX
OSfnSQgEl6sFBGOTcuXh5XflM3mv2x0PNoWyXdlSq/7kZGKlyo/riHsf40D8M0eR
mcePo4Ialjey0Q1oInxrXJaYa+JsA/vgYqoCfRminLlXTOnMH+F/C4Iu+2FKSM3V
uj0QIKHlowiJBtg0nsxbctdBd06yj7sCUW0ZJgWs4309SJbC0mEjS4HsK55Qp2sJ
ahKBHmm1pE6e1QX7SXo=
-----END CERTIFICATE-----