Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/1_VlGLp0iNa5g9ECX92HtRiUkNc.roa
File:                     1_VlGLp0iNa5g9ECX92HtRiUkNc.roa (raw, json)
Hash identifier:          Rbv62jZ+tD3WmwujHE5AsS2vlkgucig+MAou42d8V08=
Subject key identifier:   D7:F5:65:18:BA:74:88:D6:B9:83:D1:02:5F:DD:87:B5:18:94:90:D7
Certificate issuer:       /CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
Certificate serial:       01856F38FAB8D45F72DBC9748D1BA27165D4
Authority key identifier: BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/1_VlGLp0iNa5g9ECX92HtRiUkNc.roa
Signing time:             Sun 01 Jan 2023 21:24:43 +0000
ROA not before:           Sun 01 Jan 2023 21:24:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50596
IP address blocks:        188.68.8.0/21 maxlen: 21
                          46.254.160.0/21 maxlen: 21
                          37.75.200.0/21 maxlen: 21
                          185.8.220.0/22 maxlen: 22
                          93.179.104.0/21 maxlen: 21
                          188.68.168.0/21 maxlen: 21
                          109.201.96.0/21 maxlen: 21
                          188.68.192.0/21 maxlen: 21
                          178.57.208.0/21 maxlen: 21
                          109.201.104.0/21 maxlen: 21
                          109.201.112.0/20 maxlen: 22
                          2a03:3cc0::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:38:fa:b8:d4:5f:72:db:c9:74:8d:1b:a2:71:65:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
        Validity
            Not Before: Jan  1 21:24:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d7f56518ba7488d6b983d1025fdd87b5189490d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:09:d4:89:79:34:ed:d3:8e:16:03:66:18:73:
                    0e:a5:3c:9e:5e:4c:28:72:54:77:19:07:eb:f7:ae:
                    cf:a2:78:5e:49:9a:fa:a8:43:0a:97:4c:d1:9d:7d:
                    2a:f1:22:a3:66:64:6f:a8:4e:8f:87:32:07:7e:4f:
                    10:a4:dc:56:16:51:20:27:d9:dc:26:38:16:5f:54:
                    b7:df:0f:e1:c5:b6:d8:f4:d0:6b:7b:32:25:c8:03:
                    6d:4a:c0:d8:c3:9f:61:5e:ed:94:ea:c8:3e:78:d1:
                    90:9e:6a:e6:a7:77:e8:5b:9c:9b:98:57:10:d0:d8:
                    fb:ca:8c:95:25:2b:47:a9:30:26:ac:73:ac:16:16:
                    29:60:25:7e:63:c8:3c:ae:55:29:c1:1d:d8:d2:c2:
                    96:ce:f3:58:ee:dd:df:36:b2:bb:6c:10:70:fb:fc:
                    a2:54:4e:4a:0d:19:e3:41:dd:de:ca:21:c2:85:bd:
                    a8:cb:fe:2a:88:05:9b:13:ca:37:49:b2:21:50:a8:
                    2a:a5:e4:72:de:3d:77:b5:f0:12:0d:4c:bc:3c:9a:
                    04:e1:28:53:f2:b8:c9:bf:66:60:9f:52:ae:3b:3a:
                    68:bb:b5:cf:cc:92:9c:f3:f6:9d:8b:73:b6:a2:f2:
                    66:9e:15:72:4a:1f:f8:d4:7a:97:db:77:82:c0:23:
                    a8:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:F5:65:18:BA:74:88:D6:B9:83:D1:02:5F:DD:87:B5:18:94:90:D7
            X509v3 Authority Key Identifier:
                keyid:BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/1_VlGLp0iNa5g9ECX92HtRiUkNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/ug4SZOB7Nwi8udtaFOfMknCGOVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.75.200.0/21
                  46.254.160.0/21
                  93.179.104.0/21
                  109.201.96.0/19
                  178.57.208.0/21
                  185.8.220.0/22
                  188.68.8.0/21
                  188.68.168.0/21
                  188.68.192.0/21
                IPv6:
                  2a03:3cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:89:1a:e6:5e:01:da:be:07:b1:b0:79:a4:78:15:f3:29:46:
         dd:ac:07:4f:11:ce:40:81:1d:56:f8:dc:92:66:5e:b5:5a:a6:
         ea:61:cd:19:ca:65:fb:f1:33:33:65:2c:ac:1c:69:7e:f9:bb:
         44:b1:31:98:cc:e9:a1:c2:e2:2e:d5:0b:d4:40:ff:fe:f4:85:
         0a:40:2e:bd:34:07:22:ba:5c:d1:5c:0a:ef:a3:8a:eb:f7:d4:
         b4:3e:06:f9:e6:d9:2f:ae:0d:b2:ae:26:e6:b8:c3:56:88:62:
         fd:2e:ad:cc:1c:4e:ad:6b:bf:9f:43:e0:8b:61:da:2e:05:ab:
         15:58:b6:88:03:f0:1b:13:92:06:73:53:1b:42:97:ca:f5:1f:
         1f:f4:0f:a7:ef:75:23:8a:02:39:1d:64:46:fc:1c:4a:2d:96:
         ba:d7:11:70:87:66:56:c3:4b:68:c3:04:83:a3:24:60:e4:8a:
         a5:73:66:86:7c:d0:8b:cf:17:b9:c1:95:ef:5c:4e:8a:0f:8c:
         77:b8:45:31:ec:d0:20:48:f3:1b:28:80:9c:bd:ee:6c:d3:12:
         8c:c3:23:52:77:9a:85:cb:a9:7e:7b:b4:c9:0e:5f:5b:14:0c:
         4a:8f:fa:00:9c:e8:0b:bd:5a:6c:8c:dc:6f:78:51:2f:58:ad:
         f0:dc:95:40
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVvOPq41F9y28l0jRuicWXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMGUxMjY0ZTA3YjM3MDhiY2I5ZGI1YTE0ZTdjYzkyNzA4
NjM5NTgwHhcNMjMwMTAxMjEyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Y1NjUxOGJhNzQ4OGQ2Yjk4M2QxMDI1ZmRkODdiNTE4OTQ5MGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgnUiXk07dOOFgNmGHMOpTyeXkwo
clR3GQfr967PonheSZr6qEMKl0zRnX0q8SKjZmRvqE6PhzIHfk8QpNxWFlEgJ9nc
JjgWX1S33w/hxbbY9NBrezIlyANtSsDYw59hXu2U6sg+eNGQnmrmp3foW5ybmFcQ
0Nj7yoyVJStHqTAmrHOsFhYpYCV+Y8g8rlUpwR3Y0sKWzvNY7t3fNrK7bBBw+/yi
VE5KDRnjQd3eyiHChb2oy/4qiAWbE8o3SbIhUKgqpeRy3j13tfASDUy8PJoE4ShT
8rjJv2Zgn1KuOzpou7XPzJKc8/adi3O2ovJmnhVySh/41HqX23eCwCOohQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFNf1ZRi6dIjWuYPRAl/dh7UYlJDXMB8GA1UdIwQY
MBaAFLoOEmTgezcIvLnbWhTnzJJwhjlYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWc0U1pPQjdOd2k4dWR0YUZPZk1rbkNHT1ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS82NGMyZmEtZGY1NC00N2ZmLWE4Yzkt
YmZlMGNjYjc5ZmNjLzEvMV9WbEdMcDBpTmE1ZzlFQ1g5Mkh0UmlVa05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS82NGMyZmEtZGY1NC00N2ZmLWE4YzktYmZlMGNjYjc5ZmNj
LzEvdWc0U1pPQjdOd2k4dWR0YUZPZk1rbkNHT1ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDJUvIAwQD
Lv6gAwQDXbNoAwQFbclgAwQDsjnQAwQCuQjcAwQDvEQIAwQDvESoAwQDvETAMA0E
AgACMAcDBQMqAzzAMA0GCSqGSIb3DQEBCwUAA4IBAQCxiRrmXgHavgexsHmkeBXz
KUbdrAdPEc5AgR1W+NySZl61WqbqYc0ZymX78TMzZSysHGl++btEsTGYzOmhwuIu
1QvUQP/+9IUKQC69NAciulzRXArvo4rr99S0Pgb55tkvrg2yribmuMNWiGL9Lq3M
HE6ta7+fQ+CLYdouBasVWLaIA/AbE5IGc1MbQpfK9R8f9A+n73UjigI5HWRG/BxK
LZa61xFwh2ZWw0towwSDoyRg5Iqlc2aGfNCLzxe5wZXvXE6KD4x3uEUx7NAgSPMb
KICcve5s0xKMwyNSd5qFy6l+e7TJDl9bFAxKj/oAnOgLvVpsjNxveFEvWK3w3JVA
-----END CERTIFICATE-----