Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/HoNjASmIPpzc8PuHE0Mz1_Sb7a0.roa
File:                     HoNjASmIPpzc8PuHE0Mz1_Sb7a0.roa (raw, json)
Hash identifier:          AuliNzbrklKr5BmTgvxVB4YYNX5RMIGL2nnwQZKUdXw=
Subject key identifier:   1E:83:63:01:29:88:3E:9C:DC:F0:FB:87:13:43:33:D7:F4:9B:ED:AD
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       01837F316B54BE37439615AC59D25D113EC8
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/HoNjASmIPpzc8PuHE0Mz1_Sb7a0.roa
Signing time:             Tue 27 Sep 2022 13:44:48 +0000
ROA not before:           Tue 27 Sep 2022 13:44:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     136258
IP address blocks:        185.213.23.0/24 maxlen: 24
                          147.78.0.0/24 maxlen: 24
                          147.78.1.0/24 maxlen: 24
                          185.126.239.0/24 maxlen: 24
                          2a11:840:12::/48 maxlen: 48
                          2a11:840:8::/48 maxlen: 48
                          2a11:840:18::/48 maxlen: 48
                          2a11:840:13::/48 maxlen: 48
                          2a11:840:11::/48 maxlen: 48
                          2a11:840:41::/48 maxlen: 48
                          2a11:840:17::/48 maxlen: 48
                          2a11:840:7::/48 maxlen: 48
                          2a11:840:40::/48 maxlen: 48
                          2a11:840:10::/48 maxlen: 48
                          2a11:840:19::/48 maxlen: 48
                          2a11:840:14::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:7f:31:6b:54:be:37:43:96:15:ac:59:d2:5d:11:3e:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Sep 27 13:44:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1e83630129883e9cdcf0fb87134333d7f49bedad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:55:11:12:03:ab:3f:9d:00:34:2e:b5:54:b5:
                    dd:b7:be:11:03:b7:be:b4:71:0b:50:b0:e8:4b:43:
                    bf:60:f5:2c:0e:ed:e3:c3:75:f3:97:46:11:14:e2:
                    9f:da:ab:c2:28:5b:3c:33:39:2d:ad:e6:af:98:a4:
                    41:db:5a:ca:ce:48:9e:c8:8d:97:26:af:38:c8:e0:
                    38:1b:7e:1e:20:31:9c:36:16:c6:d9:4d:cd:2d:9c:
                    28:9b:f0:d3:95:4c:89:c0:ef:7a:b6:10:00:58:2c:
                    83:c8:73:f5:49:5a:19:8a:cc:2b:a5:15:29:0d:c1:
                    8b:14:f6:8c:f5:a6:88:3f:0f:c5:d0:90:2b:b3:e0:
                    02:29:12:56:96:cc:b0:e7:a3:33:f0:f6:c2:e1:85:
                    bc:3a:62:ac:28:3c:07:13:18:54:bf:22:b5:c3:4a:
                    d0:5f:58:dc:c1:d4:db:93:58:02:12:2e:b0:29:80:
                    3c:18:04:44:c6:29:4e:5d:c5:7f:5e:95:9d:3c:09:
                    c7:0d:f0:ae:7a:d3:7f:2c:c3:d9:09:f3:1c:a8:e3:
                    42:a6:aa:81:bf:82:eb:60:0c:dd:1c:93:1a:26:e1:
                    cc:5d:72:80:e0:1c:dc:9c:4e:1e:47:3e:64:0d:c3:
                    f3:1f:d9:cf:d8:99:41:8d:a2:13:ba:64:80:5e:f8:
                    8c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:83:63:01:29:88:3E:9C:DC:F0:FB:87:13:43:33:D7:F4:9B:ED:AD
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/HoNjASmIPpzc8PuHE0Mz1_Sb7a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.0.0/23
                  185.126.239.0/24
                  185.213.23.0/24
                IPv6:
                  2a11:840:7::-2a11:840:8:ffff:ffff:ffff:ffff:ffff
                  2a11:840:10::-2a11:840:14:ffff:ffff:ffff:ffff:ffff
                  2a11:840:17::-2a11:840:19:ffff:ffff:ffff:ffff:ffff
                  2a11:840:40::/47

    Signature Algorithm: sha256WithRSAEncryption
         95:04:55:76:0c:80:cb:f1:9c:67:1d:13:bf:77:c9:03:bd:60:
         af:72:e7:7e:72:58:02:bd:73:d1:62:42:c0:b3:8b:e1:95:84:
         97:89:2f:3c:7c:09:07:35:e0:c9:29:61:57:bc:f7:81:d6:62:
         ea:38:ed:32:1d:3e:a9:c9:92:46:06:c9:06:76:96:df:bf:6f:
         cc:d5:8f:59:dc:db:86:57:78:ad:14:79:0c:a3:e1:4a:45:c0:
         d1:c5:ed:30:4d:ba:ab:67:88:ed:eb:44:20:63:de:f0:b6:26:
         1b:8a:55:6c:d4:26:15:03:61:68:21:2e:fd:b6:43:8b:b8:a5:
         bc:50:35:2d:af:ac:bb:53:3e:e0:a1:2b:3c:8e:66:7b:4b:a8:
         27:7d:36:dc:da:e4:22:b3:50:b9:32:10:7b:12:b5:f1:29:42:
         db:62:c6:17:f1:b7:78:43:6b:ef:29:bf:f0:2d:2c:94:fe:67:
         a4:c0:de:dc:12:59:e3:4e:f9:43:a0:af:86:5e:96:22:21:38:
         c6:60:f6:ab:fe:60:64:e8:7d:89:7f:96:fb:34:ac:a4:d4:78:
         70:b5:5e:c3:b5:61:d7:91:74:42:fe:42:49:88:37:32:3e:79:
         37:3a:1f:69:58:ca:6d:01:55:5b:66:a0:38:7c:28:af:d3:03:
         97:31:6f:80
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYN/MWtUvjdDlhWsWdJdET7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjIwOTI3MTM0NDQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTgzNjMwMTI5ODgzZTljZGNmMGZiODcxMzQzMzNkN2Y0OWJlZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolUREgOrP50ANC61VLXdt74RA7e+
tHELULDoS0O/YPUsDu3jw3Xzl0YRFOKf2qvCKFs8MzktreavmKRB21rKzkieyI2X
Jq84yOA4G34eIDGcNhbG2U3NLZwom/DTlUyJwO96thAAWCyDyHP1SVoZiswrpRUp
DcGLFPaM9aaIPw/F0JArs+ACKRJWlsyw56Mz8PbC4YW8OmKsKDwHExhUvyK1w0rQ
X1jcwdTbk1gCEi6wKYA8GARExilOXcV/XpWdPAnHDfCuetN/LMPZCfMcqONCpqqB
v4LrYAzdHJMaJuHMXXKA4BzcnE4eRz5kDcPzH9nP2JlBjaITumSAXviMEwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFB6DYwEpiD6c3PD7hxNDM9f0m+2tMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvSG9OakFTbUlQcHpjOFB1SEUwTXoxX1NiN2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzAYBAIAATASAwQBk04AAwQA
uX7vAwQAudUXMEsEAgACMEUwEgMHACoRCEAABwMHACoRCEAACDASAwcEKhEIQAAQ
AwcAKhEIQAAUMBIDBwAqEQhAABcDBwEqEQhAABgDBwEqEQhAAEAwDQYJKoZIhvcN
AQELBQADggEBAJUEVXYMgMvxnGcdE793yQO9YK9y535yWAK9c9FiQsCzi+GVhJeJ
Lzx8CQc14MkpYVe894HWYuo47TIdPqnJkkYGyQZ2lt+/b8zVj1nc24ZXeK0UeQyj
4UpFwNHF7TBNuqtniO3rRCBj3vC2JhuKVWzUJhUDYWghLv22Q4u4pbxQNS2vrLtT
PuChKzyOZntLqCd9Ntza5CKzULkyEHsStfEpQttixhfxt3hDa+8pv/AtLJT+Z6TA
3twSWeNO+UOgr4ZeliIhOMZg9qv+YGTofYl/lvs0rKTUeHC1XsO1YdeRdEL+QkmI
NzI+eTc6H2lYym0BVVtmoDh8KK/TA5cxb4A=
-----END CERTIFICATE-----