Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/mcpk8mWmlXD4BKPXEZjShgmxWSg.roa
File:                     mcpk8mWmlXD4BKPXEZjShgmxWSg.roa (raw, json)
Hash identifier:          B/AdgkxKethMcnrKxtFRXlURVNLGhN493QTfuvENi5w=
Subject key identifier:   99:CA:64:F2:65:A6:95:70:F8:04:A3:D7:11:98:D2:86:09:B1:59:28
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       018A1C85B89E5AD8150AB9E954A0C485745E
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/mcpk8mWmlXD4BKPXEZjShgmxWSg.roa
Signing time:             Tue 22 Aug 2023 09:14:00 +0000
ROA not before:           Tue 22 Aug 2023 09:14:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42831
IP address blocks:        45.43.64.0/23 maxlen: 24
                          45.43.86.0/24 maxlen: 24
                          198.105.109.0/24 maxlen: 24
                          198.105.108.0/24 maxlen: 24
                          198.105.111.0/24 maxlen: 24
                          89.33.6.0/23 maxlen: 24
                          107.181.128.0/22 maxlen: 24
                          107.181.152.0/24 maxlen: 24
                          107.181.154.0/24 maxlen: 24
                          107.181.153.0/24 maxlen: 24
                          2a05:9f46::/32 maxlen: 48
                          2a05:9f47::/32 maxlen: 48
                          2a07:9946::/32 maxlen: 48
                          2a05:9f40:1f::/48 maxlen: 48
                          2a05:9f44:2a05::/48 maxlen: 48
                          2a07:9947::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:1c:85:b8:9e:5a:d8:15:0a:b9:e9:54:a0:c4:85:74:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Aug 22 09:14:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=99ca64f265a69570f804a3d71198d28609b15928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:b0:5e:92:0c:c8:5f:a5:8a:20:2c:25:6a:c0:
                    c6:f7:3b:e3:a5:05:2c:bb:ce:69:e1:51:30:0c:77:
                    b6:e8:ed:16:fa:03:ce:be:b2:af:69:54:fe:11:50:
                    34:ab:d0:0e:9b:28:7e:88:39:2b:45:39:ed:6e:1c:
                    d1:07:54:92:0e:5c:f0:0c:a8:7c:d9:8e:9a:03:65:
                    46:6e:b1:81:2c:47:5d:0d:a5:c3:d7:4a:51:3e:10:
                    fc:b5:55:6c:6b:be:f9:ae:33:0a:5e:bc:3e:8a:f7:
                    ef:41:81:3c:b8:ff:f9:4a:9b:29:9a:b1:d8:25:a8:
                    d1:93:70:ed:4d:a6:4f:34:59:9f:af:ce:3d:2c:c1:
                    5b:d9:15:e9:c7:7a:c7:63:60:98:91:b0:bc:b3:05:
                    f5:6a:e4:54:33:7f:49:7c:91:ac:1f:28:44:fe:91:
                    6d:02:3f:5d:77:d8:7c:2d:86:de:fa:a7:d4:67:d6:
                    4f:0a:44:ac:2e:59:e6:45:59:16:d0:be:30:4b:ca:
                    4e:83:c7:1b:d1:2f:06:3b:8c:f3:4b:1d:ec:8e:7a:
                    e8:40:3e:51:ca:f8:aa:d9:b0:c2:13:90:ed:57:0c:
                    64:bf:6f:a9:10:62:af:50:bd:1e:79:0a:bb:d1:a8:
                    4a:8e:d8:14:9f:cf:49:08:7f:04:c1:06:96:4f:49:
                    d4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:CA:64:F2:65:A6:95:70:F8:04:A3:D7:11:98:D2:86:09:B1:59:28
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/mcpk8mWmlXD4BKPXEZjShgmxWSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.64.0/23
                  45.43.86.0/24
                  89.33.6.0/23
                  107.181.128.0/22
                  107.181.152.0-107.181.154.255
                  198.105.108.0/23
                  198.105.111.0/24
                IPv6:
                  2a05:9f40:1f::/48
                  2a05:9f44:2a05::/48
                  2a05:9f46::/31
                  2a07:9946::/31

    Signature Algorithm: sha256WithRSAEncryption
         90:ee:cf:f5:5b:57:ea:ca:48:4c:f2:08:e8:71:04:d1:c2:5e:
         30:d4:8a:5f:b4:72:4c:b8:0e:c6:0b:bb:85:19:7f:16:1c:86:
         7a:da:03:dc:b8:7a:4f:01:4b:5a:5a:90:c0:c8:cb:2b:f2:71:
         d6:ec:95:14:e5:1b:97:bb:a4:41:35:f4:a1:43:7d:78:b3:0e:
         c8:f1:7d:cd:99:4b:df:d7:bf:16:e3:6f:9b:6c:19:80:cc:40:
         95:0c:d6:31:01:a3:a5:05:09:33:15:45:c5:53:bc:25:ba:f0:
         ee:8c:49:41:fa:38:ea:a9:a0:ce:df:d5:a0:14:2c:ef:3e:fa:
         ee:cb:64:11:82:32:70:1e:f7:d0:62:f3:69:cc:97:e3:11:f8:
         f8:6d:bc:4e:1b:48:85:85:17:47:81:51:24:04:5e:40:43:b1:
         46:2a:0a:fc:21:9b:71:bf:d2:16:68:ff:d3:bf:cb:63:13:75:
         62:7d:37:2f:d1:fd:55:46:75:53:21:8f:87:50:8a:a7:dd:f2:
         c0:ad:80:fc:19:3f:3e:c7:a9:0b:aa:7d:e0:7f:d7:ec:d2:74:
         75:14:9f:f3:59:41:f6:35:4e:7f:d0:4f:90:13:dd:84:43:15:
         1a:ec:ba:97:88:c9:77:e7:41:82:69:80:ac:59:74:b2:63:1e:
         df:bb:2a:87
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYochbieWtgVCrnpVKDEhXReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjMwODIyMDkxNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWNhNjRmMjY1YTY5NTcwZjgwNGEzZDcxMTk4ZDI4NjA5YjE1OTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9rBekgzIX6WKICwlasDG9zvjpQUs
u85p4VEwDHe26O0W+gPOvrKvaVT+EVA0q9AOmyh+iDkrRTntbhzRB1SSDlzwDKh8
2Y6aA2VGbrGBLEddDaXD10pRPhD8tVVsa775rjMKXrw+ivfvQYE8uP/5SpspmrHY
JajRk3DtTaZPNFmfr849LMFb2RXpx3rHY2CYkbC8swX1auRUM39JfJGsHyhE/pFt
Aj9dd9h8LYbe+qfUZ9ZPCkSsLlnmRVkW0L4wS8pOg8cb0S8GO4zzSx3sjnroQD5R
yviq2bDCE5DtVwxkv2+pEGKvUL0eeQq70ahKjtgUn89JCH8EwQaWT0nU4QIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFJnKZPJlppVw+ASj1xGY0oYJsVkoMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvbWNwazhtV21sWEQ0QktQWEVaalNoZ214V1NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjA4BAIAATAyAwQBLStAAwQA
LStWAwQBWSEGAwQCa7WAMAwDBANrtZgDBABrtZoDBAHGaWwDBADGaW8wJgQCAAIw
IAMHACoFn0AAHwMHACoFn0QqBQMFASoFn0YDBQEqB5lGMA0GCSqGSIb3DQEBCwUA
A4IBAQCQ7s/1W1fqykhM8gjocQTRwl4w1IpftHJMuA7GC7uFGX8WHIZ62gPcuHpP
AUtaWpDAyMsr8nHW7JUU5RuXu6RBNfShQ314sw7I8X3NmUvf178W42+bbBmAzECV
DNYxAaOlBQkzFUXFU7wluvDujElB+jjqqaDO39WgFCzvPvruy2QRgjJwHvfQYvNp
zJfjEfj4bbxOG0iFhRdHgVEkBF5AQ7FGKgr8IZtxv9IWaP/Tv8tjE3VifTcv0f1V
RnVTIY+HUIqn3fLArYD8GT8+x6kLqn3gf9fs0nR1FJ/zWUH2NU5/0E+QE92EQxUa
7LqXiMl350GCaYCsWXSyYx7fuyqH
-----END CERTIFICATE-----