Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/NaSbUZC4UZjdvNnKwzruuXtBQOY.roa
File:                     NaSbUZC4UZjdvNnKwzruuXtBQOY.roa (raw, json)
Hash identifier:          cNhrUmOvl4Pm7++5HEslybhoYdpS6BrbnyEagAaltHY=
Subject key identifier:   35:A4:9B:51:90:B8:51:98:DD:BC:D9:CA:C3:3A:EE:B9:7B:41:40:E6
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       0182CB07658A2652EC85632F65C926CB0238
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/NaSbUZC4UZjdvNnKwzruuXtBQOY.roa
Signing time:             Tue 23 Aug 2022 14:07:15 +0000
ROA not before:           Tue 23 Aug 2022 14:07:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205132
IP address blocks:        84.238.167.0/24 maxlen: 24
                          212.72.199.0/24 maxlen: 24
                          94.236.169.0/24 maxlen: 24
                          83.228.89.0/24 maxlen: 24
                          83.228.87.0/24 maxlen: 24
                          83.228.86.0/24 maxlen: 24
                          213.91.157.0/24 maxlen: 24
                          213.91.173.0/24 maxlen: 24
                          213.91.191.0/24 maxlen: 24
                          212.72.221.0/24 maxlen: 24
                          84.238.194.0/24 maxlen: 24
                          84.238.193.0/24 maxlen: 24
                          46.10.156.0/24 maxlen: 24
                          46.10.179.0/24 maxlen: 24
                          77.85.170.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:cb:07:65:8a:26:52:ec:85:63:2f:65:c9:26:cb:02:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Aug 23 14:07:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=35a49b5190b85198ddbcd9cac33aeeb97b4140e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:47:53:78:9d:f1:4a:55:8b:0f:0d:ab:a6:13:
                    83:d9:b5:e5:4c:72:a1:26:f2:d6:f7:81:f6:aa:ce:
                    4c:85:79:7a:34:9d:04:8b:a6:4a:ac:5f:5d:b7:d0:
                    ed:d4:90:16:3f:86:33:b1:a4:5a:77:98:75:04:53:
                    74:fb:20:fe:92:f7:a1:59:f1:4a:52:bf:f3:28:33:
                    9e:eb:01:d7:9a:e5:10:d4:ef:a9:ff:a2:34:a8:40:
                    23:83:31:2d:f3:dc:ee:ef:cd:2a:9c:fd:f5:04:1d:
                    97:ee:5e:4f:8c:b1:1d:fb:93:83:51:c0:d5:22:46:
                    3b:83:df:5b:18:17:c3:ec:10:2c:b3:f5:75:3d:9c:
                    25:a5:63:2a:63:9e:1e:9f:53:50:75:8c:c9:7d:b8:
                    77:24:93:f8:54:7a:4d:25:2c:47:63:ad:40:fe:af:
                    06:88:69:62:2e:4f:87:49:4f:76:00:54:fb:17:c2:
                    f5:bc:14:c4:0d:74:54:42:de:fc:0f:79:05:bc:bb:
                    eb:eb:6c:c2:00:8a:b4:99:7c:b4:ae:d1:da:2b:1b:
                    f3:e8:e4:ac:2b:30:c3:14:01:15:a0:fc:60:b1:01:
                    58:f4:ea:bc:44:3d:72:f7:84:86:2a:00:05:02:d3:
                    6a:33:54:da:ec:8c:31:9c:9d:68:ff:fa:fe:a6:6b:
                    f4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A4:9B:51:90:B8:51:98:DD:BC:D9:CA:C3:3A:EE:B9:7B:41:40:E6
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/NaSbUZC4UZjdvNnKwzruuXtBQOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.10.156.0/24
                  46.10.179.0/24
                  77.85.170.0/24
                  83.228.86.0/23
                  83.228.89.0/24
                  84.238.167.0/24
                  84.238.193.0-84.238.194.255
                  94.236.169.0/24
                  212.72.199.0/24
                  212.72.221.0/24
                  213.91.157.0/24
                  213.91.173.0/24
                  213.91.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:13:50:c8:af:29:ae:6f:cb:be:b0:e4:ec:bf:16:4c:fe:c2:
         d1:e7:b1:f7:f6:ce:72:b3:75:04:5a:07:0d:73:6c:48:b3:94:
         75:2a:26:56:e6:ef:8a:bd:b9:a9:04:f7:2c:2d:61:9e:9f:74:
         fa:47:2d:14:c1:1c:16:d5:b9:c3:35:21:ed:19:7d:52:d0:d5:
         d2:22:7c:37:7a:7e:66:18:74:87:75:55:e5:a8:f5:9a:2f:93:
         71:58:d0:29:b2:c8:37:f4:c3:a9:3a:f0:d2:fb:ff:9d:a5:1d:
         7c:32:1c:06:93:ce:34:68:53:96:8d:8f:7d:86:4e:05:94:12:
         1d:48:20:40:ff:c4:e8:77:7e:44:38:25:66:84:1e:c4:7a:98:
         0e:0e:eb:3c:52:1b:f9:78:3a:e1:e9:e6:4f:68:fe:02:4c:e1:
         56:e6:76:3e:02:96:44:da:10:48:8d:b5:92:83:b9:15:df:da:
         3d:ae:fa:75:13:5b:e6:08:73:95:36:e9:83:92:d5:45:78:8e:
         f7:04:5c:c5:41:68:47:ac:4b:a4:85:25:92:a4:77:76:d8:6b:
         ed:a7:31:97:5b:85:f2:29:01:6a:5c:d0:fe:71:34:80:ce:44:
         67:fb:89:25:57:02:62:3e:4b:48:86:5c:97:35:83:42:4f:65:
         99:b0:13:68
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYLLB2WKJlLshWMvZckmywI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjIwODIzMTQwNzE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWE0OWI1MTkwYjg1MTk4ZGRiY2Q5Y2FjMzNhZWViOTdiNDE0MGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkdTeJ3xSlWLDw2rphOD2bXlTHKh
JvLW94H2qs5MhXl6NJ0Ei6ZKrF9dt9Dt1JAWP4YzsaRad5h1BFN0+yD+kvehWfFK
Ur/zKDOe6wHXmuUQ1O+p/6I0qEAjgzEt89zu780qnP31BB2X7l5PjLEd+5ODUcDV
IkY7g99bGBfD7BAss/V1PZwlpWMqY54en1NQdYzJfbh3JJP4VHpNJSxHY61A/q8G
iGliLk+HSU92AFT7F8L1vBTEDXRUQt78D3kFvLvr62zCAIq0mXy0rtHaKxvz6OSs
KzDDFAEVoPxgsQFY9Oq8RD1y94SGKgAFAtNqM1Ta7IwxnJ1o//r+pmv0KwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFDWkm1GQuFGY3bzZysM67rl7QUDmMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvTmFTYlVaQzRVWmpkdk5uS3d6cnV1WHRCUU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALgqcAwQA
LgqzAwQATVWqAwQBU+RWAwQAU+RZAwQAVO6nMAwDBABU7sEDBABU7sIDBABe7KkD
BADUSMcDBADUSN0DBADVW50DBADVW60DBADVW78wDQYJKoZIhvcNAQELBQADggEB
AGgTUMivKa5vy76w5Oy/Fkz+wtHnsff2znKzdQRaBw1zbEizlHUqJlbm74q9uakE
9ywtYZ6fdPpHLRTBHBbVucM1Ie0ZfVLQ1dIifDd6fmYYdId1VeWo9Zovk3FY0Cmy
yDf0w6k68NL7/52lHXwyHAaTzjRoU5aNj32GTgWUEh1IIED/xOh3fkQ4JWaEHsR6
mA4O6zxSG/l4OuHp5k9o/gJM4Vbmdj4ClkTaEEiNtZKDuRXf2j2u+nUTW+YIc5U2
6YOS1UV4jvcEXMVBaEesS6SFJZKkd3bYa+2nMZdbhfIpAWpc0P5xNIDORGf7iSVX
AmI+S0iGXJc1g0JPZZmwE2g=
-----END CERTIFICATE-----