Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hZgPD6H98s64FNaoX8r--cTyepk.roa
File:                     hZgPD6H98s64FNaoX8r--cTyepk.roa (raw, json)
Hash identifier:          ekoJT+6MsFmK0hUWimepu7rB+qEUE5rn/fvZMu/Ybpw=
Subject key identifier:   85:98:0F:0F:A1:FD:F2:CE:B8:14:D6:A8:5F:CA:FE:F9:C4:F2:7A:99
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       0183B15704DDC74C1E6D8D4B8DE54B2462BB
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hZgPD6H98s64FNaoX8r--cTyepk.roa
Signing time:             Fri 07 Oct 2022 07:26:53 +0000
ROA not before:           Fri 07 Oct 2022 07:26:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205132
IP address blocks:        84.238.167.0/24 maxlen: 24
                          212.72.199.0/24 maxlen: 24
                          94.236.169.0/24 maxlen: 24
                          83.228.89.0/24 maxlen: 24
                          83.228.87.0/24 maxlen: 24
                          83.228.86.0/24 maxlen: 24
                          213.91.157.0/24 maxlen: 24
                          77.85.198.0/24 maxlen: 24
                          213.91.173.0/24 maxlen: 24
                          213.91.191.0/24 maxlen: 24
                          84.238.192.0/24 maxlen: 24
                          212.72.221.0/24 maxlen: 24
                          84.238.194.0/24 maxlen: 24
                          84.238.193.0/24 maxlen: 24
                          46.10.156.0/24 maxlen: 24
                          46.10.179.0/24 maxlen: 24
                          77.85.170.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b1:57:04:dd:c7:4c:1e:6d:8d:4b:8d:e5:4b:24:62:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Oct  7 07:26:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=85980f0fa1fdf2ceb814d6a85fcafef9c4f27a99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:48:e1:3f:a5:ca:53:f3:63:a0:0e:59:22:3d:
                    ca:30:cd:85:c7:b8:72:39:3a:72:29:a9:72:29:eb:
                    6d:10:c9:a6:1e:f0:65:eb:34:f0:23:30:f4:66:df:
                    5c:51:be:28:5c:f2:43:c9:24:3b:24:c1:ef:33:89:
                    a3:01:78:06:3a:d6:e1:bd:fd:a2:9d:1d:fe:8e:ef:
                    88:50:50:62:d3:d8:28:47:9e:43:88:f0:87:72:aa:
                    72:1c:7d:32:fa:e5:aa:aa:69:28:30:8e:cf:d0:66:
                    ab:e0:78:48:08:cb:47:c7:b2:0c:e8:99:a8:50:f1:
                    43:e3:40:2d:10:f5:3b:f8:c0:4b:1a:66:a9:e5:40:
                    1e:93:f6:0e:c4:3d:14:63:eb:80:44:24:d7:23:16:
                    95:42:13:c0:1b:15:2b:f3:d4:d1:ea:c3:e6:45:f7:
                    86:2b:09:18:f1:7c:ea:fe:cd:63:e5:88:cd:6b:cb:
                    47:77:ea:6a:07:69:15:66:d1:79:18:03:25:4d:5f:
                    22:b6:03:72:49:77:9b:66:9f:69:c8:df:71:e4:ea:
                    f4:33:fb:b5:71:1e:97:29:42:eb:24:3b:a6:06:0f:
                    34:8f:18:c1:af:05:e8:54:8e:62:c3:88:81:09:ec:
                    21:a4:57:aa:3b:8c:b3:3f:aa:2a:71:5b:b1:f1:3e:
                    fa:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:98:0F:0F:A1:FD:F2:CE:B8:14:D6:A8:5F:CA:FE:F9:C4:F2:7A:99
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hZgPD6H98s64FNaoX8r--cTyepk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.10.156.0/24
                  46.10.179.0/24
                  77.85.170.0/24
                  77.85.198.0/24
                  83.228.86.0/23
                  83.228.89.0/24
                  84.238.167.0/24
                  84.238.192.0-84.238.194.255
                  94.236.169.0/24
                  212.72.199.0/24
                  212.72.221.0/24
                  213.91.157.0/24
                  213.91.173.0/24
                  213.91.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:1b:6e:db:0b:58:69:04:bc:30:8a:ae:c8:d7:69:9e:c6:87:
         76:2b:70:65:04:d0:8b:a1:ac:e4:fc:09:97:d5:23:3d:cd:aa:
         e6:d5:58:16:b5:d4:4a:3d:e1:b0:3f:7f:4d:8b:7c:f6:ac:ad:
         2c:5a:25:d7:28:f6:38:99:bd:db:f1:6a:07:43:d2:17:99:e8:
         fc:ff:a8:28:14:3e:33:05:c4:b9:41:d4:b7:1e:9c:f1:c6:90:
         68:a5:62:01:8d:04:99:15:5c:ab:1b:19:3a:ba:ad:10:57:c3:
         41:f7:f2:5f:48:b1:51:d4:1a:ab:6b:f1:98:27:90:6f:1c:b3:
         b8:9a:60:00:26:e4:96:f6:da:47:b0:71:77:14:8e:e9:e1:d3:
         2f:64:86:d6:57:68:b3:3b:c0:25:b3:ae:67:d1:56:84:4e:58:
         b7:cb:2f:5d:2b:db:52:30:4e:fe:59:81:a1:05:47:a5:5f:87:
         78:08:6c:00:d4:d2:d8:7b:b3:11:d6:13:17:63:e7:6c:4c:2c:
         76:d7:bb:0d:99:be:93:b9:bc:fd:82:9f:67:e6:ff:7b:de:10:
         90:c4:1c:31:b8:6c:a3:28:93:85:d9:bb:6e:c2:46:b1:38:e3:
         0f:e7:b4:ca:e5:c5:bc:41:a6:11:96:41:6d:3c:15:58:47:86:
         7a:0b:58:af
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYOxVwTdx0webY1LjeVLJGK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjIxMDA3MDcyNjUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTk4MGYwZmExZmRmMmNlYjgxNGQ2YTg1ZmNhZmVmOWM0ZjI3YTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0jhP6XKU/NjoA5ZIj3KMM2Fx7hy
OTpyKalyKettEMmmHvBl6zTwIzD0Zt9cUb4oXPJDySQ7JMHvM4mjAXgGOtbhvf2i
nR3+ju+IUFBi09goR55DiPCHcqpyHH0y+uWqqmkoMI7P0Gar4HhICMtHx7IM6Jmo
UPFD40AtEPU7+MBLGmap5UAek/YOxD0UY+uARCTXIxaVQhPAGxUr89TR6sPmRfeG
KwkY8Xzq/s1j5YjNa8tHd+pqB2kVZtF5GAMlTV8itgNySXebZp9pyN9x5Or0M/u1
cR6XKULrJDumBg80jxjBrwXoVI5iw4iBCewhpFeqO4yzP6oqcVux8T76mwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFIWYDw+h/fLOuBTWqF/K/vnE8nqZMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvaFpnUEQ2SDk4czY0Rk5hb1g4ci0tY1R5ZXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQALgqcAwQA
LgqzAwQATVWqAwQATVXGAwQBU+RWAwQAU+RZAwQAVO6nMAwDBAZU7sADBABU7sID
BABe7KkDBADUSMcDBADUSN0DBADVW50DBADVW60DBADVW78wDQYJKoZIhvcNAQEL
BQADggEBAJobbtsLWGkEvDCKrsjXaZ7Gh3YrcGUE0IuhrOT8CZfVIz3NqubVWBa1
1Eo94bA/f02LfPasrSxaJdco9jiZvdvxagdD0heZ6Pz/qCgUPjMFxLlB1LcenPHG
kGilYgGNBJkVXKsbGTq6rRBXw0H38l9IsVHUGqtr8ZgnkG8cs7iaYAAm5Jb22kew
cXcUjunh0y9khtZXaLM7wCWzrmfRVoROWLfLL10r21IwTv5ZgaEFR6Vfh3gIbADU
0th7sxHWExdj52xMLHbXuw2ZvpO5vP2Cn2fm/3veEJDEHDG4bKMok4XZu27CRrE4
4w/ntMrlxbxBphGWQW08FVhHhnoLWK8=
-----END CERTIFICATE-----