Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/19d313-777b-4044-a238-8b8f3f8d7303/1/w_zq8mrxfu0cRm9SdQa_LfMnz74.roa
File:                     w_zq8mrxfu0cRm9SdQa_LfMnz74.roa (raw, json)
Hash identifier:          d5ENSXevyflnrpv/hnHFWeQnqSt8ZBe8G9bU7cTytsk=
Subject key identifier:   C3:FC:EA:F2:6A:F1:7E:ED:1C:46:6F:52:75:06:BF:2D:F3:27:CF:BE
Certificate issuer:       /CN=4f99e4eae48a01c781faad11f6d81a91ea33bdff
Certificate serial:       018BB98DC454AE2848E051865E2D72C56A3F
Authority key identifier: 4F:99:E4:EA:E4:8A:01:C7:81:FA:AD:11:F6:D8:1A:91:EA:33:BD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5nk6uSKAceB-q0R9tgakeozvf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/19d313-777b-4044-a238-8b8f3f8d7303/1/w_zq8mrxfu0cRm9SdQa_LfMnz74.roa
Signing time:             Fri 10 Nov 2023 14:05:57 +0000
ROA not before:           Fri 10 Nov 2023 14:05:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57752
IP address blocks:        185.54.36.0/22 maxlen: 22
                          185.167.220.0/22 maxlen: 22
                          45.89.152.0/22 maxlen: 22
                          185.17.56.0/24 maxlen: 24
                          185.17.56.0/22 maxlen: 22
                          185.17.57.0/24 maxlen: 24
                          45.130.236.0/22 maxlen: 22
                          45.130.236.0/24 maxlen: 24
                          45.130.238.0/24 maxlen: 24
                          45.130.237.0/24 maxlen: 24
                          45.130.239.0/24 maxlen: 24
                          185.234.48.0/22 maxlen: 22
                          83.136.148.0/23 maxlen: 23
                          83.136.150.0/23 maxlen: 23
                          176.118.172.0/22 maxlen: 22
                          45.91.144.0/22 maxlen: 22
                          109.205.64.0/21 maxlen: 21
                          2a03:dc00::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b9:8d:c4:54:ae:28:48:e0:51:86:5e:2d:72:c5:6a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f99e4eae48a01c781faad11f6d81a91ea33bdff
        Validity
            Not Before: Nov 10 14:05:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c3fceaf26af17eed1c466f527506bf2df327cfbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:20:a4:2a:0e:ec:48:a2:4e:06:07:a7:ac:f6:
                    c6:e5:24:42:99:c1:31:10:1c:6b:58:82:8a:67:3f:
                    0b:06:52:f3:50:4a:3f:37:0b:1c:f4:3f:6e:80:9b:
                    2f:f3:c3:b8:0b:74:cf:45:f4:37:17:3a:da:56:eb:
                    a2:07:23:ae:1a:8f:ee:c1:7e:4a:00:a7:9d:83:74:
                    cc:9b:36:34:ed:9c:76:3e:8c:b2:a9:ab:05:f8:33:
                    05:87:5e:f3:8b:74:9a:70:e6:8b:8e:6a:51:2a:54:
                    71:7d:df:86:6e:d6:75:25:0f:24:9d:98:9f:72:32:
                    d1:eb:ce:ac:9c:b9:d6:73:60:97:9f:88:27:3f:89:
                    6e:23:8d:f3:a5:b9:52:bc:36:65:cc:7f:db:ae:43:
                    8c:62:14:2d:06:ac:d2:63:59:0d:8f:81:ae:e6:95:
                    07:a1:97:3d:3f:fc:19:d7:ef:83:79:c0:68:48:3a:
                    6f:48:dc:62:68:00:46:1d:85:58:56:97:48:4b:48:
                    98:2a:59:84:26:51:0b:01:18:f2:93:0c:d3:64:ae:
                    64:e9:ad:b5:4e:86:ef:38:9e:01:76:30:ab:a5:e2:
                    38:36:cd:2f:8b:3a:ed:5a:a6:4f:28:99:91:30:67:
                    6d:bc:bc:47:f3:69:29:f3:e7:76:a9:63:cc:a6:21:
                    02:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:FC:EA:F2:6A:F1:7E:ED:1C:46:6F:52:75:06:BF:2D:F3:27:CF:BE
            X509v3 Authority Key Identifier:
                keyid:4F:99:E4:EA:E4:8A:01:C7:81:FA:AD:11:F6:D8:1A:91:EA:33:BD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5nk6uSKAceB-q0R9tgakeozvf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/19d313-777b-4044-a238-8b8f3f8d7303/1/w_zq8mrxfu0cRm9SdQa_LfMnz74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/19d313-777b-4044-a238-8b8f3f8d7303/1/T5nk6uSKAceB-q0R9tgakeozvf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.152.0/22
                  45.91.144.0/22
                  45.130.236.0/22
                  83.136.148.0/22
                  109.205.64.0/21
                  176.118.172.0/22
                  185.17.56.0/22
                  185.54.36.0/22
                  185.167.220.0/22
                  185.234.48.0/22
                IPv6:
                  2a03:dc00::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:fa:60:dc:21:4e:89:b3:43:e5:10:b0:c1:fc:7e:da:e3:04:
         6b:66:84:24:8a:e5:ae:32:20:9a:5e:f3:0f:21:a7:2a:68:19:
         4a:00:28:38:65:e7:35:c4:23:14:8c:45:67:9b:04:0d:a2:10:
         6b:4b:48:73:ea:2d:91:f2:27:21:b1:5b:35:7a:f3:ba:ea:e0:
         d3:3e:8b:a4:fd:b0:a7:37:c6:cf:9a:a0:81:d2:66:b1:27:3f:
         12:ff:c4:15:96:78:60:5d:aa:73:88:65:c9:30:6a:11:a6:ed:
         ba:1b:cc:c1:23:f9:82:d1:55:d0:78:19:76:0d:47:d9:08:5d:
         8d:92:db:3a:66:2d:cd:da:67:e8:65:ac:3b:6f:78:f7:18:66:
         7e:9f:ae:3f:f9:d6:53:41:0e:84:d1:15:09:14:e0:03:a5:e8:
         6c:a6:e9:0c:8d:a8:f9:05:ec:1b:1a:75:4e:31:04:91:8e:5f:
         23:3a:ce:97:a9:f0:52:c3:0c:08:d9:49:d0:09:1b:97:7b:c2:
         05:d3:25:de:6d:23:10:3e:7f:0f:bc:4d:5f:ee:d9:d5:9d:8c:
         9b:2e:d0:2c:f1:b7:b0:e6:c9:9d:1e:85:97:b3:38:c5:8b:29:
         ab:f8:5b:71:87:db:96:ef:9d:58:03:6b:de:36:50:cf:0f:cf:
         1d:09:99:d0
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYu5jcRUrihI4FGGXi1yxWo/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTllNGVhZTQ4YTAxYzc4MWZhYWQxMWY2ZDgxYTkxZWEz
M2JkZmYwHhcNMjMxMTEwMTQwNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2ZjZWFmMjZhZjE3ZWVkMWM0NjZmNTI3NTA2YmYyZGYzMjdjZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyCkKg7sSKJOBgenrPbG5SRCmcEx
EBxrWIKKZz8LBlLzUEo/Nwsc9D9ugJsv88O4C3TPRfQ3FzraVuuiByOuGo/uwX5K
AKedg3TMmzY07Zx2PoyyqasF+DMFh17zi3SacOaLjmpRKlRxfd+GbtZ1JQ8knZif
cjLR686snLnWc2CXn4gnP4luI43zpblSvDZlzH/brkOMYhQtBqzSY1kNj4Gu5pUH
oZc9P/wZ1++DecBoSDpvSNxiaABGHYVYVpdIS0iYKlmEJlELARjykwzTZK5k6a21
TobvOJ4BdjCrpeI4Ns0vizrtWqZPKJmRMGdtvLxH82kp8+d2qWPMpiECWwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFMP86vJq8X7tHEZvUnUGvy3zJ8++MB8GA1UdIwQY
MBaAFE+Z5OrkigHHgfqtEfbYGpHqM73/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVuazZ1U0tBY2VCLXEwUjl0Z2FrZW96dmY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xOWQzMTMtNzc3Yi00MDQ0LWEyMzgt
OGI4ZjNmOGQ3MzAzLzEvd196cThtcnhmdTBjUm05U2RRYV9MZk1uejc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xOWQzMTMtNzc3Yi00MDQ0LWEyMzgtOGI4ZjNmOGQ3MzAz
LzEvVDVuazZ1U0tBY2VCLXEwUjl0Z2FrZW96dmY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCLVmYAwQC
LVuQAwQCLYLsAwQCU4iUAwQDbc1AAwQCsHasAwQCuRE4AwQCuTYkAwQCuafcAwQC
ueowMA0EAgACMAcDBQAqA9wAMA0GCSqGSIb3DQEBCwUAA4IBAQAz+mDcIU6Js0Pl
ELDB/H7a4wRrZoQkiuWuMiCaXvMPIacqaBlKACg4Zec1xCMUjEVnmwQNohBrS0hz
6i2R8ichsVs1evO66uDTPouk/bCnN8bPmqCB0maxJz8S/8QVlnhgXapziGXJMGoR
pu26G8zBI/mC0VXQeBl2DUfZCF2Nkts6Zi3N2mfoZaw7b3j3GGZ+n64/+dZTQQ6E
0RUJFOADpehspukMjaj5BewbGnVOMQSRjl8jOs6XqfBSwwwI2UnQCRuXe8IF0yXe
bSMQPn8PvE1f7tnVnYybLtAs8bew5smdHoWXszjFiymr+Ftxh9uW751YA2veNlDP
D88dCZnQ
-----END CERTIFICATE-----