Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/7kTtX5N2S0BwtcLz69hhMSt7BYw.roa
File:                     7kTtX5N2S0BwtcLz69hhMSt7BYw.roa (raw, json)
Hash identifier:          RbESPTyPUYJDRMJ7vZDknhwBAF15pTjrJNd7N8xAGYw=
Subject key identifier:   EE:44:ED:5F:93:76:4B:40:70:B5:C2:F3:EB:D8:61:31:2B:7B:05:8C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018C1A3F3E6B2F4DFF3F865C5792B8400A47
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/7kTtX5N2S0BwtcLz69hhMSt7BYw.roa
Signing time:             Wed 29 Nov 2023 08:43:21 +0000
ROA not before:           Wed 29 Nov 2023 08:43:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205544
IP address blocks:        2a0f:e6c6:1::/48 maxlen: 48
                          2a13:e101:1::/48 maxlen: 48
                          2a0f:e1c0:1::/48 maxlen: 48
                          2a12:ecc0:1::/48 maxlen: 48
                          2a13:3380:1::/48 maxlen: 48
                          2a0f:e6c7:1::/48 maxlen: 48
                          2a13:e100:1::/48 maxlen: 48
                          2a12:ecc0:f::/48 maxlen: 48
                          2a13:c700:1::/48 maxlen: 48
                          2a0f:e440::/29 maxlen: 29
                          2a0f:e1c0:2::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:1a:3f:3e:6b:2f:4d:ff:3f:86:5c:57:92:b8:40:0a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov 29 08:43:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee44ed5f93764b4070b5c2f3ebd861312b7b058c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:17:5b:94:55:6d:05:90:c8:9a:59:c3:76:d1:
                    67:57:56:8e:44:7d:d6:f9:56:ca:55:f1:fb:16:7c:
                    69:89:4c:4e:d1:b4:af:64:06:ba:3a:2d:fc:aa:31:
                    05:99:07:d3:e8:1e:3e:2b:a5:cf:65:b0:62:40:72:
                    3e:e0:ce:22:a2:b3:f3:c1:49:c2:84:9d:a6:ff:e9:
                    64:f1:90:0c:5a:2d:46:0b:4a:08:78:40:c7:aa:de:
                    6d:68:7f:98:e0:ef:6c:51:7d:6f:5f:aa:22:1f:bc:
                    c9:3a:ff:7c:44:4d:9d:f8:a3:1f:d0:3a:45:5b:33:
                    6a:8f:69:aa:75:71:18:9a:9f:8f:82:03:87:14:13:
                    cf:60:c8:a6:ec:6c:ce:e0:45:7d:96:24:dc:0e:fc:
                    0e:8e:49:4e:67:f9:b2:09:8f:3e:51:30:47:1a:f4:
                    db:e2:25:26:e3:93:3b:30:71:f5:a8:f1:af:80:aa:
                    5e:a7:22:52:3b:74:55:ce:16:76:db:1e:cf:d6:e8:
                    6e:63:cf:38:02:aa:d8:1f:81:e0:7f:f0:c8:55:3e:
                    92:f6:9c:a6:32:66:3f:b0:f5:19:b6:a5:10:5f:05:
                    da:6f:76:eb:b1:92:cf:bf:22:11:ed:dc:e7:12:27:
                    77:6b:14:55:fa:b0:d7:e3:44:26:ba:0f:90:4d:e0:
                    cc:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:44:ED:5F:93:76:4B:40:70:B5:C2:F3:EB:D8:61:31:2B:7B:05:8C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/7kTtX5N2S0BwtcLz69hhMSt7BYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:e1c0:1::-2a0f:e1c0:2:ffff:ffff:ffff:ffff:ffff
                  2a0f:e440::/29
                  2a0f:e6c6:1::/48
                  2a0f:e6c7:1::/48
                  2a12:ecc0:1::/48
                  2a12:ecc0:f::/48
                  2a13:3380:1::/48
                  2a13:c700:1::/48
                  2a13:e100:1::/48
                  2a13:e101:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:5b:de:e3:69:13:6e:bf:3f:86:57:5f:28:f6:60:19:87:c3:
         e6:3f:c0:e4:ef:9b:14:40:af:f1:4d:3d:b5:1f:2b:98:84:a4:
         25:47:a4:c1:66:23:ad:33:82:2f:ae:4b:fa:f9:51:f1:74:0d:
         de:cc:2c:5c:4a:13:06:fe:15:fe:0d:96:76:41:43:cf:83:6d:
         80:65:fc:ab:cd:2e:19:b3:3b:ea:c5:b5:64:5c:56:de:86:c8:
         54:f8:83:78:70:a6:12:b8:c5:0d:64:ae:a2:bf:ce:1a:47:ee:
         6a:3c:59:50:c6:00:96:a6:58:b8:2c:ba:1b:a8:de:00:5e:fa:
         38:5b:5b:46:be:64:a9:5a:8f:db:bf:77:c6:0a:19:1a:49:88:
         5a:3f:e7:d7:a3:3b:57:e1:32:99:07:77:05:06:1a:5a:e0:a8:
         8d:ee:82:7e:d1:89:b4:d1:0b:eb:e1:dc:bc:ef:2c:5e:c6:ec:
         c1:d9:16:51:f6:de:85:e4:47:09:af:9b:1d:86:9e:e8:8a:63:
         1f:cd:b8:80:b0:0b:0f:81:bb:03:d1:92:c0:dd:53:f0:ad:32:
         e4:ed:ac:d9:f9:2e:34:e2:12:f0:aa:bd:8f:bc:f1:2a:29:cf:
         76:3e:fa:38:de:37:1e:fe:a9:0d:18:a8:a3:a0:88:39:cc:50:
         38:12:f0:0b
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAYwaPz5rL03/P4ZcV5K4QApHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMxMTI5MDg0MzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTQ0ZWQ1ZjkzNzY0YjQwNzBiNWMyZjNlYmQ4NjEzMTJiN2IwNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixdblFVtBZDImlnDdtFnV1aORH3W
+VbKVfH7FnxpiUxO0bSvZAa6Oi38qjEFmQfT6B4+K6XPZbBiQHI+4M4iorPzwUnC
hJ2m/+lk8ZAMWi1GC0oIeEDHqt5taH+Y4O9sUX1vX6oiH7zJOv98RE2d+KMf0DpF
WzNqj2mqdXEYmp+PggOHFBPPYMim7GzO4EV9liTcDvwOjklOZ/myCY8+UTBHGvTb
4iUm45M7MHH1qPGvgKpepyJSO3RVzhZ22x7P1uhuY884AqrYH4Hgf/DIVT6S9pym
MmY/sPUZtqUQXwXab3brsZLPvyIR7dznEid3axRV+rDX40Qmug+QTeDMswIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFO5E7V+TdktAcLXC8+vYYTErewWMMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvN2tUdFg1TjJTMEJ3dGNMejY5aGhNU3Q3Qll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBpBAIAAjBjMBIDBwAqD+HA
AAEDBwAqD+HAAAIDBQMqD+RAAwcAKg/mxgABAwcAKg/mxwABAwcAKhLswAABAwcA
KhLswAAPAwcAKhMzgAABAwcAKhPHAAABAwcAKhPhAAABAwcAKhPhAQABMA0GCSqG
SIb3DQEBCwUAA4IBAQAZW97jaRNuvz+GV18o9mAZh8PmP8Dk75sUQK/xTT21HyuY
hKQlR6TBZiOtM4Ivrkv6+VHxdA3ezCxcShMG/hX+DZZ2QUPPg22AZfyrzS4Zszvq
xbVkXFbehshU+IN4cKYSuMUNZK6iv84aR+5qPFlQxgCWpli4LLobqN4AXvo4W1tG
vmSpWo/bv3fGChkaSYhaP+fXoztX4TKZB3cFBhpa4KiN7oJ+0Ym00Qvr4dy87yxe
xuzB2RZR9t6F5EcJr5sdhp7oimMfzbiAsAsPgbsD0ZLA3VPwrTLk7azZ+S404hLw
qr2PvPEqKc92Pvo43jce/qkNGKijoIg5zFA4EvAL
-----END CERTIFICATE-----