Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/MUXHXuxp7MHP9DcP9scu_LzJ6ws.roa
File:                     MUXHXuxp7MHP9DcP9scu_LzJ6ws.roa (raw, json)
Hash identifier:          YE8iGW8NUrw9aH44bolYbaq1X8aVq667b500+tfK88M=
Subject key identifier:   31:45:C7:5E:EC:69:EC:C1:CF:F4:37:0F:F6:C7:2E:FC:BC:C9:EB:0B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018BF5FE8AFDCCA8EA5A08E30DE7CF89C1D0
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/MUXHXuxp7MHP9DcP9scu_LzJ6ws.roa
Signing time:             Wed 22 Nov 2023 07:46:21 +0000
ROA not before:           Wed 22 Nov 2023 07:46:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205544
IP address blocks:        2a0f:e6c6:1::/48 maxlen: 48
                          2a13:e107:7::/48 maxlen: 48
                          2a13:e101:1::/48 maxlen: 48
                          2a0f:e1c0:1::/48 maxlen: 48
                          2a12:ecc0:1::/48 maxlen: 48
                          2a13:3380:1::/48 maxlen: 48
                          2a0f:e6c7:1::/48 maxlen: 48
                          2a13:e100:1::/48 maxlen: 48
                          2a12:ecc0:f::/48 maxlen: 48
                          2a0f:e440::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f5:fe:8a:fd:cc:a8:ea:5a:08:e3:0d:e7:cf:89:c1:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov 22 07:46:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3145c75eec69ecc1cff4370ff6c72efcbcc9eb0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f5:50:c2:60:ce:3a:80:8e:26:54:0e:b3:e8:
                    88:34:b0:45:07:24:a4:fe:7b:93:e6:d7:52:90:fa:
                    2b:57:72:1a:a8:66:16:17:a2:52:ef:4f:40:38:ec:
                    40:2c:45:02:f1:a4:53:64:ed:61:4a:3c:a2:4f:55:
                    a1:88:c8:63:40:f1:43:87:66:8d:ad:b5:f5:9d:58:
                    6e:47:09:d8:e1:e9:84:3c:ac:24:6b:b7:61:b9:78:
                    1a:a2:ad:da:55:ad:d9:e5:ea:75:9a:23:4b:c1:68:
                    67:1c:60:2e:11:4e:04:79:93:71:52:ce:b6:0a:8a:
                    53:c6:9e:d4:3f:d2:73:ba:85:a5:f8:2b:5e:49:1f:
                    cf:67:d0:d1:4f:c1:ef:bd:f5:4e:6d:18:e8:fc:de:
                    69:58:27:d8:af:28:36:63:38:84:f7:d5:c2:b1:da:
                    3a:26:5b:d2:17:56:ac:d2:38:c2:b3:af:73:65:83:
                    c6:77:4a:9d:02:57:f9:97:f6:b0:25:ac:11:e5:c9:
                    9f:0e:f4:fd:12:0a:12:0f:4b:72:fd:d9:fa:63:16:
                    66:f5:4d:11:40:e8:f0:ff:5a:2e:08:05:0d:0f:5a:
                    38:b3:82:20:e2:c6:1d:30:c3:9b:93:6d:19:16:15:
                    75:18:1a:c2:f6:3d:ef:40:80:60:29:46:d7:05:f1:
                    e7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:45:C7:5E:EC:69:EC:C1:CF:F4:37:0F:F6:C7:2E:FC:BC:C9:EB:0B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/MUXHXuxp7MHP9DcP9scu_LzJ6ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:e1c0:1::/48
                  2a0f:e440::/29
                  2a0f:e6c6:1::/48
                  2a0f:e6c7:1::/48
                  2a12:ecc0:1::/48
                  2a12:ecc0:f::/48
                  2a13:3380:1::/48
                  2a13:e100:1::/48
                  2a13:e101:1::/48
                  2a13:e107:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:1a:73:d8:a2:09:60:b9:98:85:c5:d5:79:43:df:38:e2:84:
         4a:c2:30:ef:2b:34:20:2f:77:61:12:60:25:46:cb:5c:94:67:
         32:a9:33:d0:4d:e9:c7:5c:d0:1b:1b:86:1b:26:84:93:37:cd:
         ba:17:f9:11:db:63:a4:36:27:30:4d:34:a8:af:4c:b6:5f:38:
         9d:d4:4d:a7:f8:af:22:b1:3f:7b:48:fa:cc:e1:f0:16:3c:7f:
         cb:c7:1f:9c:da:95:9a:ee:f2:2a:84:f2:c3:cc:ed:a3:89:9d:
         4d:90:6a:a5:da:6b:5d:cf:e7:f3:cd:69:31:c7:13:bd:fe:57:
         dc:1a:d6:f2:39:2d:03:f1:df:6f:fa:35:ec:ca:19:42:7a:3e:
         ce:70:f0:8e:e4:43:c6:2f:5c:b4:07:f0:d3:25:e5:a4:69:65:
         26:b5:eb:f1:45:8f:c0:be:51:e4:65:22:09:ad:0a:ad:da:e6:
         2b:9f:2b:85:d4:7d:c4:50:3e:46:ab:57:09:b3:02:04:51:79:
         39:c1:d5:78:29:70:47:c6:de:d5:69:eb:05:85:0c:16:7d:b6:
         64:9f:be:f4:be:ca:1c:01:ca:9d:c8:2c:9e:2b:f2:8c:2b:0a:
         63:18:d7:46:5d:5e:4e:fe:b5:61:5d:5f:31:6b:a1:83:bf:d9:
         98:51:74:24
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYv1/or9zKjqWgjjDefPicHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMxMTIyMDc0NjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTQ1Yzc1ZWVjNjllY2MxY2ZmNDM3MGZmNmM3MmVmY2JjYzllYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPVQwmDOOoCOJlQOs+iINLBFBySk
/nuT5tdSkPorV3IaqGYWF6JS709AOOxALEUC8aRTZO1hSjyiT1WhiMhjQPFDh2aN
rbX1nVhuRwnY4emEPKwka7dhuXgaoq3aVa3Z5ep1miNLwWhnHGAuEU4EeZNxUs62
CopTxp7UP9JzuoWl+CteSR/PZ9DRT8HvvfVObRjo/N5pWCfYryg2YziE99XCsdo6
JlvSF1as0jjCs69zZYPGd0qdAlf5l/awJawR5cmfDvT9EgoSD0ty/dn6YxZm9U0R
QOjw/1ouCAUND1o4s4Ig4sYdMMObk20ZFhV1GBrC9j3vQIBgKUbXBfHnpQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFDFFx17saezBz/Q3D/bHLvy8yesLMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTVVYSFh1eHA3TUhQOURjUDlzY3VfTHpKNndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAAjBYAwcAKg/hwAAB
AwUDKg/kQAMHACoP5sYAAQMHACoP5scAAQMHACoS7MAAAQMHACoS7MAADwMHACoT
M4AAAQMHACoT4QAAAQMHACoT4QEAAQMHACoT4QcABzANBgkqhkiG9w0BAQsFAAOC
AQEAbhpz2KIJYLmYhcXVeUPfOOKESsIw7ys0IC93YRJgJUbLXJRnMqkz0E3px1zQ
GxuGGyaEkzfNuhf5EdtjpDYnME00qK9Mtl84ndRNp/ivIrE/e0j6zOHwFjx/y8cf
nNqVmu7yKoTyw8zto4mdTZBqpdprXc/n881pMccTvf5X3BrW8jktA/Hfb/o17MoZ
Qno+znDwjuRDxi9ctAfw0yXlpGllJrXr8UWPwL5R5GUiCa0KrdrmK58rhdR9xFA+
RqtXCbMCBFF5OcHVeClwR8be1WnrBYUMFn22ZJ++9L7KHAHKncgsnivyjCsKYxjX
Rl1eTv61YV1fMWuhg7/ZmFF0JA==
-----END CERTIFICATE-----