Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fxKqYxB65TCyCe9jsyeFK3d6fHE.roa
File:                     fxKqYxB65TCyCe9jsyeFK3d6fHE.roa (raw, json)
Hash identifier:          be+P+BTEjeRnz54/EX7ZQU3vZ/8xS26rVeAsAS4knLk=
Subject key identifier:   7F:12:AA:63:10:7A:E5:30:B2:09:EF:63:B3:27:85:2B:77:7A:7C:71
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01879D60399179F7EB257759F061169AA30E
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fxKqYxB65TCyCe9jsyeFK3d6fHE.roa
Signing time:             Thu 20 Apr 2023 06:35:41 +0000
ROA not before:           Thu 20 Apr 2023 06:35:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     32489
IP address blocks:        2a13:9580::/29 maxlen: 29
                          2a13:f900::/29 maxlen: 29
                          2a13:cf00::/29 maxlen: 29
                          2a13:9080::/29 maxlen: 29
                          2a13:9680::/29 maxlen: 29
                          2a13:9180::/29 maxlen: 29
                          2a13:8c80::/29 maxlen: 29
                          2a13:fb00::/29 maxlen: 29
                          2a13:d100::/29 maxlen: 29
                          2a13:e100::/29 maxlen: 29
                          2a13:9380::/29 maxlen: 29
                          2a13:fd00::/29 maxlen: 29
                          2a13:d300::/29 maxlen: 29
                          2a13:9480::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9d:60:39:91:79:f7:eb:25:77:59:f0:61:16:9a:a3:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 20 06:35:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7f12aa63107ae530b209ef63b327852b777a7c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1f:02:53:04:83:eb:e1:17:59:fe:e0:f7:5a:
                    c8:22:c8:9e:aa:37:12:bb:a9:13:f2:7f:dd:9f:af:
                    9f:56:b9:14:6a:c3:27:9d:ef:91:f8:9d:3f:2d:ca:
                    a3:ca:7b:17:8b:d7:cf:47:47:88:ff:6f:6f:9b:99:
                    79:63:22:c8:f8:99:f4:af:60:b5:e7:0a:27:f2:6b:
                    4f:4d:53:77:d3:bd:26:2c:05:46:6e:ca:7f:1a:4d:
                    9c:53:f4:9e:6b:70:1a:79:ab:da:12:70:c8:4e:c8:
                    f8:21:51:e1:b3:44:bb:a4:8c:40:01:c3:86:64:44:
                    69:0e:58:8b:be:12:d7:7a:91:8f:2c:e1:53:01:29:
                    e1:96:1c:e3:ee:f1:48:9d:fc:62:8e:de:2d:c1:2c:
                    0d:a9:72:be:09:64:73:38:17:60:85:78:9f:85:07:
                    bc:a2:c6:21:5e:25:fe:41:93:cd:ba:77:96:0b:a1:
                    58:5c:c3:76:43:16:8a:4d:24:06:cb:04:5d:e1:bd:
                    84:03:7c:6e:2b:7c:66:f1:64:11:f8:4d:cf:60:89:
                    a3:81:94:12:15:32:6a:59:46:76:a3:1c:b2:fb:3e:
                    7c:2e:68:50:d0:d4:af:d3:7a:cc:91:ab:28:df:ec:
                    c0:01:69:5b:ed:57:b7:f5:ef:5e:dd:62:27:34:50:
                    5a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:12:AA:63:10:7A:E5:30:B2:09:EF:63:B3:27:85:2B:77:7A:7C:71
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fxKqYxB65TCyCe9jsyeFK3d6fHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8c80::/29
                  2a13:9080::/29
                  2a13:9180::/29
                  2a13:9380::/29
                  2a13:9480::/29
                  2a13:9580::/29
                  2a13:9680::/29
                  2a13:cf00::/29
                  2a13:d100::/29
                  2a13:d300::/29
                  2a13:e100::/29
                  2a13:f900::/29
                  2a13:fb00::/29
                  2a13:fd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:47:fd:d2:d4:56:b4:34:0f:c6:7e:20:08:8f:e4:ac:24:9a:
         23:89:61:a5:9c:f4:2f:f0:0c:e6:ab:5c:8f:57:fc:98:60:58:
         41:62:25:66:53:97:b2:a2:37:cc:21:49:59:5d:26:58:4e:47:
         af:00:f2:f9:19:d5:56:df:ac:ef:ea:46:04:22:cb:5a:ee:29:
         94:47:64:da:4b:ba:c9:2b:dc:cb:25:c4:46:70:78:69:54:73:
         8f:7d:46:09:09:83:71:73:f3:27:01:4b:3b:83:3d:12:df:51:
         50:e6:91:a0:ca:66:69:16:95:42:a8:5e:98:53:86:63:f3:2f:
         14:ea:74:e4:5d:b3:4f:b7:ad:3e:bd:0c:95:95:56:1f:84:65:
         67:3d:93:cb:c5:fa:c2:72:3c:bf:3e:22:4a:13:5e:b0:7f:44:
         0e:3b:39:a2:3e:3f:58:f8:81:a4:5a:27:28:31:32:9d:a5:6b:
         4f:ec:30:13:9a:fa:ed:86:c4:1d:f9:bb:1c:8d:34:c0:68:52:
         da:47:29:63:8a:9b:82:94:3f:5b:70:18:4e:22:2f:12:09:47:
         95:a0:b5:a9:17:76:1a:bf:a6:5c:95:b7:b6:fa:15:e7:28:50:
         59:41:07:64:6b:04:20:6a:52:ac:3d:c5:ff:fc:f7:6d:fd:32:
         74:d8:1c:8f
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYedYDmReffrJXdZ8GEWmqMOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMwNDIwMDYzNTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjEyYWE2MzEwN2FlNTMwYjIwOWVmNjNiMzI3ODUyYjc3N2E3YzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwh8CUwSD6+EXWf7g91rIIsieqjcS
u6kT8n/dn6+fVrkUasMnne+R+J0/LcqjynsXi9fPR0eI/29vm5l5YyLI+Jn0r2C1
5won8mtPTVN3070mLAVGbsp/Gk2cU/Sea3AaeavaEnDITsj4IVHhs0S7pIxAAcOG
ZERpDliLvhLXepGPLOFTASnhlhzj7vFInfxijt4twSwNqXK+CWRzOBdghXifhQe8
osYhXiX+QZPNuneWC6FYXMN2QxaKTSQGywRd4b2EA3xuK3xm8WQR+E3PYImjgZQS
FTJqWUZ2oxyy+z58LmhQ0NSv03rMkaso3+zAAWlb7Ve39e9e3WInNFBaBwIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFH8SqmMQeuUwsgnvY7MnhSt3enxxMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZnhLcVl4QjY1VEN5Q2U5anN5ZUZLM2Q2ZkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAAjBiAwUDKhOMgAMF
AyoTkIADBQMqE5GAAwUDKhOTgAMFAyoTlIADBQMqE5WAAwUDKhOWgAMFAyoTzwAD
BQMqE9EAAwUDKhPTAAMFAyoT4QADBQMqE/kAAwUDKhP7AAMFAyoT/QAwDQYJKoZI
hvcNAQELBQADggEBAGxH/dLUVrQ0D8Z+IAiP5KwkmiOJYaWc9C/wDOarXI9X/Jhg
WEFiJWZTl7KiN8whSVldJlhOR68A8vkZ1VbfrO/qRgQiy1ruKZRHZNpLuskr3Msl
xEZweGlUc499RgkJg3Fz8ycBSzuDPRLfUVDmkaDKZmkWlUKoXphThmPzLxTqdORd
s0+3rT69DJWVVh+EZWc9k8vF+sJyPL8+IkoTXrB/RA47OaI+P1j4gaRaJygxMp2l
a0/sMBOa+u2GxB35uxyNNMBoUtpHKWOKm4KUP1twGE4iLxIJR5WgtakXdhq/plyV
t7b6FecoUFlBB2RrBCBqUqw9xf/89239MnTYHI8=
-----END CERTIFICATE-----