Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/CepRJ_AN0VJS4f2C6qx7X0sMkD8.roa
File:                     CepRJ_AN0VJS4f2C6qx7X0sMkD8.roa (raw, json)
Hash identifier:          5Q5h8+23/SSr3a6LR0mLiUvb8qZFYHDxM+gpr0UULaA=
Subject key identifier:   09:EA:51:27:F0:0D:D1:52:52:E1:FD:82:EA:AC:7B:5F:4B:0C:90:3F
Certificate issuer:       /CN=d6e2694652aa298511edafbe18d2b1cdbc792638
Certificate serial:       0189DB1BC94720D6E723080DA0811D552A86
Authority key identifier: D6:E2:69:46:52:AA:29:85:11:ED:AF:BE:18:D2:B1:CD:BC:79:26:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1uJpRlKqKYUR7a--GNKxzbx5Jjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/CepRJ_AN0VJS4f2C6qx7X0sMkD8.roa
Signing time:             Wed 09 Aug 2023 16:22:58 +0000
ROA not before:           Wed 09 Aug 2023 16:22:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60423
IP address blocks:        5.145.119.0/24 maxlen: 24
                          185.24.253.0/24 maxlen: 24
                          185.24.252.0/24 maxlen: 24
                          185.24.255.0/24 maxlen: 24
                          5.145.117.0/24 maxlen: 24
                          5.145.118.0/24 maxlen: 24
                          5.145.113.0/24 maxlen: 24
                          5.145.114.0/24 maxlen: 24
                          2a04:2f00::/48 maxlen: 48
                          2a04:2f00:1::/48 maxlen: 48
                          2a04:2f00:3::/48 maxlen: 48
                          2a04:2f00:e::/48 maxlen: 48
                          2a04:2f00:2::/48 maxlen: 48
                          2a04:2f00:d::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:db:1b:c9:47:20:d6:e7:23:08:0d:a0:81:1d:55:2a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6e2694652aa298511edafbe18d2b1cdbc792638
        Validity
            Not Before: Aug  9 16:22:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=09ea5127f00dd15252e1fd82eaac7b5f4b0c903f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3f:51:f2:b5:9c:03:66:ae:7d:15:31:1c:41:
                    c2:ec:5f:e9:b0:cc:42:f2:f9:5f:a5:de:73:75:d1:
                    02:46:f3:9d:3a:2a:d4:7c:d6:50:14:08:86:d4:66:
                    c6:4a:e5:ed:59:57:87:da:a2:54:3b:13:71:f5:e1:
                    22:cb:25:6d:8d:dd:8c:33:66:e4:f2:98:69:fc:3a:
                    36:df:9b:f1:79:e8:06:e0:bb:ec:7b:24:2b:53:cd:
                    ea:cb:15:f7:2d:ac:25:a9:38:de:f4:1e:c3:45:67:
                    be:f8:1b:16:2d:6d:1a:7c:d4:90:97:a0:3c:82:58:
                    6e:67:26:59:91:43:4e:be:46:04:e2:09:ef:ea:f3:
                    27:f0:d0:b7:a0:e7:77:38:9a:8a:25:f2:e0:2e:17:
                    a0:89:e4:31:1b:36:70:f6:34:ad:1a:8b:83:6b:87:
                    9f:b9:20:d0:8a:40:a2:4a:5c:b0:d9:34:ac:9a:1c:
                    c7:33:fe:73:80:3a:83:2e:c6:70:24:d8:b2:b2:fc:
                    e9:df:71:b7:0b:d3:9a:00:1e:91:0e:bf:e4:f2:01:
                    56:c6:11:50:57:73:ce:9d:f9:26:0e:b9:1d:82:42:
                    af:03:a8:0c:db:01:96:64:2b:ae:a4:c3:86:c1:8d:
                    25:d4:25:d6:ee:96:41:d9:7f:d4:85:13:db:ae:51:
                    9f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:EA:51:27:F0:0D:D1:52:52:E1:FD:82:EA:AC:7B:5F:4B:0C:90:3F
            X509v3 Authority Key Identifier:
                keyid:D6:E2:69:46:52:AA:29:85:11:ED:AF:BE:18:D2:B1:CD:BC:79:26:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1uJpRlKqKYUR7a--GNKxzbx5Jjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/CepRJ_AN0VJS4f2C6qx7X0sMkD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/8cc506-7e71-4705-a289-b42364895083/1/1uJpRlKqKYUR7a--GNKxzbx5Jjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.113.0-5.145.114.255
                  5.145.117.0-5.145.119.255
                  185.24.252.0/23
                  185.24.255.0/24
                IPv6:
                  2a04:2f00::/46
                  2a04:2f00:d::-2a04:2f00:e:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         8c:81:66:a5:a0:f0:55:0d:c7:c7:d3:53:3d:fb:6a:5a:4f:b7:
         85:ce:a2:15:91:ba:e6:df:b5:0e:07:18:2f:e7:dd:64:ad:64:
         3f:72:3d:c9:81:3a:da:f6:95:c0:47:04:b4:b1:d9:7b:bf:10:
         b1:68:ab:56:4d:e7:f4:e4:ca:39:8f:fd:18:e9:a4:84:92:7a:
         da:97:ed:16:ee:28:9a:4e:81:24:e4:5b:74:43:a0:06:4b:04:
         cc:53:35:87:3c:a5:7d:88:78:40:e5:09:64:33:a5:78:6b:c2:
         28:4f:5e:b9:b5:20:44:1d:94:a0:99:bd:40:a7:5f:d4:86:77:
         66:d8:a9:ed:7d:88:c1:1e:dc:83:0a:08:32:97:8c:c4:ec:07:
         c5:e1:a7:c9:17:a5:c8:3f:d6:b0:9f:b9:0b:22:57:63:6f:0d:
         23:83:d7:0f:25:a6:ab:a4:02:fd:3d:1f:61:79:bc:6f:2d:d8:
         4c:79:e4:9d:55:01:2d:ea:bf:85:a4:31:10:be:ad:f5:19:f9:
         e0:c7:46:6d:54:50:51:97:04:ad:51:2a:b2:d4:53:6c:e4:3a:
         0c:36:89:95:ec:fb:8a:c3:9b:6a:06:5f:c9:df:ae:21:57:2b:
         36:35:98:f2:37:6d:ea:ec:3c:2e:14:96:a6:36:d9:8c:a1:90:
         61:7d:ef:da
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYnbG8lHINbnIwgNoIEdVSqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZTI2OTQ2NTJhYTI5ODUxMWVkYWZiZTE4ZDJiMWNkYmM3
OTI2MzgwHhcNMjMwODA5MTYyMjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWVhNTEyN2YwMGRkMTUyNTJlMWZkODJlYWFjN2I1ZjRiMGM5MDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD9R8rWcA2aufRUxHEHC7F/psMxC
8vlfpd5zddECRvOdOirUfNZQFAiG1GbGSuXtWVeH2qJUOxNx9eEiyyVtjd2MM2bk
8php/Do235vxeegG4LvseyQrU83qyxX3LawlqTje9B7DRWe++BsWLW0afNSQl6A8
glhuZyZZkUNOvkYE4gnv6vMn8NC3oOd3OJqKJfLgLhegieQxGzZw9jStGouDa4ef
uSDQikCiSlyw2TSsmhzHM/5zgDqDLsZwJNiysvzp33G3C9OaAB6RDr/k8gFWxhFQ
V3POnfkmDrkdgkKvA6gM2wGWZCuupMOGwY0l1CXW7pZB2X/UhRPbrlGfZQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFAnqUSfwDdFSUuH9guqse19LDJA/MB8GA1UdIwQY
MBaAFNbiaUZSqimFEe2vvhjSsc28eSY4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXVKcFJsS3FLWVVSN2EtLUdOS3h6Yng1SmpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC84Y2M1MDYtN2U3MS00NzA1LWEyODkt
YjQyMzY0ODk1MDgzLzEvQ2VwUkpfQU4wVkpTNGYyQzZxeDdYMHNNa0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC84Y2M1MDYtN2U3MS00NzA1LWEyODktYjQyMzY0ODk1MDgz
LzEvMXVKcFJsS3FLWVVSN2EtLUdOS3h6Yng1SmpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAuBAIAATAoMAwDBAAFkXED
BAAFkXIwDAMEAAWRdQMEAwWRcAMEAbkY/AMEALkY/zAjBAIAAjAdAwcCKgQvAAAA
MBIDBwAqBC8AAA0DBwAqBC8AAA4wDQYJKoZIhvcNAQELBQADggEBAIyBZqWg8FUN
x8fTUz37alpPt4XOohWRuubftQ4HGC/n3WStZD9yPcmBOtr2lcBHBLSx2Xu/ELFo
q1ZN5/TkyjmP/RjppISSetqX7RbuKJpOgSTkW3RDoAZLBMxTNYc8pX2IeEDlCWQz
pXhrwihPXrm1IEQdlKCZvUCnX9SGd2bYqe19iMEe3IMKCDKXjMTsB8Xhp8kXpcg/
1rCfuQsiV2NvDSOD1w8lpqukAv09H2F5vG8t2Ex55J1VAS3qv4WkMRC+rfUZ+eDH
Rm1UUFGXBK1RKrLUU2zkOgw2iZXs+4rDm2oGX8nfriFXKzY1mPI3bersPC4UlqY2
2YyhkGF979o=
-----END CERTIFICATE-----