Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/0A8wm6x7uwPTBI93opaaJzzgc9U.roa
File:                     0A8wm6x7uwPTBI93opaaJzzgc9U.roa (raw, json)
Hash identifier:          VcOKHRNfn0hs8QdqQxWqhgXCt7J04OlEAE7XikGrsLg=
Subject key identifier:   D0:0F:30:9B:AC:7B:BB:03:D3:04:8F:77:A2:96:9A:27:3C:E0:73:D5
Certificate issuer:       /CN=c1acf260d23263a7c6bb6c59c19eebc6759b60be
Certificate serial:       018746A7CD32E300A593C863CAAE0582515B
Authority key identifier: C1:AC:F2:60:D2:32:63:A7:C6:BB:6C:59:C1:9E:EB:C6:75:9B:60:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wazyYNIyY6fGu2xZwZ7rxnWbYL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/0A8wm6x7uwPTBI93opaaJzzgc9U.roa
Signing time:             Mon 03 Apr 2023 10:26:54 +0000
ROA not before:           Mon 03 Apr 2023 10:26:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     19905
IP address blocks:        95.83.192.0/18 maxlen: 24
                          95.83.196.0/22 maxlen: 24
                          95.83.196.0/23 maxlen: 24
                          89.204.160.0/19 maxlen: 24
                          31.200.128.0/18 maxlen: 24
                          89.204.192.0/18 maxlen: 24
                          92.251.240.0/21 maxlen: 24
                          185.60.124.0/22 maxlen: 24
                          213.191.224.0/19 maxlen: 24
                          178.167.128.0/17 maxlen: 24
                          95.83.229.0/24 maxlen: 24
                          62.40.32.0/19 maxlen: 24
                          92.251.128.0/17 maxlen: 24
                          83.136.40.0/21 maxlen: 24
                          80.233.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:46:a7:cd:32:e3:00:a5:93:c8:63:ca:ae:05:82:51:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1acf260d23263a7c6bb6c59c19eebc6759b60be
        Validity
            Not Before: Apr  3 10:26:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d00f309bac7bbb03d3048f77a2969a273ce073d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:48:46:46:80:f5:c3:f0:c0:85:04:3d:f7:f6:
                    df:0f:5d:c3:a4:c5:e1:d9:76:50:4c:02:5d:8c:19:
                    bd:97:8a:4d:dc:2c:0f:b9:6d:ac:ec:3a:53:af:14:
                    e5:e6:b1:02:35:f5:f7:c8:58:1a:46:27:5e:7d:01:
                    69:1e:a4:b1:a3:0e:2b:01:05:c9:74:08:72:4f:8a:
                    f1:12:5d:1c:bb:28:0a:18:1e:f9:9f:15:e1:66:1c:
                    f7:6e:5c:55:79:8a:7b:b1:37:77:bf:2b:64:e6:af:
                    b7:87:92:11:9b:06:40:80:b9:52:f1:a2:06:8a:15:
                    7b:75:29:86:09:51:2d:eb:c4:eb:00:1f:98:27:49:
                    b0:f5:f2:8d:4a:67:c4:69:57:c1:f9:6f:4f:85:8e:
                    94:7e:02:c8:47:9a:f6:92:32:2e:9d:21:d2:ab:28:
                    10:84:9d:c0:aa:2f:b2:fb:a9:78:4a:f6:bf:97:38:
                    90:db:da:d3:64:41:bc:56:b0:99:2b:7b:57:55:96:
                    1b:c7:d9:45:5c:ad:53:9b:4b:db:20:58:23:34:c6:
                    68:e3:1f:69:e6:0f:f6:1e:82:7f:43:94:1b:7c:f4:
                    a1:dd:93:bd:c2:fd:e1:37:ec:77:d3:e1:b8:c7:c8:
                    08:fe:56:5a:87:4a:b4:a4:f8:e1:d6:66:c3:4f:0c:
                    fc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:0F:30:9B:AC:7B:BB:03:D3:04:8F:77:A2:96:9A:27:3C:E0:73:D5
            X509v3 Authority Key Identifier:
                keyid:C1:AC:F2:60:D2:32:63:A7:C6:BB:6C:59:C1:9E:EB:C6:75:9B:60:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wazyYNIyY6fGu2xZwZ7rxnWbYL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/0A8wm6x7uwPTBI93opaaJzzgc9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/wazyYNIyY6fGu2xZwZ7rxnWbYL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.200.128.0/18
                  62.40.32.0/19
                  80.233.0.0/17
                  83.136.40.0/21
                  89.204.160.0-89.204.255.255
                  92.251.128.0/17
                  95.83.192.0/18
                  178.167.128.0/17
                  185.60.124.0/22
                  213.191.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         62:8f:90:a1:d2:c8:f3:52:0c:1e:08:4b:59:5d:86:6a:96:bf:
         3a:f9:35:6f:3f:d6:cf:6f:a5:7d:74:7e:80:2f:56:de:ba:11:
         6a:30:8d:3e:7a:54:e7:50:03:86:b6:12:c4:44:67:ed:49:36:
         69:85:82:94:9e:4b:8c:12:b1:11:90:f6:c2:26:e2:40:54:1d:
         65:e6:a2:65:0a:34:8a:4c:79:12:a9:08:f6:98:dc:26:e8:de:
         aa:66:98:8c:ce:d7:66:61:4d:b3:ed:5d:64:a0:f2:ec:31:8c:
         30:23:5b:60:fb:e8:fb:a9:64:20:ab:ff:1c:70:a3:7c:e0:a8:
         a4:24:62:cd:7d:12:82:f3:bd:44:63:4e:ff:38:5f:4c:cd:ab:
         07:15:8f:e5:c8:85:75:5f:a1:21:da:06:54:43:b5:5b:32:1f:
         1b:38:93:d6:08:3c:be:ec:e1:d1:71:a6:f5:bb:46:24:93:97:
         7e:6f:77:7a:06:22:21:25:c5:e3:2f:6a:9a:13:8a:fd:8c:91:
         8d:42:9f:0a:c2:e1:09:ad:31:46:b2:b3:5f:f5:d9:a7:7f:b4:
         cb:bc:ee:62:4b:9a:cc:45:c8:76:31:e2:c5:fc:a6:6d:cd:df:
         0f:c4:d8:59:ff:79:68:18:43:35:fe:b5:12:3b:8a:a5:80:6e:
         3f:fc:f4:65
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYdGp80y4wClk8hjyq4FglFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWNmMjYwZDIzMjYzYTdjNmJiNmM1OWMxOWVlYmM2NzU5
YjYwYmUwHhcNMjMwNDAzMTAyNjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDBmMzA5YmFjN2JiYjAzZDMwNDhmNzdhMjk2OWEyNzNjZTA3M2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkhGRoD1w/DAhQQ99/bfD13DpMXh
2XZQTAJdjBm9l4pN3CwPuW2s7DpTrxTl5rECNfX3yFgaRidefQFpHqSxow4rAQXJ
dAhyT4rxEl0cuygKGB75nxXhZhz3blxVeYp7sTd3vytk5q+3h5IRmwZAgLlS8aIG
ihV7dSmGCVEt68TrAB+YJ0mw9fKNSmfEaVfB+W9PhY6UfgLIR5r2kjIunSHSqygQ
hJ3Aqi+y+6l4Sva/lziQ29rTZEG8VrCZK3tXVZYbx9lFXK1Tm0vbIFgjNMZo4x9p
5g/2HoJ/Q5QbfPSh3ZO9wv3hN+x30+G4x8gI/lZah0q0pPjh1mbDTwz8UQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFNAPMJuse7sD0wSPd6KWmic84HPVMB8GA1UdIwQY
MBaAFMGs8mDSMmOnxrtsWcGe68Z1m2C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2F6eVlOSXlZNmZHdTJ4WndaN3J4bldiWUw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9kMGMxN2EtMTliNy00MTQyLWI5NDEt
ZmZkNjQ2ZDA1ZjY3LzEvMEE4d202eDd1d1BUQkk5M29wYWFKenpnYzlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9kMGMxN2EtMTliNy00MTQyLWI5NDEtZmZkNjQ2ZDA1ZjY3
LzEvd2F6eVlOSXlZNmZHdTJ4WndaN3J4bldiWUw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAATBDAwQGH8iAAwQF
PiggAwQHUOkAAwQDU4goMAsDBAVZzKADAwBZzAMEB1z7gAMEBl9TwAMEB7KngAME
Ark8fAMEBdW/4DANBgkqhkiG9w0BAQsFAAOCAQEAYo+QodLI81IMHghLWV2Gapa/
Ovk1bz/Wz2+lfXR+gC9W3roRajCNPnpU51ADhrYSxERn7Uk2aYWClJ5LjBKxEZD2
wibiQFQdZeaiZQo0ikx5EqkI9pjcJujeqmaYjM7XZmFNs+1dZKDy7DGMMCNbYPvo
+6lkIKv/HHCjfOCopCRizX0SgvO9RGNO/zhfTM2rBxWP5ciFdV+hIdoGVEO1WzIf
GziT1gg8vuzh0XGm9btGJJOXfm93egYiISXF4y9qmhOK/YyRjUKfCsLhCa0xRrKz
X/XZp3+0y7zuYkuazEXIdjHixfymbc3fD8TYWf95aBhDNf61EjuKpYBuP/z0ZQ==
-----END CERTIFICATE-----