Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/8B-tQ2jVgPQgON1MVa5y7Xh44fo.roa
File:                     8B-tQ2jVgPQgON1MVa5y7Xh44fo.roa (raw, json)
Hash identifier:          5IWhzxwvgSKxiUgrcGwPpgvGamTJN3MN6obVKyOF7p8=
Subject key identifier:   F0:1F:AD:43:68:D5:80:F4:20:38:DD:4C:55:AE:72:ED:78:78:E1:FA
Certificate issuer:       /CN=c1acf260d23263a7c6bb6c59c19eebc6759b60be
Certificate serial:       018587EB9C7F049A1CADD9C4D9D89C0C4544
Authority key identifier: C1:AC:F2:60:D2:32:63:A7:C6:BB:6C:59:C1:9E:EB:C6:75:9B:60:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wazyYNIyY6fGu2xZwZ7rxnWbYL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/8B-tQ2jVgPQgON1MVa5y7Xh44fo.roa
Signing time:             Fri 06 Jan 2023 16:30:43 +0000
ROA not before:           Fri 06 Jan 2023 16:30:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     19905
IP address blocks:        95.83.192.0/18 maxlen: 24
                          95.83.196.0/22 maxlen: 24
                          95.83.196.0/23 maxlen: 24
                          89.204.160.0/19 maxlen: 24
                          31.200.128.0/18 maxlen: 24
                          89.204.192.0/18 maxlen: 24
                          92.251.240.0/21 maxlen: 24
                          185.60.124.0/22 maxlen: 24
                          213.191.224.0/19 maxlen: 24
                          178.167.128.0/17 maxlen: 24
                          95.83.229.0/24 maxlen: 24
                          62.40.32.0/19 maxlen: 24
                          92.251.128.0/17 maxlen: 24
                          83.136.40.0/21 maxlen: 24
                          80.233.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:87:eb:9c:7f:04:9a:1c:ad:d9:c4:d9:d8:9c:0c:45:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1acf260d23263a7c6bb6c59c19eebc6759b60be
        Validity
            Not Before: Jan  6 16:30:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f01fad4368d580f42038dd4c55ae72ed7878e1fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:92:a5:93:67:0d:c8:39:5f:c1:1a:1e:72:f8:
                    fc:e8:58:56:7e:c0:37:70:78:46:c9:fc:e6:59:2d:
                    bd:5f:c9:77:f7:88:aa:fa:7a:ea:bb:78:8c:a3:5f:
                    8e:74:91:a1:33:6d:5a:01:c3:67:d5:2d:b9:fc:49:
                    3f:f5:c8:b5:98:58:d4:f7:33:7a:68:56:d7:88:15:
                    9f:69:ff:f4:13:67:32:d0:31:ea:b3:05:1f:85:50:
                    3d:eb:db:1c:5b:23:a1:a6:b6:78:64:4c:03:70:d3:
                    8d:92:a0:fe:41:21:ef:10:69:eb:b9:a1:33:c4:79:
                    71:1a:78:e3:d8:ce:c5:42:ea:a0:fa:13:48:11:55:
                    74:d7:96:83:ea:2f:8d:66:7d:f7:b8:39:35:ad:58:
                    17:19:bf:ff:6b:32:9d:ae:b1:b0:79:f7:b1:d1:30:
                    ed:8f:f0:aa:dd:c8:4e:2b:8e:36:12:c1:0a:ac:4a:
                    ce:33:5f:4d:e4:e9:a5:44:37:fb:e1:e7:66:41:69:
                    99:ce:9c:f2:14:d5:50:97:60:55:f6:6c:9d:b5:5b:
                    a1:fe:14:b9:92:9a:6e:16:b6:11:25:ff:c8:f0:de:
                    7a:88:7d:9a:78:5c:43:61:13:f9:a1:f0:e6:d7:71:
                    11:d1:08:02:15:20:2b:21:b1:bb:bd:5e:c3:81:16:
                    ab:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:1F:AD:43:68:D5:80:F4:20:38:DD:4C:55:AE:72:ED:78:78:E1:FA
            X509v3 Authority Key Identifier:
                keyid:C1:AC:F2:60:D2:32:63:A7:C6:BB:6C:59:C1:9E:EB:C6:75:9B:60:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wazyYNIyY6fGu2xZwZ7rxnWbYL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/8B-tQ2jVgPQgON1MVa5y7Xh44fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/wazyYNIyY6fGu2xZwZ7rxnWbYL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.200.128.0/18
                  62.40.32.0/19
                  80.233.0.0/17
                  83.136.40.0/21
                  89.204.160.0-89.204.255.255
                  92.251.128.0/17
                  95.83.192.0/18
                  178.167.128.0/17
                  185.60.124.0/22
                  213.191.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         75:c8:9b:3e:86:04:3a:fd:09:f1:72:03:8f:7f:99:ca:35:78:
         d4:c3:7f:69:0c:e0:f6:b6:49:09:05:b7:17:b7:09:54:62:78:
         08:fd:f0:28:c0:36:59:92:3d:c4:38:78:98:3a:d2:d1:83:95:
         14:40:06:d8:96:9a:52:6b:03:20:c3:83:fe:57:25:14:7a:04:
         74:d7:e4:6d:1e:3a:ba:b0:0a:e5:b0:8c:d1:4d:ce:f1:24:f8:
         41:bd:ae:81:ad:f0:98:cd:0a:39:68:ab:76:95:33:e2:a3:61:
         b3:b8:60:f5:fc:ff:bd:7d:9e:bc:72:9b:5f:c4:5e:d9:04:bf:
         df:ed:9b:ad:33:20:03:24:4a:3d:1d:a6:4f:ed:76:3a:9e:12:
         4b:31:68:3c:be:b1:e7:2b:ae:c5:0c:8a:13:c9:91:48:d1:b7:
         f8:8d:79:17:60:c9:8e:12:25:2f:e8:6d:51:10:69:43:1b:96:
         a7:8e:aa:0a:18:b7:1e:54:d0:f3:7b:44:e3:e8:62:0b:82:fb:
         2b:30:6d:19:c6:90:08:27:7b:05:4c:d3:df:ce:cf:21:a6:ed:
         0c:f3:63:f0:5f:d4:40:33:2d:c9:f6:ea:fd:60:e7:f0:dd:72:
         c0:8c:7e:2f:d6:91:2d:fd:83:a5:de:77:71:10:c7:3f:05:90:
         94:a0:9d:01
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYWH65x/BJocrdnE2dicDEVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWNmMjYwZDIzMjYzYTdjNmJiNmM1OWMxOWVlYmM2NzU5
YjYwYmUwHhcNMjMwMTA2MTYzMDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDFmYWQ0MzY4ZDU4MGY0MjAzOGRkNGM1NWFlNzJlZDc4NzhlMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZKlk2cNyDlfwRoecvj86FhWfsA3
cHhGyfzmWS29X8l394iq+nrqu3iMo1+OdJGhM21aAcNn1S25/Ek/9ci1mFjU9zN6
aFbXiBWfaf/0E2cy0DHqswUfhVA969scWyOhprZ4ZEwDcNONkqD+QSHvEGnruaEz
xHlxGnjj2M7FQuqg+hNIEVV015aD6i+NZn33uDk1rVgXGb//azKdrrGwefex0TDt
j/Cq3chOK442EsEKrErOM19N5OmlRDf74edmQWmZzpzyFNVQl2BV9mydtVuh/hS5
kppuFrYRJf/I8N56iH2aeFxDYRP5ofDm13ER0QgCFSArIbG7vV7DgRarkwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFPAfrUNo1YD0IDjdTFWucu14eOH6MB8GA1UdIwQY
MBaAFMGs8mDSMmOnxrtsWcGe68Z1m2C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2F6eVlOSXlZNmZHdTJ4WndaN3J4bldiWUw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9kMGMxN2EtMTliNy00MTQyLWI5NDEt
ZmZkNjQ2ZDA1ZjY3LzEvOEItdFEyalZnUFFnT04xTVZhNXk3WGg0NGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9kMGMxN2EtMTliNy00MTQyLWI5NDEtZmZkNjQ2ZDA1ZjY3
LzEvd2F6eVlOSXlZNmZHdTJ4WndaN3J4bldiWUw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAATBDAwQGH8iAAwQF
PiggAwQHUOkAAwQDU4goMAsDBAVZzKADAwBZzAMEB1z7gAMEBl9TwAMEB7KngAME
Ark8fAMEBdW/4DANBgkqhkiG9w0BAQsFAAOCAQEAdcibPoYEOv0J8XIDj3+ZyjV4
1MN/aQzg9rZJCQW3F7cJVGJ4CP3wKMA2WZI9xDh4mDrS0YOVFEAG2JaaUmsDIMOD
/lclFHoEdNfkbR46urAK5bCM0U3O8ST4Qb2uga3wmM0KOWirdpUz4qNhs7hg9fz/
vX2evHKbX8Re2QS/3+2brTMgAyRKPR2mT+12Op4SSzFoPL6x5yuuxQyKE8mRSNG3
+I15F2DJjhIlL+htURBpQxuWp46qChi3HlTQ83tE4+hiC4L7KzBtGcaQCCd7BUzT
387PIabtDPNj8F/UQDMtyfbq/WDn8N1ywIx+L9aRLf2Dpd53cRDHPwWQlKCdAQ==
-----END CERTIFICATE-----