Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/gSROv4RZA4NQYtMiTNqIolLpuAo.roa
File:                     gSROv4RZA4NQYtMiTNqIolLpuAo.roa (raw, json)
Hash identifier:          RqmI627yK4MsrsbhQjhAPvb2I5ck/BF7fDktssdC3Dc=
Subject key identifier:   81:24:4E:BF:84:59:03:83:50:62:D3:22:4C:DA:88:A2:52:E9:B8:0A
Certificate issuer:       /CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
Certificate serial:       0189E8E8CF5A706C083313E47307F6B21235
Authority key identifier: 76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/gSROv4RZA4NQYtMiTNqIolLpuAo.roa
Signing time:             Sat 12 Aug 2023 08:41:58 +0000
ROA not before:           Sat 12 Aug 2023 08:41:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        46.162.3.0/24 maxlen: 24
                          46.162.0.0/24 maxlen: 24
                          46.162.8.0/24 maxlen: 24
                          46.162.10.0/24 maxlen: 24
                          46.162.10.0/23 maxlen: 24
                          46.162.11.0/24 maxlen: 24
                          46.162.12.0/24 maxlen: 24
                          46.162.18.0/24 maxlen: 24
                          46.162.23.0/24 maxlen: 24
                          46.162.26.0/24 maxlen: 24
                          46.162.32.0/24 maxlen: 24
                          46.162.50.0/24 maxlen: 24
                          46.162.48.0/24 maxlen: 24
                          46.162.49.0/24 maxlen: 24
                          46.162.52.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e8:e8:cf:5a:70:6c:08:33:13:e4:73:07:f6:b2:12:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
        Validity
            Not Before: Aug 12 08:41:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=81244ebf845903835062d3224cda88a252e9b80a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:60:0b:7f:c7:93:65:e9:b2:e0:bf:9d:2d:24:
                    5a:c9:d8:07:c8:6f:a5:d4:09:7a:69:73:32:f0:02:
                    ec:fd:3c:b5:b2:05:90:2f:b8:83:86:fd:f1:ee:99:
                    5d:01:bc:a5:ce:99:59:c5:31:96:b4:b5:a5:b5:ae:
                    d4:58:d9:dd:1d:a2:98:5b:8f:06:2b:27:11:67:00:
                    9d:6b:ad:ab:3a:4b:a9:86:46:cf:20:a6:d6:62:b7:
                    f7:be:f1:a0:d2:08:e5:66:ed:f5:2a:c9:6e:6b:d2:
                    5f:4a:b8:33:39:e9:0e:71:50:b2:de:7c:4c:03:cd:
                    9b:d4:e3:5c:c8:0a:0a:87:ae:56:5e:00:b4:0e:9e:
                    2a:63:9c:4d:b7:a4:7f:bc:1a:a0:f7:4c:15:5f:2f:
                    1a:f2:88:c7:ac:bf:0b:20:d4:59:c7:53:86:ff:5e:
                    87:5a:9a:44:e5:72:fc:e2:ba:39:b6:35:a8:7b:b2:
                    c3:6b:ce:8f:34:e6:f8:52:00:e4:d6:12:18:3d:0a:
                    ba:b5:a5:17:b9:3a:81:02:20:58:02:21:68:b7:46:
                    1d:b3:d7:ff:a5:67:61:13:4d:7e:c8:87:37:f3:71:
                    08:ce:09:5d:2c:84:b2:00:9b:c3:de:88:8c:c2:2d:
                    8b:ab:23:a1:ef:e6:a6:57:da:f9:7c:52:32:00:96:
                    63:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:24:4E:BF:84:59:03:83:50:62:D3:22:4C:DA:88:A2:52:E9:B8:0A
            X509v3 Authority Key Identifier:
                keyid:76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/gSROv4RZA4NQYtMiTNqIolLpuAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.162.0.0/24
                  46.162.3.0/24
                  46.162.8.0/24
                  46.162.10.0-46.162.12.255
                  46.162.18.0/24
                  46.162.23.0/24
                  46.162.26.0/24
                  46.162.32.0/24
                  46.162.48.0-46.162.50.255
                  46.162.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:0b:58:a3:3f:da:d1:cd:41:dc:31:9c:41:1b:b6:26:70:9f:
         4a:59:a8:68:9d:93:81:b6:2b:1e:5a:a5:1e:bb:90:80:9b:33:
         fd:fe:c3:f9:51:94:52:dd:d0:17:13:b3:46:c5:31:52:a2:79:
         c7:ea:7f:38:55:b4:c7:27:6c:ed:aa:b0:1a:fc:c9:6d:6d:6c:
         cd:c9:9e:76:93:3b:53:ad:b8:9f:9e:c1:70:8b:31:76:6d:b2:
         35:11:43:54:32:3d:a6:53:68:77:58:03:4f:79:25:8f:ad:d9:
         2e:e7:09:4b:23:54:dd:4e:7a:bf:76:c4:1d:59:5d:d4:66:b3:
         11:c3:70:c8:2e:7e:61:84:bd:00:cc:cb:5d:e3:c5:d0:3d:39:
         4a:34:59:92:06:f3:ec:cb:aa:af:b7:80:bd:e1:57:a3:0c:df:
         77:6d:d6:07:ac:1c:58:77:37:cd:75:8b:5e:99:07:a8:16:06:
         14:d0:23:50:ed:f7:0c:69:1a:69:ad:ef:68:fa:ef:0c:90:aa:
         53:dc:1e:17:e4:6a:50:55:62:42:2a:c5:3e:57:a7:88:33:5d:
         c1:eb:09:1d:6b:f7:08:01:97:93:68:49:aa:0f:da:c7:27:21:
         c9:69:ce:33:bf:a9:05:07:23:2b:86:b9:e9:46:8d:82:df:43:
         ca:e5:50:e1
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYno6M9acGwIMxPkcwf2shI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDJmZDNmMzM2Y2U2ZWU5OWU2MWZhOTc3MDQ5YTZjNmE5
MjNlNGEwHhcNMjMwODEyMDg0MTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTI0NGViZjg0NTkwMzgzNTA2MmQzMjI0Y2RhODhhMjUyZTliODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmALf8eTZemy4L+dLSRaydgHyG+l
1Al6aXMy8ALs/Ty1sgWQL7iDhv3x7pldAbylzplZxTGWtLWlta7UWNndHaKYW48G
KycRZwCda62rOkuphkbPIKbWYrf3vvGg0gjlZu31Kslua9JfSrgzOekOcVCy3nxM
A82b1ONcyAoKh65WXgC0Dp4qY5xNt6R/vBqg90wVXy8a8ojHrL8LINRZx1OG/16H
WppE5XL84ro5tjWoe7LDa86PNOb4UgDk1hIYPQq6taUXuTqBAiBYAiFot0Yds9f/
pWdhE01+yIc383EIzgldLISyAJvD3oiMwi2LqyOh7+amV9r5fFIyAJZjRwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFIEkTr+EWQODUGLTIkzaiKJS6bgKMB8GA1UdIwQY
MBaAFHZC/T8zbObumeYfqXcEmmxqkj5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAt
NjJjNDNhYzdjMDJmLzEvZ1NST3Y0UlpBNE5RWXRNaVROcUlvbExwdUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAtNjJjNDNhYzdjMDJm
LzEvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQALqIAAwQA
LqIDAwQALqIIMAwDBAEuogoDBAAuogwDBAAuohIDBAAuohcDBAAuohoDBAAuoiAw
DAMEBC6iMAMEAC6iMgMEAS6iNDANBgkqhkiG9w0BAQsFAAOCAQEARAtYoz/a0c1B
3DGcQRu2JnCfSlmoaJ2TgbYrHlqlHruQgJsz/f7D+VGUUt3QFxOzRsUxUqJ5x+p/
OFW0xyds7aqwGvzJbW1szcmedpM7U624n57BcIsxdm2yNRFDVDI9plNod1gDT3kl
j63ZLucJSyNU3U56v3bEHVld1GazEcNwyC5+YYS9AMzLXePF0D05SjRZkgbz7Muq
r7eAveFXowzfd23WB6wcWHc3zXWLXpkHqBYGFNAjUO33DGkaaa3vaPrvDJCqU9we
F+RqUFViQirFPleniDNdwesJHWv3CAGXk2hJqg/axychyWnOM7+pBQcjK4a56UaN
gt9DyuVQ4Q==
-----END CERTIFICATE-----