Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/bsRhN19WrrZzhrxojXAW41tnq40.roa
File:                     bsRhN19WrrZzhrxojXAW41tnq40.roa (raw, json)
Hash identifier:          9C9/8+rKsYI/9/CmOigFiCeosgmJstURQhiSVB72rVU=
Subject key identifier:   6E:C4:61:37:5F:56:AE:B6:73:86:BC:68:8D:70:16:E3:5B:67:AB:8D
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018571D7C096C0FC07F80E6B121953CA3AF7
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/bsRhN19WrrZzhrxojXAW41tnq40.roa
Signing time:             Mon 02 Jan 2023 09:37:22 +0000
ROA not before:           Mon 02 Jan 2023 09:37:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48037
IP address blocks:        147.181.64.0/18 maxlen: 24
                          147.181.98.0/24 maxlen: 24
                          147.181.96.0/24 maxlen: 24
                          147.181.97.0/24 maxlen: 24
                          147.181.99.0/24 maxlen: 24
                          147.181.103.0/24 maxlen: 24
                          147.181.112.0/24 maxlen: 24
                          147.181.109.0/24 maxlen: 24
                          147.181.108.0/24 maxlen: 24
                          147.181.117.0/24 maxlen: 24
                          147.181.113.0/24 maxlen: 24
                          147.181.114.0/24 maxlen: 24
                          147.181.40.0/22 maxlen: 24
                          2a04:9a03:1010::/44 maxlen: 44
                          2a04:9a00:1004::/48 maxlen: 48
                          2a04:9a00:1124::/48 maxlen: 48
                          2a04:9a00:1121::/48 maxlen: 48
                          2a04:9a00:111c::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d7:c0:96:c0:fc:07:f8:0e:6b:12:19:53:ca:3a:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  2 09:37:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6ec461375f56aeb67386bc688d7016e35b67ab8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:40:00:b4:b7:ea:07:52:3c:1b:d0:ef:0d:5f:
                    07:5f:35:e5:33:1a:d3:81:52:0d:9e:c3:db:27:a6:
                    cc:10:f5:57:0d:53:cf:32:f7:00:8e:29:f2:b4:da:
                    fb:a7:5b:c9:97:32:5f:b1:2e:1a:24:15:a9:5c:c9:
                    4b:94:a2:fc:3c:4a:5d:8d:85:41:c2:f4:de:0d:49:
                    6d:f9:f7:39:d7:43:93:c5:18:f0:63:ef:26:77:69:
                    d1:22:c8:c4:9a:f1:81:5e:e3:2b:9e:a8:0c:e9:3a:
                    49:86:b7:37:8f:52:74:e2:37:06:30:47:f0:06:49:
                    d7:e0:05:51:11:c9:46:5a:0b:c7:5d:5c:87:dd:20:
                    ee:cb:e4:d1:be:4e:a9:f3:de:d1:6f:1b:53:02:c9:
                    0f:6f:3c:8c:c9:77:72:08:c7:73:6f:1f:ee:a4:dc:
                    af:22:a2:05:86:a1:84:70:f3:6e:ff:99:a7:27:3d:
                    7b:86:df:a2:14:cd:f9:c6:64:cc:69:26:63:ff:37:
                    0d:cf:8a:f1:65:a8:f2:9e:f4:2b:b4:db:05:06:ce:
                    f5:5a:58:46:b5:45:15:fd:9d:a4:44:a4:81:b9:23:
                    82:ad:e8:57:bb:a2:c9:8c:8f:81:78:d5:63:37:43:
                    0e:7d:5a:30:c9:cb:c4:20:9f:e2:57:bf:41:b5:b8:
                    8a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C4:61:37:5F:56:AE:B6:73:86:BC:68:8D:70:16:E3:5B:67:AB:8D
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/bsRhN19WrrZzhrxojXAW41tnq40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.181.40.0/22
                  147.181.64.0/18
                IPv6:
                  2a04:9a00:1004::/48
                  2a04:9a00:111c::/48
                  2a04:9a00:1121::/48
                  2a04:9a00:1124::/48
                  2a04:9a03:1010::/44

    Signature Algorithm: sha256WithRSAEncryption
         c0:17:6b:b8:ba:5b:44:83:8b:70:9f:af:d7:a5:b8:1b:56:35:
         f5:62:ab:c8:23:46:00:ce:b4:ac:54:ad:d6:e6:f7:7f:74:db:
         53:98:4b:04:52:8f:b6:c5:27:77:ed:6a:cc:2b:f7:db:df:24:
         ad:49:94:78:f2:4c:ad:f9:4b:00:0c:db:24:73:8f:aa:56:26:
         4a:65:06:8a:a5:03:ca:ce:01:f4:a6:55:68:eb:22:b8:a8:23:
         ea:f7:35:fb:50:3a:e4:49:39:9b:99:83:c4:72:13:d3:b2:30:
         22:6e:92:0f:5f:b8:73:70:38:43:77:82:9a:c1:41:4b:84:9a:
         81:a2:62:e1:d0:2a:5a:bf:13:fe:1a:ea:f2:a8:1c:54:e9:07:
         e1:c5:36:f8:24:49:62:a1:f6:58:78:2d:3c:fe:cd:d5:c8:8d:
         ab:2d:e5:bc:45:d9:56:97:17:d1:60:c9:a5:3d:c6:97:61:dd:
         84:40:90:bc:68:05:80:3c:8d:2c:1c:e5:b3:35:34:42:17:e5:
         87:7e:c1:63:f5:5f:21:23:be:75:f6:0b:c9:8c:fa:2e:4a:88:
         af:63:e6:e0:b1:f0:62:04:86:81:62:b0:55:9b:c6:1f:dc:9d:
         23:62:60:4d:60:85:d5:ea:89:96:c5:17:45:79:c6:1b:a1:4c:
         66:d4:8c:ff
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYVx18CWwPwH+A5rEhlTyjr3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjMwMTAyMDkzNzIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWM0NjEzNzVmNTZhZWI2NzM4NmJjNjg4ZDcwMTZlMzViNjdhYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEAAtLfqB1I8G9DvDV8HXzXlMxrT
gVINnsPbJ6bMEPVXDVPPMvcAjinytNr7p1vJlzJfsS4aJBWpXMlLlKL8PEpdjYVB
wvTeDUlt+fc510OTxRjwY+8md2nRIsjEmvGBXuMrnqgM6TpJhrc3j1J04jcGMEfw
BknX4AVREclGWgvHXVyH3SDuy+TRvk6p897RbxtTAskPbzyMyXdyCMdzbx/upNyv
IqIFhqGEcPNu/5mnJz17ht+iFM35xmTMaSZj/zcNz4rxZajynvQrtNsFBs71WlhG
tUUV/Z2kRKSBuSOCrehXu6LJjI+BeNVjN0MOfVowycvEIJ/iV79BtbiKJQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFG7EYTdfVq62c4a8aI1wFuNbZ6uNMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvYnNSaE4xOVdyclp6aHJ4b2pYQVc0MXRucTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTASBAIAATAMAwQCk7UoAwQG
k7VAMDMEAgACMC0DBwAqBJoAEAQDBwAqBJoAERwDBwAqBJoAESEDBwAqBJoAESQD
BwQqBJoDEBAwDQYJKoZIhvcNAQELBQADggEBAMAXa7i6W0SDi3Cfr9eluBtWNfVi
q8gjRgDOtKxUrdbm939021OYSwRSj7bFJ3ftaswr99vfJK1JlHjyTK35SwAM2yRz
j6pWJkplBoqlA8rOAfSmVWjrIrioI+r3NftQOuRJOZuZg8RyE9OyMCJukg9fuHNw
OEN3gprBQUuEmoGiYuHQKlq/E/4a6vKoHFTpB+HFNvgkSWKh9lh4LTz+zdXIjast
5bxF2VaXF9FgyaU9xpdh3YRAkLxoBYA8jSwc5bM1NEIX5Yd+wWP1XyEjvnX2C8mM
+i5KiK9j5uCx8GIEhoFisFWbxh/cnSNiYE1ghdXqiZbFF0V5xhuhTGbUjP8=
-----END CERTIFICATE-----