Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/MTcWPhsb501O3gJduqCpgk8A9qQ.roa
File:                     MTcWPhsb501O3gJduqCpgk8A9qQ.roa (raw, json)
Hash identifier:          dsaKMswzRkPTlWIiGn1vll6ZJ6tl3W+jcI0GLIlYsy0=
Subject key identifier:   31:37:16:3E:1B:1B:E7:4D:4E:DE:02:5D:BA:A0:A9:82:4F:00:F6:A4
Certificate issuer:       /CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
Certificate serial:       018573839C31404AC5720CAA0C857B9E99D9
Authority key identifier: DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/MTcWPhsb501O3gJduqCpgk8A9qQ.roa
Signing time:             Mon 02 Jan 2023 17:24:43 +0000
ROA not before:           Mon 02 Jan 2023 17:24:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20853
IP address blocks:        185.73.228.0/22 maxlen: 32
                          185.7.104.0/22 maxlen: 32
                          79.133.192.0/19 maxlen: 32
                          77.95.236.0/22 maxlen: 32
                          77.95.234.0/23 maxlen: 32
                          185.40.196.0/22 maxlen: 32
                          91.250.243.0/24 maxlen: 32
                          31.31.168.0/21 maxlen: 32
                          80.72.32.0/20 maxlen: 32
                          185.30.124.0/22 maxlen: 32
                          2a05:4480::/29 maxlen: 29
                          2a00:c90::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:83:9c:31:40:4a:c5:72:0c:aa:0c:85:7b:9e:99:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
        Validity
            Not Before: Jan  2 17:24:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3137163e1b1be74d4ede025dbaa0a9824f00f6a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7a:09:9a:0a:3a:92:f8:23:98:08:9c:65:9f:
                    c0:59:f5:82:de:07:ec:82:98:78:75:ff:05:de:d4:
                    79:2e:60:3a:52:e1:94:b8:98:37:72:17:f6:f0:3b:
                    19:1e:02:17:cb:c7:73:21:50:95:56:dc:d6:13:d6:
                    7f:6f:65:f2:9b:df:3b:3f:02:d6:62:0a:36:a9:a8:
                    6e:b2:be:55:cd:66:9a:31:7f:51:fb:e6:26:af:6c:
                    41:f3:d4:61:8a:6f:a2:24:7a:e1:c4:b8:ba:48:19:
                    fe:90:9b:3e:74:9f:ef:94:73:fd:c9:c6:1c:ae:8a:
                    91:ad:24:00:6d:47:ae:5f:6c:eb:f4:07:c5:1c:ad:
                    7b:e5:f6:85:5d:f6:e6:f3:e2:44:c7:0c:60:96:3f:
                    6f:b7:c2:dd:68:5a:52:b7:c0:fe:56:9d:5c:b4:c2:
                    89:b4:51:d6:bf:ee:33:f2:1a:9f:12:64:2b:bf:8a:
                    83:b8:e2:5e:a0:86:e4:70:98:b0:21:fa:ff:dc:ca:
                    af:eb:78:05:47:b2:ef:b8:bd:9a:30:5a:6d:a3:10:
                    96:bf:06:9e:ab:a6:49:98:15:18:0f:9b:a7:bf:17:
                    95:61:f0:21:0c:ab:7c:85:1c:5e:44:dc:d5:34:80:
                    47:f7:ca:7c:a8:d8:b9:e6:c2:90:a3:02:a1:0c:f1:
                    6a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:37:16:3E:1B:1B:E7:4D:4E:DE:02:5D:BA:A0:A9:82:4F:00:F6:A4
            X509v3 Authority Key Identifier:
                keyid:DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/MTcWPhsb501O3gJduqCpgk8A9qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.31.168.0/21
                  77.95.234.0-77.95.239.255
                  79.133.192.0/19
                  80.72.32.0/20
                  91.250.243.0/24
                  185.7.104.0/22
                  185.30.124.0/22
                  185.40.196.0/22
                  185.73.228.0/22
                IPv6:
                  2a00:c90::/32
                  2a05:4480::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:48:0c:31:57:7d:4a:aa:26:f0:2f:6c:77:03:e2:ab:ab:f5:
         23:0f:9d:27:9d:7a:f4:ff:9b:5a:a5:bb:91:ae:b2:23:40:84:
         03:4e:9f:00:e0:22:21:fa:46:3d:78:4c:29:2b:bb:d8:bb:49:
         57:ba:cf:09:ff:b2:29:58:54:79:f6:e5:c6:21:c7:13:e0:6c:
         cb:ac:a0:8f:89:53:73:15:ad:35:bf:0e:b7:fc:e1:27:98:9d:
         7c:8a:45:8f:04:b4:dd:06:e9:4b:83:95:72:36:73:c1:db:42:
         c0:57:91:24:68:12:35:8d:ce:86:b0:88:42:5d:9e:e8:cc:bf:
         69:10:1a:f3:f0:9c:1c:68:6a:de:f7:32:17:2f:6f:45:a3:ae:
         5f:3a:64:de:22:d9:34:4e:5e:bb:d4:62:d7:4e:b9:2e:c3:30:
         03:1b:90:d7:ea:f5:2e:21:5b:98:b1:af:b7:27:af:2d:41:6d:
         4f:ad:6e:89:8f:da:c3:a5:b3:18:cf:06:e0:8c:d3:07:75:26:
         53:37:d8:d5:af:48:02:5f:29:08:f0:23:c5:6f:7c:7d:ac:a6:
         b3:5d:e7:42:35:6a:06:3a:f4:47:77:4c:60:71:39:e2:e1:9f:
         7c:7f:c3:38:b2:29:9b:1a:25:5b:f8:c6:bf:99:ae:6e:7a:ac:
         de:81:bd:cc
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYVzg5wxQErFcgyqDIV7npnZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzg4NDAyMWQxYjAyZThjMTZiNTU1NzQzZGZlYjlkYThl
NDhlMzEwHhcNMjMwMTAyMTcyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTM3MTYzZTFiMWJlNzRkNGVkZTAyNWRiYWEwYTk4MjRmMDBmNmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XoJmgo6kvgjmAicZZ/AWfWC3gfs
gph4df8F3tR5LmA6UuGUuJg3chf28DsZHgIXy8dzIVCVVtzWE9Z/b2Xym987PwLW
Ygo2qahusr5VzWaaMX9R++Ymr2xB89Rhim+iJHrhxLi6SBn+kJs+dJ/vlHP9ycYc
roqRrSQAbUeuX2zr9AfFHK175faFXfbm8+JExwxglj9vt8LdaFpSt8D+Vp1ctMKJ
tFHWv+4z8hqfEmQrv4qDuOJeoIbkcJiwIfr/3Mqv63gFR7LvuL2aMFptoxCWvwae
q6ZJmBUYD5unvxeVYfAhDKt8hRxeRNzVNIBH98p8qNi55sKQowKhDPFqyQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFDE3Fj4bG+dNTt4CXbqgqYJPAPakMB8GA1UdIwQY
MBaAFNw4hAIdGwLowWtVV0Pf652o5I4xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEt
ZDhiNGUwZDBkNmQ1LzEvTVRjV1Boc2I1MDFPM2dKZHVxQ3BnazhBOXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEtZDhiNGUwZDBkNmQ1
LzEvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQDHx+oMAwD
BAFNX+oDBARNX+ADBAVPhcADBARQSCADBABb+vMDBAK5B2gDBAK5HnwDBAK5KMQD
BAK5SeQwFAQCAAIwDgMFACoADJADBQMqBUSAMA0GCSqGSIb3DQEBCwUAA4IBAQAw
SAwxV31KqibwL2x3A+Krq/UjD50nnXr0/5tapbuRrrIjQIQDTp8A4CIh+kY9eEwp
K7vYu0lXus8J/7IpWFR59uXGIccT4GzLrKCPiVNzFa01vw63/OEnmJ18ikWPBLTd
BulLg5VyNnPB20LAV5EkaBI1jc6GsIhCXZ7ozL9pEBrz8JwcaGre9zIXL29Fo65f
OmTeItk0Tl671GLXTrkuwzADG5DX6vUuIVuYsa+3J68tQW1PrW6Jj9rDpbMYzwbg
jNMHdSZTN9jVr0gCXykI8CPFb3x9rKazXedCNWoGOvRHd0xgcTni4Z98f8M4simb
GiVb+Ma/ma5ueqzegb3M
-----END CERTIFICATE-----