Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/e6LFD65ePCLpuge3TOyTgjZZ0hM.roa
File:                     e6LFD65ePCLpuge3TOyTgjZZ0hM.roa (raw, json)
Hash identifier:          JekVjXZ0Ir7xV5NBWsUqhqhXgrQfATWs1y71uI4ea/M=
Subject key identifier:   7B:A2:C5:0F:AE:5E:3C:22:E9:BA:07:B7:4C:EC:93:82:36:59:D2:13
Certificate issuer:       /CN=bc663c6e779dae9bdb046854f189fe8c5c3c32e1
Certificate serial:       0186DC2061FD1E485D455E27887D47E5A7B6
Authority key identifier: BC:66:3C:6E:77:9D:AE:9B:DB:04:68:54:F1:89:FE:8C:5C:3C:32:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGY8bnedrpvbBGhU8Yn-jFw8MuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/e6LFD65ePCLpuge3TOyTgjZZ0hM.roa
Signing time:             Mon 13 Mar 2023 17:59:15 +0000
ROA not before:           Mon 13 Mar 2023 17:59:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47586
IP address blocks:        91.214.56.0/22 maxlen: 24
                          158.58.128.0/21 maxlen: 24
                          185.30.116.0/22 maxlen: 24
                          87.239.0.0/21 maxlen: 24
                          109.235.184.0/21 maxlen: 24
                          37.77.108.0/22 maxlen: 24
                          194.114.128.0/22 maxlen: 24
                          146.19.211.0/24 maxlen: 24
                          80.249.204.0/22 maxlen: 24
                          93.190.16.0/21 maxlen: 24
                          193.0.148.0/22 maxlen: 24
                          195.64.156.0/23 maxlen: 24
                          2a00:b160::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:dc:20:61:fd:1e:48:5d:45:5e:27:88:7d:47:e5:a7:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc663c6e779dae9bdb046854f189fe8c5c3c32e1
        Validity
            Not Before: Mar 13 17:59:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ba2c50fae5e3c22e9ba07b74cec93823659d213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:50:20:c8:5c:a8:25:d7:ec:92:d3:f6:94:fc:
                    fa:01:60:88:87:31:7e:bf:c9:df:28:51:32:7f:11:
                    7e:95:d8:8f:a8:b9:6e:a0:62:6b:34:f7:7f:60:e7:
                    c8:52:16:97:68:5d:42:1e:93:72:24:16:65:e2:ee:
                    e5:8b:ae:d5:3a:78:e5:25:1e:29:3e:87:09:4a:c2:
                    80:bb:c5:c2:0f:4b:f6:5e:8b:57:6c:7d:68:eb:36:
                    31:b0:45:c8:62:bd:a7:11:df:21:90:c4:f9:57:04:
                    2c:a5:c9:9a:a4:a8:7e:9f:36:20:a6:b1:cf:1a:bc:
                    e3:0b:2c:4c:8a:aa:c7:33:41:ac:6f:d5:15:99:01:
                    84:ca:f4:63:45:6b:71:ca:47:6a:b8:7c:b3:8a:6f:
                    77:26:c4:41:ea:77:ba:89:59:80:3c:b3:00:df:b2:
                    36:7f:1a:4f:10:7a:79:14:93:e3:08:81:0c:59:9c:
                    39:4a:81:bb:bb:8b:63:86:b4:19:a7:46:13:16:e8:
                    5f:cb:20:31:c5:a5:0b:8e:e7:ec:ca:33:5d:ab:18:
                    17:c3:cd:4e:a9:47:8d:c7:bb:74:44:88:e7:38:46:
                    b0:9b:02:dd:b2:a5:d5:43:14:21:3d:bb:ea:27:21:
                    6a:f8:c4:d5:d2:34:9a:4f:1d:db:e9:a1:1c:ef:ac:
                    8d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A2:C5:0F:AE:5E:3C:22:E9:BA:07:B7:4C:EC:93:82:36:59:D2:13
            X509v3 Authority Key Identifier:
                keyid:BC:66:3C:6E:77:9D:AE:9B:DB:04:68:54:F1:89:FE:8C:5C:3C:32:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGY8bnedrpvbBGhU8Yn-jFw8MuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/e6LFD65ePCLpuge3TOyTgjZZ0hM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/vGY8bnedrpvbBGhU8Yn-jFw8MuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.108.0/22
                  80.249.204.0/22
                  87.239.0.0/21
                  91.214.56.0/22
                  93.190.16.0/21
                  109.235.184.0/21
                  146.19.211.0/24
                  158.58.128.0/21
                  185.30.116.0/22
                  193.0.148.0/22
                  194.114.128.0/22
                  195.64.156.0/23
                IPv6:
                  2a00:b160::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:36:7e:e6:6a:82:15:02:be:8b:6e:93:aa:8b:e6:34:fc:61:
         02:45:17:3c:5c:0d:98:9a:6d:24:a3:f4:a6:dd:50:ba:7a:25:
         6c:dc:db:d6:db:ba:8d:86:e6:2d:5f:d8:e7:be:aa:7c:b1:09:
         bf:fc:0c:f5:fe:b9:fd:2b:a8:3a:96:92:8e:97:53:47:ae:fa:
         b2:60:aa:61:da:0c:62:41:b3:47:2f:c6:55:7d:a5:81:26:f2:
         0a:18:1e:5f:51:ec:95:6e:48:ab:bd:41:42:9c:52:3d:98:37:
         35:9f:e2:d5:5b:cd:01:48:6c:ef:e8:32:4f:ec:8a:1d:e9:af:
         ea:25:00:bc:f1:1b:b2:80:e2:fc:d5:da:64:60:15:39:be:88:
         73:f6:d7:eb:00:98:88:95:45:b2:28:7e:b8:4f:ef:ca:dd:da:
         f2:c7:4b:b1:d0:b0:66:55:f6:b0:6e:af:fa:23:e9:11:ef:6d:
         d2:7c:10:3e:1a:41:fb:d0:1f:dd:8c:53:ee:27:d5:93:01:a7:
         0b:6f:be:4e:b6:35:8b:49:ec:89:e4:39:7f:e8:ac:36:d6:71:
         75:0f:db:c5:b4:37:58:5d:64:ae:ae:42:bd:5f:ea:e2:14:64:
         b4:52:b6:6b:af:f0:fb:ca:e5:9a:30:d4:71:5e:88:7d:2f:af:
         7d:00:6f:86
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYbcIGH9HkhdRV4niH1H5ae2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjYzYzZlNzc5ZGFlOWJkYjA0Njg1NGYxODlmZThjNWMz
YzMyZTEwHhcNMjMwMzEzMTc1OTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmEyYzUwZmFlNWUzYzIyZTliYTA3Yjc0Y2VjOTM4MjM2NTlkMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFAgyFyoJdfsktP2lPz6AWCIhzF+
v8nfKFEyfxF+ldiPqLluoGJrNPd/YOfIUhaXaF1CHpNyJBZl4u7li67VOnjlJR4p
PocJSsKAu8XCD0v2XotXbH1o6zYxsEXIYr2nEd8hkMT5VwQspcmapKh+nzYgprHP
GrzjCyxMiqrHM0Gsb9UVmQGEyvRjRWtxykdquHyzim93JsRB6ne6iVmAPLMA37I2
fxpPEHp5FJPjCIEMWZw5SoG7u4tjhrQZp0YTFuhfyyAxxaULjufsyjNdqxgXw81O
qUeNx7t0RIjnOEawmwLdsqXVQxQhPbvqJyFq+MTV0jSaTx3b6aEc76yN8QIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFHuixQ+uXjwi6boHt0zsk4I2WdITMB8GA1UdIwQY
MBaAFLxmPG53na6b2wRoVPGJ/oxcPDLhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdZOGJuZWRycHZiQkdoVThZbi1qRnc4TXVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83YThmM2YtMzA0Yy00YTI2LWFlY2Et
MThiZGZlOGNjMGNkLzEvZTZMRkQ2NWVQQ0xwdWdlM1RPeVRnalpaMGhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83YThmM2YtMzA0Yy00YTI2LWFlY2EtMThiZGZlOGNjMGNk
LzEvdkdZOGJuZWRycHZiQkdoVThZbi1qRnc4TXVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQCJU1sAwQC
UPnMAwQDV+8AAwQCW9Y4AwQDXb4QAwQDbeu4AwQAkhPTAwQDnjqAAwQCuR50AwQC
wQCUAwQCwnKAAwQBw0CcMA0EAgACMAcDBQAqALFgMA0GCSqGSIb3DQEBCwUAA4IB
AQDANn7maoIVAr6LbpOqi+Y0/GECRRc8XA2Ymm0ko/Sm3VC6eiVs3NvW27qNhuYt
X9jnvqp8sQm//Az1/rn9K6g6lpKOl1NHrvqyYKph2gxiQbNHL8ZVfaWBJvIKGB5f
UeyVbkirvUFCnFI9mDc1n+LVW80BSGzv6DJP7Iod6a/qJQC88RuygOL81dpkYBU5
vohz9tfrAJiIlUWyKH64T+/K3dryx0ux0LBmVfawbq/6I+kR723SfBA+GkH70B/d
jFPuJ9WTAacLb75OtjWLSeyJ5Dl/6Kw21nF1D9vFtDdYXWSurkK9X+riFGS0UrZr
r/D7yuWaMNRxXoh9L699AG+G
-----END CERTIFICATE-----