Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/tg1x3LDkJWa5tAaAWuDvCKsHSr4.roa
File:                     tg1x3LDkJWa5tAaAWuDvCKsHSr4.roa (raw, json)
Hash identifier:          at8joFMbqmBVtUmRrgIRElZjsNVikeSUU4PprXXfnNE=
Subject key identifier:   B6:0D:71:DC:B0:E4:25:66:B9:B4:06:80:5A:E0:EF:08:AB:07:4A:BE
Certificate issuer:       /CN=2ef957aba2ef00352850e202464c71d33ca81448
Certificate serial:       01857082C00C28552015F20B1D9F3234A793
Authority key identifier: 2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/tg1x3LDkJWa5tAaAWuDvCKsHSr4.roa
Signing time:             Mon 02 Jan 2023 03:24:55 +0000
ROA not before:           Mon 02 Jan 2023 03:24:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2471
IP address blocks:        193.54.56.0/24 maxlen: 24
                          195.83.189.0/24 maxlen: 24
                          194.254.98.0/24 maxlen: 24
                          193.51.134.0/24 maxlen: 24
                          193.51.135.0/24 maxlen: 24
                          195.221.172.0/24 maxlen: 24
                          195.221.169.0/24 maxlen: 24
                          194.199.94.0/24 maxlen: 24
                          194.199.93.0/24 maxlen: 24
                          194.199.96.0/24 maxlen: 24
                          194.57.236.0/24 maxlen: 24
                          194.57.237.0/24 maxlen: 24
                          193.52.35.0/24 maxlen: 24
                          194.254.197.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:82:c0:0c:28:55:20:15:f2:0b:1d:9f:32:34:a7:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ef957aba2ef00352850e202464c71d33ca81448
        Validity
            Not Before: Jan  2 03:24:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b60d71dcb0e42566b9b406805ae0ef08ab074abe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:24:f1:38:33:3f:5d:fe:6d:87:da:e9:f7:e5:
                    7a:55:3b:8d:68:f6:08:6a:73:d3:b7:d0:02:b7:38:
                    e9:89:d7:9e:7f:8d:9d:7c:68:05:ff:69:46:5c:0c:
                    9b:26:07:8e:15:cf:15:7d:2d:c1:78:1c:36:63:bf:
                    ab:d1:95:61:46:41:8d:36:d2:9c:40:3a:5a:02:1d:
                    66:51:c8:c3:7d:c9:24:1e:60:6d:05:1f:2a:b9:28:
                    b0:7f:f9:44:1c:c1:0c:26:bf:97:3c:61:a7:f9:8a:
                    b3:19:0d:60:8a:ff:75:18:3b:17:9f:26:43:4f:f5:
                    02:0d:ad:50:7f:3a:f1:4b:d4:26:f7:b2:93:45:1c:
                    14:db:de:92:8a:8f:ab:f5:25:8c:6b:be:14:91:42:
                    be:26:ca:8d:7b:e2:b9:72:b9:0b:c4:0f:29:bf:e4:
                    d6:a8:e6:19:f5:1a:85:40:64:af:b8:70:8e:3e:93:
                    16:f2:d8:3b:71:81:01:8e:6c:5c:b8:26:72:30:6c:
                    67:c7:18:93:f7:3e:1e:a7:5b:c2:c5:b6:ee:e2:8c:
                    38:bc:3a:a2:c1:1d:58:17:3d:2d:bb:2f:a5:c6:02:
                    89:57:24:d7:63:97:06:38:a5:94:79:03:8a:7a:51:
                    c3:85:70:dc:72:fc:be:4a:7c:88:37:09:b4:41:be:
                    ab:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:0D:71:DC:B0:E4:25:66:B9:B4:06:80:5A:E0:EF:08:AB:07:4A:BE
            X509v3 Authority Key Identifier:
                keyid:2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/tg1x3LDkJWa5tAaAWuDvCKsHSr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.51.134.0/23
                  193.52.35.0/24
                  193.54.56.0/24
                  194.57.236.0/23
                  194.199.93.0-194.199.94.255
                  194.199.96.0/24
                  194.254.98.0/24
                  194.254.197.0/24
                  195.83.189.0/24
                  195.221.169.0/24
                  195.221.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:61:87:e7:bb:d8:ef:aa:db:a1:3a:07:9c:72:7a:c5:52:d1:
         0f:78:77:d8:01:a8:94:94:94:19:27:17:50:8a:19:12:d3:d5:
         4f:87:d1:25:fc:4a:6b:13:23:d3:87:df:64:25:22:29:c6:ad:
         37:46:fb:8b:0e:b9:ae:4a:0d:3b:cb:66:92:e4:af:0e:06:23:
         ba:e1:e4:9c:1f:e8:8b:ce:0a:34:ba:c7:54:ee:b7:0a:7a:28:
         8b:f3:8f:d7:a1:1b:4a:11:da:4a:33:6c:fc:2d:1f:fa:71:36:
         d4:e2:0d:d4:ae:0e:95:36:16:5e:11:a4:2e:48:7b:91:d4:86:
         40:fc:37:ed:82:55:99:d4:c4:80:e3:92:b7:62:47:e5:dd:b5:
         55:74:e5:a8:6c:ea:a3:e0:61:2d:71:2a:cc:d8:c4:28:84:c5:
         c9:36:d9:47:55:c8:1a:1a:99:b2:50:36:1f:d5:1d:34:7b:82:
         46:2c:2a:5a:e3:16:2a:4c:16:8b:ef:a8:92:4e:37:47:48:3c:
         1d:53:2d:71:55:17:21:a4:56:13:78:9e:29:6f:14:96:6b:af:
         0b:a3:f6:3b:32:79:ac:d4:1a:07:81:b6:15:c9:4a:9a:f3:3f:
         16:b0:5a:51:2f:62:2a:5f:19:72:42:28:a3:46:ac:90:29:35:
         e5:b1:d2:52
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVwgsAMKFUgFfILHZ8yNKeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZjk1N2FiYTJlZjAwMzUyODUwZTIwMjQ2NGM3MWQzM2Nh
ODE0NDgwHhcNMjMwMTAyMDMyNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjBkNzFkY2IwZTQyNTY2YjliNDA2ODA1YWUwZWYwOGFiMDc0YWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyTxODM/Xf5th9rp9+V6VTuNaPYI
anPTt9ACtzjpideef42dfGgF/2lGXAybJgeOFc8VfS3BeBw2Y7+r0ZVhRkGNNtKc
QDpaAh1mUcjDfckkHmBtBR8quSiwf/lEHMEMJr+XPGGn+YqzGQ1giv91GDsXnyZD
T/UCDa1QfzrxS9Qm97KTRRwU296Sio+r9SWMa74UkUK+JsqNe+K5crkLxA8pv+TW
qOYZ9RqFQGSvuHCOPpMW8tg7cYEBjmxcuCZyMGxnxxiT9z4ep1vCxbbu4ow4vDqi
wR1YFz0tuy+lxgKJVyTXY5cGOKWUeQOKelHDhXDccvy+SnyINwm0Qb6rswIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFLYNcdyw5CVmubQGgFrg7wirB0q+MB8GA1UdIwQY
MBaAFC75V6ui7wA1KFDiAkZMcdM8qBRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYt
MDRhMjdjNGQ1NDUzLzEvdGcxeDNMRGtKV2E1dEFhQVd1RHZDS3NIU3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYtMDRhMjdjNGQ1NDUz
LzEvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBwTOGAwQA
wTQjAwQAwTY4AwQBwjnsMAwDBADCx10DBADCx14DBADCx2ADBADC/mIDBADC/sUD
BADDU70DBADD3akDBADD3awwDQYJKoZIhvcNAQELBQADggEBAHZhh+e72O+q26E6
B5xyesVS0Q94d9gBqJSUlBknF1CKGRLT1U+H0SX8SmsTI9OH32QlIinGrTdG+4sO
ua5KDTvLZpLkrw4GI7rh5Jwf6IvOCjS6x1Tutwp6KIvzj9ehG0oR2kozbPwtH/px
NtTiDdSuDpU2Fl4RpC5Ie5HUhkD8N+2CVZnUxIDjkrdiR+XdtVV05ahs6qPgYS1x
KszYxCiExck22UdVyBoambJQNh/VHTR7gkYsKlrjFipMFovvqJJON0dIPB1TLXFV
FyGkVhN4nilvFJZrrwuj9jsyeazUGgeBthXJSprzPxawWlEvYipfGXJCKKNGrJAp
NeWx0lI=
-----END CERTIFICATE-----