Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/MevcxxqiPrvfUoQHG3HLkglKoq0.roa
File:                     MevcxxqiPrvfUoQHG3HLkglKoq0.roa (raw, json)
Hash identifier:          QXsh56fsuOSzQEqFMLTIUPe+FoIANPkLLY6iaMymgfM=
Subject key identifier:   31:EB:DC:C7:1A:A2:3E:BB:DF:52:84:07:1B:71:CB:92:09:4A:A2:AD
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018BFDF915A000DAD688215C9D892458302A
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/MevcxxqiPrvfUoQHG3HLkglKoq0.roa
Signing time:             Thu 23 Nov 2023 20:57:21 +0000
ROA not before:           Thu 23 Nov 2023 20:57:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.209.38.0/24 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.251.231.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.108.204.0/23 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          45.90.16.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.23.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:fd:f9:15:a0:00:da:d6:88:21:5c:9d:89:24:58:30:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 23 20:57:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=31ebdcc71aa23ebbdf5284071b71cb92094aa2ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:34:d7:c4:df:fb:2f:cd:f9:ad:42:62:57:16:
                    d6:4e:fb:7a:a5:91:77:5a:bb:97:aa:15:74:99:d6:
                    b4:dc:70:33:73:f9:70:f3:a6:b5:a9:5f:24:ae:71:
                    8c:fa:2c:3a:35:30:14:84:dc:b4:2c:eb:09:69:cf:
                    9d:35:02:fe:bb:51:c2:99:e2:f5:b7:86:9e:66:d2:
                    d4:58:88:a2:57:37:c2:82:65:03:7c:c8:2d:db:3b:
                    0e:b6:db:92:04:b4:4d:33:85:61:b2:db:fc:14:77:
                    b3:0b:f8:bf:b4:90:92:e9:fd:d9:48:a4:0b:6f:39:
                    d3:27:23:9a:5d:93:e8:43:89:e2:00:75:6b:be:88:
                    cb:5f:18:09:41:f0:ab:f1:9f:d8:b0:e2:70:64:84:
                    45:04:46:85:ad:18:28:c9:28:f7:0e:22:0b:c7:c6:
                    dd:1a:89:a9:4e:a2:5f:81:a2:49:f6:5a:23:d6:f3:
                    b9:64:13:c4:df:6d:76:ae:68:f2:62:50:0f:f1:64:
                    6e:ef:55:33:a7:4a:6a:6a:ec:13:20:c0:2b:fb:b7:
                    eb:e0:98:89:95:15:e0:35:b0:98:69:b1:f0:15:33:
                    45:da:e7:c4:33:26:e0:0c:2f:50:9c:09:a8:7b:8d:
                    85:25:0c:f4:10:09:96:fa:18:c9:e5:7c:15:f3:9b:
                    74:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:EB:DC:C7:1A:A2:3E:BB:DF:52:84:07:1B:71:CB:92:09:4A:A2:AD
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/MevcxxqiPrvfUoQHG3HLkglKoq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.8.23.0/24
                  45.90.16.0/24
                  45.147.224.0/24
                  185.108.204.0/23
                  185.209.38.0/24
                  185.220.249.0-185.220.251.255
                  185.222.30.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  185.251.231.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:09:63:b8:8f:67:42:98:9b:10:bd:cb:5a:e7:20:66:29:01:
         d6:75:a3:73:fa:21:91:9b:a8:b5:86:d7:d2:31:3c:d4:2b:ab:
         b0:9a:d9:a6:bf:a1:9b:83:8b:06:a7:b7:1e:c5:11:83:ec:e5:
         48:53:2b:4f:d3:ee:7c:46:2f:e6:72:16:29:6d:64:85:73:80:
         48:b9:9d:e8:27:cc:c7:7d:dd:08:cc:58:3a:7e:3c:28:57:38:
         d7:50:cb:ed:8f:c3:78:8d:6f:3a:cd:02:76:ae:ba:42:6d:2e:
         df:12:40:db:70:c0:e6:7d:12:80:03:3e:6d:81:90:16:c0:50:
         45:6a:bc:e9:b7:8c:53:30:06:ce:ab:71:90:54:e8:11:67:54:
         2e:fa:a4:ec:52:d3:fa:06:70:24:98:84:32:61:95:58:e9:d3:
         ae:ac:45:77:a4:9f:11:18:a8:66:84:6d:f2:15:c6:0c:9f:a4:
         da:b2:05:2c:fd:f8:28:ac:96:19:af:fd:d5:65:17:ce:76:32:
         61:21:69:ae:0e:f1:87:12:35:00:43:31:60:ec:b9:a3:74:a6:
         0e:17:e5:d5:1a:66:ac:f3:b5:56:7c:da:bd:a3:6f:25:95:16:
         af:f5:4e:58:4b:7f:23:ab:5c:a3:3b:77:91:d0:89:db:b9:41:
         57:44:7b:8f
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYv9+RWgANrWiCFcnYkkWDAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMTIzMjA1NzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWViZGNjNzFhYTIzZWJiZGY1Mjg0MDcxYjcxY2I5MjA5NGFhMmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzTXxN/7L835rUJiVxbWTvt6pZF3
WruXqhV0mda03HAzc/lw86a1qV8krnGM+iw6NTAUhNy0LOsJac+dNQL+u1HCmeL1
t4aeZtLUWIiiVzfCgmUDfMgt2zsOttuSBLRNM4Vhstv8FHezC/i/tJCS6f3ZSKQL
bznTJyOaXZPoQ4niAHVrvojLXxgJQfCr8Z/YsOJwZIRFBEaFrRgoySj3DiILx8bd
GompTqJfgaJJ9loj1vO5ZBPE3212rmjyYlAP8WRu71Uzp0pqauwTIMAr+7fr4JiJ
lRXgNbCYabHwFTNF2ufEMybgDC9QnAmoe42FJQz0EAmW+hjJ5XwV85t0PwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFDHr3Mcaoj6731KEBxtxy5IJSqKtMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTWV2Y3h4cWlQcnZmVW9RSEczSExrZ2xLb3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALQgVAwQA
LQgXAwQALVoQAwQALZPgAwQBuWzMAwQAudEmMAwDBAC53PkDBAK53PgDBAG53h4D
BAG54QADBAG545IDBAC5++UDBAC5++cDBAHBOpIwDQYJKoZIhvcNAQELBQADggEB
ADYJY7iPZ0KYmxC9y1rnIGYpAdZ1o3P6IZGbqLWG19IxPNQrq7Ca2aa/oZuDiwan
tx7FEYPs5UhTK0/T7nxGL+ZyFiltZIVzgEi5negnzMd93QjMWDp+PChXONdQy+2P
w3iNbzrNAnauukJtLt8SQNtwwOZ9EoADPm2BkBbAUEVqvOm3jFMwBs6rcZBU6BFn
VC76pOxS0/oGcCSYhDJhlVjp066sRXeknxEYqGaEbfIVxgyfpNqyBSz9+Cislhmv
/dVlF852MmEhaa4O8YcSNQBDMWDsuaN0pg4X5dUaZqzztVZ82r2jbyWVFq/1TlhL
fyOrXKM7d5HQidu5QVdEe48=
-----END CERTIFICATE-----