Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/WOfQSc3_4gmpiC-fDwS8bjUk4HY.roa
File:                     WOfQSc3_4gmpiC-fDwS8bjUk4HY.roa (raw, json)
Hash identifier:          tE8mPKdUpKN9umNoMklL5B7mNCyq2J6K4CVM6KJlBKg=
Subject key identifier:   58:E7:D0:49:CD:FF:E2:09:A9:88:2F:9F:0F:04:BC:6E:35:24:E0:76
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018C31C3C0C6849384C9F75AA73035BA3DDA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/WOfQSc3_4gmpiC-fDwS8bjUk4HY.roa
Signing time:             Sun 03 Dec 2023 22:19:21 +0000
ROA not before:           Sun 03 Dec 2023 22:19:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.227.146.0/23 maxlen: 24
                          185.220.251.0/24 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.210.234.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.251.231.0/24 maxlen: 24
                          185.108.204.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.222.30.0/24 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          185.206.250.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:31:c3:c0:c6:84:93:84:c9:f7:5a:a7:30:35:ba:3d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Dec  3 22:19:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=58e7d049cdffe209a9882f9f0f04bc6e3524e076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:cf:cb:51:f6:b1:eb:c3:00:ea:1d:d8:1d:52:
                    b2:3d:a8:44:70:77:97:ce:7d:4b:a6:8a:b6:1b:ff:
                    3a:b4:b4:66:17:d3:c3:d7:fb:41:9a:7b:6a:7c:e9:
                    d5:15:3a:cb:22:ac:00:90:40:39:cc:b6:f6:cd:0a:
                    e4:e4:f1:07:74:c5:f4:b7:e8:f0:c1:3f:7f:9c:27:
                    ed:97:5b:7a:27:b5:e3:72:7a:f7:09:8c:b3:42:60:
                    c5:86:51:b5:f9:57:a5:48:e9:ff:49:99:8b:bf:b1:
                    d4:aa:7f:21:6d:f3:de:37:0f:64:68:b3:04:a9:0e:
                    84:3b:56:5c:15:3b:fb:7c:99:5b:d3:3b:41:2a:6b:
                    12:f7:9d:27:44:c5:89:c7:db:60:db:d9:e3:e3:53:
                    05:25:fa:1c:ed:ce:09:4a:44:ab:49:88:ce:55:fc:
                    34:eb:e5:63:00:48:d7:34:5c:48:6f:8d:ab:3b:26:
                    3a:e3:e3:8d:71:c4:86:b0:5d:61:b7:ef:c4:01:aa:
                    2d:94:23:e9:58:40:1a:e1:78:f1:31:e4:01:91:3d:
                    dd:9e:74:4f:15:34:0e:51:8e:b3:a5:3d:27:84:97:
                    93:7a:27:4b:c3:99:83:c6:3b:47:82:4f:e0:da:8f:
                    91:87:3a:f7:ba:30:7f:c9:dd:a2:f4:a7:bb:a7:e7:
                    17:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:E7:D0:49:CD:FF:E2:09:A9:88:2F:9F:0F:04:BC:6E:35:24:E0:76
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/WOfQSc3_4gmpiC-fDwS8bjUk4HY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.108.204.0/23
                  185.206.250.0/24
                  185.210.234.0/24
                  185.220.249.0-185.220.251.255
                  185.222.30.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  185.251.229.0/24
                  185.251.231.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:35:2e:1d:bb:a9:3e:68:fe:f9:a3:49:9d:9d:c3:55:11:cc:
         a9:ef:f2:cc:56:ce:d3:08:f5:a8:b8:e2:8f:9b:8a:65:82:c9:
         4a:1f:54:d5:dc:26:44:88:39:50:e7:58:5c:b1:3b:b5:df:75:
         34:cf:f1:94:e7:e3:46:ea:02:37:f0:fd:c6:a0:6c:cb:b8:98:
         af:85:9a:51:06:8b:c4:4f:68:d7:f7:3e:6f:6c:fe:92:61:bf:
         5d:7d:71:c0:6b:14:45:37:d0:78:bd:85:bd:0d:3e:a1:1f:2c:
         b8:74:cf:c8:e7:1e:0f:98:7e:94:26:a2:64:65:90:d2:70:3d:
         c5:17:62:7a:ba:99:7e:43:f1:e2:65:8f:0f:88:0f:6d:4f:e1:
         9b:a1:5a:20:86:1f:8b:6c:62:ff:76:ca:83:9b:9e:49:4e:16:
         53:0d:9f:4e:6c:ad:27:7c:19:2f:9f:7d:e7:4a:ba:68:4a:c2:
         b7:35:5b:03:af:d3:87:c9:13:52:00:4a:4b:96:f9:d3:03:f6:
         21:8f:16:f2:12:b5:5f:76:cc:22:b8:51:f0:10:b5:5b:3d:e8:
         37:46:40:a7:e6:4d:bb:60:49:06:87:c6:c5:da:32:15:12:ef:
         36:e3:74:bd:11:85:3b:eb:d6:e1:ed:f1:d6:c3:13:cd:94:32:
         38:6f:f8:d6
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYwxw8DGhJOEyfdapzA1uj3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMjAzMjIxOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGU3ZDA0OWNkZmZlMjA5YTk4ODJmOWYwZjA0YmM2ZTM1MjRlMDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxM/LUfax68MA6h3YHVKyPahEcHeX
zn1Lpoq2G/86tLRmF9PD1/tBmntqfOnVFTrLIqwAkEA5zLb2zQrk5PEHdMX0t+jw
wT9/nCftl1t6J7Xjcnr3CYyzQmDFhlG1+VelSOn/SZmLv7HUqn8hbfPeNw9kaLME
qQ6EO1ZcFTv7fJlb0ztBKmsS950nRMWJx9tg29nj41MFJfoc7c4JSkSrSYjOVfw0
6+VjAEjXNFxIb42rOyY64+ONccSGsF1ht+/EAaotlCPpWEAa4XjxMeQBkT3dnnRP
FTQOUY6zpT0nhJeTeidLw5mDxjtHgk/g2o+Rhzr3ujB/yd2i9Ke7p+cXkQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFFjn0EnN/+IJqYgvnw8EvG41JOB2MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvV09mUVNjM180Z21waUMtZkR3UzhialVrNEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALQgVAwQA
LZPgAwQBuWzMAwQAuc76AwQAudLqMAwDBAC53PkDBAK53PgDBAG53h4DBAG54QAD
BAG545IDBAC5++UDBAC5++cDBAHBOpIwDQYJKoZIhvcNAQELBQADggEBAJ01Lh27
qT5o/vmjSZ2dw1URzKnv8sxWztMI9ai44o+bimWCyUofVNXcJkSIOVDnWFyxO7Xf
dTTP8ZTn40bqAjfw/cagbMu4mK+FmlEGi8RPaNf3Pm9s/pJhv119ccBrFEU30Hi9
hb0NPqEfLLh0z8jnHg+YfpQmomRlkNJwPcUXYnq6mX5D8eJljw+ID21P4ZuhWiCG
H4tsYv92yoObnklOFlMNn05srSd8GS+ffedKumhKwrc1WwOv04fJE1IASkuW+dMD
9iGPFvIStV92zCK4UfAQtVs96DdGQKfmTbtgSQaHxsXaMhUS7zbjdL0RhTvr1uHt
8dbDE82UMjhv+NY=
-----END CERTIFICATE-----