Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fvdEvS8IkoIemIj6LuyrCZ3ojKw.roa
File:                     fvdEvS8IkoIemIj6LuyrCZ3ojKw.roa (raw, json)
Hash identifier:          hmAUyJ5MZH5rJ7X7++QVwdkSWxfYOq/D1i/Xuwg85oE=
Subject key identifier:   7E:F7:44:BD:2F:08:92:82:1E:98:88:FA:2E:EC:AB:09:9D:E8:8C:AC
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018B1E23AB678F1C600E8A9CC2BBBB34DE0C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fvdEvS8IkoIemIj6LuyrCZ3ojKw.roa
Signing time:             Wed 11 Oct 2023 09:48:55 +0000
ROA not before:           Wed 11 Oct 2023 09:48:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.209.38.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.225.1.0/24 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.223.80.0/24 maxlen: 24
                          185.222.30.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          185.240.122.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.238.229.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1e:23:ab:67:8f:1c:60:0e:8a:9c:c2:bb:bb:34:de:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct 11 09:48:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ef744bd2f0892821e9888fa2eecab099de88cac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:1c:9f:5f:87:9c:db:c0:82:28:e3:cb:fe:5e:
                    50:8f:43:15:d1:bf:6c:03:db:66:9d:99:91:02:b2:
                    b3:a5:9b:c1:09:0c:83:91:1e:cf:37:82:f3:92:bc:
                    3b:54:03:ae:97:5f:83:2e:d8:23:04:f9:f0:26:49:
                    22:fe:90:de:c1:61:22:69:00:ff:d8:cc:5e:dc:e8:
                    80:a7:a8:40:61:0b:15:4f:40:2d:8e:b0:44:04:72:
                    3d:fb:19:bd:b8:0d:c7:38:08:64:5c:bf:0b:66:1a:
                    11:b2:fe:d6:26:0d:39:8a:63:9e:5e:ad:24:15:0d:
                    66:fc:c0:c3:a5:86:b0:a7:ef:e3:45:e5:30:66:b2:
                    d5:fa:a1:da:31:20:e3:df:b5:f7:6f:36:99:61:56:
                    c9:cd:f2:0f:37:3d:3a:9f:57:09:26:9e:ef:f7:6b:
                    57:89:59:4c:0c:66:e7:7f:76:d0:1b:c9:b1:77:eb:
                    e0:de:b7:32:87:bf:1d:e0:7a:fe:3b:a5:f4:4d:13:
                    d8:fb:b7:04:b8:a8:f4:72:79:3a:fc:a2:93:42:4e:
                    5d:8c:65:76:9f:bd:b1:56:0d:e1:66:a5:9a:02:e8:
                    6d:7a:70:d3:9e:53:28:e5:1e:e3:62:20:c5:ba:c4:
                    66:72:43:53:c3:27:6e:57:3c:65:a3:37:99:96:10:
                    42:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:F7:44:BD:2F:08:92:82:1E:98:88:FA:2E:EC:AB:09:9D:E8:8C:AC
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fvdEvS8IkoIemIj6LuyrCZ3ojKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.209.38.0/24
                  185.220.250.0/23
                  185.222.30.0/23
                  185.223.80.0/24
                  185.223.82.0/24
                  185.225.0.0/23
                  185.238.229.0/24
                  185.240.122.0/24
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:c8:72:cf:12:1d:0f:47:58:3b:70:1a:c8:df:b4:fb:ee:3a:
         d9:64:ac:ba:93:6e:43:c3:64:0e:7b:1c:ed:a4:6c:78:d3:a2:
         18:d9:46:14:e1:8d:15:6e:8e:f1:17:db:64:66:42:15:75:46:
         56:aa:ed:73:f5:54:fe:61:28:f0:3a:f1:99:f8:30:42:09:8e:
         66:0f:18:69:89:4f:52:f4:37:76:5f:65:e1:3c:91:a5:8d:8a:
         af:8c:2b:73:15:e3:52:33:26:f4:1e:a1:70:e6:7a:aa:d8:56:
         14:a3:1f:02:ee:8d:75:fd:3f:e2:72:d4:d8:b3:f5:f4:4b:ef:
         d7:4e:52:27:e0:28:1b:07:72:ca:86:77:fd:71:ce:06:01:c4:
         a2:93:21:7f:dd:c6:e7:50:58:d2:57:12:fa:05:2c:42:40:17:
         fc:c3:82:f0:a8:12:8d:83:5e:d2:88:c2:19:34:68:54:9f:62:
         3a:18:f2:52:d3:ac:2d:79:e2:cd:21:42:ed:d5:d0:b4:47:f9:
         af:b7:e9:90:1d:25:1e:8a:ca:2f:b9:88:7d:1d:bb:56:2b:3c:
         27:01:c9:fc:48:d1:a4:29:49:c2:03:a9:72:3d:ab:14:7f:c2:
         49:5d:5b:82:11:a5:56:5c:ec:94:4a:48:5b:0e:e3:bc:72:48:
         ad:61:1a:6b
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYseI6tnjxxgDoqcwru7NN4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMDExMDk0ODU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWY3NDRiZDJmMDg5MjgyMWU5ODg4ZmEyZWVjYWIwOTlkZTg4Y2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihyfX4ec28CCKOPL/l5Qj0MV0b9s
A9tmnZmRArKzpZvBCQyDkR7PN4Lzkrw7VAOul1+DLtgjBPnwJkki/pDewWEiaQD/
2Mxe3OiAp6hAYQsVT0AtjrBEBHI9+xm9uA3HOAhkXL8LZhoRsv7WJg05imOeXq0k
FQ1m/MDDpYawp+/jReUwZrLV+qHaMSDj37X3bzaZYVbJzfIPNz06n1cJJp7v92tX
iVlMDGbnf3bQG8mxd+vg3rcyh78d4Hr+O6X0TRPY+7cEuKj0cnk6/KKTQk5djGV2
n72xVg3hZqWaAuhtenDTnlMo5R7jYiDFusRmckNTwyduVzxlozeZlhBCuQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFH73RL0vCJKCHpiI+i7sqwmd6IysMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZnZkRXZTOElrb0llbUlqNkx1eXJDWjNvakt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQgVAwQA
LZPgAwQAudEmAwQBudz6AwQBud4eAwQAud9QAwQAud9SAwQBueEAAwQAue7lAwQA
ufB6AwQAufvlAwQBwTqSMA0GCSqGSIb3DQEBCwUAA4IBAQApyHLPEh0PR1g7cBrI
37T77jrZZKy6k25Dw2QOexztpGx406IY2UYU4Y0Vbo7xF9tkZkIVdUZWqu1z9VT+
YSjwOvGZ+DBCCY5mDxhpiU9S9Dd2X2XhPJGljYqvjCtzFeNSMyb0HqFw5nqq2FYU
ox8C7o11/T/ictTYs/X0S+/XTlIn4CgbB3LKhnf9cc4GAcSikyF/3cbnUFjSVxL6
BSxCQBf8w4LwqBKNg17SiMIZNGhUn2I6GPJS06wteeLNIULt1dC0R/mvt+mQHSUe
isovuYh9HbtWKzwnAcn8SNGkKUnCA6lyPasUf8JJXVuCEaVWXOyUSkhbDuO8ckit
YRpr
-----END CERTIFICATE-----