Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/qKeXIFzyM4tyucE57CywzdhixvI.roa
File:                     qKeXIFzyM4tyucE57CywzdhixvI.roa (raw, json)
Hash identifier:          CylyDMNvJwlPAcuMz0LaVYtpnO7l8p/6Tp51AK+f7LY=
Subject key identifier:   A8:A7:97:20:5C:F2:33:8B:72:B9:C1:39:EC:2C:B0:CD:D8:62:C6:F2
Certificate issuer:       /CN=4cbfd3e72d4a0396f95347336b42678f68c26430
Certificate serial:       01856FE7042F62601C7AC083517DD1CFA3C0
Authority key identifier: 4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/qKeXIFzyM4tyucE57CywzdhixvI.roa
Signing time:             Mon 02 Jan 2023 00:34:48 +0000
ROA not before:           Mon 02 Jan 2023 00:34:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3188
IP address blocks:        185.8.130.0/24 maxlen: 24
                          185.8.131.0/24 maxlen: 24
                          185.8.128.0/24 maxlen: 24
                          185.8.129.0/24 maxlen: 24
                          5.2.81.0/24 maxlen: 24
                          5.2.82.0/24 maxlen: 24
                          5.2.83.0/24 maxlen: 24
                          5.2.84.0/24 maxlen: 24
                          5.2.85.0/24 maxlen: 24
                          5.2.80.0/24 maxlen: 24
                          5.2.86.0/24 maxlen: 24
                          5.2.87.0/24 maxlen: 24
                          185.8.33.0/24 maxlen: 24
                          185.8.34.0/24 maxlen: 24
                          185.8.35.0/24 maxlen: 24
                          185.8.32.0/24 maxlen: 24
                          185.150.128.0/24 maxlen: 24
                          185.150.129.0/24 maxlen: 24
                          185.150.130.0/24 maxlen: 24
                          185.150.131.0/24 maxlen: 24
                          2a04:b600::/29 maxlen: 29
                          2a02:d9c0::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:e7:04:2f:62:60:1c:7a:c0:83:51:7d:d1:cf:a3:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cbfd3e72d4a0396f95347336b42678f68c26430
        Validity
            Not Before: Jan  2 00:34:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8a797205cf2338b72b9c139ec2cb0cdd862c6f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ff:ae:7f:26:27:85:a0:c5:49:c3:a9:2b:3b:
                    64:db:c0:eb:17:4d:4a:0b:ca:4d:d2:c8:e2:a5:de:
                    d4:dc:8b:64:e9:17:da:1e:c9:29:52:a7:cd:0c:f3:
                    43:4c:45:a6:7e:da:18:43:44:4a:67:64:49:a8:e4:
                    33:f4:3b:fd:12:cf:f2:8d:67:ef:f5:ed:37:6a:49:
                    91:10:8e:93:cc:68:9b:b9:2f:77:3e:7c:56:41:af:
                    df:70:ff:5c:d5:54:5b:89:7d:6f:83:f3:3f:84:a0:
                    0c:08:bc:25:60:00:29:db:07:86:4a:80:57:de:c7:
                    6f:93:b4:a7:bc:ad:40:43:38:b5:58:a4:d9:6a:8d:
                    d0:90:51:d6:fd:63:94:a3:45:aa:e9:97:6b:4a:6f:
                    27:b8:05:7f:fa:62:96:2f:c0:2c:6d:de:a2:b4:57:
                    5d:a2:d6:9e:12:71:ff:98:8e:af:92:a3:e6:7c:40:
                    f4:de:49:8b:7b:56:87:d0:cd:45:a4:b7:48:91:c9:
                    e4:ec:4f:df:6b:38:7a:ee:24:14:99:77:0e:04:eb:
                    ae:1b:47:bd:c9:9c:35:31:21:10:22:f7:5a:61:55:
                    56:dc:4b:32:30:d7:da:d5:c5:46:dd:c6:e3:f8:d5:
                    83:87:db:8e:45:73:21:2a:6b:5c:f0:08:6a:90:cf:
                    b3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A7:97:20:5C:F2:33:8B:72:B9:C1:39:EC:2C:B0:CD:D8:62:C6:F2
            X509v3 Authority Key Identifier:
                keyid:4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/qKeXIFzyM4tyucE57CywzdhixvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.2.80.0/21
                  185.8.32.0/22
                  185.8.128.0/22
                  185.150.128.0/22
                IPv6:
                  2a02:d9c0::/29
                  2a04:b600::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:f6:ec:29:9b:62:5c:37:b7:46:7f:ae:89:b7:7a:21:e9:79:
         cb:dd:2b:4a:23:95:2e:69:1a:10:c5:96:6e:ca:c1:b0:cf:b1:
         26:05:bd:88:6d:1f:7c:fb:c8:66:a2:ba:d2:01:02:a5:20:76:
         af:39:4d:b5:63:a3:9d:cc:5a:52:b2:ba:4e:d8:cc:eb:71:46:
         32:59:5d:98:d1:8e:60:2d:0d:01:21:eb:18:fd:35:9f:33:03:
         57:8d:2f:0d:54:10:8b:9c:27:e5:31:2c:9e:c2:03:6f:e1:09:
         01:40:46:52:a4:ca:ff:ee:ac:f0:d5:05:5c:4b:ea:54:77:a6:
         0f:2c:67:60:60:da:bf:6e:ad:e9:24:bb:de:e9:42:d3:9b:4d:
         09:65:34:0f:87:d2:f1:3d:3d:75:6d:31:ba:1e:15:41:ee:36:
         77:68:bf:b1:0d:73:f9:0a:66:03:17:82:23:8b:09:c2:ee:63:
         d7:f3:02:45:a4:ac:e4:45:ef:70:e6:9d:e6:5c:13:be:35:4b:
         ae:ec:8c:b7:4e:f3:df:23:9d:24:9f:63:b4:a9:c1:54:b3:ec:
         b7:0d:51:bd:47:01:71:29:11:88:f0:de:1a:13:59:1b:7e:99:
         39:32:c3:06:ba:c3:d3:7b:e7:d8:d9:61:4e:e5:7b:aa:9d:f1:
         59:bd:e3:7e
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVv5wQvYmAcesCDUX3Rz6PAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYmZkM2U3MmQ0YTAzOTZmOTUzNDczMzZiNDI2NzhmNjhj
MjY0MzAwHhcNMjMwMTAyMDAzNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE3OTcyMDVjZjIzMzhiNzJiOWMxMzllYzJjYjBjZGQ4NjJjNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf+ufyYnhaDFScOpKztk28DrF01K
C8pN0sjipd7U3Itk6RfaHskpUqfNDPNDTEWmftoYQ0RKZ2RJqOQz9Dv9Es/yjWfv
9e03akmREI6TzGibuS93PnxWQa/fcP9c1VRbiX1vg/M/hKAMCLwlYAAp2weGSoBX
3sdvk7SnvK1AQzi1WKTZao3QkFHW/WOUo0Wq6ZdrSm8nuAV/+mKWL8Asbd6itFdd
otaeEnH/mI6vkqPmfED03kmLe1aH0M1FpLdIkcnk7E/fazh67iQUmXcOBOuuG0e9
yZw1MSEQIvdaYVVW3EsyMNfa1cVG3cbj+NWDh9uORXMhKmtc8AhqkM+zJwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFKinlyBc8jOLcrnBOewssM3YYsbyMB8GA1UdIwQY
MBaAFEy/0+ctSgOW+VNHM2tCZ49owmQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAt
ZmY2MGUyMThlZDQxLzEvcUtlWElGenlNNHR5dWNFNTdDeXd6ZGhpeHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAtZmY2MGUyMThlZDQx
LzEvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQDBQJQAwQC
uQggAwQCuQiAAwQCuZaAMBQEAgACMA4DBQMqAtnAAwUDKgS2ADANBgkqhkiG9w0B
AQsFAAOCAQEAtfbsKZtiXDe3Rn+uibd6Iel5y90rSiOVLmkaEMWWbsrBsM+xJgW9
iG0ffPvIZqK60gECpSB2rzlNtWOjncxaUrK6TtjM63FGMlldmNGOYC0NASHrGP01
nzMDV40vDVQQi5wn5TEsnsIDb+EJAUBGUqTK/+6s8NUFXEvqVHemDyxnYGDav26t
6SS73ulC05tNCWU0D4fS8T09dW0xuh4VQe42d2i/sQ1z+QpmAxeCI4sJwu5j1/MC
RaSs5EXvcOad5lwTvjVLruyMt07z3yOdJJ9jtKnBVLPstw1RvUcBcSkRiPDeGhNZ
G36ZOTLDBrrD03vn2NlhTuV7qp3xWb3jfg==
-----END CERTIFICATE-----