Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/1271ODFafaPKM-R54HPxcU5Bqd8.roa
File:                     1271ODFafaPKM-R54HPxcU5Bqd8.roa (raw, json)
Hash identifier:          qQCHOv226vh/gSYPv0icNk2bnHI9E67801Zmg510tM4=
Subject key identifier:   D7:6E:F5:38:31:5A:7D:A3:CA:33:E4:79:E0:73:F1:71:4E:41:A9:DF
Certificate issuer:       /CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
Certificate serial:       018CA1D4CBE7E411E38825968607B207AD48
Authority key identifier: D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/1271ODFafaPKM-R54HPxcU5Bqd8.roa
Signing time:             Mon 25 Dec 2023 16:35:26 +0000
ROA not before:           Mon 25 Dec 2023 16:35:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42846
IP address blocks:        89.252.179.0/24 maxlen: 24
                          89.252.178.0/24 maxlen: 24
                          89.252.186.0/24 maxlen: 24
                          89.252.185.0/24 maxlen: 24
                          89.252.183.0/24 maxlen: 24
                          89.252.182.0/24 maxlen: 24
                          89.252.181.0/24 maxlen: 24
                          89.252.180.0/24 maxlen: 24
                          89.252.187.0/24 maxlen: 24
                          185.106.211.0/24 maxlen: 24
                          185.106.210.0/24 maxlen: 24
                          185.106.209.0/24 maxlen: 24
                          185.106.208.0/24 maxlen: 24
                          45.84.188.0/24 maxlen: 24
                          45.84.191.0/24 maxlen: 24
                          45.84.190.0/24 maxlen: 24
                          2a06:41c0:1::/48 maxlen: 48
                          2a06:41c0::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:a1:d4:cb:e7:e4:11:e3:88:25:96:86:07:b2:07:ad:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
        Validity
            Not Before: Dec 25 16:35:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d76ef538315a7da3ca33e479e073f1714e41a9df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c2:2e:b5:7e:1b:05:d4:9d:36:d5:d7:0e:2d:
                    a5:d1:76:b5:a2:23:a6:2a:36:e7:29:bd:be:17:3d:
                    55:d0:ec:13:31:f0:2d:e6:ae:8b:44:81:91:bc:a0:
                    f8:a9:c2:c9:68:ce:6f:69:75:cc:68:0d:5e:5a:68:
                    68:89:bb:06:48:0a:bb:1f:98:25:f9:e2:31:8a:29:
                    14:d9:4e:b6:8d:b9:34:a5:03:7c:de:2e:5b:ca:12:
                    d4:98:0f:4a:24:d3:9c:df:48:09:18:95:40:b0:21:
                    6e:72:58:d0:08:56:86:ce:72:05:20:30:1f:ae:f1:
                    c4:3c:c3:03:08:85:57:dd:4c:00:24:65:bc:bd:9a:
                    75:b0:e4:89:d0:9f:6c:f5:86:be:aa:eb:db:77:e0:
                    ae:b6:f1:48:cc:e9:e5:ee:70:3d:5d:aa:11:75:f2:
                    4a:b1:bf:36:a8:1d:06:55:aa:0a:34:71:7a:95:e3:
                    5e:af:6e:42:a2:0f:34:85:52:09:81:13:de:f3:27:
                    25:e2:36:98:80:1e:15:db:33:10:6c:6c:62:0f:2a:
                    51:96:52:02:12:12:16:4f:d1:88:d0:3d:4e:88:4f:
                    a6:5f:50:4a:51:2b:11:37:1d:93:3e:cf:45:bd:37:
                    f8:ed:2a:9c:6f:0f:65:5a:1c:18:17:6c:a2:d3:9d:
                    c4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:6E:F5:38:31:5A:7D:A3:CA:33:E4:79:E0:73:F1:71:4E:41:A9:DF
            X509v3 Authority Key Identifier:
                keyid:D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/1271ODFafaPKM-R54HPxcU5Bqd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.188.0/24
                  45.84.190.0/23
                  89.252.178.0-89.252.183.255
                  89.252.185.0-89.252.187.255
                  185.106.208.0/22
                IPv6:
                  2a06:41c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         67:49:e8:65:5a:21:50:30:fc:74:03:dc:65:c9:61:dc:1f:38:
         08:94:e7:f6:c0:91:1e:19:73:b9:d1:ff:7b:e6:32:60:90:53:
         ba:b9:6a:96:5b:cf:23:c2:f9:f6:77:93:2d:49:57:e3:b9:b3:
         d6:3b:38:12:f9:d6:9d:02:d1:8b:e5:32:8b:c2:c5:55:e0:01:
         14:9c:a2:e8:fa:3f:6b:19:12:8b:11:32:b7:28:44:61:1a:9d:
         49:23:42:76:96:ca:e8:19:54:95:7f:22:34:d7:63:44:c9:48:
         23:df:1e:d1:15:d6:2d:ec:2b:68:10:49:6d:22:1c:01:dc:40:
         3a:ff:49:38:dd:f8:44:1f:3d:9c:39:2d:10:e6:6c:a2:ef:23:
         47:4e:cf:1f:55:8e:16:0d:ec:8c:06:00:5d:7f:31:97:7e:1b:
         32:08:4b:37:8a:15:e4:9d:4d:52:df:5c:71:9f:c8:41:a2:da:
         64:eb:a8:08:40:17:d4:45:06:22:4b:fb:8d:ee:96:64:f8:90:
         fe:cf:72:95:87:de:66:1a:aa:a1:a5:e1:f0:b1:74:7f:c0:7a:
         e9:66:45:5d:7e:a5:69:8e:b4:57:c6:ca:fe:b1:7e:42:5a:cf:
         dd:92:7e:a9:74:75:90:26:08:7a:99:68:8e:d5:0e:1b:91:b1:
         ad:fc:a1:6b
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYyh1Mvn5BHjiCWWhgeyB61IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2ExYTcwNmFiY2ZiZTFiODU4NjUyMzhkODQzNWVlMzNl
NzU4MjAwHhcNMjMxMjI1MTYzNTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzZlZjUzODMxNWE3ZGEzY2EzM2U0NzllMDczZjE3MTRlNDFhOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcIutX4bBdSdNtXXDi2l0Xa1oiOm
KjbnKb2+Fz1V0OwTMfAt5q6LRIGRvKD4qcLJaM5vaXXMaA1eWmhoibsGSAq7H5gl
+eIxiikU2U62jbk0pQN83i5byhLUmA9KJNOc30gJGJVAsCFucljQCFaGznIFIDAf
rvHEPMMDCIVX3UwAJGW8vZp1sOSJ0J9s9Ya+quvbd+CutvFIzOnl7nA9XaoRdfJK
sb82qB0GVaoKNHF6leNer25Cog80hVIJgRPe8ycl4jaYgB4V2zMQbGxiDypRllIC
EhIWT9GI0D1OiE+mX1BKUSsRNx2TPs9FvTf47Sqcbw9lWhwYF2yi053EqwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFNdu9TgxWn2jyjPkeeBz8XFOQanfMB8GA1UdIwQY
MBaAFNHKGnBqvPvhuFhlI42ENe4z51ggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzIt
ZThmN2ZkM2E0MDc4LzEvMTI3MU9ERmFmYVBLTS1SNTRIUHhjVTVCcWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzItZThmN2ZkM2E0MDc4
LzEvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA0BAIAATAuAwQALVS8AwQB
LVS+MAwDBAFZ/LIDBANZ/LAwDAMEAFn8uQMEAln8uAMEArlq0DAPBAIAAjAJAwcB
KgZBwAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBnSehlWiFQMPx0A9xlyWHcHzgIlOf2
wJEeGXO50f975jJgkFO6uWqWW88jwvn2d5MtSVfjubPWOzgS+dadAtGL5TKLwsVV
4AEUnKLo+j9rGRKLETK3KERhGp1JI0J2lsroGVSVfyI012NEyUgj3x7RFdYt7Cto
EEltIhwB3EA6/0k43fhEHz2cOS0Q5myi7yNHTs8fVY4WDeyMBgBdfzGXfhsyCEs3
ihXknU1S31xxn8hBotpk66gIQBfURQYiS/uN7pZk+JD+z3KVh95mGqqhpeHwsXR/
wHrpZkVdfqVpjrRXxsr+sX5CWs/dkn6pdHWQJgh6mWiO1Q4bkbGt/KFr
-----END CERTIFICATE-----