Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/r-_-bpc_B-SvXXun-eyt9jFr3iY.roa
File:                     r-_-bpc_B-SvXXun-eyt9jFr3iY.roa (raw, json)
Hash identifier:          LFo3i2pneed75z/blVSW3Xo/nDB4iHfnO9iIVgdnVfI=
Subject key identifier:   AF:EF:FE:6E:97:3F:07:E4:AF:5D:7B:A7:F9:EC:AD:F6:31:6B:DE:26
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0182F8B1DFBF83E024C8F10A65D9ACDE395C
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/r-_-bpc_B-SvXXun-eyt9jFr3iY.roa
Signing time:             Thu 01 Sep 2022 10:56:22 +0000
ROA not before:           Thu 01 Sep 2022 10:56:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57630
IP address blocks:        194.71.0.0/23 maxlen: 23
                          192.71.0.0/24 maxlen: 24
                          194.103.16.0/23 maxlen: 24
                          193.234.116.0/22 maxlen: 22
                          193.181.34.0/24 maxlen: 24
                          194.103.197.0/24 maxlen: 24
                          194.103.95.0/24 maxlen: 24
                          194.14.57.0/24 maxlen: 24
                          193.234.3.0/24 maxlen: 24
                          192.165.3.0/24 maxlen: 24
                          194.103.145.0/24 maxlen: 24
                          194.132.166.0/24 maxlen: 24
                          194.132.164.0/24 maxlen: 24
                          193.234.144.0/24 maxlen: 24
                          192.165.134.0/23 maxlen: 23
                          194.132.186.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f8:b1:df:bf:83:e0:24:c8:f1:0a:65:d9:ac:de:39:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Sep  1 10:56:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=afeffe6e973f07e4af5d7ba7f9ecadf6316bde26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c4:99:aa:f1:e4:6c:98:93:f7:e3:c6:71:8d:
                    18:da:95:80:0d:19:74:7c:fb:3d:24:ca:fe:ff:2c:
                    be:13:cf:81:01:ba:4a:ec:2f:33:1e:3d:3e:9e:69:
                    97:0d:bc:14:2b:f7:cd:50:30:28:4e:40:9e:d0:8f:
                    2e:93:a3:ba:df:d0:da:55:be:af:d0:da:89:80:a0:
                    76:cd:ac:86:15:c6:6f:a4:4d:ee:19:49:b5:6a:e1:
                    bc:69:b0:70:64:8d:7d:cd:2b:ce:74:1b:9c:23:8e:
                    5a:cb:cc:a2:d3:8c:8b:3b:d1:62:b9:32:11:33:16:
                    33:38:77:6d:38:d0:38:43:1e:1e:71:c0:6a:67:bf:
                    ec:0b:a3:32:54:1a:75:72:c0:3e:7a:ce:80:4a:a7:
                    8f:1a:66:9a:ef:df:4e:e7:f0:b7:ea:c7:9c:1c:0e:
                    60:f3:19:a9:d3:e8:b4:e6:1d:93:28:34:70:9d:ed:
                    e5:9c:f7:70:03:ff:69:1e:fb:48:ba:34:91:90:3e:
                    2a:c5:f7:8e:e1:2d:9e:76:5a:b4:df:ce:71:95:e5:
                    76:3b:aa:5f:43:c3:cc:ca:56:b3:c0:29:6f:8f:9c:
                    f1:ac:6f:08:9d:9e:be:f9:08:cd:9b:56:82:7f:3c:
                    bb:32:0a:65:66:76:fa:07:d0:6d:04:08:b0:f7:18:
                    a6:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:EF:FE:6E:97:3F:07:E4:AF:5D:7B:A7:F9:EC:AD:F6:31:6B:DE:26
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/r-_-bpc_B-SvXXun-eyt9jFr3iY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.0.0/24
                  192.165.3.0/24
                  192.165.134.0/23
                  193.181.34.0/24
                  193.234.3.0/24
                  193.234.116.0/22
                  193.234.144.0/24
                  194.14.57.0/24
                  194.71.0.0/23
                  194.103.16.0/23
                  194.103.95.0/24
                  194.103.145.0/24
                  194.103.197.0/24
                  194.132.164.0/24
                  194.132.166.0/24
                  194.132.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:6a:db:d0:08:b6:5a:b0:1d:86:e7:bb:e3:f1:ab:7d:1b:a7:
         ec:c3:f2:88:f6:a5:44:2d:90:a3:8f:45:fe:60:7e:e3:2c:f9:
         63:e7:ce:00:e6:03:b2:47:ac:09:a1:28:24:fd:42:73:2f:1d:
         de:8b:e3:43:3e:62:6b:70:46:8a:30:af:fb:f7:0e:92:bc:f4:
         24:22:24:59:e2:27:de:54:b5:7c:7a:67:b3:76:b5:37:0e:a3:
         96:de:f6:2f:88:f6:7b:29:4f:e2:85:43:40:63:4d:99:4d:ed:
         7c:99:ad:74:74:48:c8:15:ac:33:e6:f2:ec:e8:c5:3a:8b:34:
         1d:7f:ac:cf:29:37:cd:ff:d3:00:0c:35:c3:f1:36:9f:ef:de:
         9d:b8:98:96:bb:e1:ac:fa:7e:a9:bd:c7:49:fa:20:ef:c5:d3:
         72:31:41:d7:5c:6f:5d:f5:2a:ce:43:01:a1:88:34:0d:1b:28:
         21:56:f9:03:50:cd:79:75:ad:3b:ea:d2:a2:1e:b8:3c:72:ad:
         21:74:81:80:2f:dd:9d:0b:3b:2f:38:bb:75:00:57:05:a3:86:
         88:da:19:66:c5:d7:98:9d:ab:64:db:b6:ce:ad:2d:53:84:f8:
         09:cc:03:73:43:b1:37:3d:bf:00:76:45:46:0b:5e:bc:d6:0a:
         45:e9:22:3f
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYL4sd+/g+AkyPEKZdms3jlcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjIwOTAxMTA1NjIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmVmZmU2ZTk3M2YwN2U0YWY1ZDdiYTdmOWVjYWRmNjMxNmJkZTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMSZqvHkbJiT9+PGcY0Y2pWADRl0
fPs9JMr+/yy+E8+BAbpK7C8zHj0+nmmXDbwUK/fNUDAoTkCe0I8uk6O639DaVb6v
0NqJgKB2zayGFcZvpE3uGUm1auG8abBwZI19zSvOdBucI45ay8yi04yLO9FiuTIR
MxYzOHdtONA4Qx4eccBqZ7/sC6MyVBp1csA+es6ASqePGmaa799O5/C36secHA5g
8xmp0+i05h2TKDRwne3lnPdwA/9pHvtIujSRkD4qxfeO4S2edlq0385xleV2O6pf
Q8PMylazwClvj5zxrG8InZ6++QjNm1aCfzy7MgplZnb6B9BtBAiw9ximHQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFK/v/m6XPwfkr117p/nsrfYxa94mMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvci1fLWJwY19CLVN2WFh1bi1leXQ5akZyM2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAwEcAAwQA
wKUDAwQBwKWGAwQAwbUiAwQAweoDAwQCwep0AwQAweqQAwQAwg45AwQBwkcAAwQB
wmcQAwQAwmdfAwQAwmeRAwQAwmfFAwQAwoSkAwQAwoSmAwQAwoS6MA0GCSqGSIb3
DQEBCwUAA4IBAQB4atvQCLZasB2G57vj8at9G6fsw/KI9qVELZCjj0X+YH7jLPlj
584A5gOyR6wJoSgk/UJzLx3ei+NDPmJrcEaKMK/79w6SvPQkIiRZ4ifeVLV8emez
drU3DqOW3vYviPZ7KU/ihUNAY02ZTe18ma10dEjIFawz5vLs6MU6izQdf6zPKTfN
/9MADDXD8Taf796duJiWu+Gs+n6pvcdJ+iDvxdNyMUHXXG9d9SrOQwGhiDQNGygh
VvkDUM15da076tKiHrg8cq0hdIGAL92dCzsvOLt1AFcFo4aI2hlmxdeYnatk27bO
rS1ThPgJzANzQ7E3Pb8AdkVGC1681gpF6SI/
-----END CERTIFICATE-----