Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/zK7aLjWtqPAjxX4aEzbvRwFjxgc.roa
File:                     zK7aLjWtqPAjxX4aEzbvRwFjxgc.roa (raw, json)
Hash identifier:          N0OSu1SKSqxEEtu+SDmH/QMSDM4c/uQIJYNGTk5LoIU=
Subject key identifier:   CC:AE:DA:2E:35:AD:A8:F0:23:C5:7E:1A:13:36:EF:47:01:63:C6:07
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       0182ADB81C41E5593D71AB758EB04D2A5C11
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/zK7aLjWtqPAjxX4aEzbvRwFjxgc.roa
Signing time:             Wed 17 Aug 2022 21:31:40 +0000
ROA not before:           Wed 17 Aug 2022 21:31:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209737
IP address blocks:        5.180.106.0/24 maxlen: 24
                          45.141.150.0/24 maxlen: 24
                          5.180.104.0/24 maxlen: 24
                          45.147.46.0/24 maxlen: 24
                          45.147.45.0/24 maxlen: 24
                          194.116.229.0/24 maxlen: 24
                          194.116.237.0/24 maxlen: 24
                          194.116.236.0/24 maxlen: 24
                          77.83.201.0/24 maxlen: 24
                          77.83.202.0/24 maxlen: 24
                          77.83.200.0/24 maxlen: 24
                          77.83.203.0/24 maxlen: 24
                          194.146.36.0/24 maxlen: 24
                          45.136.6.0/24 maxlen: 24
                          45.131.2.0/24 maxlen: 24
                          194.146.47.0/24 maxlen: 24
                          2a09:8780::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ad:b8:1c:41:e5:59:3d:71:ab:75:8e:b0:4d:2a:5c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Aug 17 21:31:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ccaeda2e35ada8f023c57e1a1336ef470163c607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:20:80:26:fb:b4:27:69:a2:f7:c9:e0:f3:8a:
                    67:1a:e3:1a:6d:9d:88:c8:9e:d6:42:1a:b1:da:18:
                    c2:4f:48:84:10:87:9a:7a:b0:a8:af:8e:eb:b2:76:
                    14:15:4e:8d:d0:ef:42:14:4c:c0:37:66:17:96:06:
                    ac:61:54:bf:e5:fc:78:15:66:3d:f0:37:ae:f9:48:
                    68:cd:79:e0:20:be:cb:72:3f:75:aa:98:41:c8:54:
                    ad:8a:cd:73:f0:7a:e5:7d:59:0f:31:9b:80:ac:42:
                    35:ee:9b:ad:e2:99:7c:9b:a4:4e:32:5c:14:fc:3c:
                    ff:18:c2:37:d6:56:dd:08:c5:89:e6:3b:80:bc:25:
                    72:d1:09:3d:44:77:3e:80:1b:89:f3:8c:3a:01:e4:
                    4f:5d:f4:a4:f2:6d:60:fe:e2:c3:12:c5:c8:89:44:
                    5e:89:0f:5d:82:de:a5:66:0f:b0:e2:07:58:88:ee:
                    dc:12:5f:e1:b9:0c:10:e1:83:78:bc:88:69:8b:cc:
                    4d:ce:41:de:81:0d:59:4d:a2:ab:b5:df:ba:98:29:
                    00:ab:de:6e:ae:34:ec:0b:f3:37:b3:9f:ae:e4:38:
                    92:83:3e:d5:b9:de:f2:ab:9b:22:33:1e:05:0a:65:
                    4f:b8:eb:f6:c1:f7:63:0f:7f:12:d6:70:4f:b6:87:
                    55:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:AE:DA:2E:35:AD:A8:F0:23:C5:7E:1A:13:36:EF:47:01:63:C6:07
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/zK7aLjWtqPAjxX4aEzbvRwFjxgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.104.0/24
                  5.180.106.0/24
                  45.131.2.0/24
                  45.136.6.0/24
                  45.141.150.0/24
                  45.147.45.0-45.147.46.255
                  77.83.200.0/22
                  194.116.229.0/24
                  194.116.236.0/23
                  194.146.36.0/24
                  194.146.47.0/24
                IPv6:
                  2a09:8780::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:7b:71:2f:87:e6:2f:67:4b:e7:83:7f:4e:fe:74:91:cc:80:
         6c:b3:6f:e4:92:68:b8:f6:f7:6c:76:ea:03:bc:3f:54:2a:66:
         f1:ac:1c:77:0a:d5:89:fa:44:24:56:df:c9:c6:19:51:be:a1:
         ad:79:f2:4a:0e:73:38:cd:42:72:d0:c6:8b:a5:86:d2:85:6e:
         41:a8:e2:95:cb:7b:a6:3a:0d:8d:de:c3:5b:d7:75:37:e4:41:
         e0:d9:36:c9:20:88:34:32:08:63:5a:3e:7f:77:03:0c:48:9b:
         e7:09:e8:6d:7d:5d:93:13:4a:e7:96:f7:58:57:0f:7d:ed:ea:
         36:67:36:a0:ee:3e:dd:b8:cc:76:06:f5:0b:67:eb:5d:6e:b6:
         9f:a2:73:b2:44:5d:51:cf:f8:ed:0e:b6:14:15:1b:f3:75:e3:
         bc:9d:c5:0e:af:3b:74:3d:ef:7f:d9:67:dc:60:27:be:c8:80:
         eb:e6:e0:57:9e:82:94:d5:eb:14:e7:99:b9:4b:e8:07:6f:8d:
         f6:e0:9c:44:4b:ef:3f:e4:d2:4d:28:99:bd:49:17:1a:f2:01:
         4b:3f:f8:58:8e:2a:a8:68:1a:a9:c5:2b:78:73:c4:15:ca:b2:
         e4:04:b6:d4:e6:67:5d:86:b7:57:26:eb:4f:c2:61:dd:0e:6e:
         15:c2:23:01
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYKtuBxB5Vk9cat1jrBNKlwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjIwODE3MjEzMTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2FlZGEyZTM1YWRhOGYwMjNjNTdlMWExMzM2ZWY0NzAxNjNjNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSCAJvu0J2mi98ng84pnGuMabZ2I
yJ7WQhqx2hjCT0iEEIeaerCor47rsnYUFU6N0O9CFEzAN2YXlgasYVS/5fx4FWY9
8Deu+UhozXngIL7Lcj91qphByFStis1z8HrlfVkPMZuArEI17put4pl8m6ROMlwU
/Dz/GMI31lbdCMWJ5juAvCVy0Qk9RHc+gBuJ84w6AeRPXfSk8m1g/uLDEsXIiURe
iQ9dgt6lZg+w4gdYiO7cEl/huQwQ4YN4vIhpi8xNzkHegQ1ZTaKrtd+6mCkAq95u
rjTsC/M3s5+u5DiSgz7Vud7yq5siMx4FCmVPuOv2wfdjD38S1nBPtodVewIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFMyu2i41rajwI8V+GhM270cBY8YHMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEveks3YUxqV3RxUEFqeFg0YUV6YnZSd0ZqeGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQABbRoAwQA
BbRqAwQALYMCAwQALYgGAwQALY2WMAwDBAAtky0DBAAtky4DBAJNU8gDBADCdOUD
BAHCdOwDBADCkiQDBADCki8wDQQCAAIwBwMFAyoJh4AwDQYJKoZIhvcNAQELBQAD
ggEBAHx7cS+H5i9nS+eDf07+dJHMgGyzb+SSaLj292x26gO8P1QqZvGsHHcK1Yn6
RCRW38nGGVG+oa158koOczjNQnLQxoulhtKFbkGo4pXLe6Y6DY3ew1vXdTfkQeDZ
NskgiDQyCGNaPn93AwxIm+cJ6G19XZMTSueW91hXD33t6jZnNqDuPt24zHYG9Qtn
611utp+ic7JEXVHP+O0OthQVG/N147ydxQ6vO3Q973/ZZ9xgJ77IgOvm4FeegpTV
6xTnmblL6AdvjfbgnERL7z/k0k0omb1JFxryAUs/+FiOKqhoGqnFK3hzxBXKsuQE
ttTmZ12Gt1cm60/CYd0ObhXCIwE=
-----END CERTIFICATE-----