Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/SnsrADhNDeXpx0QhKM4yBnrB7F0.roa
File:                     SnsrADhNDeXpx0QhKM4yBnrB7F0.roa (raw, json)
Hash identifier:          xHxkHXk0O8RgBUUauTph4DSn3NN8tOYxQwE/lKNbFTs=
Subject key identifier:   4A:7B:2B:00:38:4D:0D:E5:E9:C7:44:21:28:CE:32:06:7A:C1:EC:5D
Certificate issuer:       /CN=f2d593b1c87b81739ec41910295bf385f2c9a992
Certificate serial:       018AAD952FCD53028D9C4D1624F59ECFE841
Authority key identifier: F2:D5:93:B1:C8:7B:81:73:9E:C4:19:10:29:5B:F3:85:F2:C9:A9:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8tWTsch7gXOexBkQKVvzhfLJqZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/SnsrADhNDeXpx0QhKM4yBnrB7F0.roa
Signing time:             Tue 19 Sep 2023 13:15:50 +0000
ROA not before:           Tue 19 Sep 2023 13:15:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210892
IP address blocks:        79.135.124.0/24 maxlen: 24
                          79.135.125.0/24 maxlen: 24
                          5.1.45.0/24 maxlen: 24
                          79.135.126.0/24 maxlen: 24
                          79.135.127.0/24 maxlen: 24
                          109.224.223.0/24 maxlen: 24
                          109.224.232.0/24 maxlen: 24
                          2a11:2b07:f003::/48 maxlen: 48
                          2a11:2b07:f000::/48 maxlen: 48
                          2a11:2b07:f002::/48 maxlen: 48
                          2a11:2b07:f001::/48 maxlen: 48
                          2a11:2b07:1::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ad:95:2f:cd:53:02:8d:9c:4d:16:24:f5:9e:cf:e8:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2d593b1c87b81739ec41910295bf385f2c9a992
        Validity
            Not Before: Sep 19 13:15:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a7b2b00384d0de5e9c7442128ce32067ac1ec5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:96:b2:e7:03:78:0f:2e:bd:55:6b:05:55:28:
                    1a:eb:54:d2:87:f5:87:93:17:44:7c:46:11:af:92:
                    5a:aa:51:91:1f:a8:ee:c6:aa:bf:f1:88:37:f6:d6:
                    8a:87:20:c8:c1:81:0d:9b:4c:35:99:3e:57:52:62:
                    18:bf:63:66:54:b0:e7:f0:8f:ef:6f:e6:28:4c:db:
                    59:30:44:a5:97:4e:6f:8e:3b:ab:ea:8c:bf:31:d3:
                    2b:af:b0:a9:ab:22:56:a2:6d:d2:0c:2a:11:f6:a2:
                    e7:e1:37:1f:0b:9b:9b:eb:3b:fe:c2:0c:ed:ae:84:
                    3b:70:17:8d:3f:08:1e:a1:bc:23:50:df:95:06:34:
                    44:01:db:78:2c:b0:a9:7d:61:c2:a3:bc:49:2b:4b:
                    e9:fb:3a:19:08:72:b7:58:c2:ce:df:90:ac:19:6d:
                    be:79:1e:ff:91:15:65:4a:d5:49:97:8e:1f:5d:9f:
                    d5:b0:f9:77:3f:5f:6c:73:5b:ef:30:82:5c:d7:4e:
                    56:7a:c2:7e:70:b2:fc:a5:e9:c1:60:83:e8:f9:e8:
                    ac:76:42:d6:3e:36:db:aa:2a:86:bb:02:cf:f2:87:
                    4d:89:c2:55:6a:c0:0c:96:5a:d8:e6:44:a7:de:e1:
                    3d:e2:a4:d4:c0:80:63:08:9c:dd:77:94:55:81:ac:
                    3d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:7B:2B:00:38:4D:0D:E5:E9:C7:44:21:28:CE:32:06:7A:C1:EC:5D
            X509v3 Authority Key Identifier:
                keyid:F2:D5:93:B1:C8:7B:81:73:9E:C4:19:10:29:5B:F3:85:F2:C9:A9:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8tWTsch7gXOexBkQKVvzhfLJqZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/SnsrADhNDeXpx0QhKM4yBnrB7F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/8tWTsch7gXOexBkQKVvzhfLJqZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.45.0/24
                  79.135.124.0/22
                  109.224.223.0/24
                  109.224.232.0/24
                IPv6:
                  2a11:2b07:1::/48
                  2a11:2b07:f000::/46

    Signature Algorithm: sha256WithRSAEncryption
         37:8f:6c:2c:63:2d:4b:99:25:39:3b:54:fe:ca:93:c5:c7:27:
         27:d6:13:23:ea:81:7c:7f:8b:5e:af:0e:2e:21:0d:d2:50:d9:
         6d:d5:3e:60:f6:84:7c:8f:c7:e1:ee:02:6a:10:9c:a4:d2:89:
         c7:c4:08:01:3d:86:75:37:3f:b4:67:41:96:50:46:68:d7:e1:
         97:ac:4d:34:12:03:1e:9b:3f:6b:4e:9a:04:7b:d0:39:b5:9b:
         2f:e0:e9:dc:59:96:b4:41:c3:b0:8d:33:06:31:33:90:51:68:
         43:23:ce:98:09:33:95:08:ff:fb:c8:e2:95:18:7e:5a:c5:ce:
         c8:f3:49:48:66:06:b8:9d:d2:99:8f:84:30:50:f2:c0:68:01:
         2b:0c:33:f4:1c:40:90:d2:a7:5d:05:92:d4:02:57:56:3e:c6:
         86:a3:ce:b1:5a:52:f9:af:df:b4:c5:78:03:0f:f6:f6:24:91:
         cc:23:ef:67:a0:82:33:a3:a8:75:8a:1c:28:4c:5a:f9:89:8b:
         39:d0:14:0f:dd:22:ad:17:f9:e2:c3:3a:7a:9b:0a:34:5b:11:
         da:ed:8c:00:d3:bc:30:84:90:08:b8:9e:b1:28:5e:49:5b:9f:
         aa:b1:d4:6e:8f:17:c4:b0:c8:c8:aa:93:54:ae:3f:a2:aa:10:
         26:f0:ff:32
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYqtlS/NUwKNnE0WJPWez+hBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZDU5M2IxYzg3YjgxNzM5ZWM0MTkxMDI5NWJmMzg1ZjJj
OWE5OTIwHhcNMjMwOTE5MTMxNTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTdiMmIwMDM4NGQwZGU1ZTljNzQ0MjEyOGNlMzIwNjdhYzFlYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pay5wN4Dy69VWsFVSga61TSh/WH
kxdEfEYRr5JaqlGRH6juxqq/8Yg39taKhyDIwYENm0w1mT5XUmIYv2NmVLDn8I/v
b+YoTNtZMESll05vjjur6oy/MdMrr7CpqyJWom3SDCoR9qLn4TcfC5ub6zv+wgzt
roQ7cBeNPwgeobwjUN+VBjREAdt4LLCpfWHCo7xJK0vp+zoZCHK3WMLO35CsGW2+
eR7/kRVlStVJl44fXZ/VsPl3P19sc1vvMIJc105WesJ+cLL8penBYIPo+eisdkLW
PjbbqiqGuwLP8odNicJVasAMllrY5kSn3uE94qTUwIBjCJzdd5RVgaw9qwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFEp7KwA4TQ3l6cdEISjOMgZ6wexdMB8GA1UdIwQY
MBaAFPLVk7HIe4FznsQZEClb84XyyamSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHRXVHNjaDdnWE9leEJrUUtWdnpoZkxKcVpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS85MzkxYTYtZGQzZi00OTMzLTlkYTIt
OWI4ZDY4ZWU4N2ZjLzEvU25zckFEaE5EZVhweDBRaEtNNHlCbnJCN0YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS85MzkxYTYtZGQzZi00OTMzLTlkYTItOWI4ZDY4ZWU4N2Zj
LzEvOHRXVHNjaDdnWE9leEJrUUtWdnpoZkxKcVpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAeBAIAATAYAwQABQEtAwQC
T4d8AwQAbeDfAwQAbeDoMBgEAgACMBIDBwAqESsHAAEDBwIqESsH8AAwDQYJKoZI
hvcNAQELBQADggEBADePbCxjLUuZJTk7VP7Kk8XHJyfWEyPqgXx/i16vDi4hDdJQ
2W3VPmD2hHyPx+HuAmoQnKTSicfECAE9hnU3P7RnQZZQRmjX4ZesTTQSAx6bP2tO
mgR70Dm1my/g6dxZlrRBw7CNMwYxM5BRaEMjzpgJM5UI//vI4pUYflrFzsjzSUhm
Brid0pmPhDBQ8sBoASsMM/QcQJDSp10FktQCV1Y+xoajzrFaUvmv37TFeAMP9vYk
kcwj72eggjOjqHWKHChMWvmJiznQFA/dIq0X+eLDOnqbCjRbEdrtjADTvDCEkAi4
nrEoXklbn6qx1G6PF8SwyMiqk1SuP6KqECbw/zI=
-----END CERTIFICATE-----