Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/pvWto9vRcplw3zKot081X5-hWHU.roa
File:                     pvWto9vRcplw3zKot081X5-hWHU.roa (raw, json)
Hash identifier:          C4D/4AW1mBjBDDzfdRfgn5K2p7hnhGHDLcuaiTVQ9jo=
Subject key identifier:   A6:F5:AD:A3:DB:D1:72:99:70:DF:32:A8:B7:4F:35:5F:9F:A1:58:75
Certificate issuer:       /CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
Certificate serial:       01857227F2F1EF0634C534527C12DBD04BDF
Authority key identifier: 5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/pvWto9vRcplw3zKot081X5-hWHU.roa
Signing time:             Mon 02 Jan 2023 11:04:58 +0000
ROA not before:           Mon 02 Jan 2023 11:04:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15987
IP address blocks:        188.246.0.0/23 maxlen: 24
                          188.246.0.0/19 maxlen: 22
                          185.112.252.0/22 maxlen: 24
                          188.246.17.0/24 maxlen: 24
                          188.246.23.0/24 maxlen: 24
                          46.41.14.0/24 maxlen: 24
                          46.41.32.0/24 maxlen: 24
                          46.41.47.0/24 maxlen: 24
                          217.144.128.0/24 maxlen: 24
                          217.144.129.0/24 maxlen: 24
                          217.144.128.0/20 maxlen: 20
                          217.144.143.0/24 maxlen: 24
                          46.41.0.0/18 maxlen: 22
                          2a02:a00:1009::/48 maxlen: 48
                          2a02:a00:f::/48 maxlen: 48
                          2a02:a00:1f::/48 maxlen: 48
                          2a02:a00:d::/48 maxlen: 48
                          2a02:a00::/34 maxlen: 34
                          2a02:a00:3000::/36 maxlen: 36
                          2a02:a00::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:27:f2:f1:ef:06:34:c5:34:52:7c:12:db:d0:4b:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
        Validity
            Not Before: Jan  2 11:04:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a6f5ada3dbd1729970df32a8b74f355f9fa15875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8a:58:2a:36:f0:f7:fd:bb:d7:74:46:6e:1c:
                    5d:98:9a:fe:08:81:4c:c3:f7:3e:0e:c9:3b:56:a3:
                    e4:b8:3b:2a:ed:57:3c:dd:56:06:41:66:b3:16:90:
                    7f:4e:47:9a:97:5d:cd:10:e1:f5:7a:17:09:d2:73:
                    ca:e6:23:f7:61:7a:bc:06:bd:24:df:7b:ea:e0:6d:
                    a0:18:2f:1c:a6:e7:73:60:67:4c:2c:87:5a:bd:62:
                    38:b7:61:47:a2:e7:5d:ea:77:ab:7e:9c:99:5f:e1:
                    58:33:1f:aa:f0:88:1b:4f:67:8d:4e:21:60:3b:66:
                    f5:b8:ae:16:08:fb:70:eb:ab:04:92:d7:9d:8b:58:
                    81:69:ff:3a:63:91:fb:89:e2:4a:6a:37:0d:7e:a1:
                    06:a6:fb:68:73:d1:06:61:7b:7d:cd:c2:61:d1:af:
                    a9:9b:c4:36:88:6b:3f:83:c2:78:02:e2:27:76:f0:
                    fb:fb:a5:a9:41:58:09:78:d0:d6:49:4a:2f:73:15:
                    8a:19:0f:aa:ec:0d:08:74:fc:b4:16:10:94:22:6e:
                    ee:42:76:cb:2f:b1:04:8c:0e:02:99:b6:e3:89:33:
                    f9:15:3c:cd:d5:17:0f:0b:52:01:68:49:b2:55:96:
                    bd:10:d2:ea:44:ed:31:11:8b:6f:ee:c6:af:8a:d8:
                    f5:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:F5:AD:A3:DB:D1:72:99:70:DF:32:A8:B7:4F:35:5F:9F:A1:58:75
            X509v3 Authority Key Identifier:
                keyid:5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/pvWto9vRcplw3zKot081X5-hWHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.41.0.0/18
                  185.112.252.0/22
                  188.246.0.0/19
                  217.144.128.0/20
                IPv6:
                  2a02:a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:c8:10:b3:11:cb:42:ad:f5:78:0c:53:ba:f5:66:c7:5b:23:
         82:13:b0:29:37:99:7e:84:6d:74:b1:9a:c3:dc:13:62:36:da:
         f5:1f:39:4c:98:89:0a:fd:3b:d6:76:75:33:60:ef:a0:6f:22:
         26:ec:ae:5a:47:66:41:a6:97:54:ee:85:b1:e7:76:a7:92:4a:
         74:78:73:e2:78:2d:a3:63:40:ae:59:17:88:ef:92:ea:d9:09:
         a6:34:bb:94:10:05:61:9a:00:fa:dc:58:8e:e0:98:36:d3:f3:
         59:fb:a3:33:12:6d:af:cc:d4:c1:79:ad:5a:2d:34:bf:12:bd:
         71:db:e0:13:0b:13:b9:a5:1a:1a:d5:ea:3e:8d:38:06:45:66:
         8e:72:30:76:d7:93:f1:4f:39:fc:5f:30:34:b4:a9:e1:6c:90:
         08:f1:05:0d:d3:02:0f:ab:21:12:f8:5f:df:a9:60:2c:f8:55:
         62:e8:8e:6d:8e:4d:ea:b4:d9:e6:56:9f:9c:49:d0:b5:eb:a7:
         47:0c:94:74:6b:48:b6:69:9b:b0:a7:9d:e9:f2:3a:64:e6:2b:
         9d:3b:dd:2c:24:7f:74:2e:73:2e:e6:f3:e0:2b:eb:ab:f7:45:
         49:bd:bb:91:87:0e:86:81:0d:33:37:8b:6d:24:08:eb:1e:96:
         67:fa:d6:2f
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVyJ/Lx7wY0xTRSfBLb0EvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZWRkNmIwZTM2ZjRiZDhmMWQ1N2UyNmNjMWMyZDE4YzY5
OTNjMDQwHhcNMjMwMTAyMTEwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmY1YWRhM2RiZDE3Mjk5NzBkZjMyYThiNzRmMzU1ZjlmYTE1ODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYpYKjbw9/2713RGbhxdmJr+CIFM
w/c+Dsk7VqPkuDsq7Vc83VYGQWazFpB/Tkeal13NEOH1ehcJ0nPK5iP3YXq8Br0k
33vq4G2gGC8cpudzYGdMLIdavWI4t2FHoudd6nerfpyZX+FYMx+q8IgbT2eNTiFg
O2b1uK4WCPtw66sEktedi1iBaf86Y5H7ieJKajcNfqEGpvtoc9EGYXt9zcJh0a+p
m8Q2iGs/g8J4AuIndvD7+6WpQVgJeNDWSUovcxWKGQ+q7A0IdPy0FhCUIm7uQnbL
L7EEjA4CmbbjiTP5FTzN1RcPC1IBaEmyVZa9ENLqRO0xEYtv7savitj1/wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKb1raPb0XKZcN8yqLdPNV+foVh1MB8GA1UdIwQY
MBaAFF3t1rDjb0vY8dV+JswcLRjGmTwEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODkt
YzY5ODcxZjVkMzA1LzEvcHZXdG85dlJjcGx3M3pLb3QwODFYNS1oV0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODktYzY5ODcxZjVkMzA1
LzEvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQGLikAAwQC
uXD8AwQFvPYAAwQE2ZCAMA0EAgACMAcDBQAqAgoAMA0GCSqGSIb3DQEBCwUAA4IB
AQAyyBCzEctCrfV4DFO69WbHWyOCE7ApN5l+hG10sZrD3BNiNtr1HzlMmIkK/TvW
dnUzYO+gbyIm7K5aR2ZBppdU7oWx53ankkp0eHPieC2jY0CuWReI75Lq2QmmNLuU
EAVhmgD63FiO4Jg20/NZ+6MzEm2vzNTBea1aLTS/Er1x2+ATCxO5pRoa1eo+jTgG
RWaOcjB215PxTzn8XzA0tKnhbJAI8QUN0wIPqyES+F/fqWAs+FVi6I5tjk3qtNnm
Vp+cSdC166dHDJR0a0i2aZuwp53p8jpk5iudO90sJH90LnMu5vPgK+ur90VJvbuR
hw6GgQ0zN4ttJAjrHpZn+tYv
-----END CERTIFICATE-----