Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/IrTlxBwCR71OeaDUZupcYVWKsvY.roa
File:                     IrTlxBwCR71OeaDUZupcYVWKsvY.roa (raw, json)
Hash identifier:          imbnra0dFRKOCPt1QW+mW80XORa3dcDDe4HRIhpaEl0=
Subject key identifier:   22:B4:E5:C4:1C:02:47:BD:4E:79:A0:D4:66:EA:5C:61:55:8A:B2:F6
Certificate issuer:       /CN=07fa540a25432e2aa4dca057845c359d214886f7
Certificate serial:       01856F6FEB6D56AEEE729B9B3A98479B95CC
Authority key identifier: 07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/IrTlxBwCR71OeaDUZupcYVWKsvY.roa
Signing time:             Sun 01 Jan 2023 22:24:43 +0000
ROA not before:           Sun 01 Jan 2023 22:24:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     196922
IP address blocks:        46.232.186.0/24 maxlen: 24
                          46.232.184.0/21 maxlen: 21
                          46.232.185.0/24 maxlen: 24
                          46.232.190.0/24 maxlen: 24
                          46.232.187.0/24 maxlen: 24
                          46.232.191.0/24 maxlen: 24
                          178.248.240.0/24 maxlen: 24
                          178.248.245.0/24 maxlen: 24
                          178.248.246.0/24 maxlen: 24
                          178.248.243.0/24 maxlen: 24
                          178.248.244.0/24 maxlen: 24
                          178.248.241.0/24 maxlen: 24
                          178.248.240.0/21 maxlen: 21
                          178.248.242.0/24 maxlen: 24
                          185.115.24.0/22 maxlen: 24
                          185.115.24.0/23 maxlen: 23
                          178.248.247.0/24 maxlen: 24
                          185.115.26.0/23 maxlen: 23
                          185.115.26.128/27 maxlen: 27
                          2a02:1308::/29 maxlen: 32
                          2a02:1308::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:6f:eb:6d:56:ae:ee:72:9b:9b:3a:98:47:9b:95:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07fa540a25432e2aa4dca057845c359d214886f7
        Validity
            Not Before: Jan  1 22:24:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=22b4e5c41c0247bd4e79a0d466ea5c61558ab2f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8c:ef:3c:76:5d:4c:dc:1a:cb:54:d5:2d:76:
                    5b:45:a2:2f:12:b8:63:ea:14:3c:f0:ba:5d:9c:1b:
                    e2:07:7d:1d:aa:4c:06:78:25:7a:16:d4:29:a8:61:
                    7c:a1:da:d4:68:e9:e7:d2:d7:a3:09:dc:67:65:b7:
                    8e:43:87:d3:56:38:be:f3:1f:26:f3:02:01:c4:12:
                    52:d2:c6:bc:97:70:db:84:59:8c:09:80:6e:76:79:
                    21:6d:31:6b:6f:b0:bf:78:f2:29:b9:fc:28:d7:6a:
                    43:cc:cc:88:31:d9:33:e6:5a:1d:4a:12:ea:98:18:
                    32:c5:ab:4b:fa:c8:64:8c:52:10:46:16:de:a7:8a:
                    b3:6a:98:96:f3:02:93:d6:94:ee:0a:88:69:65:e4:
                    4c:8b:46:2b:3e:df:48:86:21:be:a9:0e:8f:56:fe:
                    63:18:71:6f:89:53:ed:b9:77:29:2c:ed:e7:a8:23:
                    4e:37:b6:d2:50:4e:13:f8:ee:0f:39:69:e2:72:c2:
                    60:3e:c6:61:b7:c3:b1:04:4b:54:dd:0d:f5:c3:ac:
                    da:e4:06:9a:d3:70:2b:59:0f:a2:b2:a8:ea:3c:b6:
                    02:53:d5:d6:9d:6d:75:96:4f:6e:cd:d4:c0:71:a9:
                    c7:3a:96:fe:99:a7:8a:10:47:c4:c6:7c:6e:97:7c:
                    b1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:B4:E5:C4:1C:02:47:BD:4E:79:A0:D4:66:EA:5C:61:55:8A:B2:F6
            X509v3 Authority Key Identifier:
                keyid:07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/IrTlxBwCR71OeaDUZupcYVWKsvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/B_pUCiVDLiqk3KBXhFw1nSFIhvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.184.0/21
                  178.248.240.0/21
                  185.115.24.0/22
                IPv6:
                  2a02:1308::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:60:85:0c:b7:96:9f:2b:0c:82:58:97:e9:d0:c7:dd:07:81:
         a6:8e:ff:17:5a:12:9a:dc:55:51:b0:95:0b:68:7c:7b:6d:fa:
         4a:c7:ee:33:3b:70:46:c9:a9:02:32:0a:85:76:f2:19:ac:39:
         ff:23:ee:29:86:f7:1e:23:a9:e0:3a:de:8b:8c:5c:b2:5a:8b:
         f3:fb:ba:fa:83:61:41:8d:90:39:8c:23:dc:52:de:b4:1f:e8:
         bd:bd:a9:bf:6c:67:b7:00:8c:6e:22:39:0c:aa:22:ff:d7:5b:
         d7:6f:d4:ad:7f:67:26:c4:b2:36:69:52:1b:e4:55:8d:fa:6e:
         73:57:36:62:e9:67:eb:b7:13:cb:74:70:5b:07:69:29:87:d5:
         45:a7:c2:e2:89:99:5e:af:3c:83:c1:82:d8:bc:eb:f5:d7:90:
         88:13:ca:3d:80:0e:f8:88:c1:c9:07:cd:c0:bd:bb:ac:f5:c2:
         ac:0c:c5:20:50:63:41:95:88:03:56:81:11:f6:e3:26:6e:6f:
         ee:bd:66:6d:f8:c1:ba:94:79:45:fd:0d:87:06:5f:c5:bc:64:
         ef:0e:fa:f4:ae:ea:e6:28:26:d9:b8:9f:81:ff:73:03:e1:38:
         9e:10:45:26:d6:ef:77:43:e4:02:d1:09:ef:b5:bb:09:da:ba:
         55:40:f1:2d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVvb+ttVq7ucpubOphHm5XMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmE1NDBhMjU0MzJlMmFhNGRjYTA1Nzg0NWMzNTlkMjE0
ODg2ZjcwHhcNMjMwMTAxMjIyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmI0ZTVjNDFjMDI0N2JkNGU3OWEwZDQ2NmVhNWM2MTU1OGFiMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjozvPHZdTNway1TVLXZbRaIvErhj
6hQ88LpdnBviB30dqkwGeCV6FtQpqGF8odrUaOnn0tejCdxnZbeOQ4fTVji+8x8m
8wIBxBJS0sa8l3DbhFmMCYBudnkhbTFrb7C/ePIpufwo12pDzMyIMdkz5lodShLq
mBgyxatL+shkjFIQRhbep4qzapiW8wKT1pTuCohpZeRMi0YrPt9IhiG+qQ6PVv5j
GHFviVPtuXcpLO3nqCNON7bSUE4T+O4POWnicsJgPsZht8OxBEtU3Q31w6za5Aaa
03ArWQ+isqjqPLYCU9XWnW11lk9uzdTAcanHOpb+maeKEEfExnxul3yxwwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCK05cQcAke9Tnmg1GbqXGFVirL2MB8GA1UdIwQY
MBaAFAf6VAolQy4qpNygV4RcNZ0hSIb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMt
NzUzNzQxYTgwZTk0LzEvSXJUbHhCd0NSNzFPZWFEVVp1cGNZVldLc3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMtNzUzNzQxYTgwZTk0
LzEvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLui4AwQD
svjwAwQCuXMYMA0EAgACMAcDBQMqAhMIMA0GCSqGSIb3DQEBCwUAA4IBAQChYIUM
t5afKwyCWJfp0MfdB4Gmjv8XWhKa3FVRsJULaHx7bfpKx+4zO3BGyakCMgqFdvIZ
rDn/I+4phvceI6ngOt6LjFyyWovz+7r6g2FBjZA5jCPcUt60H+i9vam/bGe3AIxu
IjkMqiL/11vXb9Stf2cmxLI2aVIb5FWN+m5zVzZi6WfrtxPLdHBbB2kph9VFp8Li
iZlerzyDwYLYvOv115CIE8o9gA74iMHJB83Avbus9cKsDMUgUGNBlYgDVoER9uMm
bm/uvWZt+MG6lHlF/Q2HBl/FvGTvDvr0rurmKCbZuJ+B/3MD4TieEEUm1u93Q+QC
0QnvtbsJ2rpVQPEt
-----END CERTIFICATE-----