Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/f89bf0-3d6f-4b4d-bf42-c78bd228a91d/1/crRi82pSYPk3jjhAWesDFecG4R0.roa
File:                     crRi82pSYPk3jjhAWesDFecG4R0.roa (raw, json)
Hash identifier:          zhQjblDYnMy2arhWf6e/TAJpbyP99mWAK8B39j7JC+8=
Subject key identifier:   72:B4:62:F3:6A:52:60:F9:37:8E:38:40:59:EB:03:15:E7:06:E1:1D
Certificate issuer:       /CN=6fe3491042ef31dcc6e0ad8e55cbe149dd0c3182
Certificate serial:       01856E144321348CBD0057EA569F34295434
Authority key identifier: 6F:E3:49:10:42:EF:31:DC:C6:E0:AD:8E:55:CB:E1:49:DD:0C:31:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b-NJEELvMdzG4K2OVcvhSd0MMYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/f89bf0-3d6f-4b4d-bf42-c78bd228a91d/1/crRi82pSYPk3jjhAWesDFecG4R0.roa
Signing time:             Sun 01 Jan 2023 16:04:59 +0000
ROA not before:           Sun 01 Jan 2023 16:04:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47748
IP address blocks:        178.211.146.0/24 maxlen: 24
                          87.121.120.0/24 maxlen: 24
                          94.156.9.0/24 maxlen: 24
                          94.156.13.0/24 maxlen: 24
                          31.13.215.0/24 maxlen: 24
                          94.156.46.0/24 maxlen: 24
                          94.156.47.0/24 maxlen: 24
                          93.123.21.0/24 maxlen: 24
                          37.60.137.0/24 maxlen: 24
                          87.120.90.0/24 maxlen: 24
                          31.13.228.0/24 maxlen: 24
                          31.13.229.0/24 maxlen: 24
                          93.123.103.0/24 maxlen: 24
                          87.120.9.0/24 maxlen: 24
                          87.121.4.0/24 maxlen: 24
                          87.121.5.0/24 maxlen: 24
                          2a05:140::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:14:43:21:34:8c:bd:00:57:ea:56:9f:34:29:54:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fe3491042ef31dcc6e0ad8e55cbe149dd0c3182
        Validity
            Not Before: Jan  1 16:04:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72b462f36a5260f9378e384059eb0315e706e11d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c3:b6:eb:4c:e1:fa:73:84:5b:74:bd:90:0a:
                    bd:02:8d:c8:2a:7f:95:8e:67:37:73:b7:37:b7:40:
                    60:1a:4a:70:55:7b:5d:4d:20:38:0d:c1:a8:15:1b:
                    a4:34:4b:87:18:c9:19:bc:57:33:76:4d:00:62:21:
                    dc:5a:06:60:a1:50:24:0c:9a:7a:89:e4:e7:cc:60:
                    62:f6:1b:3e:ab:53:c7:2e:89:8a:2c:7a:5c:7a:61:
                    84:db:b7:b5:c1:c6:6f:76:29:95:34:5c:93:17:50:
                    78:96:da:a7:68:9f:d1:68:7a:36:fd:0d:48:de:56:
                    bc:12:3f:33:3b:5a:fd:e0:01:d7:85:f9:af:31:72:
                    59:e7:fe:22:92:bb:86:28:cd:45:8a:0d:64:69:ed:
                    24:13:a2:17:3e:61:a6:0d:1f:0e:92:96:2c:9b:93:
                    79:65:9d:21:ce:d5:e2:f0:c1:be:8b:31:0a:9a:59:
                    53:ea:8b:cf:38:73:fa:2e:b6:84:56:51:de:88:b0:
                    a4:36:58:29:e1:70:22:fb:9b:f5:ae:83:7e:46:41:
                    33:45:04:3a:07:1c:64:a9:42:85:93:33:d9:e1:67:
                    37:15:4f:69:b0:58:ff:51:7c:14:b3:14:94:7b:38:
                    61:f3:25:5f:b6:71:31:94:ca:8f:b3:9f:22:96:f2:
                    7c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B4:62:F3:6A:52:60:F9:37:8E:38:40:59:EB:03:15:E7:06:E1:1D
            X509v3 Authority Key Identifier:
                keyid:6F:E3:49:10:42:EF:31:DC:C6:E0:AD:8E:55:CB:E1:49:DD:0C:31:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b-NJEELvMdzG4K2OVcvhSd0MMYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/f89bf0-3d6f-4b4d-bf42-c78bd228a91d/1/crRi82pSYPk3jjhAWesDFecG4R0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/f89bf0-3d6f-4b4d-bf42-c78bd228a91d/1/b-NJEELvMdzG4K2OVcvhSd0MMYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.215.0/24
                  31.13.228.0/23
                  37.60.137.0/24
                  87.120.9.0/24
                  87.120.90.0/24
                  87.121.4.0/23
                  87.121.120.0/24
                  93.123.21.0/24
                  93.123.103.0/24
                  94.156.9.0/24
                  94.156.13.0/24
                  94.156.46.0/23
                  178.211.146.0/24
                IPv6:
                  2a05:140::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:9c:51:f3:31:a7:9f:b5:c4:91:09:05:b1:56:4f:52:7d:da:
         c0:78:89:c3:e3:24:c5:61:df:89:bf:d9:35:95:86:9c:96:c2:
         98:f4:84:88:44:a3:c7:49:b9:78:c1:fa:5b:1e:8a:95:67:ef:
         14:a0:2f:76:9e:b4:93:aa:68:77:30:b2:b9:6c:ac:65:b7:8a:
         8f:5f:ac:c6:e2:4d:ee:58:23:ec:b5:cd:73:53:cf:5b:78:f2:
         a1:ac:0b:14:f4:4c:e6:cd:fe:6b:89:1b:83:4e:b2:0f:3f:56:
         31:95:d2:24:ff:f5:a5:1e:18:a6:13:b1:e0:5d:b9:70:52:67:
         39:1f:09:e3:9d:d3:80:e6:c9:ff:cf:f3:45:30:76:9c:cb:8e:
         27:14:79:5e:a2:d6:32:0b:51:dc:e3:96:33:cc:a3:5a:b5:70:
         6f:c3:2e:d6:82:93:97:d4:17:00:b1:df:44:20:a7:00:f1:e5:
         15:b9:05:80:1d:bb:71:c0:31:64:1e:0c:3b:ca:79:02:22:81:
         71:9c:7e:f4:1a:18:1f:2e:e5:32:f1:86:b1:9b:f5:94:72:d8:
         cf:31:a1:45:71:77:d0:04:46:af:60:81:e7:97:8d:e7:89:1f:
         77:37:c5:f7:0c:f2:13:b9:a9:7d:c2:ff:d9:bc:0d:71:83:06:
         40:f5:e4:a8
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYVuFEMhNIy9AFfqVp80KVQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZTM0OTEwNDJlZjMxZGNjNmUwYWQ4ZTU1Y2JlMTQ5ZGQw
YzMxODIwHhcNMjMwMTAxMTYwNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmI0NjJmMzZhNTI2MGY5Mzc4ZTM4NDA1OWViMDMxNWU3MDZlMTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8O260zh+nOEW3S9kAq9Ao3IKn+V
jmc3c7c3t0BgGkpwVXtdTSA4DcGoFRukNEuHGMkZvFczdk0AYiHcWgZgoVAkDJp6
ieTnzGBi9hs+q1PHLomKLHpcemGE27e1wcZvdimVNFyTF1B4ltqnaJ/RaHo2/Q1I
3la8Ej8zO1r94AHXhfmvMXJZ5/4ikruGKM1Fig1kae0kE6IXPmGmDR8OkpYsm5N5
ZZ0hztXi8MG+izEKmllT6ovPOHP6LraEVlHeiLCkNlgp4XAi+5v1roN+RkEzRQQ6
BxxkqUKFkzPZ4Wc3FU9psFj/UXwUsxSUezhh8yVftnExlMqPs58ilvJ88wIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFHK0YvNqUmD5N444QFnrAxXnBuEdMB8GA1UdIwQY
MBaAFG/jSRBC7zHcxuCtjlXL4UndDDGCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYi1OSkVFTHZNZHpHNEsyT1ZjdmhTZDBNTVlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9mODliZjAtM2Q2Zi00YjRkLWJmNDIt
Yzc4YmQyMjhhOTFkLzEvY3JSaTgycFNZUGszampoQVdlc0RGZWNHNFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9mODliZjAtM2Q2Zi00YjRkLWJmNDItYzc4YmQyMjhhOTFk
LzEvYi1OSkVFTHZNZHpHNEsyT1ZjdmhTZDBNTVlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQAHw3XAwQB
Hw3kAwQAJTyJAwQAV3gJAwQAV3haAwQBV3kEAwQAV3l4AwQAXXsVAwQAXXtnAwQA
XpwJAwQAXpwNAwQBXpwuAwQAstOSMA0EAgACMAcDBQMqBQFAMA0GCSqGSIb3DQEB
CwUAA4IBAQBxnFHzMaeftcSRCQWxVk9SfdrAeInD4yTFYd+Jv9k1lYaclsKY9ISI
RKPHSbl4wfpbHoqVZ+8UoC92nrSTqmh3MLK5bKxlt4qPX6zG4k3uWCPstc1zU89b
ePKhrAsU9Ezmzf5riRuDTrIPP1YxldIk//WlHhimE7HgXblwUmc5HwnjndOA5sn/
z/NFMHacy44nFHleotYyC1Hc45YzzKNatXBvwy7WgpOX1BcAsd9EIKcA8eUVuQWA
HbtxwDFkHgw7ynkCIoFxnH70GhgfLuUy8Yaxm/WUctjPMaFFcXfQBEavYIHnl43n
iR93N8X3DPITual9wv/ZvA1xgwZA9eSo
-----END CERTIFICATE-----