Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/aU_-ugh2cE4iHgy64tbU0i9WMEg.roa
File:                     aU_-ugh2cE4iHgy64tbU0i9WMEg.roa (raw, json)
Hash identifier:          IGjy4QXwoWQg8bCStCuEy53Deb+GRXAG3NxKo2d8UeQ=
Subject key identifier:   69:4F:FE:BA:08:76:70:4E:22:1E:0C:BA:E2:D6:D4:D2:2F:56:30:48
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       018B8B73FBB54F3904FB089E43E792F8D5EA
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/aU_-ugh2cE4iHgy64tbU0i9WMEg.roa
Signing time:             Wed 01 Nov 2023 15:15:15 +0000
ROA not before:           Wed 01 Nov 2023 15:15:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12599
IP address blocks:        212.64.218.0/24 maxlen: 24
                          212.64.220.0/24 maxlen: 24
                          212.64.192.0/24 maxlen: 24
                          212.64.194.0/24 maxlen: 24
                          212.64.197.0/24 maxlen: 24
                          212.64.198.0/24 maxlen: 24
                          212.64.200.0/24 maxlen: 24
                          212.64.204.0/24 maxlen: 24
                          212.64.203.0/24 maxlen: 24
                          212.64.205.0/24 maxlen: 24
                          212.64.206.0/24 maxlen: 24
                          212.64.209.0/24 maxlen: 24
                          212.64.208.0/24 maxlen: 24
                          212.64.212.0/24 maxlen: 24
                          212.64.207.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8b:73:fb:b5:4f:39:04:fb:08:9e:43:e7:92:f8:d5:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Nov  1 15:15:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=694ffeba0876704e221e0cbae2d6d4d22f563048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:43:b8:46:1f:8b:dd:de:6a:b7:d8:1a:c0:14:
                    43:f2:50:b1:d2:33:32:a2:e7:bb:82:45:9f:c1:fc:
                    34:61:33:c2:fc:03:1e:3b:26:62:5d:94:69:fd:f7:
                    69:a0:11:1a:d8:c4:0d:1b:48:ba:e3:d5:e4:f8:08:
                    6f:b0:ab:8d:53:18:bf:db:7e:d8:d7:02:31:8a:3f:
                    c6:a4:5d:ce:d2:a7:6c:e0:d4:f6:fd:78:c8:32:ec:
                    06:12:ba:be:7e:ce:bd:43:d3:1c:67:0b:56:08:5a:
                    c1:4d:67:07:5e:a2:ed:fa:1d:fe:a7:7a:a7:e6:b9:
                    6a:6e:45:28:1c:d4:c8:66:87:c2:87:a7:5c:a8:14:
                    35:43:64:5f:8d:67:4e:af:3c:b7:2e:85:60:27:21:
                    1f:8e:93:f4:c9:b8:d2:87:3e:2d:20:0c:f4:31:69:
                    f6:3d:1c:23:1f:03:67:ba:aa:14:20:5b:61:cb:5f:
                    21:02:54:e9:26:05:70:10:28:c4:b5:e6:29:d9:fa:
                    dc:9a:ee:f0:0c:b8:bb:aa:cd:c2:6a:e6:e3:4e:f1:
                    a3:c9:ef:3b:28:b6:3c:f9:e8:25:98:75:b8:e6:ea:
                    1b:22:76:75:32:30:27:61:ea:ef:f6:2f:75:03:f3:
                    3a:92:f5:9e:48:0f:31:ae:da:15:1b:97:34:b0:2f:
                    e0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:4F:FE:BA:08:76:70:4E:22:1E:0C:BA:E2:D6:D4:D2:2F:56:30:48
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/aU_-ugh2cE4iHgy64tbU0i9WMEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.192.0/24
                  212.64.194.0/24
                  212.64.197.0-212.64.198.255
                  212.64.200.0/24
                  212.64.203.0-212.64.209.255
                  212.64.212.0/24
                  212.64.218.0/24
                  212.64.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:81:d4:d0:41:7b:ee:4d:ad:b2:e9:81:f2:a9:28:c9:ee:b1:
         66:48:ed:9c:00:31:f7:a7:ee:5e:61:db:27:a9:a1:1a:1f:94:
         f0:82:4f:9e:0a:91:cf:28:00:d4:5e:87:c4:9a:0c:ca:bc:03:
         fd:fe:ab:44:d5:5a:d1:f9:1f:39:e8:25:b8:57:f8:60:bf:46:
         2e:a2:b6:86:43:b8:ad:07:61:b8:1b:a7:2e:5d:55:0a:e5:52:
         8d:01:22:4b:a6:75:d9:f0:4f:59:ae:4c:5a:20:2e:0e:91:ab:
         57:6e:78:2b:4c:bf:e7:97:26:5e:8d:dd:81:06:94:ad:61:fc:
         97:1c:cd:c4:bc:dd:9c:82:45:99:1a:fb:af:58:19:fc:18:1d:
         3b:fe:23:8a:46:aa:94:21:3d:34:d7:d1:52:78:bc:4f:f6:f6:
         14:1f:94:15:86:e0:01:1f:1a:9f:b8:e8:65:b5:2e:55:2a:8c:
         8f:b0:4d:db:b6:43:1e:16:f9:ba:a5:a1:c5:8d:dd:7d:16:a8:
         39:76:a8:08:9c:94:23:15:db:e6:b7:d3:94:f7:cf:a1:6b:ac:
         03:0e:fe:01:d7:48:1a:97:2e:82:b9:82:84:6a:2c:76:46:ba:
         d6:50:d7:ad:d8:c4:2d:08:e7:e9:82:48:74:f9:e4:d3:1c:fa:
         d5:37:97:f9
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYuLc/u1TzkE+wieQ+eS+NXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjMxMTAxMTUxNTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTRmZmViYTA4NzY3MDRlMjIxZTBjYmFlMmQ2ZDRkMjJmNTYzMDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUO4Rh+L3d5qt9gawBRD8lCx0jMy
oue7gkWfwfw0YTPC/AMeOyZiXZRp/fdpoBEa2MQNG0i649Xk+AhvsKuNUxi/237Y
1wIxij/GpF3O0qds4NT2/XjIMuwGErq+fs69Q9McZwtWCFrBTWcHXqLt+h3+p3qn
5rlqbkUoHNTIZofCh6dcqBQ1Q2RfjWdOrzy3LoVgJyEfjpP0ybjShz4tIAz0MWn2
PRwjHwNnuqoUIFthy18hAlTpJgVwECjEteYp2frcmu7wDLi7qs3CaubjTvGjye87
KLY8+eglmHW45uobInZ1MjAnYerv9i91A/M6kvWeSA8xrtoVG5c0sC/gBQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFGlP/roIdnBOIh4MuuLW1NIvVjBIMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvYVVfLXVnaDJjRTRpSGd5NjR0YlUwaTlXTUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQA1EDAAwQA
1EDCMAwDBADUQMUDBADUQMYDBADUQMgwDAMEANRAywMEAdRA0AMEANRA1AMEANRA
2gMEANRA3DANBgkqhkiG9w0BAQsFAAOCAQEAjoHU0EF77k2tsumB8qkoye6xZkjt
nAAx96fuXmHbJ6mhGh+U8IJPngqRzygA1F6HxJoMyrwD/f6rRNVa0fkfOegluFf4
YL9GLqK2hkO4rQdhuBunLl1VCuVSjQEiS6Z12fBPWa5MWiAuDpGrV254K0y/55cm
Xo3dgQaUrWH8lxzNxLzdnIJFmRr7r1gZ/BgdO/4jikaqlCE9NNfRUni8T/b2FB+U
FYbgAR8an7joZbUuVSqMj7BN27ZDHhb5uqWhxY3dfRaoOXaoCJyUIxXb5rfTlPfP
oWusAw7+AddIGpcugrmChGosdka61lDXrdjELQjn6YJIdPnk0xz61TeX+Q==
-----END CERTIFICATE-----