Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/gDhAKaK248cIWQJP-K3LohKW2wg.roa
File:                     gDhAKaK248cIWQJP-K3LohKW2wg.roa (raw, json)
Hash identifier:          KCS0lYvh6gJ0L7KF7MfLXynghfwgEt9ZBfsgHIE6I9Y=
Subject key identifier:   80:38:40:29:A2:B6:E3:C7:08:59:02:4F:F8:AD:CB:A2:12:96:DB:08
Certificate issuer:       /CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
Certificate serial:       01857693499A2445FF0B80C95955763AB6A7
Authority key identifier: A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/gDhAKaK248cIWQJP-K3LohKW2wg.roa
Signing time:             Tue 03 Jan 2023 07:40:42 +0000
ROA not before:           Tue 03 Jan 2023 07:40:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     680
IP address blocks:        192.129.28.0/23 maxlen: 23
                          192.129.31.0/24 maxlen: 24
                          192.129.26.0/23 maxlen: 23
                          141.39.0.0/16 maxlen: 16
                          192.76.176.0/24 maxlen: 24
                          188.1.0.0/16 maxlen: 16
                          195.37.0.0/16 maxlen: 16
                          192.108.71.0/24 maxlen: 24
                          192.108.67.0/24 maxlen: 24
                          192.108.70.0/24 maxlen: 24
                          192.108.69.0/24 maxlen: 24
                          193.174.0.0/15 maxlen: 15
                          194.94.0.0/15 maxlen: 15
                          212.201.0.0/16 maxlen: 16
                          2001:638::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:76:93:49:9a:24:45:ff:0b:80:c9:59:55:76:3a:b6:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
        Validity
            Not Before: Jan  3 07:40:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=80384029a2b6e3c70859024ff8adcba21296db08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2d:2e:8a:24:40:7e:e4:4a:d8:1a:f4:3b:1b:
                    a4:9d:a0:0b:4c:fe:f3:71:a5:8e:ee:54:31:a7:63:
                    37:be:c1:43:39:3e:dc:14:50:85:25:fe:ff:2f:e2:
                    35:b8:91:bc:dc:05:67:03:c7:af:ee:df:55:0a:79:
                    67:fd:f1:33:d0:2c:14:29:8c:2d:6b:c5:f7:d3:19:
                    30:dc:e2:c3:2e:cf:83:6a:f6:4c:f7:be:22:32:99:
                    b0:ed:9b:bc:a1:cf:40:cb:7d:82:75:10:dd:da:82:
                    db:d2:e3:5a:96:00:62:3d:e7:6e:6f:61:7a:01:5e:
                    b8:ee:be:b2:8b:1f:63:31:fb:90:a6:12:aa:5e:a0:
                    2b:fe:99:2a:67:d1:50:3e:a4:d4:e8:97:1c:6d:76:
                    8c:1c:2e:c2:74:61:25:c7:36:ad:12:a3:a1:78:6d:
                    88:33:d7:ec:4f:a9:81:32:c8:90:99:a9:12:cb:a7:
                    79:2d:0e:74:c4:20:bf:ec:3d:43:24:5b:dd:51:01:
                    15:cc:e2:dd:26:d1:9b:a5:76:d0:28:45:6b:45:ca:
                    fe:dc:ad:44:37:af:2f:de:5e:37:9d:ad:49:cd:d2:
                    22:8f:1f:31:33:2e:6f:6e:82:8b:ae:fb:48:24:2c:
                    0b:17:ef:27:06:ce:a5:d0:87:c4:d3:82:ba:b5:d6:
                    9a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:38:40:29:A2:B6:E3:C7:08:59:02:4F:F8:AD:CB:A2:12:96:DB:08
            X509v3 Authority Key Identifier:
                keyid:A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/gDhAKaK248cIWQJP-K3LohKW2wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.39.0.0/16
                  188.1.0.0/16
                  192.76.176.0/24
                  192.108.67.0/24
                  192.108.69.0-192.108.71.255
                  192.129.26.0-192.129.29.255
                  192.129.31.0/24
                  193.174.0.0/15
                  194.94.0.0/15
                  195.37.0.0/16
                  212.201.0.0/16
                IPv6:
                  2001:638::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:b1:53:d9:59:09:0c:ba:ac:a3:11:73:27:5c:2e:b3:f0:8b:
         06:2e:3b:8b:96:5e:8f:57:4a:dc:08:1d:78:df:7b:e0:2c:d0:
         41:e9:95:9d:e4:98:c9:5b:72:53:58:82:a2:70:96:bd:42:73:
         80:03:97:51:96:9e:2a:da:80:59:f7:a1:f0:c5:e9:6a:a7:11:
         c4:41:1b:f6:62:76:84:ba:50:7f:c9:38:37:17:9d:78:87:a1:
         62:64:e3:4c:7a:4d:1f:54:3f:cb:5c:f8:3d:9a:4c:f6:9d:1b:
         02:6e:1c:df:52:3a:2c:76:40:ba:fd:ee:35:db:f8:2f:cc:a6:
         de:51:9e:82:93:cb:b7:94:03:13:0b:fd:bb:c5:a9:30:30:66:
         85:6e:98:e5:79:80:2b:33:97:c0:d8:86:19:67:eb:9d:e9:53:
         1d:1d:9c:84:df:83:cd:a0:d4:c8:15:b2:9a:88:ec:07:e0:b9:
         d0:f1:d3:94:30:11:ad:d7:41:80:ea:05:9e:2e:3c:5a:62:50:
         98:aa:3a:73:64:23:cf:f1:b2:9d:8e:3a:d3:af:ff:fc:ee:50:
         5e:58:6c:25:20:9e:b9:0a:3e:a8:15:17:06:52:10:e8:5f:13:
         78:33:81:cc:9f:8e:a4:16:84:af:68:da:f1:b6:43:af:24:d1:
         25:77:72:10
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYV2k0maJEX/C4DJWVV2OranMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTk5MDNkYWI4NWY2YTU5NzcyYjNlZGZkNGJmMGU0OTFh
ZjU3YzQwHhcNMjMwMTAzMDc0MDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDM4NDAyOWEyYjZlM2M3MDg1OTAyNGZmOGFkY2JhMjEyOTZkYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjC0uiiRAfuRK2Br0OxuknaALTP7z
caWO7lQxp2M3vsFDOT7cFFCFJf7/L+I1uJG83AVnA8ev7t9VCnln/fEz0CwUKYwt
a8X30xkw3OLDLs+DavZM974iMpmw7Zu8oc9Ay32CdRDd2oLb0uNalgBiPedub2F6
AV647r6yix9jMfuQphKqXqAr/pkqZ9FQPqTU6JccbXaMHC7CdGElxzatEqOheG2I
M9fsT6mBMsiQmakSy6d5LQ50xCC/7D1DJFvdUQEVzOLdJtGbpXbQKEVrRcr+3K1E
N68v3l43na1JzdIijx8xMy5vboKLrvtIJCwLF+8nBs6l0IfE04K6tdaa2wIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFIA4QCmituPHCFkCT/ity6ISltsIMB8GA1UdIwQY
MBaAFKSZkD2rhfall3Kz7f1L8OSRr1fEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQt
NTdlYzEyZTg2NDFlLzEvZ0RoQUthSzI0OGNJV1FKUC1LM0xvaEtXMndnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQtNTdlYzEyZTg2NDFl
LzEvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBSBAIAATBMAwMAjScDAwC8
AQMEAMBMsAMEAMBsQzAMAwQAwGxFAwQDwGxAMAwDBAHAgRoDBAHAgRwDBADAgR8D
AwHBrgMDAcJeAwMAwyUDAwDUyTANBAIAAjAHAwUAIAEGODANBgkqhkiG9w0BAQsF
AAOCAQEAJbFT2VkJDLqsoxFzJ1wus/CLBi47i5Zej1dK3AgdeN974CzQQemVneSY
yVtyU1iConCWvUJzgAOXUZaeKtqAWfeh8MXpaqcRxEEb9mJ2hLpQf8k4NxedeIeh
YmTjTHpNH1Q/y1z4PZpM9p0bAm4c31I6LHZAuv3uNdv4L8ym3lGegpPLt5QDEwv9
u8WpMDBmhW6Y5XmAKzOXwNiGGWfrnelTHR2chN+DzaDUyBWymojsB+C50PHTlDAR
rddBgOoFni48WmJQmKo6c2Qjz/GynY4606///O5QXlhsJSCeuQo+qBUXBlIQ6F8T
eDOBzJ+OpBaEr2ja8bZDryTRJXdyEA==
-----END CERTIFICATE-----