Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/3Kk2CSZ_8JpD9lRhfAmiLQJtN2c.roa
File:                     3Kk2CSZ_8JpD9lRhfAmiLQJtN2c.roa (raw, json)
Hash identifier:          yhJ0MqrDAX1Loau6/U3T7jMUbRNxQkUoBDWmZwPY8Cs=
Subject key identifier:   DC:A9:36:09:26:7F:F0:9A:43:F6:54:61:7C:09:A2:2D:02:6D:37:67
Certificate issuer:       /CN=6f5c5712fbbcd832419d4c5884ae3bc3c4a16e7b
Certificate serial:       1025CAF0
Authority key identifier: 6F:5C:57:12:FB:BC:D8:32:41:9D:4C:58:84:AE:3B:C3:C4:A1:6E:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b1xXEvu82DJBnUxYhK47w8Shbns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/3Kk2CSZ_8JpD9lRhfAmiLQJtN2c.roa
Signing time:             Thu 09 Jun 2022 04:54:02 +0000
ROA not before:           Thu 09 Jun 2022 04:54:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     38917
IP address blocks:        185.24.112.0/22 maxlen: 24
                          109.111.64.0/19 maxlen: 24
                          87.255.224.0/20 maxlen: 24
                          87.255.224.0/19 maxlen: 24
                          87.255.240.0/20 maxlen: 24
                          87.255.252.0/24 maxlen: 24
                          217.175.32.0/20 maxlen: 24
                          87.255.248.0/22 maxlen: 24
                          176.110.206.0/23 maxlen: 23
                          176.110.208.0/21 maxlen: 24
                          185.86.112.0/20 maxlen: 24
                          194.32.156.0/22 maxlen: 22
                          2a04:2cc0::/32 maxlen: 32
                          2a04:2cc3::/32 maxlen: 32
                          2a04:2cc5::/32 maxlen: 32
                          2a04:2cc6::/32 maxlen: 32
                          2a04:2cc2::/32 maxlen: 32
                          2a04:2cc1::/32 maxlen: 32
                          2a04:2cc7::/32 maxlen: 32
                          2a04:2cc4::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 270912240 (0x1025caf0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5c5712fbbcd832419d4c5884ae3bc3c4a16e7b
        Validity
            Not Before: Jun  9 04:54:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dca93609267ff09a43f654617c09a22d026d3767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:2b:d8:6c:45:39:ec:38:67:6c:62:38:04:b2:
                    7a:08:f5:48:29:b1:24:86:c3:6d:cb:85:9b:2f:e8:
                    b9:8d:e5:92:6a:55:0d:2e:af:9f:81:b4:fe:44:bd:
                    10:6d:97:02:9c:67:d3:6c:a1:38:c4:77:7b:d7:aa:
                    79:dd:2e:4a:48:03:73:e7:57:ac:67:55:0a:a4:0d:
                    c5:ad:6e:d1:b9:64:11:9b:ef:5b:f4:bf:d4:4f:51:
                    35:22:56:13:36:7a:13:89:c6:bc:1f:2c:70:2b:1c:
                    14:6f:86:e1:dd:8c:4a:67:57:54:f5:b6:dc:08:69:
                    70:06:5a:14:54:3f:ec:bc:14:48:77:e6:ab:9e:e8:
                    b6:f6:4d:b3:55:c8:6c:f9:c9:dd:5f:19:63:f8:26:
                    e1:a9:f2:2d:fa:6a:cf:d6:99:f6:39:4e:01:8f:28:
                    04:a8:e1:ea:9f:4f:ff:d0:12:9d:ee:e4:62:3d:9c:
                    7e:03:ba:4b:c7:55:7c:03:12:47:ce:29:d1:26:82:
                    7d:c6:fa:de:62:26:bf:3f:8b:03:da:1b:a4:78:73:
                    f6:36:c2:a8:2a:e1:b4:5f:e9:98:35:eb:57:75:ed:
                    04:c1:46:42:e5:e3:41:02:0d:d1:5f:18:5f:e6:1b:
                    c6:f3:cd:c6:3d:01:38:ff:3f:e6:cb:1b:ea:7b:a3:
                    32:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A9:36:09:26:7F:F0:9A:43:F6:54:61:7C:09:A2:2D:02:6D:37:67
            X509v3 Authority Key Identifier:
                keyid:6F:5C:57:12:FB:BC:D8:32:41:9D:4C:58:84:AE:3B:C3:C4:A1:6E:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1xXEvu82DJBnUxYhK47w8Shbns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/3Kk2CSZ_8JpD9lRhfAmiLQJtN2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b403cc-4e6c-4fe9-83a1-7550529d847a/1/b1xXEvu82DJBnUxYhK47w8Shbns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.255.224.0/19
                  109.111.64.0/19
                  176.110.206.0-176.110.215.255
                  185.24.112.0/22
                  185.86.112.0/20
                  194.32.156.0/22
                  217.175.32.0/20
                IPv6:
                  2a04:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:62:75:00:43:45:e4:9e:74:23:f4:6a:ae:48:bc:9b:b7:d3:
         00:94:99:07:a9:05:30:1e:84:80:ce:43:df:f9:29:62:23:f3:
         33:09:d2:2e:33:eb:fc:f7:01:bb:0e:67:21:3e:02:da:53:3e:
         2b:58:e4:e9:90:48:b0:50:17:da:d2:c7:a6:70:b3:ab:7f:32:
         f1:94:b2:13:a4:72:65:38:46:89:cd:31:52:55:f5:bd:94:50:
         42:71:90:04:4c:5f:c4:c4:ac:dd:a8:32:3f:96:2a:04:9f:13:
         5f:5d:d5:bd:0a:be:81:37:e0:19:73:88:66:0d:e1:dd:65:6e:
         21:b2:8c:29:40:5f:be:4e:49:50:14:8b:e9:b5:05:95:fd:a6:
         35:79:1c:17:30:53:0e:76:02:63:6e:9d:39:82:ea:66:e9:68:
         38:af:da:fe:c8:f2:82:55:bc:5f:af:83:c6:a2:b6:ef:49:76:
         1b:10:38:6e:49:2a:63:9d:49:1a:bd:ac:2b:c9:01:d1:4a:3b:
         05:62:26:a0:d4:fb:ab:92:fd:a0:be:4e:c9:c0:76:48:cb:fd:
         48:b1:2c:4b:a7:77:6d:13:f5:6f:62:cb:4c:4b:b1:b7:5c:20:
         e8:45:a0:13:85:7d:0a:8b:ac:77:44:d3:08:0d:e3:ec:68:ae:
         f1:b2:37:58
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIEECXK8DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZjVjNTcxMmZiYmNkODMyNDE5ZDRjNTg4NGFlM2JjM2M0YTE2ZTdiMB4XDTIyMDYw
OTA0NTQwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGNhOTM2MDkyNjdm
ZjA5YTQzZjY1NDYxN2MwOWEyMmQwMjZkMzc2NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOcr2GxFOew4Z2xiOASyegj1SCmxJIbDbcuFmy/ouY3lkmpV
DS6vn4G0/kS9EG2XApxn02yhOMR3e9eqed0uSkgDc+dXrGdVCqQNxa1u0blkEZvv
W/S/1E9RNSJWEzZ6E4nGvB8scCscFG+G4d2MSmdXVPW23AhpcAZaFFQ/7LwUSHfm
q57otvZNs1XIbPnJ3V8ZY/gm4anyLfpqz9aZ9jlOAY8oBKjh6p9P/9ASne7kYj2c
fgO6S8dVfAMSR84p0SaCfcb63mImvz+LA9obpHhz9jbCqCrhtF/pmDXrV3XtBMFG
QuXjQQIN0V8YX+YbxvPNxj0BOP8/5ssb6nujMr8CAwEAAaOCAkQwggJAMB0GA1Ud
DgQWBBTcqTYJJn/wmkP2VGF8CaItAm03ZzAfBgNVHSMEGDAWgBRvXFcS+7zYMkGd
TFiErjvDxKFuezAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2IxeFhFdnU4MkRKQm5VeFloSzQ3dzhTaGJucy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDkvYjQwM2NjLTRlNmMtNGZlOS04M2ExLTc1NTA1MjlkODQ3YS8x
LzNLazJDU1pfOEpwRDlsUmhmQW1pTFFKdE4yYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDkv
YjQwM2NjLTRlNmMtNGZlOS04M2ExLTc1NTA1MjlkODQ3YS8xL2IxeFhFdnU4MkRK
Qm5VeFloSzQ3dzhTaGJucy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBa
BggrBgEFBQcBBwEB/wRLMEkwOAQCAAEwMgMEBVf/4AMEBW1vQDAMAwQBsG7OAwQD
sG7QAwQCuRhwAwQEuVZwAwQCwiCcAwQE2a8gMA0EAgACMAcDBQMqBCzAMA0GCSqG
SIb3DQEBCwUAA4IBAQB8YnUAQ0XknnQj9GquSLybt9MAlJkHqQUwHoSAzkPf+Sli
I/MzCdIuM+v89wG7DmchPgLaUz4rWOTpkEiwUBfa0semcLOrfzLxlLITpHJlOEaJ
zTFSVfW9lFBCcZAETF/ExKzdqDI/lioEnxNfXdW9Cr6BN+AZc4hmDeHdZW4hsowp
QF++TklQFIvptQWV/aY1eRwXMFMOdgJjbp05gupm6Wg4r9r+yPKCVbxfr4PGorbv
SXYbEDhuSSpjnUkavawryQHRSjsFYiag1Purkv2gvk7JwHZIy/1IsSxLp3dtE/Vv
YstMS7G3XCDoRaAThX0Ki6x3RNMIDePsaK7xsjdY
-----END CERTIFICATE-----