Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/Aph4XTqBXS8v_2jj6V8cwej0yG8.roa
File:                     Aph4XTqBXS8v_2jj6V8cwej0yG8.roa (raw, json)
Hash identifier:          NohosGUfnZpfbVzj5PhD1MnRlo9oEYYtxh7dGuglVTI=
Subject key identifier:   02:98:78:5D:3A:81:5D:2F:2F:FF:68:E3:E9:5F:1C:C1:E8:F4:C8:6F
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       0189D6FB44FB6A8BEC76981CC680ABB5001B
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/Aph4XTqBXS8v_2jj6V8cwej0yG8.roa
Signing time:             Tue 08 Aug 2023 21:08:58 +0000
ROA not before:           Tue 08 Aug 2023 21:08:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     398373
IP address blocks:        85.153.68.0/22 maxlen: 22
                          85.153.66.0/24 maxlen: 24
                          85.153.65.0/24 maxlen: 24
                          85.153.67.0/24 maxlen: 24
                          85.153.12.0/22 maxlen: 22
                          85.153.24.0/22 maxlen: 22
                          85.153.29.0/24 maxlen: 24
                          85.153.32.0/24 maxlen: 24
                          85.153.34.0/24 maxlen: 24
                          85.153.35.0/24 maxlen: 24
                          85.153.36.0/22 maxlen: 22
                          85.153.41.0/24 maxlen: 24
                          85.153.42.0/24 maxlen: 24
                          85.153.40.0/24 maxlen: 24
                          85.153.52.0/22 maxlen: 22
                          85.153.59.0/24 maxlen: 24
                          85.153.60.0/22 maxlen: 22
                          85.153.4.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d6:fb:44:fb:6a:8b:ec:76:98:1c:c6:80:ab:b5:00:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Aug  8 21:08:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0298785d3a815d2f2fff68e3e95f1cc1e8f4c86f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ed:76:3f:ad:2c:82:e3:bd:a5:2f:49:91:a7:
                    9b:be:a0:4a:bc:2d:c6:02:92:13:5a:c7:9b:82:37:
                    0e:fb:cb:4f:b8:51:5e:2d:77:58:a4:69:a7:75:00:
                    c4:31:96:bc:b2:12:c3:bd:93:1d:8c:54:af:5d:ae:
                    95:c7:94:cc:aa:27:33:29:35:b3:39:4e:98:a5:e5:
                    78:20:0d:f4:5b:ab:f7:22:59:2d:57:77:6e:7d:2f:
                    24:9c:92:cb:f8:3f:cf:2e:e5:b1:78:dd:15:74:0e:
                    1b:68:5b:f6:2d:75:f1:55:fe:85:14:27:26:82:bc:
                    8d:06:1f:34:a2:3c:44:b3:03:78:6c:a3:21:67:1f:
                    39:68:17:27:79:e2:e4:e3:b9:5d:b5:e9:ba:63:0a:
                    42:77:0a:06:4d:40:30:9c:40:62:ac:ad:46:3f:7d:
                    dd:70:66:0a:7e:0e:50:7c:08:d6:c1:df:d9:99:bf:
                    e0:fb:93:81:d5:b0:c9:11:53:60:8c:9c:39:bc:91:
                    bf:bc:e5:45:6f:00:8d:a3:66:d2:73:1f:00:a0:12:
                    af:48:3e:bc:02:54:fe:87:c9:74:6d:1d:9c:da:7f:
                    fe:78:c4:e4:59:91:0d:34:65:55:a9:e8:3a:9e:2c:
                    3f:c7:90:f4:aa:85:71:16:15:a6:0f:ad:de:d7:9e:
                    3e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:98:78:5D:3A:81:5D:2F:2F:FF:68:E3:E9:5F:1C:C1:E8:F4:C8:6F
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/Aph4XTqBXS8v_2jj6V8cwej0yG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.4.0/24
                  85.153.12.0/22
                  85.153.24.0/22
                  85.153.29.0/24
                  85.153.32.0/24
                  85.153.34.0-85.153.42.255
                  85.153.52.0/22
                  85.153.59.0-85.153.63.255
                  85.153.65.0-85.153.71.255

    Signature Algorithm: sha256WithRSAEncryption
         7a:6f:69:59:13:20:1f:5f:45:9c:53:5f:1b:09:43:d9:f7:82:
         b4:10:96:9d:f2:a9:e6:91:5d:34:d2:9c:b4:c5:db:fe:b5:fd:
         56:46:f0:51:1e:b8:cd:85:cd:bc:38:03:00:59:d4:51:37:72:
         d0:2a:6e:ae:03:f9:e4:0f:cb:8a:04:0e:56:51:ac:dc:1d:ad:
         dd:2b:fa:b4:20:f8:8a:74:21:1f:63:84:b8:ff:f8:88:bf:35:
         88:06:da:f1:bc:fd:27:4d:3e:93:d7:c6:9d:e0:d9:16:56:c6:
         2a:c2:a3:17:21:1a:56:d9:29:c4:15:a4:ac:2e:5e:69:a4:18:
         81:fc:59:69:7e:42:57:e3:f0:c5:52:d9:27:1f:06:5f:9c:22:
         ef:32:d5:de:42:5b:b0:c7:7f:b5:f2:92:43:d4:4f:7a:c8:08:
         72:54:fb:ed:32:38:d7:1e:0e:1f:d7:a6:55:8a:02:e0:e7:33:
         df:22:55:8b:16:27:af:00:fd:a0:13:d4:38:bb:d4:95:80:5e:
         ca:22:14:36:62:c6:ad:66:25:9a:91:90:1e:42:9f:90:d6:d1:
         25:9f:0d:00:cd:5d:e6:0d:f2:43:6a:85:67:85:ab:78:d1:fa:
         0e:51:26:08:0c:23:02:37:16:e0:7a:62:0e:d4:cb:19:b0:e8:
         43:15:be:72
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYnW+0T7aovsdpgcxoCrtQAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjMwODA4MjEwODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjk4Nzg1ZDNhODE1ZDJmMmZmZjY4ZTNlOTVmMWNjMWU4ZjRjODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuu12P60sguO9pS9JkaebvqBKvC3G
ApITWsebgjcO+8tPuFFeLXdYpGmndQDEMZa8shLDvZMdjFSvXa6Vx5TMqiczKTWz
OU6YpeV4IA30W6v3IlktV3dufS8knJLL+D/PLuWxeN0VdA4baFv2LXXxVf6FFCcm
gryNBh80ojxEswN4bKMhZx85aBcneeLk47ldtem6YwpCdwoGTUAwnEBirK1GP33d
cGYKfg5QfAjWwd/Zmb/g+5OB1bDJEVNgjJw5vJG/vOVFbwCNo2bScx8AoBKvSD68
AlT+h8l0bR2c2n/+eMTkWZENNGVVqeg6niw/x5D0qoVxFhWmD63e154+/QIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFAKYeF06gV0vL/9o4+lfHMHo9MhvMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvQXBoNFhUcUJYUzh2XzJqajZWOGN3ZWoweUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAVZkEAwQC
VZkMAwQCVZkYAwQAVZkdAwQAVZkgMAwDBAFVmSIDBABVmSoDBAJVmTQwDAMEAFWZ
OwMEBlWZADAMAwQAVZlBAwQDVZlAMA0GCSqGSIb3DQEBCwUAA4IBAQB6b2lZEyAf
X0WcU18bCUPZ94K0EJad8qnmkV000py0xdv+tf1WRvBRHrjNhc28OAMAWdRRN3LQ
Km6uA/nkD8uKBA5WUazcHa3dK/q0IPiKdCEfY4S4//iIvzWIBtrxvP0nTT6T18ad
4NkWVsYqwqMXIRpW2SnEFaSsLl5ppBiB/FlpfkJX4/DFUtknHwZfnCLvMtXeQluw
x3+18pJD1E96yAhyVPvtMjjXHg4f16ZVigLg5zPfIlWLFievAP2gE9Q4u9SVgF7K
IhQ2YsatZiWakZAeQp+Q1tElnw0AzV3mDfJDaoVnhat40foOUSYIDCMCNxbgemIO
1MsZsOhDFb5y
-----END CERTIFICATE-----