Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/tHlaSsBXC53ufU7Is2m78RVjazA.roa
File:                     tHlaSsBXC53ufU7Is2m78RVjazA.roa (raw, json)
Hash identifier:          2it8fyg69G+AWxzk7R/EtUC9BwOd9l6O6y3rsoU2LdM=
Subject key identifier:   B4:79:5A:4A:C0:57:0B:9D:EE:7D:4E:C8:B3:69:BB:F1:15:63:6B:30
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018AF0EAC3CFCE77AC983EB49542672BC3B9
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/tHlaSsBXC53ufU7Is2m78RVjazA.roa
Signing time:             Mon 02 Oct 2023 15:03:51 +0000
ROA not before:           Mon 02 Oct 2023 15:03:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.222.30.0/23 maxlen: 24
                          185.225.22.0/24 maxlen: 24
                          185.218.101.0/24 maxlen: 24
                          185.230.52.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          185.214.100.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          185.251.229.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.223.80.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f0:ea:c3:cf:ce:77:ac:98:3e:b4:95:42:67:2b:c3:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct  2 15:03:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b4795a4ac0570b9dee7d4ec8b369bbf115636b30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:02:5a:0a:b8:61:36:d1:26:ac:5f:e4:47:97:
                    f2:0d:0e:59:29:25:60:6c:c8:72:36:d5:1c:8c:29:
                    5e:f3:e5:07:f0:98:bc:44:70:c5:df:3e:ee:db:ad:
                    4f:a4:46:7d:5c:c8:08:df:ab:ad:05:ea:ea:82:5b:
                    fe:91:15:cf:f6:aa:6e:8f:ff:bb:31:45:42:17:d8:
                    c6:10:97:b6:61:71:87:34:76:a0:8b:b2:28:23:4c:
                    39:2b:97:6a:30:50:a8:87:8d:6e:6f:4d:0d:47:8f:
                    05:55:62:12:ca:3c:b6:c4:fc:d2:aa:84:17:d9:a7:
                    a2:f1:54:26:c6:f4:d8:ee:f3:81:e3:30:16:18:7f:
                    45:99:4d:60:0f:0e:bb:43:4e:eb:91:36:ed:aa:b4:
                    a6:74:28:db:47:78:6d:58:8f:5b:31:42:55:0b:b2:
                    b1:41:1a:c4:97:4b:b8:00:9c:cf:bf:54:ef:04:b8:
                    53:dd:bf:7e:84:88:e1:a6:e1:22:5c:da:10:8a:60:
                    0a:a4:d4:04:94:5b:40:d5:fe:a3:5e:26:d2:00:a8:
                    16:93:6d:e6:22:ad:27:23:5c:73:48:d9:04:a7:ba:
                    43:c8:80:a7:3c:cf:a8:9a:63:28:61:f6:67:0c:5b:
                    9c:77:42:0e:07:c5:2b:80:11:27:fb:8d:d4:cb:90:
                    91:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:79:5A:4A:C0:57:0B:9D:EE:7D:4E:C8:B3:69:BB:F1:15:63:6B:30
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/tHlaSsBXC53ufU7Is2m78RVjazA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.147.224.0/24
                  185.214.100.0/24
                  185.218.101.0/24
                  185.220.250.0/23
                  185.222.30.0/23
                  185.223.80.0/24
                  185.225.0.0/23
                  185.225.22.0/24
                  185.230.52.0/24
                  185.251.229.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:27:9e:95:4c:33:90:0c:35:f8:b5:ca:8d:83:ca:ea:63:7a:
         9c:05:03:ba:f6:e1:9f:7b:1b:17:14:bb:4e:64:d4:73:7c:cf:
         13:33:58:0f:6c:4d:7e:2b:13:e8:5a:10:da:27:25:05:b4:6b:
         ac:06:28:b8:6d:07:eb:9e:d9:f4:f0:50:bf:47:6b:b2:1b:5c:
         7e:66:88:db:28:eb:e5:a7:6f:0e:83:f9:f6:f5:6a:f1:7b:4c:
         a4:5b:b5:6a:0a:d7:bb:dc:6e:c3:b5:5c:50:9d:73:62:78:f4:
         3c:43:0c:17:c5:2e:20:4a:ab:a7:71:e9:bc:f5:9d:1d:a4:59:
         7d:77:ae:39:56:2c:90:13:09:bd:ec:1d:df:b4:81:2b:ec:e4:
         df:9a:7b:2f:40:a7:e3:01:a5:7a:3d:d8:46:13:c1:96:78:fb:
         ee:04:02:30:b4:e1:19:c7:b2:4e:10:0a:41:ab:d8:87:50:dd:
         c7:cc:e9:9d:8a:ec:5e:35:97:02:a3:34:b7:98:73:dd:f6:62:
         67:c5:44:98:46:9e:db:4e:0c:62:be:8d:c8:c2:b4:99:c6:04:
         4d:0f:51:d0:af:0b:d9:09:26:3e:e4:03:ff:f6:7c:34:a0:f6:
         13:ae:1b:7c:7f:c5:7a:d8:63:25:ba:30:3c:4e:0c:7d:b1:25:
         dd:82:9a:0b
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYrw6sPPznesmD60lUJnK8O5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMDAyMTUwMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDc5NWE0YWMwNTcwYjlkZWU3ZDRlYzhiMzY5YmJmMTE1NjM2YjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwJaCrhhNtEmrF/kR5fyDQ5ZKSVg
bMhyNtUcjCle8+UH8Ji8RHDF3z7u261PpEZ9XMgI36utBerqglv+kRXP9qpuj/+7
MUVCF9jGEJe2YXGHNHagi7IoI0w5K5dqMFCoh41ub00NR48FVWISyjy2xPzSqoQX
2aei8VQmxvTY7vOB4zAWGH9FmU1gDw67Q07rkTbtqrSmdCjbR3htWI9bMUJVC7Kx
QRrEl0u4AJzPv1TvBLhT3b9+hIjhpuEiXNoQimAKpNQElFtA1f6jXibSAKgWk23m
Iq0nI1xzSNkEp7pDyICnPM+ommMoYfZnDFucd0IOB8UrgBEn+43Uy5CRpwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLR5WkrAVwud7n1OyLNpu/EVY2swMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdEhsYVNzQlhDNTN1ZlU3SXMybTc4UlZqYXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQgVAwQA
LZPgAwQAudZkAwQAudplAwQBudz6AwQBud4eAwQAud9QAwQBueEAAwQAueEWAwQA
ueY0AwQAufvlAwQBwTqSMA0GCSqGSIb3DQEBCwUAA4IBAQBsJ56VTDOQDDX4tcqN
g8rqY3qcBQO69uGfexsXFLtOZNRzfM8TM1gPbE1+KxPoWhDaJyUFtGusBii4bQfr
ntn08FC/R2uyG1x+ZojbKOvlp28Og/n29Wrxe0ykW7VqCte73G7DtVxQnXNiePQ8
QwwXxS4gSquncem89Z0dpFl9d645ViyQEwm97B3ftIEr7OTfmnsvQKfjAaV6PdhG
E8GWePvuBAIwtOEZx7JOEApBq9iHUN3HzOmdiuxeNZcCozS3mHPd9mJnxUSYRp7b
Tgxivo3IwrSZxgRND1HQrwvZCSY+5AP/9nw0oPYTrht8f8V62GMlujA8Tgx9sSXd
gpoL
-----END CERTIFICATE-----