Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/BWGEYsy3PFJfHXN6yEdBtVXim2k.roa
File:                     BWGEYsy3PFJfHXN6yEdBtVXim2k.roa (raw, json)
Hash identifier:          NRxwED0ptyPWVDqC54rgHrfc/TseT87iw9urNNRc0Rg=
Subject key identifier:   05:61:84:62:CC:B7:3C:52:5F:1D:73:7A:C8:47:41:B5:55:E2:9B:69
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018909AC0B76501AC53E2CD015DAEAFB9943
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/BWGEYsy3PFJfHXN6yEdBtVXim2k.roa
Signing time:             Fri 30 Jun 2023 00:20:17 +0000
ROA not before:           Fri 30 Jun 2023 00:20:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        62.72.162.0/24 maxlen: 24
                          62.72.163.0/24 maxlen: 24
                          62.72.161.0/24 maxlen: 24
                          62.72.169.0/24 maxlen: 24
                          62.72.170.0/24 maxlen: 24
                          62.72.177.0/24 maxlen: 24
                          62.72.179.0/24 maxlen: 24
                          62.72.184.0/24 maxlen: 24
                          62.72.181.0/24 maxlen: 24
                          62.72.182.0/24 maxlen: 24
                          62.72.191.0/24 maxlen: 24
                          62.72.187.0/24 maxlen: 24
                          62.72.188.0/24 maxlen: 24
                          62.72.189.0/24 maxlen: 24
                          81.21.12.0/24 maxlen: 24
                          81.21.12.0/22 maxlen: 24
                          81.21.13.0/24 maxlen: 24
                          81.21.14.0/24 maxlen: 24
                          81.21.15.0/24 maxlen: 24
                          176.57.63.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:09:ac:0b:76:50:1a:c5:3e:2c:d0:15:da:ea:fb:99:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jun 30 00:20:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=05618462ccb73c525f1d737ac84741b555e29b69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ba:0e:9e:ca:52:51:c7:8b:c9:79:74:1a:b7:
                    2f:d5:f0:0c:90:97:46:10:05:6c:f1:ab:77:b4:88:
                    d6:4a:b1:fe:7c:df:04:b4:8b:ca:2f:1c:94:9a:1b:
                    27:44:52:38:8d:8b:65:8f:18:b2:e7:a3:24:c1:85:
                    18:03:c7:09:d8:ae:d6:08:c8:b0:e6:99:07:aa:70:
                    4d:d4:41:6a:05:af:29:03:15:34:05:f5:de:b9:6d:
                    d8:9f:95:1f:01:a8:cd:61:f2:7a:82:6e:08:6a:29:
                    3e:05:0a:c2:d4:57:f8:34:6d:a0:01:a0:b5:2c:2d:
                    bd:49:db:96:4a:26:70:7d:2e:38:36:68:97:36:67:
                    b3:50:17:2d:d2:ce:de:2c:41:ee:56:ba:e5:79:37:
                    8d:75:70:19:64:1f:86:7f:80:d4:f4:88:e9:b2:30:
                    85:15:12:5b:aa:cd:be:01:8a:47:1d:8e:5b:99:87:
                    32:3b:71:2b:22:2b:df:5f:cc:c4:36:cf:e5:e7:25:
                    1a:16:d0:45:ce:72:29:f6:22:8e:2a:9d:bd:96:e6:
                    64:92:70:f7:e1:49:6f:02:e0:72:5e:2c:cb:9f:96:
                    1f:ea:49:f8:79:6a:ca:cc:98:7a:d1:f3:f0:d6:93:
                    c4:b9:97:96:2d:23:bc:58:80:6e:b4:1f:b2:3f:90:
                    06:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:61:84:62:CC:B7:3C:52:5F:1D:73:7A:C8:47:41:B5:55:E2:9B:69
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/BWGEYsy3PFJfHXN6yEdBtVXim2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.161.0-62.72.163.255
                  62.72.169.0-62.72.170.255
                  62.72.177.0/24
                  62.72.179.0/24
                  62.72.181.0-62.72.182.255
                  62.72.184.0/24
                  62.72.187.0-62.72.189.255
                  62.72.191.0/24
                  81.21.12.0/22
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:3b:c4:0b:34:e4:9d:c6:71:6c:62:12:71:46:f7:45:61:d9:
         81:b4:cb:21:a9:40:92:b8:00:d6:6b:3c:d1:f6:c1:2f:8e:a6:
         3a:0f:d0:10:8e:a6:92:27:76:be:5b:18:d2:1b:40:a8:c1:16:
         62:ab:a0:df:91:ef:e9:45:a7:6e:ec:37:5a:78:30:2c:8d:67:
         3d:19:80:d1:02:84:df:7e:67:7b:99:f8:af:2a:26:38:6c:4d:
         b4:23:e6:e3:b2:1d:5d:2c:c5:9e:54:6b:c6:29:95:2d:e8:fc:
         ca:9c:0e:34:37:b7:cd:91:34:ac:45:90:9f:34:81:3a:ab:4c:
         b0:45:f3:8a:11:63:20:c8:e1:4a:5e:74:9c:d1:ee:df:65:ff:
         c9:42:3e:c8:33:6a:88:9b:63:2a:8c:c4:5f:dd:67:b5:76:a3:
         29:e3:21:62:dd:a3:2e:b1:3d:f2:d1:36:e4:f2:c1:44:92:ae:
         3c:8c:da:8d:a1:90:4c:14:8c:32:15:44:1c:d0:fa:ff:03:7b:
         e1:f3:ce:ad:0a:1d:7a:90:cb:8b:0e:53:d0:a4:da:4f:8e:d0:
         bf:32:be:71:a7:29:e6:2c:a2:88:01:9e:96:30:37:1e:85:9b:
         a0:70:b9:56:89:aa:38:55:80:0b:9f:0d:51:28:f3:c3:ea:7c:
         90:bb:aa:a0
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYkJrAt2UBrFPizQFdrq+5lDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjMwNjMwMDAyMDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTYxODQ2MmNjYjczYzUyNWYxZDczN2FjODQ3NDFiNTU1ZTI5YjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4boOnspSUceLyXl0Grcv1fAMkJdG
EAVs8at3tIjWSrH+fN8EtIvKLxyUmhsnRFI4jYtljxiy56MkwYUYA8cJ2K7WCMiw
5pkHqnBN1EFqBa8pAxU0BfXeuW3Yn5UfAajNYfJ6gm4Iaik+BQrC1Ff4NG2gAaC1
LC29SduWSiZwfS44NmiXNmezUBct0s7eLEHuVrrleTeNdXAZZB+Gf4DU9IjpsjCF
FRJbqs2+AYpHHY5bmYcyO3ErIivfX8zENs/l5yUaFtBFznIp9iKOKp29luZkknD3
4UlvAuByXizLn5Yf6kn4eWrKzJh60fPw1pPEuZeWLSO8WIButB+yP5AGSQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFAVhhGLMtzxSXx1zeshHQbVV4ptpMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvQldHRVlzeTNQRkpmSFhONnlFZEJ0VlhpbTJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcMAwDBAA+SKED
BAI+SKAwDAMEAD5IqQMEAD5IqgMEAD5IsQMEAD5IszAMAwQAPki1AwQAPki2AwQA
Pki4MAwDBAA+SLsDBAE+SLwDBAA+SL8DBAJRFQwDBACwOT8wDQYJKoZIhvcNAQEL
BQADggEBAHc7xAs05J3GcWxiEnFG90Vh2YG0yyGpQJK4ANZrPNH2wS+OpjoP0BCO
ppIndr5bGNIbQKjBFmKroN+R7+lFp27sN1p4MCyNZz0ZgNEChN9+Z3uZ+K8qJjhs
TbQj5uOyHV0sxZ5Ua8YplS3o/MqcDjQ3t82RNKxFkJ80gTqrTLBF84oRYyDI4Upe
dJzR7t9l/8lCPsgzaoibYyqMxF/dZ7V2oynjIWLdoy6xPfLRNuTywUSSrjyM2o2h
kEwUjDIVRBzQ+v8De+Hzzq0KHXqQy4sOU9Ck2k+O0L8yvnGnKeYsoogBnpYwNx6F
m6BwuVaJqjhVgAufDVEo88PqfJC7qqA=
-----END CERTIFICATE-----