Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/1-03Vn-eEBF34uwZyHcQHQuF6kb4.roa
File:                     1-03Vn-eEBF34uwZyHcQHQuF6kb4.roa (raw, json)
Hash identifier:          SEy2z22QNjxQUwnPchLhetMoWk3gl26fKHbRwEvI/ro=
Subject key identifier:   FB:4D:D5:9F:E7:84:04:5D:F8:BB:06:72:1D:C4:07:42:E1:7A:91:BE
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018B00AB89CB4C04307838784D81CBA3B909
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/1-03Vn-eEBF34uwZyHcQHQuF6kb4.roa
Signing time:             Thu 05 Oct 2023 16:28:43 +0000
ROA not before:           Thu 05 Oct 2023 16:28:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49902
IP address blocks:        213.223.138.0/24 maxlen: 24
                          213.223.46.0/23 maxlen: 24
                          213.223.45.0/24 maxlen: 24
                          78.120.128.0/21 maxlen: 21
                          195.115.116.0/22 maxlen: 22
                          86.77.160.0/21 maxlen: 21
                          77.143.0.0/16 maxlen: 16
                          77.143.17.0/24 maxlen: 24
                          195.98.112.0/20 maxlen: 20
                          213.222.64.0/18 maxlen: 18
                          84.97.80.0/21 maxlen: 21
                          79.83.224.0/21 maxlen: 21
                          88.142.0.0/20 maxlen: 20
                          109.9.208.0/20 maxlen: 20
                          77.137.224.0/19 maxlen: 19
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:00:ab:89:cb:4c:04:30:78:38:78:4d:81:cb:a3:b9:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Oct  5 16:28:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fb4dd59fe784045df8bb06721dc40742e17a91be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c6:f7:2e:3d:fb:b0:a6:5a:a0:54:0c:95:9e:
                    a9:60:ce:b0:56:4d:fd:ce:f7:2f:f4:2d:de:18:25:
                    62:6e:d6:83:ef:43:eb:d3:a1:35:13:5b:b5:10:dd:
                    9f:ac:e3:e4:68:7f:73:2a:f0:03:5d:17:cb:91:a3:
                    9a:37:ef:d5:70:c6:b5:16:62:ec:4d:f4:e7:f4:32:
                    92:bf:44:76:26:59:c3:bb:cd:02:63:5a:d7:04:3b:
                    a3:4f:3f:98:f1:61:c5:dd:bd:59:b3:f5:a4:ad:28:
                    ea:65:f2:2e:fb:dc:59:41:ab:7b:2f:ca:ce:bf:f9:
                    5b:cd:90:16:4e:a0:d0:0a:1b:72:c2:c0:a3:a0:42:
                    8f:9d:74:68:d7:4f:1a:5a:ac:89:d4:9f:a9:4b:36:
                    be:5e:62:47:6a:cd:b2:4f:18:9d:02:06:ba:09:b6:
                    54:f6:d5:fc:ee:13:b4:aa:13:d4:21:da:7b:b6:de:
                    de:e1:10:40:aa:e5:9e:b9:da:81:53:39:39:d8:61:
                    76:f8:97:5b:a0:bd:13:32:c7:a4:46:85:77:cc:e2:
                    ec:e6:ec:70:37:3d:35:bf:46:ca:48:1d:b9:d9:76:
                    c1:3b:25:78:39:bf:70:f6:0a:5f:38:b8:ae:41:03:
                    6c:eb:b4:27:85:ac:4c:55:f6:70:5b:6a:d1:05:b4:
                    93:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:4D:D5:9F:E7:84:04:5D:F8:BB:06:72:1D:C4:07:42:E1:7A:91:BE
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/1-03Vn-eEBF34uwZyHcQHQuF6kb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.137.224.0/19
                  77.143.0.0/16
                  78.120.128.0/21
                  79.83.224.0/21
                  84.97.80.0/21
                  86.77.160.0/21
                  88.142.0.0/20
                  109.9.208.0/20
                  195.98.112.0/20
                  195.115.116.0/22
                  213.222.64.0/18
                  213.223.45.0-213.223.47.255
                  213.223.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:2f:c0:27:3e:bd:41:65:46:60:2e:7f:4f:b2:e6:a5:61:d8:
         e7:71:63:3c:8c:67:2b:6a:ff:37:58:04:36:28:50:15:05:35:
         cc:2d:b6:aa:5a:35:3b:86:75:e5:d1:8c:46:41:2d:99:9d:17:
         65:fc:44:f2:fc:7e:7a:c2:0c:b5:37:5e:de:fb:0b:cb:e7:6b:
         5f:90:57:5f:92:bc:29:b1:d7:8e:de:36:5e:aa:13:d2:72:54:
         76:ba:7c:b0:5b:42:3e:95:2a:65:41:d1:ec:ce:64:12:c8:b2:
         92:16:51:86:cc:12:b4:64:72:12:d4:1f:3d:3c:7b:f9:6d:0e:
         67:08:60:69:65:ba:86:05:5b:90:69:55:6e:85:2a:b6:7b:d3:
         c8:71:28:18:53:d3:1a:f9:d1:1a:33:b3:60:30:90:ee:c7:ea:
         79:67:f4:7d:b3:23:b3:16:41:38:f3:a0:ef:5b:7f:2c:13:ac:
         7c:22:a2:2d:5d:88:fc:d8:8c:e7:98:c1:c9:c9:a0:40:41:7e:
         5d:00:c9:06:6c:5b:e7:56:22:aa:b1:fd:60:15:13:b0:51:be:
         78:ad:53:1c:a2:ee:72:26:bd:c8:bf:fb:45:be:f6:47:e5:29:
         e1:f0:53:6e:b2:85:56:54:83:63:b3:50:b4:b9:ba:8b:c5:55:
         59:e4:68:2a
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYsAq4nLTAQweDh4TYHLo7kJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjMxMDA1MTYyODQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjRkZDU5ZmU3ODQwNDVkZjhiYjA2NzIxZGM0MDc0MmUxN2E5MWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8b3Lj37sKZaoFQMlZ6pYM6wVk39
zvcv9C3eGCVibtaD70Pr06E1E1u1EN2frOPkaH9zKvADXRfLkaOaN+/VcMa1FmLs
TfTn9DKSv0R2JlnDu80CY1rXBDujTz+Y8WHF3b1Zs/WkrSjqZfIu+9xZQat7L8rO
v/lbzZAWTqDQChtywsCjoEKPnXRo108aWqyJ1J+pSza+XmJHas2yTxidAga6CbZU
9tX87hO0qhPUIdp7tt7e4RBAquWeudqBUzk52GF2+JdboL0TMsekRoV3zOLs5uxw
Nz01v0bKSB252XbBOyV4Ob9w9gpfOLiuQQNs67QnhaxMVfZwW2rRBbST1wIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFPtN1Z/nhARd+LsGch3EB0LhepG+MB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvMS0wM1ZuLWVFQkYzNHV3WnlIY1FIUXVGNmtiNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzIvZmU5MTVjLWJmNzAtNDYwMi04YTNjLTAyOTJiMDIwMTUw
YS8xL29POWZ1X3lucVR6LTZXWHV0cjN1YjdROFFENC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBuBggrBgEFBQcBBwEB/wRfMF0wWwQCAAEwVQMEBU2J4AMD
AE2PAwQDTniAAwQDT1PgAwQDVGFQAwQDVk2gAwQEWI4AAwQEbQnQAwQEw2JwAwQC
w3N0AwQG1d5AMAwDBADV3y0DBATV3yADBADV34owDQYJKoZIhvcNAQELBQADggEB
AA4vwCc+vUFlRmAuf0+y5qVh2OdxYzyMZytq/zdYBDYoUBUFNcwttqpaNTuGdeXR
jEZBLZmdF2X8RPL8fnrCDLU3Xt77C8vna1+QV1+SvCmx147eNl6qE9JyVHa6fLBb
Qj6VKmVB0ezOZBLIspIWUYbMErRkchLUHz08e/ltDmcIYGlluoYFW5BpVW6FKrZ7
08hxKBhT0xr50Rozs2AwkO7H6nln9H2zI7MWQTjzoO9bfywTrHwioi1diPzYjOeY
wcnJoEBBfl0AyQZsW+dWIqqx/WAVE7BRvnitUxyi7nImvci/+0W+9kflKeHwU26y
hVZUg2OzULS5uovFVVnkaCo=
-----END CERTIFICATE-----