Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/rSRCAszoAAPM_C3VtSqCa74e59Q.roa
File:                     rSRCAszoAAPM_C3VtSqCa74e59Q.roa (raw, json)
Hash identifier:          np8vMjTlz7OvTohYqgAlF4U6LknY98C83L4Fpyd63FM=
Subject key identifier:   AD:24:42:02:CC:E8:00:03:CC:FC:2D:D5:B5:2A:82:6B:BE:1E:E7:D4
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       0188F8094558D315D911B7F46B07C25D2920
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/rSRCAszoAAPM_C3VtSqCa74e59Q.roa
Signing time:             Mon 26 Jun 2023 14:08:56 +0000
ROA not before:           Mon 26 Jun 2023 14:08:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210025
IP address blocks:        88.218.204.0/24 maxlen: 24
                          88.218.207.0/24 maxlen: 24
                          2a09:b280:ffba::/48 maxlen: 48
                          2a09:b280:ffb0::/48 maxlen: 48
                          2a09:b280::/48 maxlen: 48
                          2a09:b280:ccc0::/48 maxlen: 48
                          2a09:b280:ffbb::/48 maxlen: 48
                          2a09:b280:ffbe::/48 maxlen: 48
                          2a09:b280:ffb9::/48 maxlen: 48
                          2a09:b280:ffbf::/48 maxlen: 48
                          2a09:b280:ffb2::/48 maxlen: 48
                          2a09:b280:ffbd::/48 maxlen: 48
                          2a09:b280:ccc1::/48 maxlen: 48
                          2a09:b280:ffb1::/48 maxlen: 48
                          2a09:b280:ffbc::/48 maxlen: 48
                          2a09:b280:cccc::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:f8:09:45:58:d3:15:d9:11:b7:f4:6b:07:c2:5d:29:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jun 26 14:08:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad244202cce80003ccfc2dd5b52a826bbe1ee7d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:55:c2:d8:58:33:0c:44:ad:36:7e:a1:20:9b:
                    65:a4:e6:57:3c:9d:91:7f:60:73:e7:af:fa:95:6a:
                    72:aa:30:23:82:41:fb:bd:b9:46:16:32:18:60:93:
                    61:9b:2c:bb:e5:af:d5:ac:be:4b:d6:08:00:52:ef:
                    3a:1a:41:bd:1e:cf:3f:7f:a8:0b:30:e3:7a:9d:3f:
                    d8:11:b6:14:16:d4:bb:91:4f:ac:33:97:42:4a:50:
                    3d:73:4d:a1:2d:fb:57:d2:0b:b6:ca:fd:30:01:fa:
                    8c:5a:7e:f4:bf:b5:f1:d8:ca:1f:4e:6d:9f:ab:90:
                    ea:8b:61:33:cc:9e:ed:c3:54:d1:75:68:f7:29:69:
                    98:16:7d:03:71:50:c5:4f:bb:49:af:fa:d4:fc:6e:
                    21:fe:07:fa:08:e4:9d:c4:67:84:31:77:1b:ab:46:
                    3d:4e:f0:1b:86:be:5d:78:15:f1:eb:f1:52:8b:bd:
                    fc:b3:35:fd:09:41:a7:47:62:ef:b5:d0:6f:fa:29:
                    09:ff:4a:37:86:0f:7b:16:77:71:b5:ed:28:f0:f5:
                    41:eb:5f:3f:08:07:a3:23:ce:11:b0:20:4e:90:a8:
                    2a:1f:40:1b:33:43:87:4d:91:77:fd:66:50:43:0a:
                    38:a2:41:33:cb:f2:a7:d1:fe:16:7e:99:4b:72:f1:
                    1d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:24:42:02:CC:E8:00:03:CC:FC:2D:D5:B5:2A:82:6B:BE:1E:E7:D4
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/rSRCAszoAAPM_C3VtSqCa74e59Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.204.0/24
                  88.218.207.0/24
                IPv6:
                  2a09:b280::/48
                  2a09:b280:ccc0::/47
                  2a09:b280:cccc::/48
                  2a09:b280:ffb0::-2a09:b280:ffb2:ffff:ffff:ffff:ffff:ffff
                  2a09:b280:ffb9::-2a09:b280:ffbf:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         42:62:7f:d7:dd:30:b2:7c:cf:69:2f:84:19:fb:f2:13:68:26:
         88:cd:85:2e:ec:e8:68:52:d5:26:f4:0d:5b:35:7a:fd:b9:b3:
         0a:d4:5c:d6:29:38:ed:b0:58:ce:e9:d2:a1:38:b8:e3:f8:72:
         3c:aa:09:b5:ce:96:cc:70:9d:f3:ed:97:ce:1d:b6:2d:bd:55:
         6c:ae:42:87:ee:65:f6:bd:56:55:56:32:74:fe:20:17:a0:b6:
         a0:c4:d8:40:a9:aa:27:77:0f:4f:a1:cc:1a:a0:86:0a:87:94:
         2e:ba:d4:b8:a4:1f:a3:c9:10:6d:27:a0:02:93:40:ef:8b:4d:
         16:95:23:b1:ff:ca:89:a3:e1:27:62:7a:1a:4c:e4:af:10:b4:
         77:c0:e8:c0:59:29:5c:32:ad:5a:08:82:8e:48:23:1e:24:fc:
         1e:d6:26:f9:99:df:ba:e6:1d:df:dd:77:d3:95:c1:c7:a7:e7:
         6e:9c:fc:f9:ed:0a:d8:5e:f5:c0:a2:ff:1f:e0:df:e2:db:5a:
         bd:e3:da:28:75:2f:de:6d:bb:50:10:84:a1:b8:f1:c0:53:38:
         88:f6:34:67:77:51:1a:8f:c8:ee:ad:15:95:3a:88:cc:3a:59:
         26:38:b6:3e:fb:fc:6b:23:b9:68:9e:a1:94:1d:6e:4f:16:96:
         9e:e0:4b:39
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYj4CUVY0xXZEbf0awfCXSkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjMwNjI2MTQwODU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDI0NDIwMmNjZTgwMDAzY2NmYzJkZDViNTJhODI2YmJlMWVlN2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1XC2FgzDEStNn6hIJtlpOZXPJ2R
f2Bz56/6lWpyqjAjgkH7vblGFjIYYJNhmyy75a/VrL5L1ggAUu86GkG9Hs8/f6gL
MON6nT/YEbYUFtS7kU+sM5dCSlA9c02hLftX0gu2yv0wAfqMWn70v7Xx2MofTm2f
q5Dqi2EzzJ7tw1TRdWj3KWmYFn0DcVDFT7tJr/rU/G4h/gf6COSdxGeEMXcbq0Y9
TvAbhr5deBXx6/FSi738szX9CUGnR2LvtdBv+ikJ/0o3hg97Fndxte0o8PVB618/
CAejI84RsCBOkKgqH0AbM0OHTZF3/WZQQwo4okEzy/Kn0f4WfplLcvEd6wIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFK0kQgLM6AADzPwt1bUqgmu+HufUMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvclNSQ0Fzem9BQVBNX0MzVnRTcUNhNzRlNTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzASBAIAATAMAwQAWNrMAwQA
WNrPMEkEAgACMEMDBwAqCbKAAAADBwEqCbKAzMADBwAqCbKAzMwwEgMHBCoJsoD/
sAMHACoJsoD/sjASAwcAKgmygP+5AwcGKgmygP+AMA0GCSqGSIb3DQEBCwUAA4IB
AQBCYn/X3TCyfM9pL4QZ+/ITaCaIzYUu7OhoUtUm9A1bNXr9ubMK1FzWKTjtsFjO
6dKhOLjj+HI8qgm1zpbMcJ3z7ZfOHbYtvVVsrkKH7mX2vVZVVjJ0/iAXoLagxNhA
qaondw9PocwaoIYKh5QuutS4pB+jyRBtJ6ACk0Dvi00WlSOx/8qJo+EnYnoaTOSv
ELR3wOjAWSlcMq1aCIKOSCMeJPwe1ib5md+65h3f3XfTlcHHp+dunPz57QrYXvXA
ov8f4N/i21q949oodS/ebbtQEIShuPHAUziI9jRnd1Eaj8jurRWVOojMOlkmOLY+
+/xrI7lonqGUHW5PFpae4Es5
-----END CERTIFICATE-----