Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/4GU5ezU93RI1zo_-vMSzfj_xj1A.roa
File:                     4GU5ezU93RI1zo_-vMSzfj_xj1A.roa (raw, json)
Hash identifier:          OrdYBMUphZVaQ3IQui1aapGAcK+mED3RJpTPskMmOKE=
Subject key identifier:   E0:65:39:7B:35:3D:DD:12:35:CE:8F:FE:BC:C4:B3:7E:3F:F1:8F:50
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018A6E00177257AFA8F0D016CCA517F0BC45
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/4GU5ezU93RI1zo_-vMSzfj_xj1A.roa
Signing time:             Thu 07 Sep 2023 04:56:54 +0000
ROA not before:           Thu 07 Sep 2023 04:56:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198231
IP address blocks:        2a13:d902::/32 maxlen: 32
                          2a13:2d41::/32 maxlen: 32
                          2a13:2d45::/32 maxlen: 32
                          2a13:d906::/32 maxlen: 32
                          2a13:2d44::/32 maxlen: 32
                          2a13:2d42::/32 maxlen: 32
                          2a13:d901::/32 maxlen: 32
                          2a13:d907::/32 maxlen: 32
                          2a13:c700::/29 maxlen: 29
                          2a13:d904::/32 maxlen: 32
                          2a13:2d43::/32 maxlen: 32
                          2a13:d700::/29 maxlen: 29
                          2a13:d900::/32 maxlen: 32
                          2a13:2d47::/32 maxlen: 32
                          2a13:d903::/32 maxlen: 32
                          2a13:2dc0::/29 maxlen: 29
                          2a13:d905::/32 maxlen: 32
                          2a13:2d40::/32 maxlen: 32
                          2a13:2d46::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:6e:00:17:72:57:af:a8:f0:d0:16:cc:a5:17:f0:bc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Sep  7 04:56:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e065397b353ddd1235ce8ffebcc4b37e3ff18f50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9e:f6:c4:81:81:44:c9:16:22:a6:12:ea:93:
                    a2:7c:62:ed:49:ef:65:e0:09:7d:98:46:ad:10:e7:
                    f6:87:e6:d3:77:63:4e:3f:2a:76:29:7c:ef:c3:2c:
                    26:cf:1c:25:3a:b0:47:69:6d:ab:5a:eb:a4:41:c1:
                    3f:4e:8a:62:35:01:5b:58:6a:3a:bb:a5:7d:5c:f7:
                    ad:21:8e:0c:69:a4:83:86:58:56:0e:ad:70:e8:73:
                    45:e8:2a:d9:98:09:e6:b1:b7:f4:54:91:8d:ab:28:
                    cf:fd:84:8e:2f:e0:03:e3:58:5d:32:a9:04:fd:79:
                    1f:56:a2:c4:f2:a3:53:ff:03:ac:17:a5:92:b6:ba:
                    99:e6:fe:ac:ee:24:2c:94:69:b6:fb:c1:17:13:1b:
                    39:f4:d7:6e:79:d4:9a:f9:8d:69:5a:ba:ed:9a:a2:
                    eb:34:61:a6:14:9a:e8:1e:50:63:77:8e:d6:e3:a1:
                    ac:c7:28:b4:b9:4b:ae:05:43:a9:15:30:13:fe:19:
                    0a:99:ce:bd:a7:a3:d8:f9:c4:94:fa:a2:b7:f6:e1:
                    7e:94:24:02:ed:ca:fc:89:24:75:09:d5:82:60:0a:
                    e1:67:b2:ef:33:4c:86:01:28:d4:1d:17:6a:e8:b5:
                    b7:4f:75:fd:83:dc:45:cb:08:98:e4:0b:b6:24:7f:
                    a3:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:65:39:7B:35:3D:DD:12:35:CE:8F:FE:BC:C4:B3:7E:3F:F1:8F:50
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/4GU5ezU93RI1zo_-vMSzfj_xj1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2d40::/29
                  2a13:2dc0::/29
                  2a13:c700::/29
                  2a13:d700::/29
                  2a13:d900::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:f3:e2:65:87:93:1c:2a:6a:e6:29:81:d6:47:0e:29:6a:dc:
         23:51:d9:76:8d:8a:a4:75:ee:ad:e3:6d:99:8c:45:57:f2:69:
         3e:5b:1c:86:bf:6b:db:b9:d6:40:99:43:c6:fd:5c:e1:db:6c:
         8a:e2:6c:00:25:1d:46:9c:5c:b4:d5:40:77:6b:80:c3:78:7d:
         9d:b5:ad:74:f2:45:e2:d1:3f:d2:3e:a3:ce:89:d8:34:fa:5c:
         76:cf:30:3a:6a:42:7f:99:a2:1a:01:26:d4:e2:58:79:2d:43:
         a2:5e:aa:3f:12:57:8b:ac:50:33:1b:32:e5:94:1d:43:d0:82:
         5f:91:02:11:99:20:36:f9:1b:a3:e1:c2:19:2f:f1:ef:cf:b4:
         10:8b:89:a2:3f:64:37:ad:88:b2:94:d1:59:30:3a:90:de:ea:
         e8:c9:7c:6f:e7:d6:2b:04:a8:d3:5d:4b:33:e6:1f:f5:90:23:
         3b:f0:fe:6c:a8:cb:75:ce:08:95:c4:11:cf:fe:a2:04:9f:b1:
         c7:c0:ee:ac:49:10:ca:32:24:2f:8c:a1:2c:a7:d1:93:0f:c4:
         58:15:ef:8f:cf:36:38:75:b6:21:52:4d:5a:96:f2:f7:9f:ee:
         e3:46:68:71:fa:0a:29:be:56:23:a5:b6:e8:c8:d7:f4:19:2c:
         75:9a:55:64
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYpuABdyV6+o8NAWzKUX8LxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMwOTA3MDQ1NjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDY1Mzk3YjM1M2RkZDEyMzVjZThmZmViY2M0YjM3ZTNmZjE4ZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJ72xIGBRMkWIqYS6pOifGLtSe9l
4Al9mEatEOf2h+bTd2NOPyp2KXzvwywmzxwlOrBHaW2rWuukQcE/TopiNQFbWGo6
u6V9XPetIY4MaaSDhlhWDq1w6HNF6CrZmAnmsbf0VJGNqyjP/YSOL+AD41hdMqkE
/XkfVqLE8qNT/wOsF6WStrqZ5v6s7iQslGm2+8EXExs59NduedSa+Y1pWrrtmqLr
NGGmFJroHlBjd47W46Gsxyi0uUuuBUOpFTAT/hkKmc69p6PY+cSU+qK39uF+lCQC
7cr8iSR1CdWCYArhZ7LvM0yGASjUHRdq6LW3T3X9g9xFywiY5Au2JH+jXwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFOBlOXs1Pd0SNc6P/rzEs34/8Y9QMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNEdVNWV6VTkzUkkxem9fLXZNU3pmal94ajFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUDKhMtQAMF
AyoTLcADBQMqE8cAAwUDKhPXAAMFAyoT2QAwDQYJKoZIhvcNAQELBQADggEBAEfz
4mWHkxwqauYpgdZHDilq3CNR2XaNiqR17q3jbZmMRVfyaT5bHIa/a9u51kCZQ8b9
XOHbbIribAAlHUacXLTVQHdrgMN4fZ21rXTyReLRP9I+o86J2DT6XHbPMDpqQn+Z
ohoBJtTiWHktQ6Jeqj8SV4usUDMbMuWUHUPQgl+RAhGZIDb5G6Phwhkv8e/PtBCL
iaI/ZDetiLKU0VkwOpDe6ujJfG/n1isEqNNdSzPmH/WQIzvw/myoy3XOCJXEEc/+
ogSfscfA7qxJEMoyJC+MoSyn0ZMPxFgV74/PNjh1tiFSTVqW8vef7uNGaHH6Cim+
ViOltujI1/QZLHWaVWQ=
-----END CERTIFICATE-----