Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/hCOgkhB5Ng88B2C7uvfIy6CTfcE.roa
File:                     hCOgkhB5Ng88B2C7uvfIy6CTfcE.roa (raw, json)
Hash identifier:          oSAIBq5nH07CdE+Lpn/RBPZZQWWPaUazemAi6qEzk3g=
Subject key identifier:   84:23:A0:92:10:79:36:0F:3C:07:60:BB:BA:F7:C8:CB:A0:93:7D:C1
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       01852BB3DFBCDA4E43A0A182EDA79D6FCD77
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/hCOgkhB5Ng88B2C7uvfIy6CTfcE.roa
Signing time:             Mon 19 Dec 2022 18:44:46 +0000
ROA not before:           Mon 19 Dec 2022 18:44:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        85.133.227.0/24 maxlen: 24
                          85.133.228.0/24 maxlen: 24
                          85.133.233.0/24 maxlen: 24
                          85.133.234.0/24 maxlen: 24
                          85.133.237.0/24 maxlen: 24
                          85.133.241.0/24 maxlen: 24
                          85.133.242.0/24 maxlen: 24
                          85.133.250.0/24 maxlen: 24
                          85.133.174.0/24 maxlen: 24
                          85.133.178.0/24 maxlen: 24
                          85.133.179.0/24 maxlen: 24
                          85.133.199.0/24 maxlen: 24
                          85.133.205.0/24 maxlen: 24
                          85.133.208.0/24 maxlen: 24
                          85.133.215.0/24 maxlen: 24
                          85.133.221.0/24 maxlen: 24
                          85.133.146.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2b:b3:df:bc:da:4e:43:a0:a1:82:ed:a7:9d:6f:cd:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Dec 19 18:44:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8423a0921079360f3c0760bbbaf7c8cba0937dc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:60:3f:f1:4e:4c:09:1f:4d:aa:c8:7d:b1:91:
                    5d:f8:92:f5:e2:51:0b:91:5c:bd:e0:9a:0d:de:33:
                    d3:6b:78:32:9c:b3:b1:e5:f0:d6:aa:83:92:b5:6c:
                    81:93:6e:62:4d:68:06:b4:39:5a:36:5f:1e:54:2f:
                    70:e8:ba:24:e0:a0:71:46:a4:6b:52:14:6a:dc:76:
                    8c:ac:8a:76:ab:5d:1a:e6:19:43:99:03:aa:26:f9:
                    7f:18:95:04:db:43:ce:7b:28:c1:c4:4d:19:e0:91:
                    48:05:7e:c9:a4:2d:28:87:f8:9c:b6:5b:9e:f8:67:
                    b4:c0:72:11:83:39:0f:7a:92:bc:8a:df:9d:46:29:
                    bd:e4:7c:ad:3c:81:43:59:8b:73:cb:a6:34:d2:84:
                    14:f7:f5:b5:3e:c4:ad:2a:4a:a6:58:8c:20:c1:2d:
                    aa:99:df:3a:34:52:a2:3a:1e:8a:c5:5b:14:80:9f:
                    91:33:a1:f8:90:cb:55:b4:47:db:4f:a2:14:78:f1:
                    f1:cb:5f:d8:31:62:79:49:0c:ff:3f:11:13:9e:3e:
                    e1:8c:ca:8e:05:d6:1c:8d:53:e1:49:57:19:3f:f3:
                    7b:df:53:e8:9c:45:2b:1a:0f:62:55:f8:08:b8:db:
                    7d:03:80:84:62:7a:35:e9:35:50:ca:a5:95:2b:68:
                    64:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:23:A0:92:10:79:36:0F:3C:07:60:BB:BA:F7:C8:CB:A0:93:7D:C1
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/hCOgkhB5Ng88B2C7uvfIy6CTfcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.146.0/24
                  85.133.174.0/24
                  85.133.178.0/23
                  85.133.199.0/24
                  85.133.205.0/24
                  85.133.208.0/24
                  85.133.215.0/24
                  85.133.221.0/24
                  85.133.227.0-85.133.228.255
                  85.133.233.0-85.133.234.255
                  85.133.237.0/24
                  85.133.241.0-85.133.242.255
                  85.133.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:76:53:ae:12:ab:91:84:5a:09:bc:7d:a2:ec:c8:08:12:1e:
         32:b2:03:cf:fc:b4:fd:46:c3:0f:fb:84:1f:a8:fc:11:25:5b:
         aa:af:e1:cc:57:62:7e:49:f5:3b:89:8b:40:3e:17:22:66:f6:
         d1:6f:86:af:3d:a3:cf:66:7d:7c:8c:0c:9a:b8:42:8a:bf:56:
         b9:ea:f4:4e:aa:0f:84:0c:eb:a7:30:74:f2:a2:c3:db:17:9a:
         be:9b:cd:36:41:6e:c2:c6:38:90:ac:79:24:70:d0:9b:18:99:
         aa:6f:57:a6:8c:08:75:09:5c:1d:08:43:90:16:a9:8f:88:22:
         1d:c2:97:15:da:33:f6:c2:52:bb:ce:85:49:7d:9c:ed:2a:fc:
         7c:af:72:21:6a:78:2b:69:ef:a3:2d:95:2f:b2:98:b5:b9:59:
         52:42:39:29:17:64:53:a0:b1:bc:c8:bb:38:b3:53:4e:4c:5a:
         44:a4:a1:7c:ee:aa:3b:83:cf:df:12:2b:75:d0:f3:0a:4d:5d:
         06:58:12:94:12:61:25:9b:b0:c1:28:c4:03:66:b6:12:d4:52:
         31:95:a8:52:80:3e:a5:2c:6c:1b:b3:18:cb:65:c6:fb:b8:13:
         e1:1b:45:98:a8:1d:85:bb:11:20:62:1c:c6:f9:55:a7:a1:50:
         bb:97:81:e2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYUrs9+82k5DoKGC7aedb813MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjIxMjE5MTg0NDQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDIzYTA5MjEwNzkzNjBmM2MwNzYwYmJiYWY3YzhjYmEwOTM3ZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWA/8U5MCR9Nqsh9sZFd+JL14lEL
kVy94JoN3jPTa3gynLOx5fDWqoOStWyBk25iTWgGtDlaNl8eVC9w6Lok4KBxRqRr
UhRq3HaMrIp2q10a5hlDmQOqJvl/GJUE20POeyjBxE0Z4JFIBX7JpC0oh/ictlue
+Ge0wHIRgzkPepK8it+dRim95HytPIFDWYtzy6Y00oQU9/W1PsStKkqmWIwgwS2q
md86NFKiOh6KxVsUgJ+RM6H4kMtVtEfbT6IUePHxy1/YMWJ5SQz/PxETnj7hjMqO
BdYcjVPhSVcZP/N731PonEUrGg9iVfgIuNt9A4CEYno16TVQyqWVK2hkIwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFIQjoJIQeTYPPAdgu7r3yMugk33BMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvaENPZ2toQjVOZzg4QjJDN3V2Zkl5NkNUZmNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQAVYWSAwQA
VYWuAwQBVYWyAwQAVYXHAwQAVYXNAwQAVYXQAwQAVYXXAwQAVYXdMAwDBABVheMD
BABVheQwDAMEAFWF6QMEAFWF6gMEAFWF7TAMAwQAVYXxAwQAVYXyAwQAVYX6MA0G
CSqGSIb3DQEBCwUAA4IBAQCzdlOuEquRhFoJvH2i7MgIEh4ysgPP/LT9RsMP+4Qf
qPwRJVuqr+HMV2J+SfU7iYtAPhciZvbRb4avPaPPZn18jAyauEKKv1a56vROqg+E
DOunMHTyosPbF5q+m802QW7CxjiQrHkkcNCbGJmqb1emjAh1CVwdCEOQFqmPiCId
wpcV2jP2wlK7zoVJfZztKvx8r3Ihangrae+jLZUvspi1uVlSQjkpF2RToLG8yLs4
s1NOTFpEpKF87qo7g8/fEit10PMKTV0GWBKUEmElm7DBKMQDZrYS1FIxlahSgD6l
LGwbsxjLZcb7uBPhG0WYqB2FuxEgYhzG+VWnoVC7l4Hi
-----END CERTIFICATE-----