Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/SQIO5pcCYru5QW2iO6iwvUo5Y40.roa
File:                     SQIO5pcCYru5QW2iO6iwvUo5Y40.roa (raw, json)
Hash identifier:          +iH5K+xswqygTXpjrOPl2lXJ5FFl3DNb31jGnWwuURY=
Subject key identifier:   49:02:0E:E6:97:02:62:BB:B9:41:6D:A2:3B:A8:B0:BD:4A:39:63:8D
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01856F024172E6D297E300156D7E47437278
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/SQIO5pcCYru5QW2iO6iwvUo5Y40.roa
Signing time:             Sun 01 Jan 2023 20:24:56 +0000
ROA not before:           Sun 01 Jan 2023 20:24:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43513
IP address blocks:        85.254.145.0/24 maxlen: 24
                          85.254.142.0/23 maxlen: 23
                          159.148.102.0/24 maxlen: 24
                          85.254.32.0/21 maxlen: 21
                          85.254.49.74/32 maxlen: 32
                          85.254.49.75/32 maxlen: 32
                          85.254.49.72/32 maxlen: 32
                          85.254.49.73/32 maxlen: 32
                          85.254.5.0/24 maxlen: 24
                          159.148.198.0/23 maxlen: 23
                          159.148.200.0/24 maxlen: 24
                          85.254.16.0/22 maxlen: 22
                          85.254.24.0/22 maxlen: 22
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:02:41:72:e6:d2:97:e3:00:15:6d:7e:47:43:72:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  1 20:24:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=49020ee6970262bbb9416da23ba8b0bd4a39638d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:81:61:24:3a:39:3a:ec:3c:65:75:3e:37:cf:
                    3f:28:a8:c7:91:94:4e:fc:7a:3f:57:72:07:7e:ef:
                    ad:24:30:98:7f:50:1a:c6:fd:a0:1b:d7:64:33:69:
                    78:a7:af:e3:b5:49:30:dc:7b:ad:d0:8c:a0:4d:4a:
                    da:13:23:d2:54:05:29:09:7a:2b:75:19:01:ea:99:
                    53:73:79:b0:7f:b5:f4:24:d6:0e:8d:96:da:af:6a:
                    5d:a3:46:23:a0:39:ba:96:a7:27:a7:5d:cf:6c:14:
                    02:05:19:3b:4a:74:3a:7d:41:31:a3:55:6f:35:11:
                    1a:77:0e:bb:de:6c:cb:6b:ad:c7:52:bd:18:c8:fe:
                    be:7d:7b:b4:5a:10:36:3d:97:77:16:ff:4a:97:45:
                    e7:ca:4f:10:15:98:40:7b:c7:ed:e8:f4:ad:09:c5:
                    bd:03:34:c9:71:98:ed:96:73:47:fc:25:9c:bd:e1:
                    37:1e:aa:3c:40:76:15:ad:b5:56:3a:11:73:03:95:
                    1e:6d:82:a4:f8:ad:22:fe:4b:f5:c7:46:53:7b:e3:
                    7e:1c:bf:f6:39:cd:dd:77:75:63:9e:cc:f8:04:2e:
                    05:99:30:08:66:04:1e:cd:e1:d2:4d:35:e0:04:8d:
                    65:06:fb:c9:d8:49:4b:a1:0a:20:46:11:64:e2:0c:
                    e9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:02:0E:E6:97:02:62:BB:B9:41:6D:A2:3B:A8:B0:BD:4A:39:63:8D
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/SQIO5pcCYru5QW2iO6iwvUo5Y40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.5.0/24
                  85.254.16.0/22
                  85.254.24.0/22
                  85.254.32.0/21
                  85.254.49.72/30
                  85.254.142.0/23
                  85.254.145.0/24
                  159.148.102.0/24
                  159.148.198.0-159.148.200.255

    Signature Algorithm: sha256WithRSAEncryption
         93:8c:28:d8:b9:a5:6e:8b:82:2e:0e:5a:2b:1e:93:29:bb:cb:
         d3:ba:3f:21:2c:81:d0:59:9f:63:52:51:c9:ae:ef:3c:29:26:
         b7:bd:0d:c9:06:b3:e9:b0:88:3a:68:89:79:39:36:f3:b0:13:
         09:d7:c6:21:3f:c7:7b:85:53:d8:3a:34:a6:06:b3:8d:09:87:
         eb:72:71:ff:b4:20:91:a7:91:ec:81:78:27:d1:63:f4:53:ae:
         de:cf:37:ee:80:24:18:f3:57:d1:ae:c6:22:58:52:fc:82:a3:
         fe:43:a3:ec:64:40:c3:46:c6:1f:cb:ce:43:9c:2d:fb:20:5c:
         30:b8:ac:e9:47:75:c4:96:d9:6d:dd:e7:cf:88:7d:e2:b1:1a:
         b8:02:e6:c1:a4:45:75:0f:e2:11:a9:20:35:a7:44:45:8d:7e:
         82:58:fb:cf:11:06:6b:4d:ee:29:7d:c5:06:cf:44:5f:ca:3c:
         2f:c4:f8:e0:19:9c:10:d0:8f:6f:10:0e:f4:b2:eb:5e:ab:04:
         32:06:8c:4d:a3:32:79:6e:2d:a6:43:06:e1:39:86:83:95:76:
         eb:98:a0:92:e9:5e:7a:67:21:00:7c:f8:2e:89:91:0a:13:1d:
         84:4e:45:71:06:dd:05:a7:03:bd:2e:d8:d0:34:86:7c:2d:e0:
         b4:47:45:ed
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVvAkFy5tKX4wAVbX5HQ3J4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjMwMTAxMjAyNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTAyMGVlNjk3MDI2MmJiYjk0MTZkYTIzYmE4YjBiZDRhMzk2MzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64FhJDo5Ouw8ZXU+N88/KKjHkZRO
/Ho/V3IHfu+tJDCYf1Aaxv2gG9dkM2l4p6/jtUkw3Hut0IygTUraEyPSVAUpCXor
dRkB6plTc3mwf7X0JNYOjZbar2pdo0YjoDm6lqcnp13PbBQCBRk7SnQ6fUExo1Vv
NREadw673mzLa63HUr0YyP6+fXu0WhA2PZd3Fv9Kl0Xnyk8QFZhAe8ft6PStCcW9
AzTJcZjtlnNH/CWcveE3Hqo8QHYVrbVWOhFzA5UebYKk+K0i/kv1x0ZTe+N+HL/2
Oc3dd3Vjnsz4BC4FmTAIZgQezeHSTTXgBI1lBvvJ2ElLoQogRhFk4gzpPwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEkCDuaXAmK7uUFtojuosL1KOWONMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvU1FJTzVwY0NZcnU1UVcyaU82aXd2VW81WTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAATA/AwQAVf4FAwQC
Vf4QAwQCVf4YAwQDVf4gAwUCVf4xSAMEAVX+jgMEAFX+kQMEAJ+UZjAMAwQBn5TG
AwQAn5TIMA0GCSqGSIb3DQEBCwUAA4IBAQCTjCjYuaVui4IuDlorHpMpu8vTuj8h
LIHQWZ9jUlHJru88KSa3vQ3JBrPpsIg6aIl5OTbzsBMJ18YhP8d7hVPYOjSmBrON
CYfrcnH/tCCRp5HsgXgn0WP0U67ezzfugCQY81fRrsYiWFL8gqP+Q6PsZEDDRsYf
y85DnC37IFwwuKzpR3XEltlt3efPiH3isRq4AubBpEV1D+IRqSA1p0RFjX6CWPvP
EQZrTe4pfcUGz0RfyjwvxPjgGZwQ0I9vEA70suteqwQyBoxNozJ5bi2mQwbhOYaD
lXbrmKCS6V56ZyEAfPguiZEKEx2ETkVxBt0FpwO9LtjQNIZ8LeC0R0Xt
-----END CERTIFICATE-----