Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/lAfS5s6W3-Of2iXIvruBvqpz8oI.roa
File:                     lAfS5s6W3-Of2iXIvruBvqpz8oI.roa (raw, json)
Hash identifier:          v2nIYYnkAe1/fbGSKQL7Re1fozDB8yDUF4dBoNmNGoc=
Subject key identifier:   94:07:D2:E6:CE:96:DF:E3:9F:DA:25:C8:BE:BB:81:BE:AA:73:F2:82
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       0189CFEB1C265AA6F9174ACD85799ECDDD04
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/lAfS5s6W3-Of2iXIvruBvqpz8oI.roa
Signing time:             Mon 07 Aug 2023 12:13:59 +0000
ROA not before:           Mon 07 Aug 2023 12:13:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199558
IP address blocks:        159.148.218.0/24 maxlen: 24
                          85.254.144.0/24 maxlen: 24
                          85.254.41.0/24 maxlen: 24
                          159.148.233.0/24 maxlen: 24
                          85.254.45.0/24 maxlen: 24
                          85.254.46.0/24 maxlen: 24
                          159.148.27.0/24 maxlen: 24
                          85.254.52.0/22 maxlen: 22
                          85.254.70.0/24 maxlen: 24
                          159.148.89.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:cf:eb:1c:26:5a:a6:f9:17:4a:cd:85:79:9e:cd:dd:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Aug  7 12:13:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9407d2e6ce96dfe39fda25c8bebb81beaa73f282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bb:41:85:29:ee:1a:e6:34:00:76:33:50:29:
                    c2:51:aa:f9:06:77:32:7d:4a:f4:08:fb:ee:a7:4e:
                    0e:00:9b:c2:44:52:bd:ed:11:40:12:3b:31:0a:53:
                    3c:0b:35:23:4a:c2:c5:64:fa:b2:3d:33:05:96:9e:
                    1b:e5:b5:3a:07:f5:db:cf:c3:7b:7f:fc:ab:e6:7c:
                    e6:ec:1a:88:09:4d:b9:48:68:93:a6:e5:8c:5b:fa:
                    5c:a2:a2:3f:8a:51:73:98:2d:29:bd:08:8d:25:47:
                    d3:1d:db:81:2f:f6:5d:ed:55:99:a7:ad:d1:5a:a4:
                    a0:74:88:5a:ca:d9:f1:cd:6e:f6:3e:1b:33:f4:84:
                    1b:c4:d8:0f:7c:3e:4d:4b:81:4f:92:47:c6:61:c5:
                    8d:7f:a4:82:48:9f:50:e1:25:6e:96:0a:dc:8d:c2:
                    1b:b3:7e:f6:95:7a:9f:ba:c3:ea:d4:df:de:67:97:
                    04:af:0e:f2:db:0e:9c:1e:31:88:c1:af:94:ff:2b:
                    f6:70:22:05:28:29:98:e6:3d:51:82:6d:a7:52:43:
                    c8:f0:14:6b:76:74:03:b7:85:e4:c4:5f:7d:e0:de:
                    dd:37:10:53:02:a9:89:98:6f:5b:06:56:21:44:14:
                    01:8c:32:59:6d:53:fc:82:f0:33:6d:2b:96:b1:14:
                    49:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:07:D2:E6:CE:96:DF:E3:9F:DA:25:C8:BE:BB:81:BE:AA:73:F2:82
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/lAfS5s6W3-Of2iXIvruBvqpz8oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.41.0/24
                  85.254.45.0-85.254.46.255
                  85.254.52.0/22
                  85.254.70.0/24
                  85.254.144.0/24
                  159.148.27.0/24
                  159.148.89.0/24
                  159.148.218.0/24
                  159.148.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:66:00:a6:c4:3d:e3:db:fa:d6:d3:88:fc:7e:b5:c0:02:42:
         ec:10:96:ad:bf:aa:98:72:96:d7:47:5a:72:91:8b:86:7e:68:
         3e:6e:a2:5a:93:13:8e:b4:cc:64:b3:5a:3e:3a:f2:50:b5:67:
         5b:65:5b:fb:2a:0d:1d:6f:94:59:13:59:c2:99:ea:10:12:ac:
         38:3e:c5:30:df:c8:70:cf:2d:d5:34:27:2d:fd:28:b5:49:09:
         12:15:23:b7:41:49:c6:f2:fc:ef:c1:f6:23:0b:98:a2:c2:4b:
         7f:b2:49:60:93:a8:fa:2f:90:9e:17:2b:9f:7e:19:0d:59:7d:
         d5:78:aa:80:3d:c9:ab:a6:6d:19:c7:23:f3:e0:7b:49:50:d0:
         7c:45:90:2c:f9:18:e7:be:97:ae:f8:ce:85:c4:05:63:58:35:
         13:a8:d8:e4:fc:29:d0:78:76:32:fa:a1:c3:43:03:d1:11:be:
         f3:60:c3:58:2d:99:c7:b9:0d:7a:66:cf:87:ca:1a:90:77:b2:
         1c:62:6c:68:a0:98:0e:3f:2c:bb:dd:19:38:31:90:97:07:94:
         f5:2c:ab:19:ee:ef:72:a0:79:f3:43:86:56:71:f8:70:98:18:
         47:60:cb:04:82:2f:c8:47:7d:48:8f:ce:39:51:b4:b0:1b:a9:
         f2:a3:26:1e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYnP6xwmWqb5F0rNhXmezd0EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjMwODA3MTIxMzU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDA3ZDJlNmNlOTZkZmUzOWZkYTI1YzhiZWJiODFiZWFhNzNmMjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLtBhSnuGuY0AHYzUCnCUar5Bncy
fUr0CPvup04OAJvCRFK97RFAEjsxClM8CzUjSsLFZPqyPTMFlp4b5bU6B/Xbz8N7
f/yr5nzm7BqICU25SGiTpuWMW/pcoqI/ilFzmC0pvQiNJUfTHduBL/Zd7VWZp63R
WqSgdIhaytnxzW72Phsz9IQbxNgPfD5NS4FPkkfGYcWNf6SCSJ9Q4SVulgrcjcIb
s372lXqfusPq1N/eZ5cErw7y2w6cHjGIwa+U/yv2cCIFKCmY5j1Rgm2nUkPI8BRr
dnQDt4XkxF994N7dNxBTAqmJmG9bBlYhRBQBjDJZbVP8gvAzbSuWsRRJSwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJQH0ubOlt/jn9olyL67gb6qc/KCMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvbEFmUzVzNlczLU9mMmlYSXZydUJ2cXB6OG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAVf4pMAwD
BABV/i0DBABV/i4DBAJV/jQDBABV/kYDBABV/pADBACflBsDBACflFkDBACflNoD
BACflOkwDQYJKoZIhvcNAQELBQADggEBAIJmAKbEPePb+tbTiPx+tcACQuwQlq2/
qphyltdHWnKRi4Z+aD5uolqTE460zGSzWj468lC1Z1tlW/sqDR1vlFkTWcKZ6hAS
rDg+xTDfyHDPLdU0Jy39KLVJCRIVI7dBScby/O/B9iMLmKLCS3+ySWCTqPovkJ4X
K59+GQ1ZfdV4qoA9yaumbRnHI/Pge0lQ0HxFkCz5GOe+l674zoXEBWNYNROo2OT8
KdB4djL6ocNDA9ERvvNgw1gtmce5DXpmz4fKGpB3shxibGigmA4/LLvdGTgxkJcH
lPUsqxnu73KgefNDhlZx+HCYGEdgywSCL8hHfUiPzjlRtLAbqfKjJh4=
-----END CERTIFICATE-----