Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/vmZ7NMmU3t_go6-DlpRRGnNIq04.roa
File:                     vmZ7NMmU3t_go6-DlpRRGnNIq04.roa (raw, json)
Hash identifier:          m2l1yiwIcEl2dKYC++FYwrsy403iP/EBfd6w987Y16A=
Subject key identifier:   BE:66:7B:34:C9:94:DE:DF:E0:A3:AF:83:96:94:51:1A:73:48:AB:4E
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01856F02402A67112F7F3F18AF52937B9E12
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/vmZ7NMmU3t_go6-DlpRRGnNIq04.roa
Signing time:             Sun 01 Jan 2023 20:24:56 +0000
ROA not before:           Sun 01 Jan 2023 20:24:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35913
IP address blocks:        85.254.137.0/24 maxlen: 24
                          85.254.30.0/24 maxlen: 24
                          85.254.29.0/24 maxlen: 24
                          85.254.140.0/24 maxlen: 24
                          85.254.47.0/24 maxlen: 24
                          85.254.59.0/24 maxlen: 24
                          85.254.84.0/23 maxlen: 23
                          85.254.103.0/24 maxlen: 24
                          85.254.4.0/24 maxlen: 24
                          85.254.124.0/23 maxlen: 23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:02:40:2a:67:11:2f:7f:3f:18:af:52:93:7b:9e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  1 20:24:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=be667b34c994dedfe0a3af839694511a7348ab4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:25:1a:3a:b9:f7:5c:7d:31:50:9a:0c:f0:a9:
                    b1:d0:72:d2:f9:81:39:31:8c:6e:53:ed:9f:ea:54:
                    6a:3d:ad:b4:80:a7:67:5e:7b:98:c3:30:b5:11:4f:
                    99:85:f9:47:25:60:eb:6a:8c:c2:b8:7c:df:cf:56:
                    5f:43:5e:18:bf:c8:32:33:13:10:f2:11:81:1d:84:
                    c3:b3:53:c2:a5:2a:c6:67:ee:8a:f1:f9:6a:4a:39:
                    5e:6f:96:21:4c:82:d4:f4:06:f6:62:1b:91:15:b0:
                    3c:35:a5:ff:dc:db:cd:c8:e2:fd:6b:e3:7b:d6:e7:
                    a3:0a:57:d5:1e:d7:5e:d5:8c:8c:5f:80:a6:6b:90:
                    7c:4c:48:fb:9e:c2:0a:89:ef:e0:96:5c:a2:70:39:
                    42:50:2c:f9:9d:1d:2b:22:98:46:5a:c7:e1:aa:23:
                    55:a1:bb:c5:d1:1f:84:03:21:fb:3d:76:b7:44:f4:
                    2e:d2:a9:89:96:95:8d:8d:9d:ac:a6:d7:c4:73:0c:
                    04:1a:9d:e6:bb:ef:8e:6a:ec:55:94:b0:62:af:6a:
                    a1:a2:98:43:c3:ac:91:e3:ee:c7:5d:1b:71:b8:29:
                    8b:2f:58:d6:92:57:75:95:68:fc:81:e4:d3:c8:fd:
                    11:20:1f:09:69:88:1d:77:67:39:39:a0:84:ea:ac:
                    45:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:66:7B:34:C9:94:DE:DF:E0:A3:AF:83:96:94:51:1A:73:48:AB:4E
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/vmZ7NMmU3t_go6-DlpRRGnNIq04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.4.0/24
                  85.254.29.0-85.254.30.255
                  85.254.47.0/24
                  85.254.59.0/24
                  85.254.84.0/23
                  85.254.103.0/24
                  85.254.124.0/23
                  85.254.137.0/24
                  85.254.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:18:db:bc:a6:ab:92:95:8e:35:ce:87:ff:1f:f4:67:1d:79:
         af:12:ec:37:6d:00:0a:dd:c9:f7:6e:b3:bc:81:c8:f5:1e:36:
         bd:98:0a:0a:87:e4:e3:06:46:0d:f8:12:c2:31:b8:db:39:3d:
         3f:56:40:dc:f2:59:bc:c4:ee:3e:49:d9:41:b3:51:ce:ab:02:
         46:51:96:e9:83:9b:ae:3e:5b:f7:3e:08:b7:66:ab:75:aa:98:
         55:67:cf:87:e7:8e:e4:e9:e7:b3:43:8a:6b:5a:d0:c8:e2:4c:
         bb:50:1f:be:e0:85:58:c3:46:a3:a8:6b:f3:e4:09:43:5e:d5:
         d4:4c:68:ab:9a:de:f6:75:d4:b1:ca:6f:a0:cd:7f:49:21:98:
         fd:4e:f3:50:6d:78:3a:00:34:10:52:66:5b:2a:0f:89:23:e9:
         63:71:0a:c1:80:44:a7:3e:6b:5d:2e:a5:c8:e2:b5:65:f8:d2:
         13:5b:aa:1e:8c:ef:e2:fa:46:28:df:a4:13:05:23:5f:4b:60:
         88:b8:81:95:ee:44:3d:6c:79:a3:d5:85:76:93:bd:f9:6c:b4:
         af:33:fb:ee:4e:fc:9c:73:05:ae:47:f0:9f:08:f2:cc:81:24:
         22:35:fa:c2:c5:8f:25:5e:7f:73:38:82:cb:92:25:7a:26:68:
         83:01:a5:47
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYVvAkAqZxEvfz8Yr1KTe54SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjMwMTAxMjAyNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTY2N2IzNGM5OTRkZWRmZTBhM2FmODM5Njk0NTExYTczNDhhYjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyUaOrn3XH0xUJoM8Kmx0HLS+YE5
MYxuU+2f6lRqPa20gKdnXnuYwzC1EU+ZhflHJWDraozCuHzfz1ZfQ14Yv8gyMxMQ
8hGBHYTDs1PCpSrGZ+6K8flqSjleb5YhTILU9Ab2YhuRFbA8NaX/3NvNyOL9a+N7
1uejClfVHtde1YyMX4Cma5B8TEj7nsIKie/gllyicDlCUCz5nR0rIphGWsfhqiNV
obvF0R+EAyH7PXa3RPQu0qmJlpWNjZ2sptfEcwwEGp3mu++OauxVlLBir2qhophD
w6yR4+7HXRtxuCmLL1jWkld1lWj8geTTyP0RIB8JaYgdd2c5OaCE6qxFeQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFL5mezTJlN7f4KOvg5aUURpzSKtOMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvdm1aN05NbVUzdF9nbzYtRGxwUlJHbk5JcTA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAVf4EMAwD
BABV/h0DBABV/h4DBABV/i8DBABV/jsDBAFV/lQDBABV/mcDBAFV/nwDBABV/okD
BABV/owwDQYJKoZIhvcNAQELBQADggEBADYY27ymq5KVjjXOh/8f9Gcdea8S7Ddt
AArdyfdus7yByPUeNr2YCgqH5OMGRg34EsIxuNs5PT9WQNzyWbzE7j5J2UGzUc6r
AkZRlumDm64+W/c+CLdmq3WqmFVnz4fnjuTp57NDimta0MjiTLtQH77ghVjDRqOo
a/PkCUNe1dRMaKua3vZ11LHKb6DNf0khmP1O81BteDoANBBSZlsqD4kj6WNxCsGA
RKc+a10upcjitWX40hNbqh6M7+L6RijfpBMFI19LYIi4gZXuRD1seaPVhXaTvfls
tK8z++5O/JxzBa5H8J8I8syBJCI1+sLFjyVef3M4gsuSJXomaIMBpUc=
-----END CERTIFICATE-----