Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/YoYxrZG88unIUxpz4TyE_8lsvsg.roa
File:                     YoYxrZG88unIUxpz4TyE_8lsvsg.roa (raw, json)
Hash identifier:          OeJoOMVfXS71GJ2O3KrcSCYn9gbL4hyi2h/sahrWOQc=
Subject key identifier:   62:86:31:AD:91:BC:F2:E9:C8:53:1A:73:E1:3C:84:FF:C9:6C:BE:C8
Certificate issuer:       /CN=4e622bc550687b6d0ef60788ceadb0fc820a381f
Certificate serial:       018774CF31C00CD11152F26E5FFE5F55A36F
Authority key identifier: 4E:62:2B:C5:50:68:7B:6D:0E:F6:07:88:CE:AD:B0:FC:82:0A:38:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TmIrxVBoe20O9geIzq2w_IIKOB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/YoYxrZG88unIUxpz4TyE_8lsvsg.roa
Signing time:             Wed 12 Apr 2023 09:32:28 +0000
ROA not before:           Wed 12 Apr 2023 09:32:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13113
IP address blocks:        213.144.64.0/19 maxlen: 24
                          87.253.96.0/19 maxlen: 24
                          37.60.32.0/21 maxlen: 24
                          93.88.112.0/20 maxlen: 24
                          185.145.84.0/22 maxlen: 24
                          109.75.112.0/20 maxlen: 24
                          5.198.224.0/20 maxlen: 24
                          185.3.252.0/22 maxlen: 24
                          5.172.208.0/21 maxlen: 24
                          2a03:3d80::/29 maxlen: 48
                          2a0c:8a80::/29 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:74:cf:31:c0:0c:d1:11:52:f2:6e:5f:fe:5f:55:a3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e622bc550687b6d0ef60788ceadb0fc820a381f
        Validity
            Not Before: Apr 12 09:32:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=628631ad91bcf2e9c8531a73e13c84ffc96cbec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:54:89:39:6f:86:7f:6f:1d:be:2d:29:77:19:
                    c1:3b:f0:3f:d7:53:7e:d1:a8:7e:51:f8:de:26:51:
                    ba:06:6f:d2:b9:ec:6f:aa:34:56:32:23:76:c5:39:
                    60:53:ea:ca:d7:60:57:b9:6f:81:ff:88:ad:ff:dc:
                    ce:c1:a7:eb:84:04:a9:41:be:1a:39:43:a0:60:5b:
                    b7:3c:d6:16:54:a6:5e:22:4c:8d:ac:f0:89:cc:31:
                    6a:5a:c9:10:9d:77:75:11:97:f8:37:6d:1e:27:f5:
                    be:2b:98:8a:d9:ea:b2:44:ad:8e:e1:ae:bd:a6:9d:
                    10:6e:5e:ed:cc:80:12:a7:c2:56:23:9c:fe:1d:9c:
                    3e:05:60:f4:28:d8:d4:d4:0f:e7:c2:6f:ac:52:37:
                    ea:48:24:f0:7d:cd:f3:86:23:96:75:a8:27:fd:92:
                    11:c1:aa:bd:b0:2a:9b:ce:3b:81:12:85:db:55:53:
                    3a:d9:d1:87:5c:a4:87:cb:44:41:6b:cf:8d:02:2a:
                    d2:f9:4f:a8:37:15:8f:78:67:ea:ab:87:a0:e7:24:
                    fb:a3:1c:f2:e3:cd:3e:3d:1d:12:e9:67:66:87:86:
                    b3:70:1c:0f:a8:c4:25:c0:eb:e7:47:f2:a5:82:6a:
                    44:b2:f0:e4:ee:7f:36:7e:5d:ec:cd:b9:78:f6:e1:
                    7a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:86:31:AD:91:BC:F2:E9:C8:53:1A:73:E1:3C:84:FF:C9:6C:BE:C8
            X509v3 Authority Key Identifier:
                keyid:4E:62:2B:C5:50:68:7B:6D:0E:F6:07:88:CE:AD:B0:FC:82:0A:38:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TmIrxVBoe20O9geIzq2w_IIKOB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/YoYxrZG88unIUxpz4TyE_8lsvsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/TmIrxVBoe20O9geIzq2w_IIKOB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.208.0/21
                  5.198.224.0/20
                  37.60.32.0/21
                  87.253.96.0/19
                  93.88.112.0/20
                  109.75.112.0/20
                  185.3.252.0/22
                  185.145.84.0/22
                  213.144.64.0/19
                IPv6:
                  2a03:3d80::/29
                  2a0c:8a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:a1:25:8a:a7:c8:9e:ff:7e:35:48:85:a5:0b:39:e3:69:66:
         a8:52:81:7c:e0:d1:fb:e2:49:8a:26:a2:3d:48:b2:ea:a5:82:
         e3:3f:4d:7f:72:a1:18:7b:67:41:f2:bf:5e:7b:16:b8:ed:16:
         00:7e:0c:3f:43:75:b0:17:2c:08:c9:ea:4a:6a:90:ee:32:de:
         83:10:d2:7d:54:98:2c:06:a7:ff:60:30:c0:52:02:9a:db:b7:
         f9:02:0e:b0:97:4f:58:22:26:02:84:54:80:07:58:e4:3b:7f:
         ae:10:9a:fa:a8:ae:d8:0a:d2:b3:e9:e6:5f:60:4f:16:6d:e5:
         16:33:65:6c:ad:65:f8:be:ec:66:d7:23:40:93:ca:e1:42:f3:
         2a:cc:ad:50:bd:0f:69:f0:b8:ad:78:1b:45:5c:63:65:ab:87:
         fa:d3:b6:8f:e0:7a:f5:12:67:9f:0c:26:5f:bb:ed:1a:ea:55:
         cc:25:71:d7:29:3a:24:64:0c:b7:5e:ed:cc:7f:01:63:06:6f:
         83:b5:ab:2a:87:f0:98:c5:b0:ee:de:58:27:68:18:be:4b:dc:
         4d:44:13:4b:10:3d:96:52:04:bf:4d:87:e8:2a:5d:e1:ae:7c:
         e1:62:db:76:c6:31:c6:15:7f:4b:bf:52:7a:d2:c7:eb:47:f3:
         04:73:07:92
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYd0zzHADNERUvJuX/5fVaNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNjIyYmM1NTA2ODdiNmQwZWY2MDc4OGNlYWRiMGZjODIw
YTM4MWYwHhcNMjMwNDEyMDkzMjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjg2MzFhZDkxYmNmMmU5Yzg1MzFhNzNlMTNjODRmZmM5NmNiZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFSJOW+Gf28dvi0pdxnBO/A/11N+
0ah+UfjeJlG6Bm/SuexvqjRWMiN2xTlgU+rK12BXuW+B/4it/9zOwafrhASpQb4a
OUOgYFu3PNYWVKZeIkyNrPCJzDFqWskQnXd1EZf4N20eJ/W+K5iK2eqyRK2O4a69
pp0Qbl7tzIASp8JWI5z+HZw+BWD0KNjU1A/nwm+sUjfqSCTwfc3zhiOWdagn/ZIR
waq9sCqbzjuBEoXbVVM62dGHXKSHy0RBa8+NAirS+U+oNxWPeGfqq4eg5yT7oxzy
480+PR0S6Wdmh4azcBwPqMQlwOvnR/KlgmpEsvDk7n82fl3szbl49uF6YQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFGKGMa2RvPLpyFMac+E8hP/JbL7IMB8GA1UdIwQY
MBaAFE5iK8VQaHttDvYHiM6tsPyCCjgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG1JcnhWQm9lMjBPOWdlSXpxMndfSUlLT0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9jYTRjMzQtMjcwNC00ZjgyLWJmZjgt
YTdjY2QwMDk4NDc3LzEvWW9ZeHJaRzg4dW5JVXhwejRUeUVfOGxzdnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9jYTRjMzQtMjcwNC00ZjgyLWJmZjgtYTdjY2QwMDk4NDc3
LzEvVG1JcnhWQm9lMjBPOWdlSXpxMndfSUlLT0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDBazQAwQE
BcbgAwQDJTwgAwQFV/1gAwQEXVhwAwQEbUtwAwQCuQP8AwQCuZFUAwQF1ZBAMBQE
AgACMA4DBQMqAz2AAwUDKgyKgDANBgkqhkiG9w0BAQsFAAOCAQEAB6EliqfInv9+
NUiFpQs542lmqFKBfODR++JJiiaiPUiy6qWC4z9Nf3KhGHtnQfK/XnsWuO0WAH4M
P0N1sBcsCMnqSmqQ7jLegxDSfVSYLAan/2AwwFICmtu3+QIOsJdPWCImAoRUgAdY
5Dt/rhCa+qiu2ArSs+nmX2BPFm3lFjNlbK1l+L7sZtcjQJPK4ULzKsytUL0PafC4
rXgbRVxjZauH+tO2j+B69RJnnwwmX7vtGupVzCVx1yk6JGQMt17tzH8BYwZvg7Wr
KofwmMWw7t5YJ2gYvkvcTUQTSxA9llIEv02H6Cpd4a584WLbdsYxxhV/S79SetLH
60fzBHMHkg==
-----END CERTIFICATE-----