Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/Gzm9FBXG1eZeGhHEMfjNfOopgLo.roa
File:                     Gzm9FBXG1eZeGhHEMfjNfOopgLo.roa (raw, json)
Hash identifier:          bb0ozBC/jZ4pTbhbLSJyMD32J3dztcDns+Uh6ibLY+0=
Subject key identifier:   1B:39:BD:14:15:C6:D5:E6:5E:1A:11:C4:31:F8:CD:7C:EA:29:80:BA
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       0188556381B6CAF93608A9C5F53D99E530C1
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/Gzm9FBXG1eZeGhHEMfjNfOopgLo.roa
Signing time:             Fri 26 May 2023 00:09:24 +0000
ROA not before:           Fri 26 May 2023 00:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20722
IP address blocks:        85.204.44.0/24 maxlen: 24
                          194.102.188.0/24 maxlen: 24
                          185.88.130.0/23 maxlen: 23
                          185.88.128.0/22 maxlen: 22
                          185.88.131.0/24 maxlen: 24
                          185.88.128.0/23 maxlen: 23
                          185.88.129.0/24 maxlen: 24
                          85.204.56.0/21 maxlen: 21
                          85.204.56.0/24 maxlen: 24
                          85.204.57.0/24 maxlen: 24
                          85.204.58.0/24 maxlen: 24
                          85.204.59.0/24 maxlen: 24
                          85.204.60.0/24 maxlen: 24
                          85.204.61.0/24 maxlen: 24
                          85.204.62.0/24 maxlen: 24
                          85.204.63.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:55:63:81:b6:ca:f9:36:08:a9:c5:f5:3d:99:e5:30:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: May 26 00:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1b39bd1415c6d5e65e1a11c431f8cd7cea2980ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e4:0a:7c:b5:ec:13:bd:20:27:63:6d:c8:6f:
                    e1:c1:14:2d:87:db:a7:4f:9e:c6:83:b9:1a:77:e6:
                    73:ba:61:41:b5:14:1d:df:0a:d7:bd:af:95:d4:bc:
                    61:d0:e9:76:c6:18:03:be:23:42:56:65:c7:32:d4:
                    f9:5c:85:fb:b9:98:b1:7f:f7:2f:52:48:df:65:14:
                    d5:d9:a2:75:bb:39:f9:2b:a0:20:af:cb:b5:21:cf:
                    ca:87:af:02:0c:6e:ac:87:a9:25:5e:dd:a4:19:76:
                    d3:46:70:21:15:4f:45:b4:80:2a:00:ed:db:f6:ed:
                    55:16:3d:9f:fe:19:c6:41:a0:09:52:3a:55:7d:c7:
                    c6:1f:c3:03:9c:03:60:0e:f6:0d:0a:63:2a:11:3a:
                    d6:ff:a2:1b:49:f1:37:9d:8a:85:99:f9:13:56:de:
                    49:b4:94:fa:60:e7:8a:1f:5c:75:5f:ab:85:43:b7:
                    a8:06:3c:9a:03:6c:3c:b4:fd:6a:d0:04:9f:3f:5c:
                    2b:2d:ad:f2:31:a9:a1:ce:c7:49:b7:80:35:57:ff:
                    04:13:17:be:af:11:74:9d:5d:b7:c4:a8:be:b4:b9:
                    7f:30:94:4e:37:b9:a8:cd:c8:b5:c3:e4:a1:32:d3:
                    95:fb:78:a4:dc:7c:a4:57:33:1c:87:af:f8:d2:9f:
                    cd:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:39:BD:14:15:C6:D5:E6:5E:1A:11:C4:31:F8:CD:7C:EA:29:80:BA
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/Gzm9FBXG1eZeGhHEMfjNfOopgLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.44.0/24
                  85.204.56.0/21
                  185.88.128.0/22
                  194.102.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:7c:88:c0:ad:99:b7:1a:d1:e8:30:8d:e9:74:cb:df:f8:88:
         18:78:8b:99:1d:41:5f:78:42:b7:d3:fc:01:01:12:48:b4:11:
         89:85:c3:3f:57:ab:f3:88:ec:37:c6:f7:9f:80:ec:64:32:b4:
         81:78:df:da:9f:85:5b:45:d1:45:5e:76:9d:a3:e4:f5:93:0e:
         45:f5:67:c6:ab:27:e1:5a:0c:e5:bb:d5:3d:28:6c:6e:eb:33:
         23:82:d1:ad:ac:db:d8:34:62:09:8f:02:1d:dd:55:0f:a7:4a:
         a9:4d:5b:4a:0a:73:41:80:0d:3f:16:1b:da:c8:a7:4e:61:69:
         6a:b3:6e:1f:7c:41:dd:3c:87:52:ad:7f:b9:69:8b:72:f9:67:
         ca:a8:1c:79:93:05:9f:20:6e:50:f9:c9:42:23:c2:9b:30:b7:
         4f:d7:9e:1a:73:c1:58:b9:22:28:7b:4f:73:02:1b:a0:08:4e:
         3c:43:28:8e:b6:48:4a:83:6c:09:9a:b1:f5:a6:97:35:d1:2d:
         72:1f:02:63:86:67:a3:e3:05:c5:17:54:6f:e0:b6:0c:da:8d:
         5b:5e:1f:8d:7a:be:1b:24:2a:31:2d:b3:1c:97:2b:14:2b:23:
         ae:62:80:c4:af:b4:44:1b:1a:87:4c:2d:3f:f1:70:33:06:fd:
         5f:c4:79:0c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYhVY4G2yvk2CKnF9T2Z5TDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjMwNTI2MDAwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjM5YmQxNDE1YzZkNWU2NWUxYTExYzQzMWY4Y2Q3Y2VhMjk4MGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeQKfLXsE70gJ2NtyG/hwRQth9un
T57Gg7kad+ZzumFBtRQd3wrXva+V1Lxh0Ol2xhgDviNCVmXHMtT5XIX7uZixf/cv
UkjfZRTV2aJ1uzn5K6Agr8u1Ic/Kh68CDG6sh6klXt2kGXbTRnAhFU9FtIAqAO3b
9u1VFj2f/hnGQaAJUjpVfcfGH8MDnANgDvYNCmMqETrW/6IbSfE3nYqFmfkTVt5J
tJT6YOeKH1x1X6uFQ7eoBjyaA2w8tP1q0ASfP1wrLa3yMamhzsdJt4A1V/8EExe+
rxF0nV23xKi+tLl/MJRON7mozci1w+ShMtOV+3ik3HykVzMch6/40p/NqwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBs5vRQVxtXmXhoRxDH4zXzqKYC6MB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvR3ptOUZCWEcxZVplR2hIRU1mak5mT29wZ0xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVcwsAwQD
Vcw4AwQCuViAAwQAwma8MA0GCSqGSIb3DQEBCwUAA4IBAQCnfIjArZm3GtHoMI3p
dMvf+IgYeIuZHUFfeEK30/wBARJItBGJhcM/V6vziOw3xvefgOxkMrSBeN/an4Vb
RdFFXnado+T1kw5F9WfGqyfhWgzlu9U9KGxu6zMjgtGtrNvYNGIJjwId3VUPp0qp
TVtKCnNBgA0/FhvayKdOYWlqs24ffEHdPIdSrX+5aYty+WfKqBx5kwWfIG5Q+clC
I8KbMLdP154ac8FYuSIoe09zAhugCE48QyiOtkhKg2wJmrH1ppc10S1yHwJjhmej
4wXFF1Rv4LYM2o1bXh+Ner4bJCoxLbMclysUKyOuYoDEr7REGxqHTC0/8XAzBv1f
xHkM
-----END CERTIFICATE-----