Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/d937e0-4277-4e6a-b593-46a880425799/1/uddnze6fXYjW7cvPEO-r6enoQPo.roa
File:                     uddnze6fXYjW7cvPEO-r6enoQPo.roa (raw, json)
Hash identifier:          MSQDh37nDopi5FyMYUpd8I8RI9x4TdGtvXivEMi6MJs=
Subject key identifier:   B9:D7:67:CD:EE:9F:5D:88:D6:ED:CB:CF:10:EF:AB:E9:E9:E8:40:FA
Certificate issuer:       /CN=52aaa0a6188c97aa742cc786e3b70bc909cac44c
Certificate serial:       0186A1B575920D1579923664F8F504AEB5E7
Authority key identifier: 52:AA:A0:A6:18:8C:97:AA:74:2C:C7:86:E3:B7:0B:C9:09:CA:C4:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqqgphiMl6p0LMeG47cLyQnKxEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/d937e0-4277-4e6a-b593-46a880425799/1/uddnze6fXYjW7cvPEO-r6enoQPo.roa
Signing time:             Thu 02 Mar 2023 09:44:29 +0000
ROA not before:           Thu 02 Mar 2023 09:44:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48886
IP address blocks:        45.91.68.0/24 maxlen: 24
                          45.91.68.0/22 maxlen: 22
                          45.91.69.0/24 maxlen: 24
                          194.69.16.0/24 maxlen: 24
                          194.69.16.0/20 maxlen: 20
                          194.69.17.0/24 maxlen: 24
                          194.69.23.0/24 maxlen: 24
                          194.69.18.0/24 maxlen: 24
                          194.69.24.0/24 maxlen: 24
                          194.69.20.0/24 maxlen: 24
                          194.69.19.0/24 maxlen: 24
                          194.69.22.0/24 maxlen: 24
                          194.69.21.0/24 maxlen: 24
                          194.69.30.0/24 maxlen: 24
                          194.69.25.0/24 maxlen: 24
                          194.69.31.0/24 maxlen: 24
                          194.69.27.0/24 maxlen: 24
                          194.69.26.0/24 maxlen: 24
                          194.69.29.0/24 maxlen: 24
                          194.69.28.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a1:b5:75:92:0d:15:79:92:36:64:f8:f5:04:ae:b5:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52aaa0a6188c97aa742cc786e3b70bc909cac44c
        Validity
            Not Before: Mar  2 09:44:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b9d767cdee9f5d88d6edcbcf10efabe9e9e840fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:95:ea:56:63:8d:10:dd:69:1a:76:53:5d:7a:
                    85:37:74:97:02:10:77:70:20:9f:b1:ca:f3:c5:20:
                    a2:32:35:54:96:92:29:fe:e5:72:e5:88:d9:19:f7:
                    4e:ba:7c:74:26:56:b7:42:83:ee:6b:5d:91:f1:e2:
                    a5:97:2b:c2:e9:aa:67:fa:d7:8a:dd:14:a0:d4:13:
                    52:ba:fd:0b:6e:de:06:52:07:09:37:99:ca:cd:cb:
                    1a:c5:5f:49:81:d3:6e:ca:96:7e:1b:b3:a2:a8:28:
                    76:02:42:68:37:1f:fc:99:df:0d:43:14:20:00:29:
                    1b:71:36:b3:d2:a4:cf:96:59:32:5f:cf:f0:b9:14:
                    78:dd:5f:fc:07:0f:94:ef:a6:fd:5f:15:4b:d7:c0:
                    09:d9:43:6f:3a:48:fb:27:47:7d:fb:8b:bb:85:23:
                    79:c4:53:bf:6d:cb:de:f1:b9:e9:e1:9d:81:82:70:
                    70:22:55:fb:f6:59:7f:c1:d2:ae:45:06:04:03:89:
                    04:66:56:f6:61:f0:c7:4f:0f:66:93:5a:8c:89:01:
                    ec:88:3a:b8:0c:07:23:04:4a:2c:07:d5:e1:6d:96:
                    98:9f:23:d7:1e:60:47:bb:8c:dc:63:11:1b:e6:b5:
                    31:6c:08:5d:54:0f:44:8f:6c:86:02:d8:4d:ce:a7:
                    8d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:D7:67:CD:EE:9F:5D:88:D6:ED:CB:CF:10:EF:AB:E9:E9:E8:40:FA
            X509v3 Authority Key Identifier:
                keyid:52:AA:A0:A6:18:8C:97:AA:74:2C:C7:86:E3:B7:0B:C9:09:CA:C4:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqqgphiMl6p0LMeG47cLyQnKxEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/d937e0-4277-4e6a-b593-46a880425799/1/uddnze6fXYjW7cvPEO-r6enoQPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/d937e0-4277-4e6a-b593-46a880425799/1/UqqgphiMl6p0LMeG47cLyQnKxEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.68.0/22
                  194.69.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         04:03:39:a6:bd:e5:74:8e:9e:0a:0e:13:2e:7b:c1:57:40:e1:
         7e:4d:60:5f:75:58:97:30:8e:68:de:fc:d5:be:d2:36:be:41:
         30:07:45:d4:e0:5c:3a:50:97:b3:59:4b:94:a5:66:73:ec:85:
         5a:03:80:f0:d3:32:8c:46:ae:7b:ca:c1:76:84:1c:c4:c9:e5:
         f3:11:b6:18:42:04:78:c8:bb:59:87:a9:97:31:1d:f6:20:7a:
         36:27:e0:6f:0e:35:4f:52:29:98:b9:16:fb:2d:35:cb:be:ad:
         df:5c:c7:86:2f:9a:1f:54:43:7e:93:6e:96:5b:57:a1:d8:de:
         32:a0:6b:53:a8:0d:3b:b0:a6:dc:9a:33:8d:3c:70:3f:89:c7:
         38:4e:47:85:f7:a6:f6:e9:6e:67:35:56:2d:3f:e4:73:2f:fd:
         20:ab:87:92:c1:b8:2f:44:74:81:5a:71:9a:88:6b:c2:50:e7:
         08:74:2f:7e:43:30:3c:bb:a3:42:37:38:da:8d:d4:db:2b:43:
         b6:4c:e0:74:c1:ac:3b:77:4a:d4:de:8a:b5:9e:35:7b:4f:05:
         d5:38:67:6a:94:93:5e:ba:18:99:af:7b:83:fb:80:59:d4:61:
         f3:ea:4e:7c:f9:3e:33:ef:8a:43:e6:57:0e:c7:fd:64:3b:89:
         f7:f2:00:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYahtXWSDRV5kjZk+PUErrXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYWFhMGE2MTg4Yzk3YWE3NDJjYzc4NmUzYjcwYmM5MDlj
YWM0NGMwHhcNMjMwMzAyMDk0NDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWQ3NjdjZGVlOWY1ZDg4ZDZlZGNiY2YxMGVmYWJlOWU5ZTg0MGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpXqVmONEN1pGnZTXXqFN3SXAhB3
cCCfscrzxSCiMjVUlpIp/uVy5YjZGfdOunx0Jla3QoPua12R8eKllyvC6apn+teK
3RSg1BNSuv0Lbt4GUgcJN5nKzcsaxV9JgdNuypZ+G7OiqCh2AkJoNx/8md8NQxQg
ACkbcTaz0qTPllkyX8/wuRR43V/8Bw+U76b9XxVL18AJ2UNvOkj7J0d9+4u7hSN5
xFO/bcve8bnp4Z2BgnBwIlX79ll/wdKuRQYEA4kEZlb2YfDHTw9mk1qMiQHsiDq4
DAcjBEosB9XhbZaYnyPXHmBHu4zcYxEb5rUxbAhdVA9Ej2yGAthNzqeNkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLnXZ83un12I1u3LzxDvq+np6ED6MB8GA1UdIwQY
MBaAFFKqoKYYjJeqdCzHhuO3C8kJysRMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFxZ3BoaU1sNnAwTE1lRzQ3Y0x5UW5LeEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9kOTM3ZTAtNDI3Ny00ZTZhLWI1OTMt
NDZhODgwNDI1Nzk5LzEvdWRkbnplNmZYWWpXN2N2UEVPLXI2ZW5vUVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9kOTM3ZTAtNDI3Ny00ZTZhLWI1OTMtNDZhODgwNDI1Nzk5
LzEvVXFxZ3BoaU1sNnAwTE1lRzQ3Y0x5UW5LeEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVtEAwQE
wkUQMA0GCSqGSIb3DQEBCwUAA4IBAQAEAzmmveV0jp4KDhMue8FXQOF+TWBfdViX
MI5o3vzVvtI2vkEwB0XU4Fw6UJezWUuUpWZz7IVaA4Dw0zKMRq57ysF2hBzEyeXz
EbYYQgR4yLtZh6mXMR32IHo2J+BvDjVPUimYuRb7LTXLvq3fXMeGL5ofVEN+k26W
W1eh2N4yoGtTqA07sKbcmjONPHA/icc4TkeF96b26W5nNVYtP+RzL/0gq4eSwbgv
RHSBWnGaiGvCUOcIdC9+QzA8u6NCNzjajdTbK0O2TOB0waw7d0rU3oq1njV7TwXV
OGdqlJNeuhiZr3uD+4BZ1GHz6k58+T4z74pD5lcOx/1kO4n38gCc
-----END CERTIFICATE-----