Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7dOsm-4OQyPXyu-uRb6SGX49ZOU.roa
File:                     7dOsm-4OQyPXyu-uRb6SGX49ZOU.roa (raw, json)
Hash identifier:          3S4dOpAnuiV4w597fgkEM2R1iK0NZOvdnjAdH4Nl9PQ=
Subject key identifier:   ED:D3:AC:9B:EE:0E:43:23:D7:CA:EF:AE:45:BE:92:19:7E:3D:64:E5
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       01830A2ECD059D580EE0AFFF65A63146A4CE
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7dOsm-4OQyPXyu-uRb6SGX49ZOU.roa
Signing time:             Sun 04 Sep 2022 20:26:22 +0000
ROA not before:           Sun 04 Sep 2022 20:26:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51659
IP address blocks:        193.233.84.0/22 maxlen: 22
                          193.233.94.0/23 maxlen: 24
                          193.233.93.0/24 maxlen: 24
                          193.233.16.0/24 maxlen: 24
                          193.233.22.0/24 maxlen: 24
                          193.233.23.0/24 maxlen: 24
                          193.233.21.0/24 maxlen: 24
                          193.233.19.0/24 maxlen: 24
                          193.233.20.0/24 maxlen: 24
                          193.233.18.0/24 maxlen: 24
                          193.233.252.0/22 maxlen: 22
                          193.233.61.0/24 maxlen: 24
                          193.233.192.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:0a:2e:cd:05:9d:58:0e:e0:af:ff:65:a6:31:46:a4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Sep  4 20:26:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=edd3ac9bee0e4323d7caefae45be92197e3d64e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:33:b0:15:7d:24:64:82:66:c7:86:1c:b9:ba:
                    a3:21:ee:18:0a:05:c3:da:ed:43:f3:1b:e5:ad:21:
                    d8:33:7f:95:66:bc:7f:8c:38:6c:a7:7e:22:da:0c:
                    03:c5:a1:f1:47:62:cd:5c:96:fe:99:a6:74:b3:0c:
                    11:98:0d:26:65:cf:c1:57:32:3c:81:0b:04:fb:26:
                    98:8c:54:73:5f:dc:22:b6:76:89:00:8e:d1:51:9e:
                    14:ed:25:1d:02:9d:88:c7:a5:59:f8:10:b9:91:ea:
                    6d:bc:99:44:65:88:f6:45:d5:fc:03:38:16:85:3b:
                    69:b5:55:c8:d3:80:8f:3d:ba:48:35:49:74:72:95:
                    fe:13:b3:6d:39:a7:c5:fb:48:43:25:b8:0c:70:3e:
                    ba:4c:64:79:22:8b:5f:49:41:8b:9f:11:1c:f6:fd:
                    39:a5:33:9c:2d:fa:45:47:7a:8a:b8:ac:16:5e:25:
                    74:e4:8f:e7:38:a6:4d:9b:e0:c1:02:27:76:8c:dd:
                    b6:85:c8:86:60:20:72:db:9e:60:39:7d:42:57:39:
                    fd:ce:5b:26:60:72:d0:35:46:2f:d6:11:7a:73:82:
                    5a:fd:85:e7:fe:40:00:55:67:5b:8c:cc:c2:70:85:
                    c0:49:36:75:b6:da:ae:5f:b8:a1:b5:d9:d8:09:ca:
                    0d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:D3:AC:9B:EE:0E:43:23:D7:CA:EF:AE:45:BE:92:19:7E:3D:64:E5
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7dOsm-4OQyPXyu-uRb6SGX49ZOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.16.0/24
                  193.233.18.0-193.233.23.255
                  193.233.61.0/24
                  193.233.84.0/22
                  193.233.93.0-193.233.95.255
                  193.233.192.0/22
                  193.233.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:e4:5a:0a:5d:f3:35:85:3e:0e:89:d8:cc:b1:cf:a1:8d:f7:
         19:2b:73:00:eb:82:e5:16:9d:3b:1c:0d:ec:ae:b7:2b:db:81:
         a1:e4:9a:83:0b:56:54:08:f5:84:e7:82:86:9c:52:2e:12:3e:
         63:db:1c:ee:db:2a:fe:87:ef:a7:e6:3b:4f:86:46:3e:f6:55:
         1e:b6:63:3a:1c:63:07:2d:70:43:5c:cb:47:3a:f6:93:0f:9f:
         de:c6:b2:c2:c8:bd:3f:1c:ed:5b:2f:20:8a:52:75:c3:df:1f:
         45:ba:9d:4a:d1:3f:c2:21:e7:eb:05:d3:98:15:c4:7f:8e:0d:
         45:08:20:99:6d:b2:6b:4b:f2:38:32:3e:9e:ed:7c:e5:98:aa:
         f1:1f:d3:35:ff:76:7d:66:69:a1:22:01:b1:0a:fa:d8:c6:41:
         eb:ad:76:31:59:d5:10:6e:2f:c5:7f:00:64:31:9e:22:e0:eb:
         5d:76:c7:09:77:53:ab:fd:9f:85:f2:9a:ef:ce:e0:57:e3:e4:
         6a:44:04:9a:12:2f:ad:23:0e:eb:95:e3:b2:01:48:46:7c:a4:
         ae:f9:46:78:13:71:3f:63:0d:9b:bf:47:c8:6d:6e:da:d3:e4:
         f5:3d:56:df:95:16:a4:6b:e1:55:4b:6e:c4:4d:ab:c4:ab:42:
         b7:f8:85:3c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYMKLs0FnVgO4K//ZaYxRqTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjIwOTA0MjAyNjIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGQzYWM5YmVlMGU0MzIzZDdjYWVmYWU0NWJlOTIxOTdlM2Q2NGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjOwFX0kZIJmx4YcubqjIe4YCgXD
2u1D8xvlrSHYM3+VZrx/jDhsp34i2gwDxaHxR2LNXJb+maZ0swwRmA0mZc/BVzI8
gQsE+yaYjFRzX9witnaJAI7RUZ4U7SUdAp2Ix6VZ+BC5keptvJlEZYj2RdX8AzgW
hTtptVXI04CPPbpINUl0cpX+E7NtOafF+0hDJbgMcD66TGR5IotfSUGLnxEc9v05
pTOcLfpFR3qKuKwWXiV05I/nOKZNm+DBAid2jN22hciGYCBy255gOX1CVzn9zlsm
YHLQNUYv1hF6c4Ja/YXn/kAAVWdbjMzCcIXASTZ1ttquX7ihtdnYCcoNzwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFO3TrJvuDkMj18rvrkW+khl+PWTlMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvN2RPc20tNE9ReVBYeXUtdVJiNlNHWDQ5Wk9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQAwekQMAwD
BAHB6RIDBAPB6RADBADB6T0DBALB6VQwDAMEAMHpXQMEBcHpQAMEAsHpwAMEAsHp
/DANBgkqhkiG9w0BAQsFAAOCAQEABeRaCl3zNYU+DonYzLHPoY33GStzAOuC5Rad
OxwN7K63K9uBoeSagwtWVAj1hOeChpxSLhI+Y9sc7tsq/ofvp+Y7T4ZGPvZVHrZj
OhxjBy1wQ1zLRzr2kw+f3saywsi9PxztWy8gilJ1w98fRbqdStE/wiHn6wXTmBXE
f44NRQggmW2ya0vyODI+nu185Ziq8R/TNf92fWZpoSIBsQr62MZB6612MVnVEG4v
xX8AZDGeIuDrXXbHCXdTq/2fhfKa787gV+PkakQEmhIvrSMO65XjsgFIRnykrvlG
eBNxP2MNm79HyG1u2tPk9T1W35UWpGvhVUtuxE2rxKtCt/iFPA==
-----END CERTIFICATE-----