Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QLIpDE-9hnMAReVG4sOiuQQqz5U.roa
File:                     QLIpDE-9hnMAReVG4sOiuQQqz5U.roa (raw, json)
Hash identifier:          EgwPFqclwDiIOh4qc/r9bA0tQFFF7oIxZ05lRtyp1mU=
Subject key identifier:   40:B2:29:0C:4F:BD:86:73:00:45:E5:46:E2:C3:A2:B9:04:2A:CF:95
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       018320CBFF5D4538CA27FA4874905AA8E641
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QLIpDE-9hnMAReVG4sOiuQQqz5U.roa
Signing time:             Fri 09 Sep 2022 05:49:43 +0000
ROA not before:           Fri 09 Sep 2022 05:49:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        163.5.227.0/24 maxlen: 24
                          163.5.246.0/24 maxlen: 24
                          163.5.249.0/24 maxlen: 24
                          163.5.179.0/24 maxlen: 24
                          163.5.212.0/24 maxlen: 24
                          163.5.217.0/24 maxlen: 24
                          163.5.214.0/24 maxlen: 24
                          163.5.223.0/24 maxlen: 24
                          163.5.226.0/24 maxlen: 24
                          163.5.152.0/24 maxlen: 24
                          163.5.158.0/24 maxlen: 24
                          163.5.166.0/24 maxlen: 24
                          163.5.169.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:20:cb:ff:5d:45:38:ca:27:fa:48:74:90:5a:a8:e6:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Sep  9 05:49:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=40b2290c4fbd86730045e546e2c3a2b9042acf95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fa:4a:ed:17:c5:6e:65:9b:af:9a:5b:af:1d:
                    2a:3a:80:15:dd:68:ea:e4:ff:a9:1c:d6:c2:9b:a0:
                    1d:76:96:ae:0d:f0:83:38:55:9d:3f:3a:75:cf:32:
                    33:c6:7c:6e:34:8f:64:46:f1:e9:8b:30:ca:83:57:
                    71:3b:9b:d6:80:0a:e9:70:80:f7:f5:8c:87:32:04:
                    0a:9e:02:60:29:14:83:02:34:73:96:20:01:be:db:
                    73:a8:6e:04:16:3b:30:94:13:46:f1:31:92:0d:9d:
                    c8:35:45:5f:1e:b5:e5:15:b5:48:cd:38:5a:99:a0:
                    a5:9c:9c:78:00:04:a0:a9:7a:be:ac:72:e1:08:dc:
                    de:90:73:d6:3d:6f:61:a0:c9:0a:90:17:5c:3d:e9:
                    59:75:49:bf:3c:fe:0c:3b:27:82:58:bc:d1:34:06:
                    b9:1d:d1:3d:cd:f4:84:b4:6d:c6:ea:f5:bd:90:3e:
                    36:f0:46:2e:cf:f1:cb:ff:3d:06:a2:e0:96:d6:dc:
                    ab:84:3c:63:d3:7a:38:b3:81:1d:73:b3:8c:ae:6f:
                    9b:fb:7f:fd:f8:f5:a1:a9:1b:a4:8d:69:ac:6b:0c:
                    36:07:95:78:07:9f:05:2e:53:ac:5e:97:4c:27:9d:
                    7d:77:e9:20:08:ea:26:a9:ba:2f:14:99:7c:60:a6:
                    97:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:B2:29:0C:4F:BD:86:73:00:45:E5:46:E2:C3:A2:B9:04:2A:CF:95
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QLIpDE-9hnMAReVG4sOiuQQqz5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.152.0/24
                  163.5.158.0/24
                  163.5.166.0/24
                  163.5.169.0/24
                  163.5.179.0/24
                  163.5.212.0/24
                  163.5.214.0/24
                  163.5.217.0/24
                  163.5.223.0/24
                  163.5.226.0/23
                  163.5.246.0/24
                  163.5.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:1a:74:59:7a:d6:17:51:c4:a4:54:0b:3c:b5:51:fc:07:37:
         64:25:c8:06:1d:3a:03:48:88:e5:32:7e:1d:6a:35:f6:8d:d9:
         63:5e:91:b4:29:5b:9a:b5:3a:17:f3:98:e2:f8:d1:8e:fa:40:
         3f:72:c2:43:ab:c8:68:f7:e4:21:f1:04:ca:ba:65:e6:8e:02:
         5d:9a:4c:39:6e:ac:43:23:3f:7a:26:20:1b:12:a1:ab:8d:aa:
         11:6e:53:8b:b3:99:db:4a:66:65:9b:a6:e5:99:f4:3b:3f:1b:
         46:f6:4c:a3:35:c7:6b:a7:d6:8a:01:bf:d2:9a:a4:9f:68:4e:
         5c:2c:62:bb:e7:97:b2:19:fe:d5:83:36:8b:26:72:9c:48:57:
         88:a8:e7:d6:cb:a4:ef:23:f2:7a:43:9b:c3:19:7e:51:11:46:
         08:c7:e8:17:71:f9:0b:22:2f:24:83:c1:a0:cc:3c:da:e3:16:
         46:ea:e3:c0:81:37:30:ea:fa:2f:32:1e:aa:6a:95:70:05:e5:
         6f:6f:cb:87:8f:a5:1c:8f:c5:65:16:fe:8d:d4:0e:af:8e:72:
         b2:a8:58:66:fe:6a:3b:ed:45:f9:73:e1:a1:df:83:bb:4f:f7:
         81:d2:0e:8c:f9:bc:17:75:77:fb:c8:40:94:d7:52:12:66:e4:
         51:8b:c5:45
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYMgy/9dRTjKJ/pIdJBaqOZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIwOTA5MDU0OTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGIyMjkwYzRmYmQ4NjczMDA0NWU1NDZlMmMzYTJiOTA0MmFjZjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPpK7RfFbmWbr5pbrx0qOoAV3Wjq
5P+pHNbCm6AddpauDfCDOFWdPzp1zzIzxnxuNI9kRvHpizDKg1dxO5vWgArpcID3
9YyHMgQKngJgKRSDAjRzliABvttzqG4EFjswlBNG8TGSDZ3INUVfHrXlFbVIzTha
maClnJx4AASgqXq+rHLhCNzekHPWPW9hoMkKkBdcPelZdUm/PP4MOyeCWLzRNAa5
HdE9zfSEtG3G6vW9kD428EYuz/HL/z0GouCW1tyrhDxj03o4s4Edc7OMrm+b+3/9
+PWhqRukjWmsaww2B5V4B58FLlOsXpdMJ519d+kgCOomqbovFJl8YKaXLQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFECyKQxPvYZzAEXlRuLDorkEKs+VMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUUxJcERFLTlobk1BUmVWRzRzT2l1UVFxejVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAowWYAwQA
owWeAwQAowWmAwQAowWpAwQAowWzAwQAowXUAwQAowXWAwQAowXZAwQAowXfAwQB
owXiAwQAowX2AwQAowX5MA0GCSqGSIb3DQEBCwUAA4IBAQArGnRZetYXUcSkVAs8
tVH8BzdkJcgGHToDSIjlMn4dajX2jdljXpG0KVuatToX85ji+NGO+kA/csJDq8ho
9+Qh8QTKumXmjgJdmkw5bqxDIz96JiAbEqGrjaoRblOLs5nbSmZlm6blmfQ7PxtG
9kyjNcdrp9aKAb/SmqSfaE5cLGK755eyGf7VgzaLJnKcSFeIqOfWy6TvI/J6Q5vD
GX5REUYIx+gXcfkLIi8kg8GgzDza4xZG6uPAgTcw6vovMh6qapVwBeVvb8uHj6Uc
j8VlFv6N1A6vjnKyqFhm/mo77UX5c+Gh34O7T/eB0g6M+bwXdXf7yECU11ISZuRR
i8VF
-----END CERTIFICATE-----