Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/5a6d3c-17da-44d3-a402-86236bac1308/1/7j5-kdaF61QnMFlC6kuvTXt4kL8.roa
File:                     7j5-kdaF61QnMFlC6kuvTXt4kL8.roa (raw, json)
Hash identifier:          +bJmC6kmIt/bhbnUVoT4m7D4wF1g9SHGrq1fgFSaegY=
Subject key identifier:   EE:3E:7E:91:D6:85:EB:54:27:30:59:42:EA:4B:AF:4D:7B:78:90:BF
Certificate issuer:       /CN=d1dda832769c31681f825685147368af3a11f6f8
Certificate serial:       333E6C7E
Authority key identifier: D1:DD:A8:32:76:9C:31:68:1F:82:56:85:14:73:68:AF:3A:11:F6:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d2oMnacMWgfglaFFHNorzoR9vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/5a6d3c-17da-44d3-a402-86236bac1308/1/7j5-kdaF61QnMFlC6kuvTXt4kL8.roa
Signing time:             Sat 01 Jan 2022 00:52:24 +0000
ROA not before:           Sat 01 Jan 2022 00:52:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57300
IP address blocks:        91.109.173.0/24 maxlen: 24
                          91.109.174.0/24 maxlen: 24
                          91.109.175.0/24 maxlen: 24
                          185.73.164.0/24 maxlen: 24
                          185.73.165.0/24 maxlen: 24
                          185.73.166.0/24 maxlen: 24
                          185.73.167.0/24 maxlen: 24
                          91.109.168.0/24 maxlen: 24
                          91.109.169.0/24 maxlen: 24
                          91.109.170.0/24 maxlen: 24
                          91.109.171.0/24 maxlen: 24
                          91.109.172.0/24 maxlen: 24
                          95.87.124.0/24 maxlen: 24
                          95.87.125.0/24 maxlen: 24
                          95.87.120.0/24 maxlen: 24
                          95.87.121.0/24 maxlen: 24
                          95.87.122.0/24 maxlen: 24
                          95.87.123.0/24 maxlen: 24
                          95.87.126.0/24 maxlen: 24
                          95.87.127.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 859729022 (0x333e6c7e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1dda832769c31681f825685147368af3a11f6f8
        Validity
            Not Before: Jan  1 00:52:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ee3e7e91d685eb5427305942ea4baf4d7b7890bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c0:0d:43:ac:a6:b7:71:9e:4f:a4:8e:1e:00:
                    a8:c2:33:eb:09:2b:6e:0d:64:74:59:c4:28:5d:f8:
                    99:1f:0f:51:88:df:20:d5:2b:bf:d4:45:7b:57:01:
                    ad:bd:a9:35:6a:20:46:6d:e5:00:9f:c2:69:ee:db:
                    a6:39:44:2f:cd:2d:85:46:84:d0:66:33:eb:7b:9f:
                    92:43:15:68:23:b9:d8:f9:f0:50:fc:2b:4c:2b:5a:
                    3f:4b:e5:a2:67:1c:63:48:1d:81:e3:f3:44:41:bb:
                    2a:da:49:93:58:82:51:78:38:88:53:4a:c9:aa:60:
                    d1:6e:fe:43:79:51:26:15:2d:a7:31:6f:e6:8e:6e:
                    6e:c9:50:ba:50:60:71:d3:a3:3e:c9:26:44:74:cf:
                    b2:4c:ea:77:64:dc:a7:91:ad:93:55:40:c1:d4:e5:
                    b9:6a:21:c1:d0:5f:49:ae:40:5b:ff:16:0f:51:3d:
                    59:2a:dd:19:5a:52:99:85:bd:3e:2e:21:80:4a:6d:
                    19:06:6d:54:14:34:bf:a1:cc:47:62:56:12:46:9f:
                    79:95:56:62:4a:ec:05:4d:4c:fc:6c:a7:2f:54:81:
                    48:39:f9:16:f1:7a:06:40:56:c9:1e:20:21:91:5f:
                    5e:02:96:e9:38:b8:28:be:fc:69:11:e4:a1:fb:1c:
                    2e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:3E:7E:91:D6:85:EB:54:27:30:59:42:EA:4B:AF:4D:7B:78:90:BF
            X509v3 Authority Key Identifier:
                keyid:D1:DD:A8:32:76:9C:31:68:1F:82:56:85:14:73:68:AF:3A:11:F6:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d2oMnacMWgfglaFFHNorzoR9vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5a6d3c-17da-44d3-a402-86236bac1308/1/7j5-kdaF61QnMFlC6kuvTXt4kL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5a6d3c-17da-44d3-a402-86236bac1308/1/0d2oMnacMWgfglaFFHNorzoR9vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.168.0/21
                  95.87.120.0/21
                  185.73.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:7f:2c:07:c7:a3:dc:c2:55:46:a7:12:23:d3:c0:bd:4f:6c:
         d3:7a:b2:b8:76:fe:d3:ed:0c:9a:d5:1e:df:df:b2:69:94:6b:
         9a:b0:f3:bc:99:cb:13:53:f1:2d:f2:69:87:f3:f0:96:65:dc:
         b8:f0:e2:6d:ce:8c:2f:f4:61:19:fe:49:4d:de:eb:87:a5:e8:
         bf:67:3a:e4:ed:7f:52:49:12:c4:ba:07:d6:58:11:59:e2:65:
         3c:88:3e:71:9d:b1:4d:47:f7:1b:06:13:ab:90:ed:ff:8a:5f:
         5c:d6:da:d6:f1:25:f1:98:11:e7:4b:2d:d9:51:4e:71:ec:9c:
         a7:c2:89:ca:c1:ea:97:f7:0b:4f:13:e3:21:af:7a:95:a0:17:
         01:00:b3:f5:66:35:06:12:b0:57:4d:72:7b:c3:1f:2d:92:f5:
         fd:e9:f6:d0:f9:62:9f:b0:61:63:f8:5e:5d:cf:fc:0a:f7:85:
         ff:3d:cf:62:b9:c9:0d:60:03:c4:ec:b6:4d:15:88:de:71:12:
         ee:f3:13:35:bc:74:75:b9:1e:37:4d:19:8d:f3:b9:b9:eb:a3:
         68:c3:11:e8:7f:f3:01:16:1d:43:51:6a:90:82:8c:05:5a:08:
         c1:98:44:a5:4f:80:82:b4:11:a3:1c:29:a1:49:76:60:39:03:
         9c:f3:e6:30
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEMz5sfjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MWRkYTgzMjc2OWMzMTY4MWY4MjU2ODUxNDczNjhhZjNhMTFmNmY4MB4XDTIyMDEw
MTAwNTIyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWUzZTdlOTFkNjg1
ZWI1NDI3MzA1OTQyZWE0YmFmNGQ3Yjc4OTBiZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJTADUOsprdxnk+kjh4AqMIz6wkrbg1kdFnEKF34mR8PUYjf
INUrv9RFe1cBrb2pNWogRm3lAJ/Cae7bpjlEL80thUaE0GYz63ufkkMVaCO52Pnw
UPwrTCtaP0vlomccY0gdgePzREG7KtpJk1iCUXg4iFNKyapg0W7+Q3lRJhUtpzFv
5o5ubslQulBgcdOjPskmRHTPskzqd2Tcp5Gtk1VAwdTluWohwdBfSa5AW/8WD1E9
WSrdGVpSmYW9Pi4hgEptGQZtVBQ0v6HMR2JWEkafeZVWYkrsBU1M/GynL1SBSDn5
FvF6BkBWyR4gIZFfXgKW6Ti4KL78aRHkofscLjMCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBTuPn6R1oXrVCcwWULqS69Ne3iQvzAfBgNVHSMEGDAWgBTR3agydpwxaB+C
VoUUc2ivOhH2+DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBkMm9NbmFjTVdnZmdsYUZGSE5vcnpvUjl2Zy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTQvNWE2ZDNjLTE3ZGEtNDRkMy1hNDAyLTg2MjM2YmFjMTMwOC8x
LzdqNS1rZGFGNjFRbk1GbEM2a3V2VFh0NGtMOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQv
NWE2ZDNjLTE3ZGEtNDRkMy1hNDAyLTg2MjM2YmFjMTMwOC8xLzBkMm9NbmFjTVdn
ZmdsYUZGSE5vcnpvUjl2Zy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEA1ttqAMEA19XeAMEArlJpDANBgkq
hkiG9w0BAQsFAAOCAQEAPn8sB8ej3MJVRqcSI9PAvU9s03qyuHb+0+0MmtUe39+y
aZRrmrDzvJnLE1PxLfJph/PwlmXcuPDibc6ML/RhGf5JTd7rh6Xov2c65O1/UkkS
xLoH1lgRWeJlPIg+cZ2xTUf3GwYTq5Dt/4pfXNba1vEl8ZgR50st2VFOceycp8KJ
ysHql/cLTxPjIa96laAXAQCz9WY1BhKwV01ye8MfLZL1/en20Plin7BhY/heXc/8
CveF/z3PYrnJDWADxOy2TRWI3nES7vMTNbx0dbkeN00ZjfO5ueujaMMR6H/zARYd
Q1FqkIKMBVoIwZhEpU+AgrQRoxwpoUl2YDkDnPPmMA==
-----END CERTIFICATE-----