Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/H5BGTWFP80iteRuYvRrMS_ktDMc.roa
File:                     H5BGTWFP80iteRuYvRrMS_ktDMc.roa (raw, json)
Hash identifier:          BQPYC0eTm25F74HUYeiEG5JyBuOfVq37POtxJPiRGzE=
Subject key identifier:   1F:90:46:4D:61:4F:F3:48:AD:79:1B:98:BD:1A:CC:4B:F9:2D:0C:C7
Certificate issuer:       /CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
Certificate serial:       01867900BFBA4D4B2A026739CAFE775E496E
Authority key identifier: 1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/H5BGTWFP80iteRuYvRrMS_ktDMc.roa
Signing time:             Wed 22 Feb 2023 12:02:17 +0000
ROA not before:           Wed 22 Feb 2023 12:02:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207021
IP address blocks:        194.0.26.0/24 maxlen: 24
                          2a02:850:ffe2::/48 maxlen: 48
                          2001:678:20::/48 maxlen: 48
                          2a02:850:ffe5::/48 maxlen: 48
                          2a02:850:ffe0::/48 maxlen: 48
                          2001:67c:1bc::/48 maxlen: 48
                          2a02:850:ffe3::/48 maxlen: 48
                          2001:678:24::/48 maxlen: 48
                          2a02:850:ffe6::/48 maxlen: 48
                          2a02:850:ffe1::/48 maxlen: 48
                          2a02:850:ffe4::/48 maxlen: 48
                          2a02:850:ffe7::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:79:00:bf:ba:4d:4b:2a:02:67:39:ca:fe:77:5e:49:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
        Validity
            Not Before: Feb 22 12:02:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1f90464d614ff348ad791b98bd1acc4bf92d0cc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ab:70:8a:16:d6:6f:09:58:8b:78:d6:e0:d0:
                    1c:e4:9c:93:bf:9d:cc:41:f4:ff:bf:7a:fe:72:f5:
                    ef:56:86:65:28:19:22:b7:e9:fe:fe:cc:e8:62:ad:
                    64:d4:a0:55:96:fc:8c:e3:92:ca:c2:0b:68:2f:4b:
                    b2:44:fc:b8:2e:ec:8a:57:f5:ea:e5:24:e8:e2:44:
                    89:d7:30:48:e4:6e:60:a8:1f:c0:8d:19:9c:49:b9:
                    4d:41:88:62:88:82:50:b7:1c:0c:53:cd:c0:92:a8:
                    5c:17:68:ec:17:43:ed:a6:06:fb:12:b2:fe:a2:f0:
                    fe:50:53:fb:3c:76:0f:35:fe:46:cd:59:f8:28:56:
                    7d:b1:ce:ab:3f:86:a6:6f:19:fd:25:3d:2e:bc:66:
                    5e:99:89:af:25:df:12:aa:fd:5e:04:29:36:9b:10:
                    f7:90:99:b4:20:80:85:6f:0d:ff:63:5f:95:db:16:
                    4a:63:75:70:85:b4:3b:8a:3f:93:80:cb:a6:9e:fd:
                    cc:71:58:9b:8d:ad:d2:f6:25:21:1a:dc:ce:69:06:
                    3d:05:de:85:84:1e:a4:84:ee:47:d9:4d:98:96:c7:
                    a8:b9:05:9d:be:34:89:e7:7d:84:94:3c:90:3a:b6:
                    f0:72:6f:c8:5c:69:a7:88:92:52:1d:82:89:6e:db:
                    fb:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:90:46:4D:61:4F:F3:48:AD:79:1B:98:BD:1A:CC:4B:F9:2D:0C:C7
            X509v3 Authority Key Identifier:
                keyid:1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/H5BGTWFP80iteRuYvRrMS_ktDMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.26.0/24
                IPv6:
                  2001:678:20::/48
                  2001:678:24::/48
                  2001:67c:1bc::/48
                  2a02:850:ffe0::/45

    Signature Algorithm: sha256WithRSAEncryption
         2a:08:81:15:35:59:f3:3e:ef:87:d1:29:9e:77:d7:25:2d:e7:
         be:c7:30:11:d9:f8:1b:ff:a4:57:c9:f2:a8:e8:5f:90:53:8f:
         ca:22:09:cd:27:ad:06:62:8e:66:d3:a7:c4:bf:da:58:32:ef:
         33:1a:fa:19:4f:ba:e7:70:02:9d:3d:c7:c7:20:d9:04:37:f5:
         15:b0:08:dc:50:5b:87:f1:cb:cf:76:98:c9:6b:f3:9d:e2:b1:
         b2:a5:3e:b0:db:ba:9c:58:94:fa:10:4f:09:9b:dc:be:40:52:
         3f:a6:b9:25:db:7f:67:4e:ef:b1:eb:c4:ed:8e:9b:7a:39:78:
         5e:28:cd:63:f4:59:a5:e5:9d:cd:d6:ed:fa:81:9d:05:bd:d0:
         97:31:94:f6:22:35:c3:23:c8:9a:74:3e:7c:ed:5f:51:00:7f:
         b0:bb:a4:53:b2:4a:e7:e4:c5:b2:24:a5:7c:b3:41:ee:13:6d:
         a0:35:75:21:78:b3:41:e4:6a:d8:45:c7:d3:1c:f1:00:1f:f6:
         70:4a:54:58:0a:24:49:84:6e:2a:23:b2:90:3c:9a:a5:3f:f9:
         6b:5e:8c:29:39:df:78:85:12:ad:bd:38:94:c3:2c:54:0d:8c:
         bd:a9:70:1d:a0:59:d8:ed:e7:af:33:13:e4:7c:d5:24:b6:8d:
         c2:32:d3:e6
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYZ5AL+6TUsqAmc5yv53XkluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzkwYmZmNjVkY2VkY2E4MTNkN2ExMGQ3ZWMzMjhjMmY2
ZWFjMzQwHhcNMjMwMjIyMTIwMjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjkwNDY0ZDYxNGZmMzQ4YWQ3OTFiOThiZDFhY2M0YmY5MmQwY2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKtwihbWbwlYi3jW4NAc5JyTv53M
QfT/v3r+cvXvVoZlKBkit+n+/szoYq1k1KBVlvyM45LKwgtoL0uyRPy4LuyKV/Xq
5STo4kSJ1zBI5G5gqB/AjRmcSblNQYhiiIJQtxwMU83AkqhcF2jsF0Ptpgb7ErL+
ovD+UFP7PHYPNf5GzVn4KFZ9sc6rP4ambxn9JT0uvGZemYmvJd8Sqv1eBCk2mxD3
kJm0IICFbw3/Y1+V2xZKY3VwhbQ7ij+TgMumnv3McVibja3S9iUhGtzOaQY9Bd6F
hB6khO5H2U2YlseouQWdvjSJ532ElDyQOrbwcm/IXGmniJJSHYKJbtv7LwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFB+QRk1hT/NIrXkbmL0azEv5LQzHMB8GA1UdIwQY
MBaAFBw5C/9l3O3KgT16ENfsMowvbqw0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTIt
YTk3NjVlZGM3OTVjLzEvSDVCR1RXRlA4MGl0ZVJ1WXZSck1TX2t0RE1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTItYTk3NjVlZGM3OTVj
LzEvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAMBAIAATAGAwQAwgAaMCoE
AgACMCQDBwAgAQZ4ACADBwAgAQZ4ACQDBwAgAQZ8AbwDBwMqAghQ/+AwDQYJKoZI
hvcNAQELBQADggEBACoIgRU1WfM+74fRKZ531yUt577HMBHZ+Bv/pFfJ8qjoX5BT
j8oiCc0nrQZijmbTp8S/2lgy7zMa+hlPuudwAp09x8cg2QQ39RWwCNxQW4fxy892
mMlr853isbKlPrDbupxYlPoQTwmb3L5AUj+muSXbf2dO77HrxO2Om3o5eF4ozWP0
WaXlnc3W7fqBnQW90JcxlPYiNcMjyJp0PnztX1EAf7C7pFOySufkxbIkpXyzQe4T
baA1dSF4s0HkathFx9Mc8QAf9nBKVFgKJEmEbiojspA8mqU/+WtejCk533iFEq29
OJTDLFQNjL2pcB2gWdjt568zE+R81SS2jcIy0+Y=
-----END CERTIFICATE-----