Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/pmcbJj5Z6i61mVWPy4R_VSCVU5U.roa
File:                     pmcbJj5Z6i61mVWPy4R_VSCVU5U.roa (raw, json)
Hash identifier:          oY5l9vOQzGJOiZCVkbukJTmds5X6H7khDYnzRFyEoxw=
Subject key identifier:   A6:67:1B:26:3E:59:EA:2E:B5:99:55:8F:CB:84:7F:55:20:95:53:95
Certificate issuer:       /CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
Certificate serial:       01867E08E5573FF2D2843F5C1A9F7142FE8F
Authority key identifier: 1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/pmcbJj5Z6i61mVWPy4R_VSCVU5U.roa
Signing time:             Thu 23 Feb 2023 11:29:17 +0000
ROA not before:           Thu 23 Feb 2023 11:29:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207021
IP address blocks:        194.0.24.0/24 maxlen: 24
                          194.0.26.0/24 maxlen: 24
                          2001:678:20::/48 maxlen: 48
                          2a02:850:ffe5::/48 maxlen: 48
                          2a02:850:ffe0::/48 maxlen: 48
                          2001:67c:1bc::/48 maxlen: 48
                          2001:678:24::/48 maxlen: 48
                          2a02:850:ffe4::/48 maxlen: 48
                          2a02:850:ffe2::/48 maxlen: 48
                          2a02:850:ffe3::/48 maxlen: 48
                          2a02:850:ffe6::/48 maxlen: 48
                          2a02:850:ffe1::/48 maxlen: 48
                          2a02:850:ffe7::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:7e:08:e5:57:3f:f2:d2:84:3f:5c:1a:9f:71:42:fe:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
        Validity
            Not Before: Feb 23 11:29:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a6671b263e59ea2eb599558fcb847f5520955395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9c:ab:22:01:cb:7a:48:a8:92:94:a5:c6:2d:
                    7d:51:fd:c4:e1:59:e5:bd:b9:a7:b3:58:6e:8a:ca:
                    18:81:b6:69:6d:69:38:9f:00:10:3e:dc:40:d0:c4:
                    29:3b:73:4a:17:98:4c:96:66:f6:c9:7b:0f:04:37:
                    16:87:20:e8:39:4d:1d:c5:db:d2:65:d6:d5:24:cd:
                    06:85:c3:38:af:77:a9:65:49:db:a4:e8:49:9e:58:
                    0c:18:58:3a:5e:f1:47:ba:13:40:45:84:d6:db:52:
                    20:9e:b5:60:b6:5f:25:75:87:76:5a:f5:f0:9b:67:
                    8e:c0:63:7a:da:2f:ad:a3:a6:71:ad:56:ad:e5:f9:
                    ac:73:0d:3b:fc:a2:53:0f:c3:66:cb:a1:01:eb:2c:
                    b8:9f:0a:13:b1:a3:9f:f7:39:7e:7c:69:b5:61:34:
                    19:c3:e8:ff:8c:09:62:2e:b6:29:fd:a7:e4:86:61:
                    05:5e:3f:82:2b:f9:80:20:24:01:28:c6:c1:c8:f0:
                    1f:67:3c:22:e3:3a:84:f3:71:00:db:03:63:2e:e0:
                    a0:a7:58:d6:8e:ae:6b:4f:d4:57:f3:eb:fb:9e:41:
                    87:13:f2:01:a7:26:21:29:a8:bb:2b:f9:d4:ea:96:
                    e8:5e:99:ef:15:f1:8a:27:3c:d4:e5:e5:8e:fd:9b:
                    46:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:67:1B:26:3E:59:EA:2E:B5:99:55:8F:CB:84:7F:55:20:95:53:95
            X509v3 Authority Key Identifier:
                keyid:1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/pmcbJj5Z6i61mVWPy4R_VSCVU5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.24.0/24
                  194.0.26.0/24
                IPv6:
                  2001:678:20::/48
                  2001:678:24::/48
                  2001:67c:1bc::/48
                  2a02:850:ffe0::/45

    Signature Algorithm: sha256WithRSAEncryption
         2d:b1:47:ea:b2:11:e5:ce:98:0e:82:54:fd:a0:67:e6:b6:19:
         7f:c3:67:88:d2:05:0c:06:e3:fe:6d:c3:70:3b:61:31:17:a6:
         fd:9a:3f:ac:f4:90:cd:0e:37:85:06:ec:f1:32:c5:3e:08:83:
         7a:de:1b:5c:ac:1c:2d:54:97:87:be:b8:1e:cb:63:5a:c8:69:
         1d:55:45:12:81:bb:d5:6e:16:f5:e1:d4:63:f0:c5:1c:b5:b1:
         cb:5a:1b:c3:25:a3:ea:e4:63:7d:8b:a7:5c:8a:7e:19:4d:88:
         cf:81:90:6b:88:e6:8c:1e:4c:bf:3e:93:c7:55:6e:9c:fc:95:
         b4:32:a9:86:a6:eb:23:dc:39:4f:d4:66:13:20:31:0b:9d:ec:
         fe:54:72:78:33:bf:64:85:00:bc:52:09:b7:78:25:27:8c:3f:
         2e:e6:48:aa:83:01:7b:58:c0:e4:d2:9a:1c:d3:d3:25:ef:14:
         54:32:68:e0:05:01:ef:88:47:1e:55:97:b3:ed:42:d0:9c:9a:
         b6:aa:87:2a:de:ca:3f:6a:39:69:c2:f7:80:33:17:0b:d8:10:
         ab:65:85:b3:12:33:3f:b9:87:55:a3:46:5b:d9:4e:c0:8f:c4:
         9b:2d:d5:a4:c7:51:b0:78:91:90:9f:84:81:ea:46:94:6e:b2:
         8b:96:4e:e6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYZ+COVXP/LShD9cGp9xQv6PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzkwYmZmNjVkY2VkY2E4MTNkN2ExMGQ3ZWMzMjhjMmY2
ZWFjMzQwHhcNMjMwMjIzMTEyOTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjY3MWIyNjNlNTllYTJlYjU5OTU1OGZjYjg0N2Y1NTIwOTU1Mzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypyrIgHLekiokpSlxi19Uf3E4Vnl
vbmns1huisoYgbZpbWk4nwAQPtxA0MQpO3NKF5hMlmb2yXsPBDcWhyDoOU0dxdvS
ZdbVJM0GhcM4r3epZUnbpOhJnlgMGFg6XvFHuhNARYTW21IgnrVgtl8ldYd2WvXw
m2eOwGN62i+to6ZxrVat5fmscw07/KJTD8Nmy6EB6yy4nwoTsaOf9zl+fGm1YTQZ
w+j/jAliLrYp/afkhmEFXj+CK/mAICQBKMbByPAfZzwi4zqE83EA2wNjLuCgp1jW
jq5rT9RX8+v7nkGHE/IBpyYhKai7K/nU6pboXpnvFfGKJzzU5eWO/ZtGcQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKZnGyY+WeoutZlVj8uEf1UglVOVMB8GA1UdIwQY
MBaAFBw5C/9l3O3KgT16ENfsMowvbqw0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTIt
YTk3NjVlZGM3OTVjLzEvcG1jYkpqNVo2aTYxbVZXUHk0Ul9WU0NWVTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTItYTk3NjVlZGM3OTVj
LzEvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDASBAIAATAMAwQAwgAYAwQA
wgAaMCoEAgACMCQDBwAgAQZ4ACADBwAgAQZ4ACQDBwAgAQZ8AbwDBwMqAghQ/+Aw
DQYJKoZIhvcNAQELBQADggEBAC2xR+qyEeXOmA6CVP2gZ+a2GX/DZ4jSBQwG4/5t
w3A7YTEXpv2aP6z0kM0ON4UG7PEyxT4Ig3reG1ysHC1Ul4e+uB7LY1rIaR1VRRKB
u9VuFvXh1GPwxRy1sctaG8Mlo+rkY32Lp1yKfhlNiM+BkGuI5oweTL8+k8dVbpz8
lbQyqYam6yPcOU/UZhMgMQud7P5Ucngzv2SFALxSCbd4JSeMPy7mSKqDAXtYwOTS
mhzT0yXvFFQyaOAFAe+IRx5Vl7PtQtCcmraqhyreyj9qOWnC94AzFwvYEKtlhbMS
Mz+5h1WjRlvZTsCPxJst1aTHUbB4kZCfhIHqRpRusouWTuY=
-----END CERTIFICATE-----