Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Q-tat9G_0thaiLbbbA5hiZtPOXs.roa
File:                     Q-tat9G_0thaiLbbbA5hiZtPOXs.roa (raw, json)
Hash identifier:          gsosxwI6IesSXLLVr2wmOEbcdpW0SPwYIojxc/chjMI=
Subject key identifier:   43:EB:5A:B7:D1:BF:D2:D8:5A:88:B6:DB:6C:0E:61:89:9B:4F:39:7B
Certificate issuer:       /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial:       018ADB7AB71539F0BD533133A27037E066AF
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Q-tat9G_0thaiLbbbA5hiZtPOXs.roa
Signing time:             Thu 28 Sep 2023 11:09:27 +0000
ROA not before:           Thu 28 Sep 2023 11:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43519
IP address blocks:        213.248.216.0/24 maxlen: 24
                          213.248.219.0/24 maxlen: 24
                          213.248.218.0/24 maxlen: 24
                          213.248.217.0/24 maxlen: 24
                          213.248.220.0/24 maxlen: 24
                          213.248.223.0/24 maxlen: 24
                          213.248.222.0/24 maxlen: 24
                          213.248.221.0/24 maxlen: 24
                          213.248.254.0/24 maxlen: 24
                          2a01:618:405::/48 maxlen: 48
                          2a01:618:400::/48 maxlen: 48
                          2a01:618:403::/48 maxlen: 48
                          2a01:618:404::/48 maxlen: 48
                          2a01:618:407::/48 maxlen: 48
                          2a01:618:402::/48 maxlen: 48
                          2a01:618:406::/48 maxlen: 48
                          2a01:618:401::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:db:7a:b7:15:39:f0:bd:53:31:33:a2:70:37:e0:66:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
        Validity
            Not Before: Sep 28 11:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=43eb5ab7d1bfd2d85a88b6db6c0e61899b4f397b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e5:85:fe:f7:43:1b:66:01:4f:bb:19:a6:9a:
                    c8:06:82:df:7b:f2:c6:70:f8:c9:dd:b5:ce:cb:04:
                    d6:ee:e6:19:53:d6:06:a0:89:7c:01:04:ce:c7:94:
                    b2:bd:d7:07:ec:04:b0:3c:7d:9f:3f:b1:44:f4:83:
                    ec:ea:c6:c8:c2:b8:6c:e3:b9:88:42:5e:84:89:f0:
                    75:79:70:82:31:2c:1b:01:75:ba:7c:de:40:72:f2:
                    35:b2:98:8c:4f:08:fb:ca:1c:c7:40:a0:d5:3a:a5:
                    d2:54:64:65:4a:07:9f:8c:72:85:3d:13:41:a8:a2:
                    11:97:ef:f5:e5:76:1a:2d:0e:ff:eb:73:ea:69:0a:
                    06:d0:e1:c4:58:b8:c1:70:b2:b2:e0:14:1e:b9:0d:
                    3e:fd:4a:84:22:93:f0:e1:ee:b7:4b:64:d3:c1:00:
                    b7:ae:81:d7:65:38:58:c9:12:04:df:56:0b:00:9e:
                    bc:c6:77:91:a9:ae:6d:33:f9:42:67:e0:10:74:e1:
                    12:4d:64:34:92:77:ec:db:11:2c:f5:07:91:4e:b2:
                    8f:c7:42:90:85:bc:1b:f9:8b:08:62:7f:0a:f0:00:
                    ad:1c:fd:95:ea:38:09:9e:e1:c2:34:c4:fb:86:25:
                    e9:3e:e4:32:4e:e0:89:83:50:f7:05:3b:cf:7b:6b:
                    94:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:EB:5A:B7:D1:BF:D2:D8:5A:88:B6:DB:6C:0E:61:89:9B:4F:39:7B
            X509v3 Authority Key Identifier:
                keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Q-tat9G_0thaiLbbbA5hiZtPOXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.248.216.0/21
                  213.248.254.0/24
                IPv6:
                  2a01:618:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         ab:5a:93:60:ef:a2:85:83:02:8d:2c:a1:ed:c1:26:fa:5b:43:
         55:b9:de:0d:ff:b8:fc:da:7e:44:64:52:56:bc:37:e5:e3:30:
         dc:25:ef:e8:05:b5:64:c0:e6:53:32:69:6f:6e:d4:61:23:17:
         4f:5b:fa:93:99:97:f3:76:e6:36:b7:fa:52:19:45:4a:92:bf:
         ad:ee:67:9d:86:c2:76:06:b4:38:b8:4e:a1:a8:18:cb:12:7e:
         0e:e9:0d:0a:fa:c5:a9:d9:54:19:68:18:dc:0c:f6:38:e4:4a:
         09:19:f8:ec:b5:19:a8:8b:07:73:d0:6a:0e:0a:1a:57:39:bb:
         a8:7d:cb:18:3a:a5:ed:c0:f9:47:92:3d:d0:82:d8:8c:83:db:
         28:eb:29:21:51:26:ce:d1:bf:9f:e7:d8:77:73:f0:22:40:96:
         4f:9d:2b:37:23:60:7f:68:e5:f7:56:86:41:f9:13:53:88:e1:
         d7:7b:e9:42:e1:19:6a:e8:66:f3:aa:f7:aa:99:c6:e4:1a:93:
         fd:d7:4c:c1:8a:df:6d:93:92:6d:ff:4c:fe:c0:dd:bc:1c:04:
         9d:38:55:8f:75:7a:af:ce:7d:d7:3f:b0:07:5d:54:73:35:29:
         8c:91:06:a1:29:82:f4:7d:83:a1:71:96:0b:6a:7e:16:8f:8a:
         e4:cb:d1:2b
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYrbercVOfC9UzEzonA34GavMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjMwOTI4MTEwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2ViNWFiN2QxYmZkMmQ4NWE4OGI2ZGI2YzBlNjE4OTliNGYzOTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOWF/vdDG2YBT7sZpprIBoLfe/LG
cPjJ3bXOywTW7uYZU9YGoIl8AQTOx5SyvdcH7ASwPH2fP7FE9IPs6sbIwrhs47mI
Ql6EifB1eXCCMSwbAXW6fN5AcvI1spiMTwj7yhzHQKDVOqXSVGRlSgefjHKFPRNB
qKIRl+/15XYaLQ7/63PqaQoG0OHEWLjBcLKy4BQeuQ0+/UqEIpPw4e63S2TTwQC3
roHXZThYyRIE31YLAJ68xneRqa5tM/lCZ+AQdOESTWQ0knfs2xEs9QeRTrKPx0KQ
hbwb+YsIYn8K8ACtHP2V6jgJnuHCNMT7hiXpPuQyTuCJg1D3BTvPe2uU9wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEPrWrfRv9LYWoi222wOYYmbTzl7MB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvUS10YXQ5R18wdGhhaUxiYmJBNWhpWnRQT1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQD1fjYAwQA
1fj+MA8EAgACMAkDBwMqAQYYBAAwDQYJKoZIhvcNAQELBQADggEBAKtak2DvooWD
Ao0soe3BJvpbQ1W53g3/uPzafkRkUla8N+XjMNwl7+gFtWTA5lMyaW9u1GEjF09b
+pOZl/N25ja3+lIZRUqSv63uZ52GwnYGtDi4TqGoGMsSfg7pDQr6xanZVBloGNwM
9jjkSgkZ+Oy1GaiLB3PQag4KGlc5u6h9yxg6pe3A+UeSPdCC2IyD2yjrKSFRJs7R
v5/n2Hdz8CJAlk+dKzcjYH9o5fdWhkH5E1OI4dd76ULhGWroZvOq96qZxuQak/3X
TMGK322Tkm3/TP7A3bwcBJ04VY91eq/Ofdc/sAddVHM1KYyRBqEpgvR9g6Fxlgtq
fhaPiuTL0Ss=
-----END CERTIFICATE-----