Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/jTIP2wbxlpOIAkiwbLGfO3LJruI.roa
File:                     jTIP2wbxlpOIAkiwbLGfO3LJruI.roa (raw, json)
Hash identifier:          3ZOc3DhZaizwvJWj0rbO3gkSRFeL+GBek/ajfPDYmhY=
Subject key identifier:   8D:32:0F:DB:06:F1:96:93:88:02:48:B0:6C:B1:9F:3B:72:C9:AE:E2
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       0185806FF273E5DC544C33078A174D85ACED
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/jTIP2wbxlpOIAkiwbLGfO3LJruI.roa
Signing time:             Thu 05 Jan 2023 05:38:18 +0000
ROA not before:           Thu 05 Jan 2023 05:38:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44208
IP address blocks:        176.46.138.0/23 maxlen: 24
                          176.46.144.0/20 maxlen: 24
                          176.46.140.0/22 maxlen: 24
                          94.74.128.0/18 maxlen: 24
                          31.170.48.0/20 maxlen: 24
                          185.34.160.0/22 maxlen: 24
                          94.74.190.0/24 maxlen: 24
                          109.203.163.0/24 maxlen: 24
                          109.203.160.0/19 maxlen: 24
                          37.49.146.0/24 maxlen: 24
                          94.74.136.0/24 maxlen: 24
                          94.74.165.0/24 maxlen: 24
                          94.74.166.0/23 maxlen: 23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:80:6f:f2:73:e5:dc:54:4c:33:07:8a:17:4d:85:ac:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Jan  5 05:38:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8d320fdb06f19693880248b06cb19f3b72c9aee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d7:9a:92:d3:2e:b0:71:22:db:ca:5a:20:b7:
                    ba:87:c9:8c:8c:a2:38:3c:4e:c7:5e:fd:41:f9:65:
                    06:73:da:29:52:1e:25:99:af:c7:43:2b:ba:b0:be:
                    66:61:61:7c:ff:74:8e:5c:f9:22:f4:6b:8d:ca:ed:
                    6c:02:4c:f2:c7:4f:1f:3f:31:b8:bf:98:24:3d:8f:
                    62:13:d0:ce:16:47:6d:aa:e3:ce:9f:ca:13:a2:f5:
                    ba:f9:d7:ce:64:ea:aa:df:f4:68:be:eb:ea:fd:96:
                    06:e8:63:14:f1:58:55:10:06:1e:e5:70:be:74:16:
                    db:32:fa:25:de:31:1f:a5:fd:df:e9:34:c0:cb:47:
                    e5:2e:b2:e2:a7:b4:ed:0e:ca:04:22:57:80:3f:09:
                    4c:d1:e5:4b:37:1f:09:e5:8b:92:74:00:6b:1f:56:
                    d1:61:9f:e1:0e:25:75:9c:27:a2:f6:7b:4f:7c:fe:
                    1c:17:bb:92:50:c3:18:c3:64:6b:fe:0e:07:86:92:
                    08:26:83:b4:be:f1:1a:ff:5c:e6:4d:d2:4b:29:0f:
                    9b:49:d3:4d:f4:29:de:8b:3b:db:d8:dd:19:95:2e:
                    96:14:17:60:28:9d:c6:9e:65:8e:2f:27:4f:25:ec:
                    f6:65:9a:8a:27:8c:dd:f3:9e:9f:f5:f0:44:65:94:
                    35:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:32:0F:DB:06:F1:96:93:88:02:48:B0:6C:B1:9F:3B:72:C9:AE:E2
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/jTIP2wbxlpOIAkiwbLGfO3LJruI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.170.48.0/20
                  37.49.146.0/24
                  94.74.128.0/18
                  109.203.160.0/19
                  176.46.138.0-176.46.159.255
                  185.34.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:6e:32:0f:ab:f6:d2:bc:a7:ce:9b:ea:29:40:a8:cc:23:e6:
         a9:32:9e:0a:c4:c7:44:88:f6:c8:8e:dd:b8:96:7f:d4:8f:a7:
         dc:94:68:ef:75:26:fc:94:bb:fc:dd:11:c6:4e:0c:dc:e2:19:
         1e:b8:d5:94:83:a3:ef:2d:c2:7b:30:95:c7:9e:60:51:c5:a5:
         44:70:2a:13:c6:44:ad:46:b4:47:37:d5:24:e1:57:0e:48:7b:
         72:2f:5b:07:b1:14:09:cf:8a:78:86:61:ec:0d:fb:b9:28:93:
         2b:69:3d:5b:24:f4:4f:f7:0c:21:ed:6b:4b:5f:55:f4:4a:79:
         4f:67:12:04:ec:60:08:52:0d:d1:0b:9b:81:a7:4c:86:44:a8:
         30:eb:3b:99:4d:d0:4b:00:09:8b:40:32:9a:c5:93:a9:05:e1:
         77:0f:9d:07:ab:cd:3b:ae:ef:cb:25:8f:4d:a2:cb:c3:8d:93:
         08:55:86:f6:8f:8e:c0:4b:65:e3:67:a1:0a:57:fc:09:40:e7:
         e8:de:6a:c6:17:43:91:80:3d:c7:59:81:ba:c1:2a:38:67:8f:
         43:6c:2e:4a:d0:27:e6:b2:64:19:05:6f:2b:4d:28:f7:82:24:
         87:29:74:5c:02:c6:2c:9d:32:1f:96:9e:df:c5:58:48:41:82:
         16:72:96:b3
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYWAb/Jz5dxUTDMHihdNhaztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjMwMTA1MDUzODE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDMyMGZkYjA2ZjE5NjkzODgwMjQ4YjA2Y2IxOWYzYjcyYzlhZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdeaktMusHEi28paILe6h8mMjKI4
PE7HXv1B+WUGc9opUh4lma/HQyu6sL5mYWF8/3SOXPki9GuNyu1sAkzyx08fPzG4
v5gkPY9iE9DOFkdtquPOn8oTovW6+dfOZOqq3/Rovuvq/ZYG6GMU8VhVEAYe5XC+
dBbbMvol3jEfpf3f6TTAy0flLrLip7TtDsoEIleAPwlM0eVLNx8J5YuSdABrH1bR
YZ/hDiV1nCei9ntPfP4cF7uSUMMYw2Rr/g4HhpIIJoO0vvEa/1zmTdJLKQ+bSdNN
9Cneizvb2N0ZlS6WFBdgKJ3GnmWOLydPJez2ZZqKJ4zd856f9fBEZZQ1MwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFI0yD9sG8ZaTiAJIsGyxnztyya7iMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvalRJUDJ3YnhscE9JQWtpd2JMR2ZPM0xKcnVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQEH6owAwQA
JTGSAwQGXkqAAwQFbcugMAwDBAGwLooDBAWwLoADBAK5IqAwDQYJKoZIhvcNAQEL
BQADggEBACduMg+r9tK8p86b6ilAqMwj5qkyngrEx0SI9siO3biWf9SPp9yUaO91
JvyUu/zdEcZODNziGR641ZSDo+8twnswlceeYFHFpURwKhPGRK1GtEc31SThVw5I
e3IvWwexFAnPiniGYewN+7kokytpPVsk9E/3DCHta0tfVfRKeU9nEgTsYAhSDdEL
m4GnTIZEqDDrO5lN0EsACYtAMprFk6kF4XcPnQerzTuu78slj02iy8ONkwhVhvaP
jsBLZeNnoQpX/AlA5+jeasYXQ5GAPcdZgbrBKjhnj0NsLkrQJ+ayZBkFbytNKPeC
JIcpdFwCxiydMh+Wnt/FWEhBghZylrM=
-----END CERTIFICATE-----