Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/3fba05-daed-43b7-b870-fa02c1265d5e/1/AN13rvtZjXCp9lN6uARhE8tAniI.roa
File:                     AN13rvtZjXCp9lN6uARhE8tAniI.roa (raw, json)
Hash identifier:          IvOw2ZATGbZt3dtaXidpVvnsxxe+NdkHR7Xicy21TuU=
Subject key identifier:   00:DD:77:AE:FB:59:8D:70:A9:F6:53:7A:B8:04:61:13:CB:40:9E:22
Certificate issuer:       /CN=e20f87dab96b50f76eea49b181ea94d26a205327
Certificate serial:       01856EAFE0589844AEE6C9DA3339D54A1DAF
Authority key identifier: E2:0F:87:DA:B9:6B:50:F7:6E:EA:49:B1:81:EA:94:D2:6A:20:53:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4g-H2rlrUPdu6kmxgeqU0mogUyc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/3fba05-daed-43b7-b870-fa02c1265d5e/1/AN13rvtZjXCp9lN6uARhE8tAniI.roa
Signing time:             Sun 01 Jan 2023 18:54:58 +0000
ROA not before:           Sun 01 Jan 2023 18:54:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29148
IP address blocks:        87.239.56.0/21 maxlen: 21
                          185.228.215.0/24 maxlen: 24
                          185.228.214.0/24 maxlen: 24
                          185.228.214.0/23 maxlen: 23
                          91.221.110.0/24 maxlen: 24
                          91.221.110.0/23 maxlen: 23
                          91.221.111.0/24 maxlen: 24
                          185.228.212.0/23 maxlen: 23
                          185.228.212.0/24 maxlen: 24
                          185.228.213.0/24 maxlen: 24
                          2a0d:4a00:a000::/36 maxlen: 36
                          2a0d:4a00:b000::/36 maxlen: 36
                          2a0d:4a00:c000::/36 maxlen: 36
                          2a0d:4a00:d000::/36 maxlen: 36
                          2a0d:4a00:e000::/36 maxlen: 36
                          2a0d:4a00:f000::/36 maxlen: 36
                          2a0d:4a00::/32 maxlen: 36
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:af:e0:58:98:44:ae:e6:c9:da:33:39:d5:4a:1d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e20f87dab96b50f76eea49b181ea94d26a205327
        Validity
            Not Before: Jan  1 18:54:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=00dd77aefb598d70a9f6537ab8046113cb409e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:31:03:5b:49:d5:9a:cd:dd:9d:42:f6:dd:d8:
                    20:c0:fa:65:d0:12:82:1d:db:8c:06:18:59:b7:05:
                    d3:2d:b2:f6:a8:bc:35:27:6b:19:b6:39:2d:fe:85:
                    f1:92:75:f4:a5:47:9b:59:0a:9c:d4:16:87:0a:c7:
                    a6:b4:f3:74:ce:3f:32:cf:26:54:9b:f8:67:4d:bb:
                    b6:46:ce:55:d8:77:82:ce:ea:a1:ea:9b:be:87:f3:
                    f4:b8:f2:df:75:2e:6a:e8:4e:80:ee:be:b8:0b:2f:
                    ef:c5:ba:c8:1f:15:b3:30:c4:bd:90:28:62:a6:7a:
                    86:e2:2f:27:69:cf:f2:8b:57:9a:3a:5f:78:db:93:
                    2f:40:2b:8f:0a:1c:eb:af:45:7b:ae:a7:92:3f:b0:
                    dd:8b:b4:f4:17:73:f7:92:e4:49:fa:a9:f9:dd:94:
                    75:57:b4:e4:bf:8f:0f:bc:7c:e7:5b:f6:d2:b0:88:
                    50:6b:f0:d1:61:df:1f:17:1e:65:f5:4b:5e:dd:24:
                    92:fd:64:e1:95:89:ca:e8:77:47:d8:8d:f8:f1:fa:
                    c6:5f:ee:84:3f:ca:b0:9a:6d:ad:b2:18:6b:b0:fc:
                    5f:33:55:2b:34:6a:49:75:eb:59:83:7f:a1:4d:64:
                    d8:46:c8:08:7a:3d:86:8d:c0:18:6c:9c:12:c8:b8:
                    82:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:DD:77:AE:FB:59:8D:70:A9:F6:53:7A:B8:04:61:13:CB:40:9E:22
            X509v3 Authority Key Identifier:
                keyid:E2:0F:87:DA:B9:6B:50:F7:6E:EA:49:B1:81:EA:94:D2:6A:20:53:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4g-H2rlrUPdu6kmxgeqU0mogUyc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3fba05-daed-43b7-b870-fa02c1265d5e/1/AN13rvtZjXCp9lN6uARhE8tAniI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/3fba05-daed-43b7-b870-fa02c1265d5e/1/4g-H2rlrUPdu6kmxgeqU0mogUyc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.56.0/21
                  91.221.110.0/23
                  185.228.212.0/22
                IPv6:
                  2a0d:4a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:ba:26:e2:5c:83:70:85:d8:0a:24:e5:4f:29:b5:3c:3e:8c:
         66:61:e5:54:62:32:9d:b3:29:16:fa:5e:92:34:07:9d:74:57:
         4e:53:de:08:aa:3c:25:6f:d6:7b:e6:7e:50:89:ef:38:b6:02:
         80:cc:b6:3b:b8:9e:86:4f:61:57:cf:84:07:8b:e7:dc:37:4b:
         cd:7e:97:6b:c2:6b:75:af:a0:b5:30:74:f1:29:f3:c4:4f:ac:
         b9:f2:60:32:86:fd:d2:16:ac:af:73:57:7d:61:59:22:e6:3a:
         38:1f:3c:64:c3:24:8d:04:95:63:6e:a5:92:a9:9e:4a:e5:9f:
         d4:29:7d:9c:1e:24:fe:83:61:d4:8a:e0:99:d3:6d:52:4c:7b:
         30:ac:4d:46:78:95:17:92:5f:46:50:a0:e0:bb:44:f6:4e:b1:
         5d:11:ef:a4:1b:56:71:9f:c9:40:e8:5c:11:97:5f:0f:71:e3:
         68:2e:a1:91:5b:16:4d:dd:32:a3:f9:73:0b:9a:fc:79:ab:9c:
         5e:75:95:23:cf:92:58:00:e6:90:93:06:dc:1c:79:d5:51:5d:
         62:91:fa:7d:fc:e9:5e:19:ae:60:4d:ed:12:a1:b0:f1:2a:7e:
         8b:d4:3b:3b:83:c3:30:4a:91:3d:e9:07:2a:fc:b8:c4:ad:f6:
         49:ba:79:6f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVur+BYmESu5snaMznVSh2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMGY4N2RhYjk2YjUwZjc2ZWVhNDliMTgxZWE5NGQyNmEy
MDUzMjcwHhcNMjMwMTAxMTg1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGRkNzdhZWZiNTk4ZDcwYTlmNjUzN2FiODA0NjExM2NiNDA5ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojEDW0nVms3dnUL23dggwPpl0BKC
HduMBhhZtwXTLbL2qLw1J2sZtjkt/oXxknX0pUebWQqc1BaHCsemtPN0zj8yzyZU
m/hnTbu2Rs5V2HeCzuqh6pu+h/P0uPLfdS5q6E6A7r64Cy/vxbrIHxWzMMS9kChi
pnqG4i8nac/yi1eaOl9425MvQCuPChzrr0V7rqeSP7Ddi7T0F3P3kuRJ+qn53ZR1
V7Tkv48PvHznW/bSsIhQa/DRYd8fFx5l9Ute3SSS/WThlYnK6HdH2I348frGX+6E
P8qwmm2tshhrsPxfM1UrNGpJdetZg3+hTWTYRsgIej2GjcAYbJwSyLiC6wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFADdd677WY1wqfZTergEYRPLQJ4iMB8GA1UdIwQY
MBaAFOIPh9q5a1D3bupJsYHqlNJqIFMnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGctSDJybHJVUGR1NmtteGdlcVUwbW9nVXljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8zZmJhMDUtZGFlZC00M2I3LWI4NzAt
ZmEwMmMxMjY1ZDVlLzEvQU4xM3J2dFpqWENwOWxONnVBUmhFOHRBbmlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8zZmJhMDUtZGFlZC00M2I3LWI4NzAtZmEwMmMxMjY1ZDVl
LzEvNGctSDJybHJVUGR1NmtteGdlcVUwbW9nVXljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDV+84AwQB
W91uAwQCueTUMA0EAgACMAcDBQAqDUoAMA0GCSqGSIb3DQEBCwUAA4IBAQAzuibi
XINwhdgKJOVPKbU8PoxmYeVUYjKdsykW+l6SNAeddFdOU94Iqjwlb9Z75n5Qie84
tgKAzLY7uJ6GT2FXz4QHi+fcN0vNfpdrwmt1r6C1MHTxKfPET6y58mAyhv3SFqyv
c1d9YVki5jo4HzxkwySNBJVjbqWSqZ5K5Z/UKX2cHiT+g2HUiuCZ021STHswrE1G
eJUXkl9GUKDgu0T2TrFdEe+kG1Zxn8lA6FwRl18PceNoLqGRWxZN3TKj+XMLmvx5
q5xedZUjz5JYAOaQkwbcHHnVUV1ikfp9/OleGa5gTe0SobDxKn6L1Ds7g8MwSpE9
6Qcq/LjErfZJunlv
-----END CERTIFICATE-----