Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/d25e14-625d-47b5-a0ec-848f73df8b20/1/rmy-ho7zkLvrByZtMmZ_KfyPZms.roa
File:                     rmy-ho7zkLvrByZtMmZ_KfyPZms.roa (raw, json)
Hash identifier:          9IIR30ASO7i0nYfFlHgliMnG2ab/qkyjS1d1dIbPpUc=
Subject key identifier:   AE:6C:BE:86:8E:F3:90:BB:EB:07:26:6D:32:66:7F:29:FC:8F:66:6B
Certificate issuer:       /CN=e6c9d48a18c3c0d2e4e63a7b83885a7967755826
Certificate serial:       01856F1D89978532B69722E6111987B93849
Authority key identifier: E6:C9:D4:8A:18:C3:C0:D2:E4:E6:3A:7B:83:88:5A:79:67:75:58:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5snUihjDwNLk5jp7g4haeWd1WCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/d25e14-625d-47b5-a0ec-848f73df8b20/1/rmy-ho7zkLvrByZtMmZ_KfyPZms.roa
Signing time:             Sun 01 Jan 2023 20:54:44 +0000
ROA not before:           Sun 01 Jan 2023 20:54:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25180
IP address blocks:        5.148.0.0/17 maxlen: 17
                          149.63.0.0/16 maxlen: 16
                          5.148.128.0/19 maxlen: 19
                          83.244.128.0/17 maxlen: 17
                          176.46.160.0/19 maxlen: 19
                          167.98.0.0/16 maxlen: 16
                          31.221.0.0/17 maxlen: 17
                          62.244.160.0/19 maxlen: 19
                          109.231.192.0/18 maxlen: 18
                          5.148.104.0/24 maxlen: 24
                          2a00:1d40::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:89:97:85:32:b6:97:22:e6:11:19:87:b9:38:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6c9d48a18c3c0d2e4e63a7b83885a7967755826
        Validity
            Not Before: Jan  1 20:54:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ae6cbe868ef390bbeb07266d32667f29fc8f666b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:47:09:74:56:54:ed:59:4a:09:94:ec:71:9e:
                    e5:a7:b0:b4:6d:89:f8:23:8c:28:76:21:52:fe:ba:
                    8e:72:26:e5:4e:65:d5:d8:a4:43:8b:6a:03:12:18:
                    2a:63:55:98:07:56:66:c0:99:9e:a1:7b:a7:32:25:
                    7f:ed:69:4e:dd:51:e0:3b:77:d1:a1:1d:37:37:76:
                    bc:1b:7b:f0:f4:3e:1d:ef:49:2e:ac:95:d8:1a:0f:
                    03:7d:08:9a:9e:73:ba:a4:42:fb:a6:67:cc:97:fa:
                    f9:8d:fe:14:10:33:32:eb:c5:b1:4c:3e:fd:46:9e:
                    38:5d:19:e4:3a:1e:0a:2d:ae:b6:c9:3f:d6:90:67:
                    74:cb:eb:61:bf:81:a0:d8:e2:34:5e:4e:f4:71:f8:
                    32:91:24:95:1b:35:f8:da:2b:51:e7:4c:22:87:8a:
                    ff:4c:2b:49:11:ba:bb:09:91:c1:36:d7:16:01:bd:
                    d2:1a:ea:f8:c1:62:45:13:b5:8d:00:f2:07:21:6f:
                    c0:f0:5f:c1:fa:fa:2c:83:c8:87:ea:99:aa:53:d0:
                    55:ea:44:6f:06:8b:04:5e:d6:36:f7:37:3a:23:20:
                    df:36:49:10:69:4b:fc:3f:ff:b3:3d:f0:38:0c:2c:
                    07:50:ef:02:8b:33:4c:89:3d:f0:ea:4d:63:17:60:
                    ef:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:6C:BE:86:8E:F3:90:BB:EB:07:26:6D:32:66:7F:29:FC:8F:66:6B
            X509v3 Authority Key Identifier:
                keyid:E6:C9:D4:8A:18:C3:C0:D2:E4:E6:3A:7B:83:88:5A:79:67:75:58:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5snUihjDwNLk5jp7g4haeWd1WCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/d25e14-625d-47b5-a0ec-848f73df8b20/1/rmy-ho7zkLvrByZtMmZ_KfyPZms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/d25e14-625d-47b5-a0ec-848f73df8b20/1/5snUihjDwNLk5jp7g4haeWd1WCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.148.0.0-5.148.159.255
                  31.221.0.0/17
                  62.244.160.0/19
                  83.244.128.0/17
                  109.231.192.0/18
                  149.63.0.0/16
                  167.98.0.0/16
                  176.46.160.0/19
                IPv6:
                  2a00:1d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:88:72:05:2e:31:4c:52:5d:5e:d7:76:8c:a5:80:e5:bf:e1:
         ca:d5:ee:6f:ba:3f:5a:8d:54:bb:97:b4:8b:5c:bc:c7:ed:74:
         04:c5:df:f3:6d:96:c4:f7:ae:46:bd:1d:9e:89:95:d6:81:b0:
         e0:8a:25:28:be:ec:ae:3e:bd:23:25:f1:36:fe:0b:4f:22:10:
         91:6b:34:fe:a8:19:00:01:7e:ac:5a:cd:94:7b:0e:48:fe:d7:
         6e:e5:de:2d:b5:9e:cb:fb:0b:7a:1f:ad:2f:42:1b:ae:5d:58:
         a2:03:02:18:73:f1:4d:ad:ff:ea:3a:71:6c:18:c0:72:4a:af:
         09:cd:b3:7e:fe:be:9a:6c:cb:e2:11:40:0e:67:45:c2:6c:ea:
         17:74:21:57:40:70:e3:95:b1:cc:b2:e9:a6:ea:dc:0f:27:b6:
         e0:e2:81:19:9e:d1:f5:69:e6:b3:64:17:58:8a:fc:85:4e:3b:
         f8:b8:0f:86:ef:0f:e4:33:a6:37:74:50:23:ef:fb:17:b6:16:
         00:47:7b:c1:ea:dc:9d:ca:04:7d:d5:c0:9e:b0:99:53:52:cf:
         0a:bf:8d:b4:14:c4:4f:b8:4e:2c:7c:d9:40:21:f5:86:93:b3:
         65:de:20:c9:46:54:d4:cf:c8:b3:3d:93:e7:40:79:51:49:f0:
         fd:2c:0d:d5
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYVvHYmXhTK2lyLmERmHuThJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YzlkNDhhMThjM2MwZDJlNGU2M2E3YjgzODg1YTc5Njc3
NTU4MjYwHhcNMjMwMTAxMjA1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTZjYmU4NjhlZjM5MGJiZWIwNzI2NmQzMjY2N2YyOWZjOGY2NjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0cJdFZU7VlKCZTscZ7lp7C0bYn4
I4wodiFS/rqOciblTmXV2KRDi2oDEhgqY1WYB1ZmwJmeoXunMiV/7WlO3VHgO3fR
oR03N3a8G3vw9D4d70kurJXYGg8DfQiannO6pEL7pmfMl/r5jf4UEDMy68WxTD79
Rp44XRnkOh4KLa62yT/WkGd0y+thv4Gg2OI0Xk70cfgykSSVGzX42itR50wih4r/
TCtJEbq7CZHBNtcWAb3SGur4wWJFE7WNAPIHIW/A8F/B+vosg8iH6pmqU9BV6kRv
BosEXtY29zc6IyDfNkkQaUv8P/+zPfA4DCwHUO8CizNMiT3w6k1jF2DvvQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFK5svoaO85C76wcmbTJmfyn8j2ZrMB8GA1UdIwQY
MBaAFObJ1IoYw8DS5OY6e4OIWnlndVgmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXNuVWloakR3TkxrNWpwN2c0aGFlV2QxV0NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9kMjVlMTQtNjI1ZC00N2I1LWEwZWMt
ODQ4ZjczZGY4YjIwLzEvcm15LWhvN3prTHZyQnladE1tWl9LZnlQWm1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9kMjVlMTQtNjI1ZC00N2I1LWEwZWMtODQ4ZjczZGY4YjIw
LzEvNXNuVWloakR3TkxrNWpwN2c0aGFlV2QxV0NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA7BAIAATA1MAsDAwIFlAME
BQWUgAMEBx/dAAMEBT70oAMEB1P0gAMEBm3nwAMDAJU/AwMAp2IDBAWwLqAwDQQC
AAIwBwMFACoAHUAwDQYJKoZIhvcNAQELBQADggEBAI6IcgUuMUxSXV7XdoylgOW/
4crV7m+6P1qNVLuXtItcvMftdATF3/NtlsT3rka9HZ6JldaBsOCKJSi+7K4+vSMl
8Tb+C08iEJFrNP6oGQABfqxazZR7Dkj+127l3i21nsv7C3ofrS9CG65dWKIDAhhz
8U2t/+o6cWwYwHJKrwnNs37+vppsy+IRQA5nRcJs6hd0IVdAcOOVscyy6abq3A8n
tuDigRme0fVp5rNkF1iK/IVOO/i4D4bvD+Qzpjd0UCPv+xe2FgBHe8Hq3J3KBH3V
wJ6wmVNSzwq/jbQUxE+4Tix82UAh9YaTs2XeIMlGVNTPyLM9k+dAeVFJ8P0sDdU=
-----END CERTIFICATE-----