Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/f77d51-ee1c-47a9-90bc-e0d2a1b6e8ac/1/H-GxJq7AYJ6htdogx99UuZfhfz0.roa
File:                     H-GxJq7AYJ6htdogx99UuZfhfz0.roa (raw, json)
Hash identifier:          w1P7E3lLIwzkoiZ/LB/UfT2krX8Kx7CwC1+cnuarRwg=
Subject key identifier:   1F:E1:B1:26:AE:C0:60:9E:A1:B5:DA:20:C7:DF:54:B9:97:E1:7F:3D
Certificate issuer:       /CN=83bf36eb18ef9a57c5fb603ada400fe6b6688e6e
Certificate serial:       01856E14217DAD0FA5FB464774BE33A6480E
Authority key identifier: 83:BF:36:EB:18:EF:9A:57:C5:FB:60:3A:DA:40:0F:E6:B6:68:8E:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g7826xjvmlfF-2A62kAP5rZojm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/f77d51-ee1c-47a9-90bc-e0d2a1b6e8ac/1/H-GxJq7AYJ6htdogx99UuZfhfz0.roa
Signing time:             Sun 01 Jan 2023 16:04:51 +0000
ROA not before:           Sun 01 Jan 2023 16:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25591
IP address blocks:        93.190.176.0/22 maxlen: 22
                          93.190.180.0/22 maxlen: 22
                          37.75.216.0/22 maxlen: 22
                          37.75.220.0/22 maxlen: 22
                          80.242.96.0/20 maxlen: 20
                          80.242.96.0/22 maxlen: 22
                          217.175.4.0/22 maxlen: 22
                          80.242.100.0/22 maxlen: 22
                          217.175.8.0/22 maxlen: 22
                          80.242.104.0/22 maxlen: 22
                          217.175.12.0/22 maxlen: 22
                          80.242.108.0/22 maxlen: 22
                          31.3.24.0/22 maxlen: 22
                          31.3.28.0/22 maxlen: 22
                          185.14.16.0/22 maxlen: 22
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:14:21:7d:ad:0f:a5:fb:46:47:74:be:33:a6:48:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83bf36eb18ef9a57c5fb603ada400fe6b6688e6e
        Validity
            Not Before: Jan  1 16:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1fe1b126aec0609ea1b5da20c7df54b997e17f3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9f:c6:ef:6a:5d:e0:3a:06:60:bb:9c:45:6f:
                    d4:49:ce:31:bc:17:2b:b3:ae:ff:d4:54:f1:b0:a0:
                    82:26:06:59:82:92:e5:5b:58:47:e4:4e:e2:03:5b:
                    a7:e0:28:8d:13:65:cf:45:f9:24:e9:8f:73:47:97:
                    f7:94:7c:8d:d7:d7:13:89:c0:00:6f:72:32:fd:81:
                    3f:ed:7d:20:7e:76:b3:b9:51:1b:ac:8f:bc:ac:fe:
                    92:3b:0d:f1:90:af:03:b0:9a:06:d2:c3:36:2a:6c:
                    51:26:a0:48:84:0e:33:3c:72:dc:53:60:2f:2c:12:
                    ba:a2:e0:c3:24:f6:c8:2e:9e:cd:cf:23:52:ca:aa:
                    3e:7a:f5:69:21:e3:cb:3a:93:13:45:b6:c9:72:f7:
                    91:cc:7c:3b:29:6d:55:fb:cf:2c:29:1d:9e:23:a2:
                    f4:ed:fb:7d:89:99:02:e7:88:53:5b:a5:ee:b2:c2:
                    85:90:6d:29:31:84:ef:60:67:d2:37:da:e3:26:4f:
                    66:e9:39:91:84:20:62:8d:f9:df:a1:63:c6:9f:c9:
                    ca:87:c8:93:f6:0e:cf:7e:c7:96:90:47:e6:0a:61:
                    11:ba:5a:70:f9:06:11:c2:29:8e:ce:58:98:b8:db:
                    5a:c1:15:ca:48:af:bc:f3:31:ae:7f:f0:7d:71:cb:
                    84:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E1:B1:26:AE:C0:60:9E:A1:B5:DA:20:C7:DF:54:B9:97:E1:7F:3D
            X509v3 Authority Key Identifier:
                keyid:83:BF:36:EB:18:EF:9A:57:C5:FB:60:3A:DA:40:0F:E6:B6:68:8E:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g7826xjvmlfF-2A62kAP5rZojm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/f77d51-ee1c-47a9-90bc-e0d2a1b6e8ac/1/H-GxJq7AYJ6htdogx99UuZfhfz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/f77d51-ee1c-47a9-90bc-e0d2a1b6e8ac/1/g7826xjvmlfF-2A62kAP5rZojm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.24.0/21
                  37.75.216.0/21
                  80.242.96.0/20
                  93.190.176.0/21
                  185.14.16.0/22
                  217.175.4.0-217.175.15.255

    Signature Algorithm: sha256WithRSAEncryption
         83:b4:06:cd:17:06:0a:5c:20:0b:52:8f:5d:c4:6e:67:3e:60:
         91:42:d4:b3:80:91:2f:fd:05:35:99:fb:36:bb:8c:a8:e8:7e:
         a2:ce:d2:7c:dc:96:07:99:93:98:12:6d:53:7d:5b:0b:92:aa:
         ba:77:9e:45:69:ae:39:7d:da:0a:3c:46:42:a2:5c:62:92:88:
         40:22:15:6f:39:9b:f5:f1:4a:87:a8:0b:85:66:c5:94:6b:eb:
         8f:73:54:c6:05:cd:0a:08:04:57:f3:01:ce:14:af:60:9a:48:
         22:e7:75:0f:33:0e:70:e3:2e:cd:f3:2a:5c:b9:28:37:5c:b3:
         11:ea:6d:f5:34:bf:91:e0:12:8e:81:97:e1:49:f0:fa:fe:ef:
         7a:48:06:c4:b9:d4:31:20:f0:29:3b:2f:69:8b:68:d4:3a:49:
         0a:3f:68:77:f6:e9:7c:f8:71:23:27:de:03:19:cf:6c:c5:a5:
         9f:93:c9:f5:e4:d2:a9:2c:7b:cc:77:fb:78:cb:e4:6d:f8:06:
         cb:fd:2b:82:48:f6:e5:99:2e:68:74:ba:a5:d7:17:6b:35:09:
         e1:73:76:82:27:68:d5:6b:c8:fe:3f:cd:4d:7e:38:9a:a8:33:
         36:e1:e0:78:a6:63:a1:b0:30:b2:d8:fe:8a:93:b9:b5:93:b7:
         3a:f7:de:50
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVuFCF9rQ+l+0ZHdL4zpkgOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYmYzNmViMThlZjlhNTdjNWZiNjAzYWRhNDAwZmU2YjY2
ODhlNmUwHhcNMjMwMTAxMTYwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmUxYjEyNmFlYzA2MDllYTFiNWRhMjBjN2RmNTRiOTk3ZTE3ZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp/G72pd4DoGYLucRW/USc4xvBcr
s67/1FTxsKCCJgZZgpLlW1hH5E7iA1un4CiNE2XPRfkk6Y9zR5f3lHyN19cTicAA
b3Iy/YE/7X0gfnazuVEbrI+8rP6SOw3xkK8DsJoG0sM2KmxRJqBIhA4zPHLcU2Av
LBK6ouDDJPbILp7NzyNSyqo+evVpIePLOpMTRbbJcveRzHw7KW1V+88sKR2eI6L0
7ft9iZkC54hTW6XussKFkG0pMYTvYGfSN9rjJk9m6TmRhCBijfnfoWPGn8nKh8iT
9g7PfseWkEfmCmERulpw+QYRwimOzliYuNtawRXKSK+88zGuf/B9ccuE8QIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFB/hsSauwGCeobXaIMffVLmX4X89MB8GA1UdIwQY
MBaAFIO/NusY75pXxftgOtpAD+a2aI5uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzc4MjZ4anZtbGZGLTJBNjJrQVA1clpvam00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mNzdkNTEtZWUxYy00N2E5LTkwYmMt
ZTBkMmExYjZlOGFjLzEvSC1HeEpxN0FZSjZodGRvZ3g5OVV1WmZoZnowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mNzdkNTEtZWUxYy00N2E5LTkwYmMtZTBkMmExYjZlOGFj
LzEvZzc4MjZ4anZtbGZGLTJBNjJrQVA1clpvam00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQDHwMYAwQD
JUvYAwQEUPJgAwQDXb6wAwQCuQ4QMAwDBALZrwQDBATZrwAwDQYJKoZIhvcNAQEL
BQADggEBAIO0Bs0XBgpcIAtSj13Ebmc+YJFC1LOAkS/9BTWZ+za7jKjofqLO0nzc
lgeZk5gSbVN9WwuSqrp3nkVprjl92go8RkKiXGKSiEAiFW85m/XxSoeoC4VmxZRr
649zVMYFzQoIBFfzAc4Ur2CaSCLndQ8zDnDjLs3zKly5KDdcsxHqbfU0v5HgEo6B
l+FJ8Pr+73pIBsS51DEg8Ck7L2mLaNQ6SQo/aHf26Xz4cSMn3gMZz2zFpZ+TyfXk
0qkse8x3+3jL5G34Bsv9K4JI9uWZLmh0uqXXF2s1CeFzdoInaNVryP4/zU1+OJqo
Mzbh4HimY6GwMLLY/oqTubWTtzr33lA=
-----END CERTIFICATE-----