Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/f77d51-ee1c-47a9-90bc-e0d2a1b6e8ac/1/zlSM_Lf-FalNrrMP0Tw5hvt6lUo.roa
File:                     zlSM_Lf-FalNrrMP0Tw5hvt6lUo.roa (raw, json)
Hash identifier:          Sn3W90iIBhFf1tJK1v3kXqPT7DKLLq/nMcAST4zf7wo=
Subject key identifier:   CE:54:8C:FC:B7:FE:15:A9:4D:AE:B3:0F:D1:3C:39:86:FB:7A:95:4A
Certificate issuer:       /CN=83bf36eb18ef9a57c5fb603ada400fe6b6688e6e
Certificate serial:       018958AE6A312BC24BE1E762554A5F7DA0FA
Authority key identifier: 83:BF:36:EB:18:EF:9A:57:C5:FB:60:3A:DA:40:0F:E6:B6:68:8E:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g7826xjvmlfF-2A62kAP5rZojm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/f77d51-ee1c-47a9-90bc-e0d2a1b6e8ac/1/zlSM_Lf-FalNrrMP0Tw5hvt6lUo.roa
Signing time:             Sat 15 Jul 2023 08:32:52 +0000
ROA not before:           Sat 15 Jul 2023 08:32:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25591
IP address blocks:        93.190.176.0/22 maxlen: 22
                          93.190.180.0/22 maxlen: 22
                          37.75.216.0/22 maxlen: 22
                          37.75.220.0/22 maxlen: 22
                          217.175.0.0/22 maxlen: 22
                          80.242.96.0/20 maxlen: 20
                          80.242.96.0/22 maxlen: 22
                          217.175.4.0/22 maxlen: 22
                          80.242.100.0/22 maxlen: 22
                          217.175.8.0/22 maxlen: 22
                          80.242.104.0/22 maxlen: 22
                          217.175.12.0/22 maxlen: 22
                          80.242.108.0/22 maxlen: 22
                          31.3.24.0/22 maxlen: 22
                          31.3.28.0/22 maxlen: 22
                          185.14.16.0/22 maxlen: 22
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:58:ae:6a:31:2b:c2:4b:e1:e7:62:55:4a:5f:7d:a0:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83bf36eb18ef9a57c5fb603ada400fe6b6688e6e
        Validity
            Not Before: Jul 15 08:32:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ce548cfcb7fe15a94daeb30fd13c3986fb7a954a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:72:d0:d6:eb:96:a9:5f:25:95:7b:87:3a:fc:
                    1e:21:a2:d6:6e:44:2f:f0:0f:7c:74:c9:ca:e4:18:
                    93:7d:d6:52:62:2a:07:42:d7:e4:64:9b:2a:6a:b9:
                    26:d6:4b:2c:3a:46:3f:d9:46:d5:b1:a4:22:73:91:
                    a3:d3:84:87:1d:90:27:76:9c:68:f5:9c:15:fa:93:
                    b1:0b:e0:74:88:d6:3b:b6:aa:6b:7c:ac:e2:7d:a6:
                    f8:59:c2:95:f2:1f:a1:58:de:6a:a6:e7:9d:17:48:
                    c4:77:f6:0b:ff:40:66:69:cf:4e:a7:c4:9e:6f:14:
                    59:de:f9:a5:b3:46:71:da:ee:71:12:e6:5f:92:e7:
                    5a:5a:7a:34:25:50:48:46:cf:1d:a5:82:85:b1:eb:
                    04:b0:13:1e:1f:78:84:5a:ed:69:99:ba:b9:b6:1e:
                    d8:3c:c2:61:70:8c:32:c1:9d:f3:e7:e0:85:62:22:
                    02:30:b4:9a:d2:ab:f5:2e:b8:28:e4:b1:7c:50:b9:
                    47:7d:60:4f:b3:8a:0c:8d:97:08:e1:5a:e9:5e:ae:
                    fb:47:0b:a1:5f:0b:8a:e7:41:fe:8d:38:d1:24:fc:
                    ff:4d:eb:f1:76:99:2b:73:ee:a1:68:03:62:d6:19:
                    47:50:b5:aa:5a:1e:23:02:4f:5e:38:19:3a:fb:eb:
                    4a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:54:8C:FC:B7:FE:15:A9:4D:AE:B3:0F:D1:3C:39:86:FB:7A:95:4A
            X509v3 Authority Key Identifier:
                keyid:83:BF:36:EB:18:EF:9A:57:C5:FB:60:3A:DA:40:0F:E6:B6:68:8E:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g7826xjvmlfF-2A62kAP5rZojm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/f77d51-ee1c-47a9-90bc-e0d2a1b6e8ac/1/zlSM_Lf-FalNrrMP0Tw5hvt6lUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/f77d51-ee1c-47a9-90bc-e0d2a1b6e8ac/1/g7826xjvmlfF-2A62kAP5rZojm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.24.0/21
                  37.75.216.0/21
                  80.242.96.0/20
                  93.190.176.0/21
                  185.14.16.0/22
                  217.175.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         46:c8:e6:ab:4e:dd:e4:59:b6:4a:37:4f:70:7e:e5:37:6b:a8:
         6f:2b:62:50:d4:9c:f9:48:b3:e5:88:7b:a5:9b:ac:93:79:0e:
         88:21:c1:5d:93:12:93:b9:c7:0e:41:86:55:64:cb:28:2d:dc:
         af:67:e6:57:2e:53:ce:46:58:98:35:7c:ba:cf:cb:1e:0e:79:
         48:fd:98:0d:fb:49:74:e2:6f:77:b2:29:32:bc:bf:8a:be:17:
         34:4c:47:79:b2:e0:2d:15:3d:bb:c9:54:7b:c2:81:15:1a:72:
         9f:1c:ef:72:c9:72:a7:5c:47:37:ea:19:b1:3d:28:38:b8:56:
         b1:e5:b8:ab:06:71:3c:93:3e:af:49:10:e0:e7:2b:e1:2b:ea:
         f6:7d:3a:5a:fd:d2:fb:82:60:77:fd:3f:49:be:7b:60:f8:92:
         c0:ac:a1:c5:44:b0:f0:09:0d:99:7e:3d:88:00:51:8c:52:a3:
         5e:98:7f:bb:26:3e:c8:c4:a3:76:78:ab:2f:67:96:b6:1c:87:
         7f:68:55:f8:b6:70:67:4b:67:00:29:57:54:0b:ea:8a:94:23:
         0b:ab:25:70:bf:57:de:0e:4b:d4:2a:46:c3:e8:63:22:fe:60:
         96:93:53:41:2e:fd:ba:a5:70:a1:4b:27:7f:69:57:1d:b9:3f:
         2e:dd:60:49
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYlYrmoxK8JL4ediVUpffaD6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYmYzNmViMThlZjlhNTdjNWZiNjAzYWRhNDAwZmU2YjY2
ODhlNmUwHhcNMjMwNzE1MDgzMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTU0OGNmY2I3ZmUxNWE5NGRhZWIzMGZkMTNjMzk4NmZiN2E5NTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nLQ1uuWqV8llXuHOvweIaLWbkQv
8A98dMnK5BiTfdZSYioHQtfkZJsqarkm1kssOkY/2UbVsaQic5Gj04SHHZAndpxo
9ZwV+pOxC+B0iNY7tqprfKzifab4WcKV8h+hWN5qpuedF0jEd/YL/0Bmac9Op8Se
bxRZ3vmls0Zx2u5xEuZfkudaWno0JVBIRs8dpYKFsesEsBMeH3iEWu1pmbq5th7Y
PMJhcIwywZ3z5+CFYiICMLSa0qv1Lrgo5LF8ULlHfWBPs4oMjZcI4VrpXq77Rwuh
XwuK50H+jTjRJPz/Tevxdpkrc+6haANi1hlHULWqWh4jAk9eOBk6++tKDwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFM5UjPy3/hWpTa6zD9E8OYb7epVKMB8GA1UdIwQY
MBaAFIO/NusY75pXxftgOtpAD+a2aI5uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzc4MjZ4anZtbGZGLTJBNjJrQVA1clpvam00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mNzdkNTEtZWUxYy00N2E5LTkwYmMt
ZTBkMmExYjZlOGFjLzEvemxTTV9MZi1GYWxOcnJNUDBUdzVodnQ2bFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mNzdkNTEtZWUxYy00N2E5LTkwYmMtZTBkMmExYjZlOGFj
LzEvZzc4MjZ4anZtbGZGLTJBNjJrQVA1clpvam00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQDHwMYAwQD
JUvYAwQEUPJgAwQDXb6wAwQCuQ4QAwQE2a8AMA0GCSqGSIb3DQEBCwUAA4IBAQBG
yOarTt3kWbZKN09wfuU3a6hvK2JQ1Jz5SLPliHulm6yTeQ6IIcFdkxKTuccOQYZV
ZMsoLdyvZ+ZXLlPORliYNXy6z8seDnlI/ZgN+0l04m93sikyvL+Kvhc0TEd5suAt
FT27yVR7woEVGnKfHO9yyXKnXEc36hmxPSg4uFax5birBnE8kz6vSRDg5yvhK+r2
fTpa/dL7gmB3/T9Jvntg+JLArKHFRLDwCQ2Zfj2IAFGMUqNemH+7Jj7IxKN2eKsv
Z5a2HId/aFX4tnBnS2cAKVdUC+qKlCMLqyVwv1feDkvUKkbD6GMi/mCWk1NBLv26
pXChSyd/aVcduT8u3WBJ
-----END CERTIFICATE-----