Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/776681-b5ee-430f-8693-101abd7391a6/1/HXrtL-I6rYPGwCf8_oOKFjxeYCA.roa
File:                     HXrtL-I6rYPGwCf8_oOKFjxeYCA.roa (raw, json)
Hash identifier:          +ujdmo2KYPlSHN2mv0tlFLCpe+IT9svy71udnOITpY0=
Subject key identifier:   1D:7A:ED:2F:E2:3A:AD:83:C6:C0:27:FC:FE:83:8A:16:3C:5E:60:20
Certificate issuer:       /CN=8bb1308c6a977d5cb903bf25a96308b0e8ce3b46
Certificate serial:       018A8AB5E10D6B611A2C174DB640281A12BF
Authority key identifier: 8B:B1:30:8C:6A:97:7D:5C:B9:03:BF:25:A9:63:08:B0:E8:CE:3B:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i7EwjGqXfVy5A78lqWMIsOjOO0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/776681-b5ee-430f-8693-101abd7391a6/1/HXrtL-I6rYPGwCf8_oOKFjxeYCA.roa
Signing time:             Tue 12 Sep 2023 18:44:50 +0000
ROA not before:           Tue 12 Sep 2023 18:44:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41155
IP address blocks:        45.158.139.0/24 maxlen: 24
                          45.158.136.0/24 maxlen: 24
                          45.158.137.0/24 maxlen: 24
                          45.158.138.0/24 maxlen: 24
                          194.0.221.0/24 maxlen: 24
                          194.0.223.0/24 maxlen: 24
                          194.0.193.0/24 maxlen: 24
                          45.156.74.0/24 maxlen: 24
                          45.156.75.0/24 maxlen: 24
                          45.156.72.0/24 maxlen: 24
                          45.156.73.0/24 maxlen: 24
                          2a0d:8e80:8080::/48 maxlen: 48
                          2a0d:8e80:8a80::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:8a:b5:e1:0d:6b:61:1a:2c:17:4d:b6:40:28:1a:12:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bb1308c6a977d5cb903bf25a96308b0e8ce3b46
        Validity
            Not Before: Sep 12 18:44:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d7aed2fe23aad83c6c027fcfe838a163c5e6020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:30:c2:5d:04:80:21:33:31:d7:61:b0:11:22:
                    04:c3:8f:97:5b:dc:0a:a9:8d:c4:f0:14:d5:82:23:
                    a5:64:54:dc:81:b1:69:4b:22:fd:2b:f1:5d:ec:2d:
                    00:3c:9a:71:96:d2:85:78:3a:11:84:2e:9d:c3:e4:
                    4e:62:95:3f:29:8d:4b:3a:11:a4:80:ff:90:71:59:
                    af:72:f2:c9:30:d4:8d:d0:d0:da:fb:cd:7c:ec:4d:
                    82:e2:49:12:21:93:e8:75:4b:55:2c:f7:88:49:ae:
                    07:6e:eb:11:b2:3f:fa:7a:a8:f3:6e:cf:c5:21:66:
                    80:8f:0e:3c:1f:93:73:21:66:a5:9a:88:05:44:35:
                    aa:05:ad:1a:00:f9:71:d6:36:de:88:39:76:c9:39:
                    c2:6c:36:a1:c4:5d:fb:95:5d:02:86:1d:f7:be:37:
                    f1:e6:be:52:e0:6d:95:6c:ae:e5:30:2a:93:c6:57:
                    0c:4c:88:4d:fd:98:a6:f0:c9:8d:5c:c5:b0:c5:f3:
                    a4:2a:31:e2:6d:41:d1:c7:fc:41:53:25:0d:d0:04:
                    1f:76:3f:cb:e1:27:02:f0:a6:8f:ce:df:ef:1b:a7:
                    7f:dc:30:6a:6a:99:5a:e8:0b:ae:71:b5:41:a7:a9:
                    30:13:a1:e2:25:2a:a3:4d:b5:11:73:11:06:b4:38:
                    60:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:7A:ED:2F:E2:3A:AD:83:C6:C0:27:FC:FE:83:8A:16:3C:5E:60:20
            X509v3 Authority Key Identifier:
                keyid:8B:B1:30:8C:6A:97:7D:5C:B9:03:BF:25:A9:63:08:B0:E8:CE:3B:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i7EwjGqXfVy5A78lqWMIsOjOO0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/776681-b5ee-430f-8693-101abd7391a6/1/HXrtL-I6rYPGwCf8_oOKFjxeYCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/776681-b5ee-430f-8693-101abd7391a6/1/i7EwjGqXfVy5A78lqWMIsOjOO0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.72.0/22
                  45.158.136.0/22
                  194.0.193.0/24
                  194.0.221.0/24
                  194.0.223.0/24
                IPv6:
                  2a0d:8e80:8080::/48
                  2a0d:8e80:8a80::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:cc:81:ca:57:da:46:9a:f1:ff:14:98:e1:f4:4b:13:d6:0c:
         a2:bc:ca:42:fd:8d:50:51:56:49:d6:b7:54:95:94:46:62:f9:
         8a:54:46:64:6e:19:49:55:d4:19:63:80:e2:16:4c:7b:04:f1:
         c4:40:20:7b:62:d7:ac:c8:5b:b1:fd:c3:5a:bf:d1:0e:fd:d1:
         1a:f6:d5:12:63:59:9f:5b:23:dc:e5:8a:74:c6:d8:cd:e8:b8:
         fa:22:af:33:7f:d1:97:32:4b:80:b9:98:54:3a:d2:a8:ef:15:
         a4:73:61:57:84:b9:84:97:89:42:4b:44:bc:09:4d:3c:a1:da:
         ba:51:a2:ac:a3:fd:96:7b:18:5a:28:39:3d:62:77:95:29:a3:
         5f:9d:45:45:b1:df:d7:a8:e7:95:ca:42:bc:2a:26:88:a3:31:
         83:37:20:e6:88:53:b7:1a:7b:61:97:03:f6:fe:21:29:19:41:
         3c:07:cb:9b:4d:c6:e2:c4:ce:71:f3:66:46:59:ca:3f:bc:fd:
         65:d5:f9:4e:a7:b6:50:d0:5c:97:ef:33:c2:46:0d:e5:4c:c5:
         b7:45:ba:92:f9:c3:a2:e7:7e:ad:01:b5:47:ef:cf:bb:77:95:
         0f:bb:c7:14:60:b7:63:1d:7e:c3:50:4f:04:11:4c:63:a3:85:
         59:e7:5c:4e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYqKteENa2EaLBdNtkAoGhK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYjEzMDhjNmE5NzdkNWNiOTAzYmYyNWE5NjMwOGIwZThj
ZTNiNDYwHhcNMjMwOTEyMTg0NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDdhZWQyZmUyM2FhZDgzYzZjMDI3ZmNmZTgzOGExNjNjNWU2MDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDDCXQSAITMx12GwESIEw4+XW9wK
qY3E8BTVgiOlZFTcgbFpSyL9K/Fd7C0APJpxltKFeDoRhC6dw+ROYpU/KY1LOhGk
gP+QcVmvcvLJMNSN0NDa+8187E2C4kkSIZPodUtVLPeISa4HbusRsj/6eqjzbs/F
IWaAjw48H5NzIWalmogFRDWqBa0aAPlx1jbeiDl2yTnCbDahxF37lV0Chh33vjfx
5r5S4G2VbK7lMCqTxlcMTIhN/Zim8MmNXMWwxfOkKjHibUHRx/xBUyUN0AQfdj/L
4ScC8KaPzt/vG6d/3DBqapla6AuucbVBp6kwE6HiJSqjTbURcxEGtDhgIwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFB167S/iOq2DxsAn/P6DihY8XmAgMB8GA1UdIwQY
MBaAFIuxMIxql31cuQO/JaljCLDozjtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTdFd2pHcVhmVnk1QTc4bHFXTUlzT2pPTzBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NzY2ODEtYjVlZS00MzBmLTg2OTMt
MTAxYWJkNzM5MWE2LzEvSFhydEwtSTZyWVBHd0NmOF9vT0tGanhlWUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NzY2ODEtYjVlZS00MzBmLTg2OTMtMTAxYWJkNzM5MWE2
LzEvaTdFd2pHcVhmVnk1QTc4bHFXTUlzT2pPTzBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAkBAIAATAeAwQCLZxIAwQC
LZ6IAwQAwgDBAwQAwgDdAwQAwgDfMBgEAgACMBIDBwAqDY6AgIADBwAqDY6AioAw
DQYJKoZIhvcNAQELBQADggEBAAnMgcpX2kaa8f8UmOH0SxPWDKK8ykL9jVBRVknW
t1SVlEZi+YpURmRuGUlV1BljgOIWTHsE8cRAIHti16zIW7H9w1q/0Q790Rr21RJj
WZ9bI9zlinTG2M3ouPoirzN/0ZcyS4C5mFQ60qjvFaRzYVeEuYSXiUJLRLwJTTyh
2rpRoqyj/ZZ7GFooOT1id5Upo1+dRUWx39eo55XKQrwqJoijMYM3IOaIU7cae2GX
A/b+ISkZQTwHy5tNxuLEznHzZkZZyj+8/WXV+U6ntlDQXJfvM8JGDeVMxbdFupL5
w6Lnfq0BtUfvz7t3lQ+7xxRgt2MdfsNQTwQRTGOjhVnnXE4=
-----END CERTIFICATE-----