Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/lYgUIVImOzPxz5tT4Y02htthLJM.roa
File:                     lYgUIVImOzPxz5tT4Y02htthLJM.roa (raw, json)
Hash identifier:          qOY/Jfv4A6bilMvHUxdsF56hcl7ZSTCv/qlI4vD6q9Y=
Subject key identifier:   95:88:14:21:52:26:3B:33:F1:CF:9B:53:E1:8D:36:86:DB:61:2C:93
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018C40D64D43601CA219D99A4B74BA692B0F
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/lYgUIVImOzPxz5tT4Y02htthLJM.roa
Signing time:             Wed 06 Dec 2023 20:33:55 +0000
ROA not before:           Wed 06 Dec 2023 20:33:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39811
IP address blocks:        85.140.40.0/24 maxlen: 24
                          85.140.41.0/24 maxlen: 24
                          85.140.42.0/24 maxlen: 24
                          213.87.246.0/24 maxlen: 24
                          213.87.96.0/24 maxlen: 24
                          213.87.97.0/24 maxlen: 24
                          213.87.98.0/23 maxlen: 23
                          213.87.100.0/24 maxlen: 24
                          213.87.101.0/24 maxlen: 24
                          213.87.102.0/24 maxlen: 24
                          213.87.103.0/24 maxlen: 24
                          213.87.104.0/24 maxlen: 24
                          213.87.105.0/24 maxlen: 24
                          213.87.106.0/23 maxlen: 23
                          85.140.127.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:40:d6:4d:43:60:1c:a2:19:d9:9a:4b:74:ba:69:2b:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Dec  6 20:33:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9588142152263b33f1cf9b53e18d3686db612c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:57:90:1e:ec:b4:1b:67:cf:d5:59:9c:ef:07:
                    00:54:48:bc:e2:73:45:70:67:71:a6:21:07:cc:3f:
                    15:7a:2e:ca:d1:55:30:5a:a0:21:29:a0:c5:d4:20:
                    3a:a5:69:b5:53:2c:f5:6d:73:94:a7:3a:4c:19:5d:
                    e5:58:6e:62:d3:5e:c5:4e:19:e4:72:4b:24:a2:73:
                    4d:c0:25:45:3a:7f:bb:6c:e2:8c:83:3a:32:99:4c:
                    7b:44:d5:7a:3a:28:fc:2a:7f:12:fd:5d:a3:1a:93:
                    24:f4:a5:04:29:46:31:45:08:19:14:4e:51:bd:39:
                    fd:0c:b6:de:15:1d:fd:0a:e2:25:50:31:40:ab:26:
                    ed:5f:d4:58:02:7e:d3:7d:77:83:55:71:82:08:15:
                    ea:1e:1d:74:3f:67:ce:ea:17:38:1e:45:35:17:54:
                    21:b2:49:22:9a:d9:a4:62:c6:f4:c9:f9:99:28:e4:
                    a5:90:42:da:96:22:19:8b:b5:af:9b:6c:2b:08:af:
                    70:01:d1:d7:74:d7:8a:f8:06:21:ec:53:1b:1d:57:
                    7a:57:38:e2:24:8c:6e:89:83:9b:ca:2a:9e:59:dc:
                    e6:67:e7:3c:0c:a4:3c:38:62:11:07:6d:9d:f7:a4:
                    24:3c:81:58:06:16:d1:26:dc:c6:3a:ee:1f:ee:fb:
                    6d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:88:14:21:52:26:3B:33:F1:CF:9B:53:E1:8D:36:86:DB:61:2C:93
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/lYgUIVImOzPxz5tT4Y02htthLJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.140.40.0-85.140.42.255
                  85.140.127.0/24
                  213.87.96.0-213.87.107.255
                  213.87.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:05:28:db:a0:29:ad:2d:25:68:23:ee:7e:4a:1e:29:ba:a3:
         0a:d0:42:d4:b0:1f:7b:13:6d:e6:a6:a4:f6:fe:37:cf:74:73:
         81:0f:cb:0e:26:6d:88:ef:a2:44:98:33:a4:10:fe:89:9a:1e:
         b0:b8:c8:f7:39:f3:99:2a:c1:f8:7c:d0:3d:01:aa:db:29:93:
         78:ee:0e:57:0b:f3:d0:68:d0:6b:42:94:9f:a5:9f:42:7c:23:
         97:20:1f:49:18:08:9b:a1:7a:19:cb:87:ff:b1:03:d3:2d:71:
         d3:b0:87:d1:c4:75:a4:98:23:aa:67:01:9a:88:65:03:41:84:
         8b:27:0f:3c:ea:42:5d:67:8a:e1:b3:fd:55:0e:8d:87:00:0e:
         f4:2d:8b:bb:4f:98:52:41:c3:6f:bc:39:83:ee:8c:82:62:5b:
         19:05:c4:e5:71:79:da:6f:4a:38:74:c8:b3:48:91:82:80:79:
         e0:ed:c1:58:2a:ba:e6:48:20:8e:74:f1:a6:3f:d3:2f:b7:47:
         a3:3b:26:e0:46:e1:e3:51:df:7e:9e:67:ac:d2:fa:e5:46:51:
         28:19:3d:b5:ec:35:5a:f4:ff:52:77:a6:eb:1d:fd:e8:12:5d:
         1b:02:81:fe:11:d2:8b:11:9f:a1:65:c2:57:d2:68:fa:84:cf:
         29:37:1b:0d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYxA1k1DYByiGdmaS3S6aSsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjMxMjA2MjAzMzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTg4MTQyMTUyMjYzYjMzZjFjZjliNTNlMThkMzY4NmRiNjEyYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1eQHuy0G2fP1Vmc7wcAVEi84nNF
cGdxpiEHzD8Vei7K0VUwWqAhKaDF1CA6pWm1Uyz1bXOUpzpMGV3lWG5i017FThnk
ckskonNNwCVFOn+7bOKMgzoymUx7RNV6Oij8Kn8S/V2jGpMk9KUEKUYxRQgZFE5R
vTn9DLbeFR39CuIlUDFAqybtX9RYAn7TfXeDVXGCCBXqHh10P2fO6hc4HkU1F1Qh
skkimtmkYsb0yfmZKOSlkELaliIZi7Wvm2wrCK9wAdHXdNeK+AYh7FMbHVd6Vzji
JIxuiYObyiqeWdzmZ+c8DKQ8OGIRB22d96QkPIFYBhbRJtzGOu4f7vttpQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFJWIFCFSJjsz8c+bU+GNNobbYSyTMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvbFlnVUlWSW1PelB4ejV0VDRZMDJodHRoTEpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBANVjCgD
BABVjCoDBABVjH8wDAMEBdVXYAMEAtVXaAMEANVX9jANBgkqhkiG9w0BAQsFAAOC
AQEAFwUo26AprS0laCPufkoeKbqjCtBC1LAfexNt5qak9v43z3RzgQ/LDiZtiO+i
RJgzpBD+iZoesLjI9znzmSrB+HzQPQGq2ymTeO4OVwvz0GjQa0KUn6WfQnwjlyAf
SRgIm6F6GcuH/7ED0y1x07CH0cR1pJgjqmcBmohlA0GEiycPPOpCXWeK4bP9VQ6N
hwAO9C2Lu0+YUkHDb7w5g+6MgmJbGQXE5XF52m9KOHTIs0iRgoB54O3BWCq65kgg
jnTxpj/TL7dHozsm4Ebh41Hffp5nrNL65UZRKBk9tew1WvT/Unem6x396BJdGwKB
/hHSixGfoWXCV9Jo+oTPKTcbDQ==
-----END CERTIFICATE-----