Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/0sHNZrA33a0wsV-oy4EnxHdQe5c.roa
File:                     0sHNZrA33a0wsV-oy4EnxHdQe5c.roa (raw, json)
Hash identifier:          b0zFU8B/U6OOwCDDgYu9dBLyDeaN2a+F2df27ZOw6u8=
Subject key identifier:   D2:C1:CD:66:B0:37:DD:AD:30:B1:5F:A8:CB:81:27:C4:77:50:7B:97
Certificate issuer:       /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial:       018BD5CAC4E76C4FFBDDA6920CF2EF5D110E
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/0sHNZrA33a0wsV-oy4EnxHdQe5c.roa
Signing time:             Thu 16 Nov 2023 01:41:57 +0000
ROA not before:           Thu 16 Nov 2023 01:41:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25198
IP address blocks:        85.204.107.0/24 maxlen: 24
                          185.104.63.0/24 maxlen: 24
                          195.74.93.0/24 maxlen: 24
                          46.229.243.0/24 maxlen: 24
                          46.229.253.0/24 maxlen: 24
                          83.229.61.0/24 maxlen: 24
                          2a12:3200:3000::/36 maxlen: 36
                          2a12:3200:1000::/36 maxlen: 36
                          2a12:3200::/36 maxlen: 36
                          2a12:3200:2000::/36 maxlen: 36
                          2a12:3200:4000::/36 maxlen: 36
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d5:ca:c4:e7:6c:4f:fb:dd:a6:92:0c:f2:ef:5d:11:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
        Validity
            Not Before: Nov 16 01:41:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d2c1cd66b037ddad30b15fa8cb8127c477507b97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ec:e3:13:88:9a:e7:2b:86:2f:cd:26:19:5b:
                    43:07:62:83:8b:ff:bb:cc:e6:23:10:ce:83:5b:2d:
                    b0:a9:5c:50:fc:3d:82:76:b9:83:bb:36:17:a9:5c:
                    dd:e2:f2:0d:34:84:bc:ac:f8:68:fa:0d:97:6d:5c:
                    1a:24:13:ea:1e:1d:d1:94:df:60:bf:0f:2d:d2:14:
                    57:a1:2b:2a:e4:f4:41:13:c3:16:1d:a9:b2:95:9b:
                    2c:02:e8:d2:b5:94:b7:66:93:c1:74:80:c5:a2:83:
                    47:e5:21:91:75:5e:49:2f:3c:d8:bd:0a:0b:6a:1f:
                    22:e3:48:f5:52:75:97:ec:1d:c2:a7:1f:e3:6c:fb:
                    cf:da:26:52:c0:1d:b3:95:7c:66:a8:d6:b6:13:6c:
                    e0:c0:49:11:45:bc:ba:b8:b1:ea:ca:ca:4b:ec:db:
                    ef:81:7a:3d:e5:05:1b:bd:f6:75:d7:4b:18:b9:8d:
                    aa:e5:ec:07:82:bb:67:c7:5b:12:5d:60:79:45:da:
                    3d:b1:d3:a0:ef:62:41:6f:a7:9c:d6:e0:a5:5f:87:
                    37:a8:22:56:47:57:43:70:b8:68:18:75:cb:c4:08:
                    52:31:36:d1:68:a2:81:2a:ef:5b:63:81:91:19:16:
                    06:57:56:f4:7b:fd:d4:c8:c9:1e:a0:71:bc:17:68:
                    6c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C1:CD:66:B0:37:DD:AD:30:B1:5F:A8:CB:81:27:C4:77:50:7B:97
            X509v3 Authority Key Identifier:
                keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/0sHNZrA33a0wsV-oy4EnxHdQe5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.243.0/24
                  46.229.253.0/24
                  83.229.61.0/24
                  85.204.107.0/24
                  185.104.63.0/24
                  195.74.93.0/24
                IPv6:
                  2a12:3200::-2a12:3200:4fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         e4:5d:d0:3d:34:7e:c3:19:72:66:e2:ce:39:7b:8a:a9:72:c0:
         b3:20:53:76:8e:76:2a:78:8b:ea:4d:0b:79:61:5e:69:46:98:
         5a:6f:92:e5:e5:4a:ab:0c:67:78:7c:52:de:10:fd:fd:7f:bf:
         a5:f1:65:f4:be:f8:76:b6:50:f2:88:87:60:fa:86:dc:d5:ad:
         6f:58:a9:69:46:aa:58:7f:77:1f:12:27:6f:25:8b:93:37:56:
         d4:50:92:57:d5:3c:07:56:75:cf:f3:82:19:51:25:71:c7:8a:
         e5:63:cd:8d:07:b7:44:c9:b6:fa:5d:10:da:f7:59:5a:c6:6c:
         e5:8d:61:2a:fb:6a:0e:ee:ae:dd:da:70:f1:cd:dc:66:ec:0b:
         3a:7e:e9:9c:fd:ee:cd:18:bb:be:10:86:de:4b:3e:82:2c:ca:
         43:8f:75:77:69:5b:c6:b5:8d:15:87:21:89:3d:9f:67:b5:02:
         83:52:70:76:e8:7c:af:01:d5:7e:eb:59:0f:27:00:14:04:ff:
         94:ad:a1:ab:9c:3a:ba:cb:61:f4:21:39:fc:71:d4:be:8a:b0:
         ec:cb:3b:21:b5:ae:65:12:c4:7f:34:09:f2:1e:52:25:11:cf:
         ab:c1:05:52:ef:ea:17:c1:6e:fc:6e:bf:70:44:49:be:0f:17:
         1f:a8:4c:2f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYvVysTnbE/73aaSDPLvXREOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjMxMTE2MDE0MTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmMxY2Q2NmIwMzdkZGFkMzBiMTVmYThjYjgxMjdjNDc3NTA3Yjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuzjE4ia5yuGL80mGVtDB2KDi/+7
zOYjEM6DWy2wqVxQ/D2CdrmDuzYXqVzd4vINNIS8rPho+g2XbVwaJBPqHh3RlN9g
vw8t0hRXoSsq5PRBE8MWHamylZssAujStZS3ZpPBdIDFooNH5SGRdV5JLzzYvQoL
ah8i40j1UnWX7B3Cpx/jbPvP2iZSwB2zlXxmqNa2E2zgwEkRRby6uLHqyspL7Nvv
gXo95QUbvfZ110sYuY2q5ewHgrtnx1sSXWB5Rdo9sdOg72JBb6ec1uClX4c3qCJW
R1dDcLhoGHXLxAhSMTbRaKKBKu9bY4GRGRYGV1b0e/3UyMkeoHG8F2hs+wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNLBzWawN92tMLFfqMuBJ8R3UHuXMB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvMHNITlpyQTMzYTB3c1Ytb3k0RW54SGRRZTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUtMWNhZGE2ZThiMWE5
LzEvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAqBAIAATAkAwQALuXzAwQA
LuX9AwQAU+U9AwQAVcxrAwQAuWg/AwQAw0pdMBYEAgACMBAwDgMEASoSMgMGBCoS
MgBAMA0GCSqGSIb3DQEBCwUAA4IBAQDkXdA9NH7DGXJm4s45e4qpcsCzIFN2jnYq
eIvqTQt5YV5pRphab5Ll5UqrDGd4fFLeEP39f7+l8WX0vvh2tlDyiIdg+obc1a1v
WKlpRqpYf3cfEidvJYuTN1bUUJJX1TwHVnXP84IZUSVxx4rlY82NB7dEybb6XRDa
91laxmzljWEq+2oO7q7d2nDxzdxm7As6fumc/e7NGLu+EIbeSz6CLMpDj3V3aVvG
tY0VhyGJPZ9ntQKDUnB26HyvAdV+61kPJwAUBP+UraGrnDq6y2H0ITn8cdS+irDs
yzshta5lEsR/NAnyHlIlEc+rwQVS7+oXwW78br9wREm+DxcfqEwv
-----END CERTIFICATE-----