Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/440781-f614-450d-9d9f-2b8761d8a137/1/KvgGF-s_8qI9fZYbmJjxyZJN_aA.roa
File:                     KvgGF-s_8qI9fZYbmJjxyZJN_aA.roa (raw, json)
Hash identifier:          N4kU+Rz9Vn6nK+poTcTXxCDCz6TM4Toec4G9MkLXe60=
Subject key identifier:   2A:F8:06:17:EB:3F:F2:A2:3D:7D:96:1B:98:98:F1:C9:92:4D:FD:A0
Certificate issuer:       /CN=8831d621d192f92db093d933092c1e236b4d497b
Certificate serial:       0185723A30CA9B3B72A91EBFBAED323CB615
Authority key identifier: 88:31:D6:21:D1:92:F9:2D:B0:93:D9:33:09:2C:1E:23:6B:4D:49:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iDHWIdGS-S2wk9kzCSweI2tNSXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/440781-f614-450d-9d9f-2b8761d8a137/1/KvgGF-s_8qI9fZYbmJjxyZJN_aA.roa
Signing time:             Mon 02 Jan 2023 11:24:54 +0000
ROA not before:           Mon 02 Jan 2023 11:24:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39798
IP address blocks:        185.225.16.0/22 maxlen: 24
                          94.158.244.0/22 maxlen: 24
                          185.163.44.0/22 maxlen: 24
                          194.180.158.0/24 maxlen: 24
                          194.180.157.0/24 maxlen: 24
                          5.252.176.0/22 maxlen: 24
                          194.180.174.0/24 maxlen: 24
                          194.180.191.0/24 maxlen: 24
                          5.181.156.0/22 maxlen: 24
                          2a0a:c800::/29 maxlen: 48
                          2001:67c:2db8::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:3a:30:ca:9b:3b:72:a9:1e:bf:ba:ed:32:3c:b6:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8831d621d192f92db093d933092c1e236b4d497b
        Validity
            Not Before: Jan  2 11:24:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2af80617eb3ff2a23d7d961b9898f1c9924dfda0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:78:d9:be:00:be:48:50:c7:4a:69:08:42:97:
                    c8:7d:97:24:ea:70:3e:14:ef:d0:02:37:e1:b3:b7:
                    d6:c0:67:08:ad:59:c7:4a:d5:a1:11:4b:dc:60:00:
                    ff:a9:a4:fa:68:b5:d3:9a:a9:b3:87:6c:71:e2:46:
                    8e:b8:5d:aa:d8:97:ea:d2:ed:d0:1b:28:ca:cf:fd:
                    dd:ad:1a:c4:c8:03:96:18:1f:50:80:f0:1c:92:cf:
                    79:1b:81:70:55:46:04:18:cb:c3:fd:11:f1:bb:e7:
                    01:d1:a5:a7:e9:c4:48:3b:0a:50:dd:e3:70:ac:8c:
                    7b:fa:e8:f3:2f:76:10:00:51:5e:2b:9c:62:09:80:
                    60:e5:00:cf:20:70:86:5c:45:6f:75:12:c8:9d:a3:
                    c3:93:7e:14:ca:7f:bb:a5:71:6a:5d:2a:b7:a3:69:
                    8d:70:ad:5f:30:da:d7:28:6a:7e:33:de:b0:34:40:
                    55:37:96:c7:f5:ae:64:62:bc:4f:76:99:28:4d:08:
                    0e:45:af:0a:9d:56:bf:3d:1c:86:ea:a1:f6:0a:12:
                    14:3e:c2:21:33:6d:4f:2a:bf:f7:79:c0:62:a7:3e:
                    d0:1c:51:65:ec:f2:b0:53:a3:d3:86:82:f0:fa:12:
                    83:df:17:8a:84:11:21:5c:84:34:e4:28:9a:74:b4:
                    85:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F8:06:17:EB:3F:F2:A2:3D:7D:96:1B:98:98:F1:C9:92:4D:FD:A0
            X509v3 Authority Key Identifier:
                keyid:88:31:D6:21:D1:92:F9:2D:B0:93:D9:33:09:2C:1E:23:6B:4D:49:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iDHWIdGS-S2wk9kzCSweI2tNSXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/440781-f614-450d-9d9f-2b8761d8a137/1/KvgGF-s_8qI9fZYbmJjxyZJN_aA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/440781-f614-450d-9d9f-2b8761d8a137/1/iDHWIdGS-S2wk9kzCSweI2tNSXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.156.0/22
                  5.252.176.0/22
                  94.158.244.0/22
                  185.163.44.0/22
                  185.225.16.0/22
                  194.180.157.0-194.180.158.255
                  194.180.174.0/24
                  194.180.191.0/24
                IPv6:
                  2001:67c:2db8::/48
                  2a0a:c800::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:ac:b9:10:a4:3d:81:3f:e2:be:0e:b3:a5:a5:99:a7:ad:13:
         1a:8c:a3:45:f9:ca:e4:40:86:71:92:71:d1:d2:a3:9b:a1:c1:
         7c:a0:d6:45:15:5d:86:04:91:17:9e:41:34:98:e9:e2:2a:9e:
         52:e1:1b:58:9a:67:2f:56:99:43:ee:29:60:df:b2:73:26:85:
         7b:18:e1:85:7d:f8:bc:d7:3e:6c:cf:42:e0:a9:54:f5:ca:7b:
         45:ef:ba:6d:a7:9f:29:d1:db:20:ad:91:e6:d3:23:23:f8:c6:
         90:b6:91:be:f9:e2:8e:59:1a:9d:d5:90:76:63:9f:33:d0:92:
         26:ba:5a:8e:95:45:e2:9e:93:df:8c:f3:55:ae:89:d5:d9:e0:
         af:ad:c6:ef:74:f5:2d:6b:c7:13:e7:6e:86:40:26:8a:b7:c1:
         e9:6c:99:63:0b:63:ac:f0:ed:9f:f5:1c:41:0a:c6:1c:2f:6b:
         21:9a:06:ff:68:45:76:fa:dd:9a:89:d5:47:3b:27:24:c8:4d:
         72:7c:54:a8:39:2e:c2:16:b5:56:ca:7b:cb:11:d4:e9:ed:97:
         21:41:94:71:45:84:27:69:5c:4e:df:5d:9a:0f:c7:7b:17:d2:
         57:f2:37:cb:00:b3:21:a4:21:72:05:40:c1:46:dd:e3:8c:ca:
         93:4b:cd:5a
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYVyOjDKmztyqR6/uu0yPLYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MzFkNjIxZDE5MmY5MmRiMDkzZDkzMzA5MmMxZTIzNmI0
ZDQ5N2IwHhcNMjMwMTAyMTEyNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWY4MDYxN2ViM2ZmMmEyM2Q3ZDk2MWI5ODk4ZjFjOTkyNGRmZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3jZvgC+SFDHSmkIQpfIfZck6nA+
FO/QAjfhs7fWwGcIrVnHStWhEUvcYAD/qaT6aLXTmqmzh2xx4kaOuF2q2Jfq0u3Q
GyjKz/3drRrEyAOWGB9QgPAcks95G4FwVUYEGMvD/RHxu+cB0aWn6cRIOwpQ3eNw
rIx7+ujzL3YQAFFeK5xiCYBg5QDPIHCGXEVvdRLInaPDk34Uyn+7pXFqXSq3o2mN
cK1fMNrXKGp+M96wNEBVN5bH9a5kYrxPdpkoTQgORa8KnVa/PRyG6qH2ChIUPsIh
M21PKr/3ecBipz7QHFFl7PKwU6PThoLw+hKD3xeKhBEhXIQ05CiadLSF5wIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFCr4BhfrP/KiPX2WG5iY8cmSTf2gMB8GA1UdIwQY
MBaAFIgx1iHRkvktsJPZMwksHiNrTUl7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaURIV0lkR1MtUzJ3azlrekNTd2VJMnROU1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS80NDA3ODEtZjYxNC00NTBkLTlkOWYt
MmI4NzYxZDhhMTM3LzEvS3ZnR0Ytc184cUk5ZlpZYm1Kanh5WkpOX2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS80NDA3ODEtZjYxNC00NTBkLTlkOWYtMmI4NzYxZDhhMTM3
LzEvaURIV0lkR1MtUzJ3azlrekNTd2VJMnROU1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDA+BAIAATA4AwQCBbWcAwQC
BfywAwQCXp70AwQCuaMsAwQCueEQMAwDBADCtJ0DBADCtJ4DBADCtK4DBADCtL8w
FgQCAAIwEAMHACABBnwtuAMFAyoKyAAwDQYJKoZIhvcNAQELBQADggEBAJ2suRCk
PYE/4r4Os6WlmaetExqMo0X5yuRAhnGScdHSo5uhwXyg1kUVXYYEkReeQTSY6eIq
nlLhG1iaZy9WmUPuKWDfsnMmhXsY4YV9+LzXPmzPQuCpVPXKe0Xvum2nnynR2yCt
kebTIyP4xpC2kb754o5ZGp3VkHZjnzPQkia6Wo6VReKek9+M81WuidXZ4K+txu90
9S1rxxPnboZAJoq3welsmWMLY6zw7Z/1HEEKxhwvayGaBv9oRXb63ZqJ1Uc7JyTI
TXJ8VKg5LsIWtVbKe8sR1OntlyFBlHFFhCdpXE7fXZoPx3sX0lfyN8sAsyGkIXIF
QMFG3eOMypNLzVo=
-----END CERTIFICATE-----