Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9c5a00-0b5f-4a95-98a8-8bd976910dbf/1/hgsxIbZaEW0DQ17deYXFgfPuAD8.roa
File:                     hgsxIbZaEW0DQ17deYXFgfPuAD8.roa (raw, json)
Hash identifier:          8FSbRooeiknQIXzOCZbyiA7l6fROjWc/d/FBh/ODi9w=
Subject key identifier:   86:0B:31:21:B6:5A:11:6D:03:43:5E:DD:79:85:C5:81:F3:EE:00:3F
Certificate issuer:       /CN=c3bd26fe2295e462be2678533efa531e23b7f102
Certificate serial:       018571D79FDE7DF72B115830C97FCDB88DC6
Authority key identifier: C3:BD:26:FE:22:95:E4:62:BE:26:78:53:3E:FA:53:1E:23:B7:F1:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w70m_iKV5GK-JnhTPvpTHiO38QI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/9c5a00-0b5f-4a95-98a8-8bd976910dbf/1/hgsxIbZaEW0DQ17deYXFgfPuAD8.roa
Signing time:             Mon 02 Jan 2023 09:37:14 +0000
ROA not before:           Mon 02 Jan 2023 09:37:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57773
IP address blocks:        91.208.188.0/24 maxlen: 24
                          85.208.80.0/22 maxlen: 22
                          185.141.112.0/22 maxlen: 22
                          171.22.68.0/22 maxlen: 22
                          194.33.80.0/24 maxlen: 24
                          185.205.50.0/23 maxlen: 23
                          185.205.48.0/23 maxlen: 23
                          185.205.48.0/22 maxlen: 22
                          2a09:3b40::/29 maxlen: 29
                          2a0b:145::/43 maxlen: 43
                          2a0b:140::/29 maxlen: 29
                          2a0b:143::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d7:9f:de:7d:f7:2b:11:58:30:c9:7f:cd:b8:8d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3bd26fe2295e462be2678533efa531e23b7f102
        Validity
            Not Before: Jan  2 09:37:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=860b3121b65a116d03435edd7985c581f3ee003f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1c:bc:85:ec:b1:02:5c:8d:0a:67:7b:25:f6:
                    37:94:48:7c:ca:32:1b:54:0f:2d:0b:64:c6:83:c6:
                    5c:78:9c:d4:b5:f8:f0:2d:b9:79:75:0c:a3:c0:29:
                    15:1f:c7:84:fd:15:ae:65:74:6e:42:cc:a4:76:78:
                    04:4f:2d:c9:43:41:fd:35:f8:46:ff:2d:0f:ef:58:
                    60:b8:37:6f:f0:5d:77:af:96:53:b8:df:a8:c5:f1:
                    21:1d:00:81:a2:37:0d:a7:98:42:11:12:87:a2:ce:
                    32:1f:e1:90:18:08:ba:2b:4e:1f:df:2a:3b:7f:6c:
                    f4:9d:89:06:8c:2d:1f:75:81:56:30:71:eb:59:0a:
                    09:02:df:83:66:6c:b0:e9:39:28:b7:e5:03:75:ed:
                    1d:63:cf:81:49:33:c2:d7:38:da:7c:14:3d:aa:4f:
                    8b:3e:5d:21:1c:61:26:69:12:e9:5e:ba:ba:63:8c:
                    ec:96:2b:6b:39:d0:7e:24:5d:4b:12:27:10:dd:34:
                    ad:5b:ef:26:52:64:1b:99:c1:0b:11:4f:ef:a7:98:
                    e0:de:1e:4c:01:88:da:e2:a6:d9:d8:b4:75:21:69:
                    54:6d:b0:25:38:f1:64:74:47:a7:34:77:36:37:ab:
                    70:98:26:2a:70:63:b3:45:df:7f:b8:43:6e:60:ae:
                    aa:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:0B:31:21:B6:5A:11:6D:03:43:5E:DD:79:85:C5:81:F3:EE:00:3F
            X509v3 Authority Key Identifier:
                keyid:C3:BD:26:FE:22:95:E4:62:BE:26:78:53:3E:FA:53:1E:23:B7:F1:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w70m_iKV5GK-JnhTPvpTHiO38QI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9c5a00-0b5f-4a95-98a8-8bd976910dbf/1/hgsxIbZaEW0DQ17deYXFgfPuAD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9c5a00-0b5f-4a95-98a8-8bd976910dbf/1/w70m_iKV5GK-JnhTPvpTHiO38QI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.80.0/22
                  91.208.188.0/24
                  171.22.68.0/22
                  185.141.112.0/22
                  185.205.48.0/22
                  194.33.80.0/24
                IPv6:
                  2a09:3b40::/29
                  2a0b:140::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:9c:9f:3b:de:a7:f9:55:75:24:f0:2b:03:43:a2:c7:d9:a0:
         71:13:e1:15:bf:ca:79:c3:53:1d:ed:aa:66:02:6f:db:9b:d9:
         b3:8a:a0:2d:de:e7:58:2e:e8:3a:39:2f:d9:65:5d:b6:70:d4:
         aa:07:c9:19:50:eb:8f:9d:0b:c1:aa:8d:d1:6b:07:00:26:1f:
         2a:21:ae:30:7a:b5:da:b1:71:7b:ab:44:b4:a5:85:11:8e:01:
         87:32:99:a7:94:7e:20:cf:2d:fc:0a:7b:9f:08:2c:53:8d:b3:
         c9:1a:93:e6:8a:4d:71:a8:1a:e8:7e:0b:99:a2:cf:9a:c2:50:
         14:35:d0:9a:15:5e:23:53:12:c6:97:2d:bc:9b:56:fb:96:09:
         e0:c9:c6:bc:4f:ed:80:16:04:fa:67:1c:eb:2f:cc:52:0f:b5:
         b0:93:44:90:1b:8c:48:62:0c:bd:c7:f2:4e:1d:2c:41:6a:59:
         2e:32:41:be:43:60:8a:3b:e2:fb:36:f2:e3:26:d4:da:45:fd:
         93:cf:03:97:47:32:be:5a:1b:91:90:64:04:44:ef:7c:a5:1e:
         b8:50:27:93:cb:78:94:3a:f8:fa:10:dc:c2:80:9a:4c:13:a3:
         8a:f8:0b:cf:29:27:0b:b7:3c:03:74:2f:31:a1:18:48:f6:a6:
         2f:cb:e0:a9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVx15/effcrEVgwyX/NuI3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYmQyNmZlMjI5NWU0NjJiZTI2Nzg1MzNlZmE1MzFlMjNi
N2YxMDIwHhcNMjMwMTAyMDkzNzE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjBiMzEyMWI2NWExMTZkMDM0MzVlZGQ3OTg1YzU4MWYzZWUwMDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBy8heyxAlyNCmd7JfY3lEh8yjIb
VA8tC2TGg8ZceJzUtfjwLbl5dQyjwCkVH8eE/RWuZXRuQsykdngETy3JQ0H9NfhG
/y0P71hguDdv8F13r5ZTuN+oxfEhHQCBojcNp5hCERKHos4yH+GQGAi6K04f3yo7
f2z0nYkGjC0fdYFWMHHrWQoJAt+DZmyw6Tkot+UDde0dY8+BSTPC1zjafBQ9qk+L
Pl0hHGEmaRLpXrq6Y4zslitrOdB+JF1LEicQ3TStW+8mUmQbmcELEU/vp5jg3h5M
AYja4qbZ2LR1IWlUbbAlOPFkdEenNHc2N6twmCYqcGOzRd9/uENuYK6qVQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFIYLMSG2WhFtA0Ne3XmFxYHz7gA/MB8GA1UdIwQY
MBaAFMO9Jv4ileRiviZ4Uz76Ux4jt/ECMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzcwbV9pS1Y1R0stSm5oVFB2cFRIaU8zOFFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85YzVhMDAtMGI1Zi00YTk1LTk4YTgt
OGJkOTc2OTEwZGJmLzEvaGdzeEliWmFFVzBEUTE3ZGVZWEZnZlB1QUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85YzVhMDAtMGI1Zi00YTk1LTk4YTgtOGJkOTc2OTEwZGJm
LzEvdzcwbV9pS1Y1R0stSm5oVFB2cFRIaU8zOFFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCVdBQAwQA
W9C8AwQCqxZEAwQCuY1wAwQCuc0wAwQAwiFQMBQEAgACMA4DBQMqCTtAAwUDKgsB
QDANBgkqhkiG9w0BAQsFAAOCAQEAApyfO96n+VV1JPArA0Oix9mgcRPhFb/KecNT
He2qZgJv25vZs4qgLd7nWC7oOjkv2WVdtnDUqgfJGVDrj50LwaqN0WsHACYfKiGu
MHq12rFxe6tEtKWFEY4BhzKZp5R+IM8t/Ap7nwgsU42zyRqT5opNcaga6H4LmaLP
msJQFDXQmhVeI1MSxpctvJtW+5YJ4MnGvE/tgBYE+mcc6y/MUg+1sJNEkBuMSGIM
vcfyTh0sQWpZLjJBvkNgijvi+zby4ybU2kX9k88Dl0cyvlobkZBkBETvfKUeuFAn
k8t4lDr4+hDcwoCaTBOjivgLzyknC7c8A3QvMaEYSPamL8vgqQ==
-----END CERTIFICATE-----