Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/m3Q2ZgustpMndZsrZoh3HPCMnFQ.roa
File:                     m3Q2ZgustpMndZsrZoh3HPCMnFQ.roa (raw, json)
Hash identifier:          2LuMuTJyVe6/BjuQwgetv4ddE9b0rAXWsnUOdzXu+Vo=
Subject key identifier:   9B:74:36:66:0B:AC:B6:93:27:75:9B:2B:66:88:77:1C:F0:8C:9C:54
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       0185778D3A5E803063BFF669D312A164EE15
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/m3Q2ZgustpMndZsrZoh3HPCMnFQ.roa
Signing time:             Tue 03 Jan 2023 12:13:42 +0000
ROA not before:           Tue 03 Jan 2023 12:13:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60494
IP address blocks:        37.153.90.0/24 maxlen: 24
                          37.153.88.0/24 maxlen: 24
                          37.153.91.0/24 maxlen: 24
                          37.153.89.0/24 maxlen: 24
                          37.153.94.0/24 maxlen: 24
                          37.153.92.0/24 maxlen: 24
                          37.153.95.0/24 maxlen: 24
                          37.153.93.0/24 maxlen: 24
                          185.40.145.0/24 maxlen: 24
                          185.40.144.0/24 maxlen: 24
                          185.40.147.0/24 maxlen: 24
                          185.40.146.0/24 maxlen: 24
                          31.200.240.0/24 maxlen: 24
                          31.200.246.0/24 maxlen: 24
                          31.200.244.0/24 maxlen: 24
                          31.200.242.0/24 maxlen: 24
                          31.200.245.0/24 maxlen: 24
                          31.200.243.0/24 maxlen: 24
                          31.200.241.0/24 maxlen: 24
                          31.200.247.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:77:8d:3a:5e:80:30:63:bf:f6:69:d3:12:a1:64:ee:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  3 12:13:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9b7436660bacb69327759b2b6688771cf08c9c54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3c:7f:7b:d4:bc:24:79:fd:e3:af:5d:ea:45:
                    73:61:53:f3:48:4e:a5:ab:6e:d0:5d:d6:3d:ba:75:
                    62:4d:b0:af:26:ac:66:17:4d:2e:6c:1c:70:d9:05:
                    0d:3a:05:fd:44:8c:c3:03:b4:73:6e:74:87:91:0c:
                    57:04:2e:7c:ce:f8:a2:97:d0:2d:88:3e:17:68:7d:
                    a7:cd:64:4e:fb:dc:25:6c:d5:d3:23:38:a9:1a:0d:
                    d8:c5:92:33:a6:ac:01:a1:58:1e:27:83:56:cf:26:
                    b0:02:43:c6:2a:e7:c9:f1:7b:87:7f:1d:60:bf:80:
                    6b:f1:d3:b2:88:ac:0d:63:cd:ea:97:9a:ef:4d:31:
                    cd:07:5d:42:2d:06:e5:24:a3:a1:2e:0c:60:b6:fe:
                    55:ec:0b:e6:5e:5b:f0:11:54:17:03:73:4f:3e:64:
                    ed:af:f2:b7:91:b3:00:be:d3:a4:f1:e8:37:09:ce:
                    54:49:6b:1d:f7:b1:e6:4c:09:52:87:0a:8c:3e:c0:
                    64:ac:5a:04:f8:08:7e:30:4d:11:0e:a5:3e:90:93:
                    b8:3d:fa:8d:38:46:53:df:6f:eb:9f:f0:4b:2a:28:
                    0c:af:34:11:4c:ed:79:bc:76:d9:af:5e:7d:9e:b5:
                    dc:18:5f:d7:92:a3:9f:52:28:84:f8:50:8f:1a:d8:
                    0b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:74:36:66:0B:AC:B6:93:27:75:9B:2B:66:88:77:1C:F0:8C:9C:54
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/m3Q2ZgustpMndZsrZoh3HPCMnFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.200.240.0/21
                  37.153.88.0/21
                  185.40.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:8a:ce:86:4b:69:62:8e:c9:51:61:f9:9b:ae:85:14:ae:e8:
         9d:6b:fe:43:de:71:f1:87:8e:22:eb:b6:f1:4c:40:71:76:0a:
         e9:07:6d:ec:97:24:c1:78:ff:8c:9d:b5:08:82:2e:76:d7:a4:
         76:d3:88:f1:a0:50:83:1a:e5:77:89:1e:5b:ae:0f:c1:86:93:
         a7:83:72:ee:be:12:21:52:eb:8d:32:3c:12:05:95:cc:42:27:
         07:52:aa:05:7d:80:cc:d6:1c:ee:2f:88:b4:75:6f:70:70:a6:
         8d:25:5c:6e:58:e2:89:2e:90:f1:8b:ad:1c:89:a7:b3:42:08:
         9a:75:05:b0:5a:13:7b:38:e3:87:e8:5b:7a:04:a0:59:e6:e4:
         bd:2d:03:6d:c9:44:ce:2c:7c:7b:10:b2:ff:cc:a3:2a:61:2e:
         87:b8:f9:5d:c0:6e:9b:a0:a4:a1:ec:8f:4c:4a:b4:69:9a:e3:
         9f:71:d0:8a:ee:1c:60:e8:42:6c:a0:62:6f:3c:5b:d5:60:d4:
         ba:2e:f8:35:80:a2:bc:8f:ce:c5:2e:96:be:53:d1:60:85:22:
         6b:0f:89:4d:ef:d1:27:e4:38:46:fd:72:01:ba:d1:fa:de:a2:
         58:bd:1b:4e:8d:10:4d:8a:04:ff:5c:27:f4:6f:39:93:c3:a3:
         55:8e:5e:c0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYV3jTpegDBjv/Zp0xKhZO4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjMwMTAzMTIxMzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjc0MzY2NjBiYWNiNjkzMjc3NTliMmI2Njg4NzcxY2YwOGM5YzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDx/e9S8JHn9469d6kVzYVPzSE6l
q27QXdY9unViTbCvJqxmF00ubBxw2QUNOgX9RIzDA7RzbnSHkQxXBC58zviil9At
iD4XaH2nzWRO+9wlbNXTIzipGg3YxZIzpqwBoVgeJ4NWzyawAkPGKufJ8XuHfx1g
v4Br8dOyiKwNY83ql5rvTTHNB11CLQblJKOhLgxgtv5V7AvmXlvwEVQXA3NPPmTt
r/K3kbMAvtOk8eg3Cc5USWsd97HmTAlShwqMPsBkrFoE+Ah+ME0RDqU+kJO4PfqN
OEZT32/rn/BLKigMrzQRTO15vHbZr159nrXcGF/XkqOfUiiE+FCPGtgLEwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJt0NmYLrLaTJ3WbK2aIdxzwjJxUMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvbTNRMlpndXN0cE1uZFpzclpvaDNIUENNbkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDH8jwAwQD
JZlYAwQCuSiQMA0GCSqGSIb3DQEBCwUAA4IBAQBRis6GS2lijslRYfmbroUUruid
a/5D3nHxh44i67bxTEBxdgrpB23slyTBeP+MnbUIgi5216R204jxoFCDGuV3iR5b
rg/BhpOng3LuvhIhUuuNMjwSBZXMQicHUqoFfYDM1hzuL4i0dW9wcKaNJVxuWOKJ
LpDxi60ciaezQgiadQWwWhN7OOOH6Ft6BKBZ5uS9LQNtyUTOLHx7ELL/zKMqYS6H
uPldwG6boKSh7I9MSrRpmuOfcdCK7hxg6EJsoGJvPFvVYNS6Lvg1gKK8j87FLpa+
U9FghSJrD4lN79En5DhG/XIButH63qJYvRtOjRBNigT/XCf0bzmTw6NVjl7A
-----END CERTIFICATE-----