Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/QnEzU2rg9SR63AeIqOZJRRRpbzE.roa
File:                     QnEzU2rg9SR63AeIqOZJRRRpbzE.roa (raw, json)
Hash identifier:          I0fDM1bt0HJ3TkoSf4C7DqQREgo+rSs5La9S+uS9qhM=
Subject key identifier:   42:71:33:53:6A:E0:F5:24:7A:DC:07:88:A8:E6:49:45:14:69:6F:31
Certificate issuer:       /CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
Certificate serial:       018848AA10591E458D793F7D8ACF31B35F08
Authority key identifier: B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/QnEzU2rg9SR63AeIqOZJRRRpbzE.roa
Signing time:             Tue 23 May 2023 12:51:24 +0000
ROA not before:           Tue 23 May 2023 12:51:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25454
IP address blocks:        217.12.112.0/20 maxlen: 24
                          185.8.68.0/22 maxlen: 22
                          94.243.64.0/18 maxlen: 24
                          212.56.192.0/19 maxlen: 24
                          185.167.132.0/22 maxlen: 24
                          188.131.0.0/17 maxlen: 24
                          77.89.192.0/18 maxlen: 24
                          46.166.0.0/18 maxlen: 24
                          193.239.182.0/23 maxlen: 24
                          195.22.224.0/19 maxlen: 24
                          2a00:1858::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:48:aa:10:59:1e:45:8d:79:3f:7d:8a:cf:31:b3:5f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
        Validity
            Not Before: May 23 12:51:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=427133536ae0f5247adc0788a8e6494514696f31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:77:36:a4:73:9b:7a:33:1a:44:2a:21:ed:30:
                    84:f5:a8:74:32:7e:75:76:00:94:65:44:18:04:13:
                    9c:91:33:d0:63:09:5f:f8:20:39:11:3c:da:68:54:
                    0d:37:4b:a5:bd:29:be:1e:d2:85:5e:df:7e:e2:44:
                    cd:89:fd:fa:5f:f9:e2:3e:5f:49:d0:f1:5a:dd:e4:
                    71:61:41:87:92:7c:72:f1:29:e6:1f:06:1c:05:46:
                    0d:7b:7d:67:f0:a4:6f:e3:e0:7d:01:41:ee:5e:c5:
                    23:67:62:25:ab:bf:43:cd:3f:dd:5c:d2:c0:23:95:
                    54:3f:35:5a:87:86:6d:9b:1e:ee:31:7d:be:b4:2f:
                    cd:bc:56:00:5c:db:06:5c:09:9e:8a:e2:7c:51:ea:
                    23:e5:41:d9:55:c1:13:2a:ea:9d:4a:b2:91:87:e6:
                    43:cb:d3:e0:33:d1:14:5e:c1:78:5d:79:30:34:b1:
                    cb:53:ad:eb:29:8a:8a:42:ac:b7:6a:d1:ef:76:87:
                    31:0d:71:a4:09:48:89:c2:8e:82:dd:a2:5a:42:41:
                    d1:4a:93:5a:f1:e4:84:8c:fe:9c:ee:81:30:55:db:
                    5a:c9:c3:f1:55:94:40:76:b3:15:18:e2:f4:61:cd:
                    60:42:6a:e4:2f:ed:71:e1:e0:63:bc:e3:c0:4e:93:
                    41:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:71:33:53:6A:E0:F5:24:7A:DC:07:88:A8:E6:49:45:14:69:6F:31
            X509v3 Authority Key Identifier:
                keyid:B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/QnEzU2rg9SR63AeIqOZJRRRpbzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.166.0.0/18
                  77.89.192.0/18
                  94.243.64.0/18
                  185.8.68.0/22
                  185.167.132.0/22
                  188.131.0.0/17
                  193.239.182.0/23
                  195.22.224.0/19
                  212.56.192.0/19
                  217.12.112.0/20
                IPv6:
                  2a00:1858::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:65:f5:4a:7c:9b:c1:d2:85:00:6e:09:82:c2:b2:d3:c5:0f:
         b7:e6:e4:2e:a9:be:36:07:47:6d:d8:7c:e1:11:b6:63:f0:bf:
         1f:65:b0:73:1e:0e:d3:c1:1c:3b:12:a9:33:48:71:7d:81:2b:
         9d:07:8a:52:fc:26:c7:14:ae:86:96:73:75:e6:ce:a4:d9:02:
         94:22:0b:3a:a0:57:17:2e:bd:ca:6e:a3:b2:9b:0f:76:97:01:
         ab:8f:e6:0b:5a:e8:7b:1c:64:07:49:85:2f:2d:6f:7d:7f:06:
         b4:ad:21:4d:dc:ab:0b:8a:67:55:54:58:c2:68:53:e3:58:72:
         8d:2e:5f:af:b8:d3:01:57:30:cb:cb:20:f3:25:f5:dd:cb:03:
         c2:3e:35:c0:d1:14:cf:04:24:5c:f1:4f:71:c2:cb:7c:76:2b:
         82:b8:ae:a0:5e:12:49:95:45:e0:b8:c4:5b:9f:e0:3d:22:ce:
         7b:0e:5e:84:41:2e:ca:1e:b7:eb:4f:41:70:cf:23:c6:8d:19:
         c1:4d:0f:0c:04:85:52:1f:f4:18:b2:5e:c5:fa:f9:36:d9:51:
         29:02:c1:aa:9f:79:92:b3:98:2c:93:e6:8d:2c:58:b6:72:5d:
         60:f2:be:4c:25:6b:2d:fc:5b:17:37:c3:58:90:c4:c5:80:3b:
         e8:5f:77:7f
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYhIqhBZHkWNeT99is8xs18IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwM2MzMDJjMmY1MjI3N2UzZDBhYjY4NDJmNjhhYTVmOGQw
ZDc3ODcwHhcNMjMwNTIzMTI1MTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjcxMzM1MzZhZTBmNTI0N2FkYzA3ODhhOGU2NDk0NTE0Njk2ZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnc2pHObejMaRCoh7TCE9ah0Mn51
dgCUZUQYBBOckTPQYwlf+CA5ETzaaFQNN0ulvSm+HtKFXt9+4kTNif36X/niPl9J
0PFa3eRxYUGHknxy8SnmHwYcBUYNe31n8KRv4+B9AUHuXsUjZ2Ilq79DzT/dXNLA
I5VUPzVah4Ztmx7uMX2+tC/NvFYAXNsGXAmeiuJ8Ueoj5UHZVcETKuqdSrKRh+ZD
y9PgM9EUXsF4XXkwNLHLU63rKYqKQqy3atHvdocxDXGkCUiJwo6C3aJaQkHRSpNa
8eSEjP6c7oEwVdtaycPxVZRAdrMVGOL0Yc1gQmrkL+1x4eBjvOPATpNBlQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFEJxM1Nq4PUketwHiKjmSUUUaW8xMB8GA1UdIwQY
MBaAFLA8MCwvUid+PQq2hC9oql+NDXeHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2Et
NmY3MDI0YzNhYWQ3LzEvUW5FelUycmc5U1I2M0FlSXFPWkpSUlJwYnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2EtNmY3MDI0YzNhYWQ3
LzEvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQGLqYAAwQG
TVnAAwQGXvNAAwQCuQhEAwQCuaeEAwQHvIMAAwQBwe+2AwQFwxbgAwQF1DjAAwQE
2QxwMA0EAgACMAcDBQAqABhYMA0GCSqGSIb3DQEBCwUAA4IBAQAUZfVKfJvB0oUA
bgmCwrLTxQ+35uQuqb42B0dt2HzhEbZj8L8fZbBzHg7TwRw7EqkzSHF9gSudB4pS
/CbHFK6GlnN15s6k2QKUIgs6oFcXLr3KbqOymw92lwGrj+YLWuh7HGQHSYUvLW99
fwa0rSFN3KsLimdVVFjCaFPjWHKNLl+vuNMBVzDLyyDzJfXdywPCPjXA0RTPBCRc
8U9xwst8diuCuK6gXhJJlUXguMRbn+A9Is57Dl6EQS7KHrfrT0FwzyPGjRnBTQ8M
BIVSH/QYsl7F+vk22VEpAsGqn3mSs5gsk+aNLFi2cl1g8r5MJWst/FsXN8NYkMTF
gDvoX3d/
-----END CERTIFICATE-----