Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/f6BY3MX-Pva0dpC2xZCX-T7_mKI.roa
File:                     f6BY3MX-Pva0dpC2xZCX-T7_mKI.roa (raw, json)
Hash identifier:          aWTSngauZr1MThNvAs8qD7TVMRi2jLiVaVTx7AWVWUw=
Subject key identifier:   7F:A0:58:DC:C5:FE:3E:F6:B4:76:90:B6:C5:90:97:F9:3E:FF:98:A2
Certificate issuer:       /CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
Certificate serial:       01856C65B42487173555246E20819F42B80D
Authority key identifier: B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/f6BY3MX-Pva0dpC2xZCX-T7_mKI.roa
Signing time:             Sun 01 Jan 2023 08:14:42 +0000
ROA not before:           Sun 01 Jan 2023 08:14:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25454
IP address blocks:        217.12.112.0/20 maxlen: 24
                          185.8.68.0/22 maxlen: 22
                          94.243.64.0/18 maxlen: 24
                          212.56.192.0/19 maxlen: 24
                          188.131.0.0/17 maxlen: 24
                          77.89.192.0/18 maxlen: 24
                          46.166.0.0/18 maxlen: 24
                          193.239.182.0/23 maxlen: 24
                          195.22.224.0/19 maxlen: 24
                          2a00:1858::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:65:b4:24:87:17:35:55:24:6e:20:81:9f:42:b8:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
        Validity
            Not Before: Jan  1 08:14:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7fa058dcc5fe3ef6b47690b6c59097f93eff98a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:47:cf:3e:ad:b5:51:89:55:8c:42:66:60:a3:
                    fe:dc:f6:b0:f3:ff:ae:71:43:5a:27:5d:e2:31:ce:
                    00:88:7d:b4:e2:11:ac:69:e7:7a:a6:d6:41:87:9f:
                    1a:f6:7d:f8:c4:f8:e3:2f:3b:97:72:6e:5e:a6:b5:
                    a5:e4:93:7c:e8:ff:a2:fa:f0:5b:6e:75:63:20:e4:
                    b3:7c:22:51:66:b7:0b:b0:5b:71:b0:3c:b8:bf:4d:
                    42:68:a1:5c:38:5f:a7:dd:ef:3d:fb:8c:25:02:b8:
                    10:e3:70:ae:cf:d0:4c:34:67:37:dc:e8:7f:20:fb:
                    77:d6:0e:c8:da:c0:74:0a:bc:72:b1:d9:7e:b8:21:
                    84:5e:c5:40:f5:22:4a:47:e9:21:25:21:64:c0:4e:
                    6d:f8:d0:d1:26:f6:b9:8b:8f:c5:97:91:89:55:1e:
                    d2:b2:ea:f9:70:a2:3a:f7:47:ce:e1:57:60:2e:8e:
                    21:9d:2e:8e:a1:af:05:ff:4b:9c:09:6f:3b:dc:49:
                    bc:3a:18:cc:6b:d9:f9:85:bb:c0:7a:5f:48:4a:fe:
                    a1:2f:30:30:27:90:40:67:50:db:48:bc:9a:5e:21:
                    a5:5e:0b:1d:cd:87:bb:08:86:c2:e5:15:21:44:5c:
                    67:6c:3f:65:94:a6:73:b2:33:bf:fd:d8:eb:54:a1:
                    7b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:A0:58:DC:C5:FE:3E:F6:B4:76:90:B6:C5:90:97:F9:3E:FF:98:A2
            X509v3 Authority Key Identifier:
                keyid:B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/f6BY3MX-Pva0dpC2xZCX-T7_mKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.166.0.0/18
                  77.89.192.0/18
                  94.243.64.0/18
                  185.8.68.0/22
                  188.131.0.0/17
                  193.239.182.0/23
                  195.22.224.0/19
                  212.56.192.0/19
                  217.12.112.0/20
                IPv6:
                  2a00:1858::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:6b:fb:36:8b:82:e5:0b:e6:db:87:79:47:ac:f2:6f:1a:b2:
         4f:96:04:a9:db:5a:eb:f7:a3:97:21:6f:47:40:07:1a:ce:24:
         92:01:9d:ea:22:b4:ca:87:11:28:fd:d6:00:70:10:e7:e8:0d:
         1d:b8:8e:26:ee:67:2a:bb:ba:6b:12:af:7f:44:27:45:c1:5c:
         71:79:04:91:9a:2a:b6:d9:96:f1:12:67:a2:30:a9:92:df:4a:
         2f:b8:5c:d2:15:32:f3:4d:ae:27:54:e6:ca:5b:fc:ef:5e:fc:
         f0:c6:d2:e0:12:ad:06:e4:7e:0d:ee:1d:2a:f5:75:07:ff:90:
         b3:5d:90:12:4e:0b:19:5e:c6:51:16:b6:e5:eb:53:df:dd:26:
         e6:b9:67:b1:69:1f:64:95:3c:0e:69:3f:c8:14:95:72:1d:20:
         4c:a5:f8:40:47:a4:50:f4:9d:98:10:0e:b5:f9:f8:c4:c2:a2:
         45:34:c5:25:ea:ae:ab:93:d5:db:01:3e:09:a5:a8:8e:d4:71:
         2e:8c:a3:1b:47:ff:f6:af:a5:7f:16:66:6f:04:31:39:b9:52:
         5e:52:6b:4a:1d:98:8c:9d:2d:84:73:6b:6d:68:83:43:77:de:
         4a:a6:64:12:9b:83:67:48:60:5a:e0:07:95:09:c4:fb:9a:ec:
         e9:1d:22:5f
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVsZbQkhxc1VSRuIIGfQrgNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwM2MzMDJjMmY1MjI3N2UzZDBhYjY4NDJmNjhhYTVmOGQw
ZDc3ODcwHhcNMjMwMTAxMDgxNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmEwNThkY2M1ZmUzZWY2YjQ3NjkwYjZjNTkwOTdmOTNlZmY5OGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0fPPq21UYlVjEJmYKP+3Paw8/+u
cUNaJ13iMc4AiH204hGsaed6ptZBh58a9n34xPjjLzuXcm5eprWl5JN86P+i+vBb
bnVjIOSzfCJRZrcLsFtxsDy4v01CaKFcOF+n3e89+4wlArgQ43Cuz9BMNGc33Oh/
IPt31g7I2sB0Crxysdl+uCGEXsVA9SJKR+khJSFkwE5t+NDRJva5i4/Fl5GJVR7S
sur5cKI690fO4VdgLo4hnS6Ooa8F/0ucCW873Em8OhjMa9n5hbvAel9ISv6hLzAw
J5BAZ1DbSLyaXiGlXgsdzYe7CIbC5RUhRFxnbD9llKZzsjO//djrVKF7hQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFH+gWNzF/j72tHaQtsWQl/k+/5iiMB8GA1UdIwQY
MBaAFLA8MCwvUid+PQq2hC9oql+NDXeHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2Et
NmY3MDI0YzNhYWQ3LzEvZjZCWTNNWC1QdmEwZHBDMnhaQ1gtVDdfbUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2EtNmY3MDI0YzNhYWQ3
LzEvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQGLqYAAwQG
TVnAAwQGXvNAAwQCuQhEAwQHvIMAAwQBwe+2AwQFwxbgAwQF1DjAAwQE2QxwMA0E
AgACMAcDBQAqABhYMA0GCSqGSIb3DQEBCwUAA4IBAQA+a/s2i4LlC+bbh3lHrPJv
GrJPlgSp21rr96OXIW9HQAcaziSSAZ3qIrTKhxEo/dYAcBDn6A0duI4m7mcqu7pr
Eq9/RCdFwVxxeQSRmiq22ZbxEmeiMKmS30ovuFzSFTLzTa4nVObKW/zvXvzwxtLg
Eq0G5H4N7h0q9XUH/5CzXZASTgsZXsZRFrbl61Pf3SbmuWexaR9klTwOaT/IFJVy
HSBMpfhAR6RQ9J2YEA61+fjEwqJFNMUl6q6rk9XbAT4JpaiO1HEujKMbR//2r6V/
FmZvBDE5uVJeUmtKHZiMnS2Ec2ttaINDd95KpmQSm4NnSGBa4AeVCcT7muzpHSJf
-----END CERTIFICATE-----