Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/aBNDr9GQ_LuUVOgYRCvXmAUSE0Y.roa
File:                     aBNDr9GQ_LuUVOgYRCvXmAUSE0Y.roa (raw, json)
Hash identifier:          LLWkQu3byCh0oWXP9uxi/63/V2l6+W/zag9aHX1Poj4=
Subject key identifier:   68:13:43:AF:D1:90:FC:BB:94:54:E8:18:44:2B:D7:98:05:12:13:46
Certificate issuer:       /CN=8f368feb9e553bdd131562584a3353b1d7555c50
Certificate serial:       01856D8AAEB7C7C63240359A0E0B81F4A35F
Authority key identifier: 8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/aBNDr9GQ_LuUVOgYRCvXmAUSE0Y.roa
Signing time:             Sun 01 Jan 2023 13:34:43 +0000
ROA not before:           Sun 01 Jan 2023 13:34:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201565
IP address blocks:        185.11.232.0/22 maxlen: 22
                          185.91.150.0/23 maxlen: 23
                          185.91.148.0/23 maxlen: 23
                          94.176.185.0/24 maxlen: 24
                          94.176.184.0/24 maxlen: 24
                          185.59.96.0/22 maxlen: 22
                          89.35.206.0/24 maxlen: 24
                          89.35.207.0/24 maxlen: 24
                          2a03:7e40:5000::/36 maxlen: 36
                          2a03:7e40:4000::/36 maxlen: 36
                          2a03:7e40:2000::/36 maxlen: 36
                          2a03:7e40:3000::/36 maxlen: 36
                          2a03:7e40:1000::/36 maxlen: 36
                          2a03:7e40::/36 maxlen: 36
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:8a:ae:b7:c7:c6:32:40:35:9a:0e:0b:81:f4:a3:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f368feb9e553bdd131562584a3353b1d7555c50
        Validity
            Not Before: Jan  1 13:34:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=681343afd190fcbb9454e818442bd79805121346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:73:72:be:d4:a0:dc:8c:4e:75:99:3d:df:c2:
                    e6:2d:98:67:e2:74:9f:64:eb:0e:5d:18:67:a5:83:
                    3a:c6:02:88:05:af:77:ff:e7:70:12:7e:e9:1f:1b:
                    fb:6e:4a:11:71:f8:12:4d:38:a4:ba:ed:75:f7:fa:
                    15:9c:a3:79:08:74:98:82:36:b2:ec:e0:61:61:86:
                    74:55:01:45:f7:3e:f3:68:b9:d3:30:63:70:46:a6:
                    42:14:e2:dd:05:f3:3f:04:c2:f4:a0:b1:6b:b5:bc:
                    27:ab:24:39:66:29:ca:17:82:c3:be:87:27:5c:12:
                    96:e3:14:9c:05:ed:e3:ec:03:02:91:65:a7:f3:e8:
                    56:3d:02:c3:1b:e8:f0:96:27:b5:51:17:c3:95:f3:
                    4a:8d:90:e5:3a:2d:92:3a:11:b6:b2:28:dd:ca:ab:
                    c3:d1:72:e3:e9:c1:7a:9c:8c:33:01:db:65:db:39:
                    09:1a:03:28:44:03:c9:3f:4d:60:d0:9c:9b:0e:ad:
                    e3:7c:14:b1:7c:4f:c4:6d:c0:7b:b8:e1:23:f2:e8:
                    fb:4b:3a:72:9a:5d:83:0e:0e:c4:84:e9:b0:da:61:
                    cc:41:d7:36:7f:64:8b:69:a4:f1:3f:ea:b2:87:fe:
                    cb:05:4f:6e:ae:15:71:56:ef:6a:b8:c1:91:a0:7f:
                    19:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:13:43:AF:D1:90:FC:BB:94:54:E8:18:44:2B:D7:98:05:12:13:46
            X509v3 Authority Key Identifier:
                keyid:8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/aBNDr9GQ_LuUVOgYRCvXmAUSE0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/jzaP655VO90TFWJYSjNTsddVXFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.206.0/23
                  94.176.184.0/23
                  185.11.232.0/22
                  185.59.96.0/22
                  185.91.148.0/22
                IPv6:
                  2a03:7e40::-2a03:7e40:5fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         68:98:2d:ce:b6:4a:f8:81:9f:cc:e2:18:ae:83:b9:ad:a6:fb:
         99:a7:0a:74:22:20:3d:f3:aa:94:36:d1:4b:e0:83:5a:42:4b:
         17:87:b5:21:ae:79:56:4d:37:05:a7:ed:73:65:00:59:88:48:
         9a:f0:23:27:72:15:94:c4:2f:cf:47:62:ba:b7:3c:25:4e:da:
         90:36:d7:3e:9c:01:73:c4:24:81:03:84:e5:4d:75:3b:b2:12:
         ef:35:bd:39:62:a2:d1:b8:04:4c:bb:ad:ae:08:a3:b9:01:a4:
         69:18:da:c5:5f:cd:08:ae:1d:28:11:89:47:a8:ef:cb:85:50:
         89:f8:f2:73:9b:c3:31:bb:86:a6:ed:de:25:a4:da:a0:3d:7c:
         07:2f:26:f5:fc:05:52:82:43:a4:08:a8:90:de:91:d5:97:63:
         c1:69:ed:77:9c:80:74:9d:ec:83:b3:21:0e:03:0f:f5:4a:94:
         56:d2:b6:59:6e:37:5d:a4:25:66:fb:a7:a3:07:4b:84:48:a5:
         7d:16:40:48:aa:6c:0d:3b:f5:db:0f:67:26:3c:5a:ed:0f:60:
         eb:47:5f:cd:f3:4a:7c:01:16:a6:38:ac:6c:e5:ee:ac:a3:11:
         18:39:77:9e:ad:9e:9e:6a:ac:ba:4f:c6:d1:66:8f:7d:91:e5:
         c7:9b:9b:02
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYVtiq63x8YyQDWaDguB9KNfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzY4ZmViOWU1NTNiZGQxMzE1NjI1ODRhMzM1M2IxZDc1
NTVjNTAwHhcNMjMwMTAxMTMzNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODEzNDNhZmQxOTBmY2JiOTQ1NGU4MTg0NDJiZDc5ODA1MTIxMzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXNyvtSg3IxOdZk938LmLZhn4nSf
ZOsOXRhnpYM6xgKIBa93/+dwEn7pHxv7bkoRcfgSTTikuu119/oVnKN5CHSYgjay
7OBhYYZ0VQFF9z7zaLnTMGNwRqZCFOLdBfM/BML0oLFrtbwnqyQ5ZinKF4LDvocn
XBKW4xScBe3j7AMCkWWn8+hWPQLDG+jwlie1URfDlfNKjZDlOi2SOhG2sijdyqvD
0XLj6cF6nIwzAdtl2zkJGgMoRAPJP01g0JybDq3jfBSxfE/EbcB7uOEj8uj7Szpy
ml2DDg7EhOmw2mHMQdc2f2SLaaTxP+qyh/7LBU9urhVxVu9quMGRoH8ZwwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFGgTQ6/RkPy7lFToGEQr15gFEhNGMB8GA1UdIwQY
MBaAFI82j+ueVTvdExViWEozU7HXVVxQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjct
M2VjYTdkZjJhZTU3LzEvYUJORHI5R1FfTHVVVk9nWVJDdlhtQVVTRTBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjctM2VjYTdkZjJhZTU3
LzEvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAkBAIAATAeAwQBWSPOAwQB
XrC4AwQCuQvoAwQCuTtgAwQCuVuUMBcEAgACMBEwDwMFBioDfkADBgUqA35AQDAN
BgkqhkiG9w0BAQsFAAOCAQEAaJgtzrZK+IGfzOIYroO5rab7macKdCIgPfOqlDbR
S+CDWkJLF4e1Ia55Vk03Baftc2UAWYhImvAjJ3IVlMQvz0diurc8JU7akDbXPpwB
c8QkgQOE5U11O7IS7zW9OWKi0bgETLutrgijuQGkaRjaxV/NCK4dKBGJR6jvy4VQ
ifjyc5vDMbuGpu3eJaTaoD18By8m9fwFUoJDpAiokN6R1ZdjwWntd5yAdJ3sg7Mh
DgMP9UqUVtK2WW43XaQlZvunowdLhEilfRZASKpsDTv12w9nJjxa7Q9g60dfzfNK
fAEWpjisbOXurKMRGDl3nq2enmqsuk/G0WaPfZHlx5ubAg==
-----END CERTIFICATE-----