Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/KbBTk0oPzORUcm6-BG2-g11saPU.roa
File:                     KbBTk0oPzORUcm6-BG2-g11saPU.roa (raw, json)
Hash identifier:          46U+1FF/y/Q+96THUYSOmPRDeFZbB1dbqt1Cxpgwdzo=
Subject key identifier:   29:B0:53:93:4A:0F:CC:E4:54:72:6E:BE:04:6D:BE:83:5D:6C:68:F5
Certificate issuer:       /CN=458834c52abe30427f0a22aa46fd3d0809ed4585
Certificate serial:       018A4C3E95C683F580B61A2BB72C049AB58F
Authority key identifier: 45:88:34:C5:2A:BE:30:42:7F:0A:22:AA:46:FD:3D:08:09:ED:45:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYg0xSq-MEJ_CiKqRv09CAntRYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/KbBTk0oPzORUcm6-BG2-g11saPU.roa
Signing time:             Thu 31 Aug 2023 15:38:04 +0000
ROA not before:           Thu 31 Aug 2023 15:38:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60822
IP address blocks:        46.23.204.0/22 maxlen: 22
                          46.23.200.0/22 maxlen: 22
                          195.137.144.0/22 maxlen: 22
                          195.137.140.0/22 maxlen: 22
                          195.137.150.0/24 maxlen: 24
                          195.137.152.0/24 maxlen: 24
                          195.137.151.0/24 maxlen: 24
                          195.137.149.0/24 maxlen: 24
                          195.137.148.0/24 maxlen: 24
                          195.137.154.0/24 maxlen: 24
                          195.137.153.0/24 maxlen: 24
                          195.137.155.0/24 maxlen: 24
                          46.23.192.0/21 maxlen: 21
                          185.85.212.0/22 maxlen: 22
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:4c:3e:95:c6:83:f5:80:b6:1a:2b:b7:2c:04:9a:b5:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458834c52abe30427f0a22aa46fd3d0809ed4585
        Validity
            Not Before: Aug 31 15:38:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=29b053934a0fcce454726ebe046dbe835d6c68f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:0a:8b:c0:68:9e:e5:e5:22:c1:de:ce:7b:08:
                    7b:73:69:7c:f1:76:81:65:6a:04:fc:0f:50:95:17:
                    08:bd:6b:2b:a5:e8:1a:99:f4:8a:d2:61:0e:55:cb:
                    37:19:e2:ef:32:a6:ea:60:74:b1:70:18:81:38:62:
                    49:9d:17:3e:4b:a4:41:cf:a9:4a:e7:df:fb:f2:87:
                    88:0e:2f:ec:17:3a:a5:10:db:8d:ac:37:e1:83:2f:
                    53:c9:47:ec:60:4b:9a:87:27:fb:a0:b7:82:8c:73:
                    3f:3d:d6:95:b9:65:bb:e7:56:32:0e:66:91:f6:c0:
                    08:fb:b2:40:77:87:6d:e9:39:a9:8d:1e:4d:87:81:
                    57:76:15:53:e2:7a:73:1b:28:86:9e:fa:c5:cb:92:
                    11:29:8d:c3:cf:01:79:18:ca:8f:73:e0:18:81:fc:
                    6a:ff:37:d8:d1:24:73:2d:1e:e5:68:c6:ab:0f:09:
                    ba:b3:4c:d1:a9:38:66:f3:c2:b3:11:74:89:61:61:
                    64:69:be:db:30:dd:ee:84:19:29:4f:c2:89:71:37:
                    55:7a:3e:3e:e8:1a:13:12:ec:fb:8f:cd:ed:99:71:
                    e2:56:65:92:b5:b9:03:8b:83:b6:21:d3:74:b3:b7:
                    a1:8c:6a:c7:9b:eb:0f:5a:ce:94:bf:42:42:2e:e1:
                    e7:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B0:53:93:4A:0F:CC:E4:54:72:6E:BE:04:6D:BE:83:5D:6C:68:F5
            X509v3 Authority Key Identifier:
                keyid:45:88:34:C5:2A:BE:30:42:7F:0A:22:AA:46:FD:3D:08:09:ED:45:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYg0xSq-MEJ_CiKqRv09CAntRYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/KbBTk0oPzORUcm6-BG2-g11saPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/RYg0xSq-MEJ_CiKqRv09CAntRYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.192.0/20
                  185.85.212.0/22
                  195.137.140.0-195.137.155.255

    Signature Algorithm: sha256WithRSAEncryption
         4f:e2:86:b8:06:34:29:ee:a8:d8:b0:f5:39:f7:fd:2a:52:be:
         9d:e6:f9:a4:69:af:77:f3:45:0d:2f:71:0a:9e:e2:85:aa:b3:
         17:ed:c0:73:f8:c8:60:60:95:6d:35:6e:cf:2e:b3:c2:dd:4f:
         67:19:94:5d:9f:bb:01:6c:f5:c7:cf:87:28:93:e6:cc:10:83:
         83:36:50:c1:4a:f0:52:0e:6f:77:f4:bf:b0:55:d0:aa:05:c1:
         c8:af:a8:a0:38:48:05:6b:61:cd:d5:45:ef:d1:79:97:c1:a0:
         a6:f0:e5:3d:a7:06:24:15:ba:ab:ac:e1:81:f2:97:cb:8c:bc:
         c6:74:18:75:94:a4:4b:09:ae:eb:52:94:df:4f:6e:b8:42:19:
         0d:5d:cd:c3:9e:97:cb:fb:0a:3b:8a:88:95:c6:7e:2b:ec:4e:
         db:8b:2a:bd:3d:21:be:e9:a3:7e:04:d8:c2:ad:01:7b:ab:5f:
         16:d8:0e:c3:d3:8e:0f:88:c6:25:c3:11:0b:ec:af:cf:12:38:
         78:a9:56:49:27:45:18:7a:da:48:8b:0b:49:ed:1a:4b:33:50:
         01:a1:f4:e5:ee:60:bc:7c:40:5b:2b:6a:b0:70:43:c1:dd:27:
         e3:4f:88:d7:06:37:54:04:f1:6f:53:75:94:ac:24:78:7e:0a:
         8d:92:98:ba
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYpMPpXGg/WAthortywEmrWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ODgzNGM1MmFiZTMwNDI3ZjBhMjJhYTQ2ZmQzZDA4MDll
ZDQ1ODUwHhcNMjMwODMxMTUzODA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWIwNTM5MzRhMGZjY2U0NTQ3MjZlYmUwNDZkYmU4MzVkNmM2OGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gqLwGie5eUiwd7Oewh7c2l88XaB
ZWoE/A9QlRcIvWsrpegamfSK0mEOVcs3GeLvMqbqYHSxcBiBOGJJnRc+S6RBz6lK
59/78oeIDi/sFzqlENuNrDfhgy9TyUfsYEuahyf7oLeCjHM/PdaVuWW751YyDmaR
9sAI+7JAd4dt6TmpjR5Nh4FXdhVT4npzGyiGnvrFy5IRKY3DzwF5GMqPc+AYgfxq
/zfY0SRzLR7laMarDwm6s0zRqThm88KzEXSJYWFkab7bMN3uhBkpT8KJcTdVej4+
6BoTEuz7j83tmXHiVmWStbkDi4O2IdN0s7ehjGrHm+sPWs6Uv0JCLuHnDwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFCmwU5NKD8zkVHJuvgRtvoNdbGj1MB8GA1UdIwQY
MBaAFEWINMUqvjBCfwoiqkb9PQgJ7UWFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUllnMHhTcS1NRUpfQ2lLcVJ2MDlDQW50UllVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jOTVhMjQtMjI2Yy00NzZhLWFkZGIt
YTMxMTQzNDYzYmU5LzEvS2JCVGswb1B6T1JVY202LUJHMi1nMTFzYVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jOTVhMjQtMjI2Yy00NzZhLWFkZGItYTMxMTQzNDYzYmU5
LzEvUllnMHhTcS1NRUpfQ2lLcVJ2MDlDQW50UllVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQELhfAAwQC
uVXUMAwDBALDiYwDBALDiZgwDQYJKoZIhvcNAQELBQADggEBAE/ihrgGNCnuqNiw
9Tn3/SpSvp3m+aRpr3fzRQ0vcQqe4oWqsxftwHP4yGBglW01bs8us8LdT2cZlF2f
uwFs9cfPhyiT5swQg4M2UMFK8FIOb3f0v7BV0KoFwcivqKA4SAVrYc3VRe/ReZfB
oKbw5T2nBiQVuqus4YHyl8uMvMZ0GHWUpEsJrutSlN9PbrhCGQ1dzcOel8v7CjuK
iJXGfivsTtuLKr09Ib7po34E2MKtAXurXxbYDsPTjg+IxiXDEQvsr88SOHipVkkn
RRh62kiLC0ntGkszUAGh9OXuYLx8QFsrarBwQ8HdJ+NPiNcGN1QE8W9TdZSsJHh+
Co2SmLo=
-----END CERTIFICATE-----