Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/g5kxK-4pjOwiimJSN3SRlK3di3o.roa
File:                     g5kxK-4pjOwiimJSN3SRlK3di3o.roa (raw, json)
Hash identifier:          3uhco33ScoHbVDuwaJoQSaN6hlvwVTd8KBaQC8wzUss=
Subject key identifier:   83:99:31:2B:EE:29:8C:EC:22:8A:62:52:37:74:91:94:AD:DD:8B:7A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0188FC3B319637A4B90D16C912427AC95CB9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/g5kxK-4pjOwiimJSN3SRlK3di3o.roa
Signing time:             Tue 27 Jun 2023 09:41:57 +0000
ROA not before:           Tue 27 Jun 2023 09:41:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198016
IP address blocks:        2a0e:97c0:d0d::/48 maxlen: 48
                          2a0e:97c0:d00::/44 maxlen: 48
                          2a0e:97c0:d08::/48 maxlen: 48
                          2a0e:97c0:d03::/48 maxlen: 48
                          2a0e:97c0:d0e::/48 maxlen: 48
                          2a0e:97c0:d01::/48 maxlen: 48
                          2a0e:97c0:d0c::/48 maxlen: 48
                          2a0e:97c0:d07::/48 maxlen: 48
                          2a0e:97c0:d02::/48 maxlen: 48
                          2a0e:97c0:d05::/48 maxlen: 48
                          2a0e:97c0:d00::/48 maxlen: 48
                          2a0e:97c0:d0b::/48 maxlen: 48
                          2a0e:97c0:d06::/48 maxlen: 48
                          2a0e:97c0:d09::/48 maxlen: 48
                          2a0e:97c0:d04::/48 maxlen: 48
                          2a0e:97c0:d0f::/48 maxlen: 48
                          2a0e:97c0:d0a::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:fc:3b:31:96:37:a4:b9:0d:16:c9:12:42:7a:c9:5c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 27 09:41:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8399312bee298cec228a625237749194addd8b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9d:01:7f:ff:49:f9:eb:2f:75:25:9d:3c:2c:
                    cc:4a:a0:ba:16:98:a7:42:ca:55:7c:b0:40:08:31:
                    3f:21:4b:b0:29:ee:62:61:05:07:dc:08:2c:0b:f4:
                    ea:9a:8c:f7:1f:55:7c:55:5f:2a:09:ff:30:4b:38:
                    18:7a:62:ae:ba:6b:71:86:e5:98:af:bb:4f:be:8c:
                    e4:c2:f9:7d:c1:d7:35:57:56:61:74:1c:34:55:14:
                    27:31:4a:ae:d7:3e:cd:e0:d5:06:c0:9a:27:f7:49:
                    38:9f:ca:ad:ef:c9:3a:bf:6c:b4:36:98:3c:8e:f2:
                    ea:c0:db:15:e1:02:e5:8f:36:c3:63:97:32:be:36:
                    da:04:9d:39:08:9d:dd:e6:01:50:55:7b:a9:f2:de:
                    9b:90:a8:d6:36:e5:17:64:d6:53:09:5c:5f:a8:d9:
                    83:1d:dd:2b:00:67:1a:dd:1c:40:9c:41:96:32:64:
                    f5:fc:48:22:ae:8d:c8:c3:61:09:98:c5:eb:8c:b9:
                    d1:ba:a8:42:47:eb:dd:2a:5f:75:07:79:b6:76:1d:
                    e7:61:3a:bc:5c:83:2f:7b:56:d4:fd:5b:1d:ba:e9:
                    80:e9:75:b8:a9:7b:24:1b:44:6e:af:c5:35:0e:12:
                    23:5a:10:83:aa:d4:59:2e:a6:d3:02:0a:34:7d:86:
                    83:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:99:31:2B:EE:29:8C:EC:22:8A:62:52:37:74:91:94:AD:DD:8B:7A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/g5kxK-4pjOwiimJSN3SRlK3di3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:d00::/44

    Signature Algorithm: sha256WithRSAEncryption
         73:55:2d:2b:bb:f4:96:b1:d3:a0:c8:3d:ed:52:d1:92:00:02:
         2b:c8:10:4b:cf:ea:c5:b7:05:0a:5b:c0:ac:3a:fa:90:6b:34:
         2f:75:a5:65:5f:c9:d3:5c:b6:5c:aa:a4:54:5e:82:79:5c:13:
         29:6e:f9:ff:ac:69:98:01:42:b3:14:ab:5b:71:87:bb:16:c7:
         00:fb:89:7e:77:70:a6:b4:cb:9f:b6:9c:2a:b1:82:4e:23:5d:
         60:9f:a4:a4:e7:42:2b:db:7e:4f:43:84:c8:60:8b:7e:63:0d:
         ad:32:c2:02:30:34:58:b5:0a:d2:33:b0:33:79:c6:30:d0:29:
         ab:a6:68:f4:36:5e:4a:13:c8:19:5f:2c:86:db:da:66:57:f3:
         f5:15:fa:17:5d:1a:3e:8f:e9:ff:1f:0d:f9:05:a8:59:f9:41:
         6a:97:dd:1b:83:ea:b8:a7:a1:a7:06:83:fe:b6:51:97:b0:5c:
         1d:e6:85:ac:05:79:89:9f:cd:80:b2:96:bd:59:e9:ff:37:26:
         40:b2:ed:80:84:d6:68:3b:86:03:f9:e6:d6:86:53:e0:78:91:
         1f:aa:a9:86:3d:70:c2:a3:dd:e9:98:06:ff:05:0b:7c:ff:eb:
         77:9d:c7:ce:cd:99:24:ce:83:a7:ae:2e:02:22:de:44:85:cd:
         45:41:00:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYj8OzGWN6S5DRbJEkJ6yVy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwNjI3MDk0MTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzk5MzEyYmVlMjk4Y2VjMjI4YTYyNTIzNzc0OTE5NGFkZGQ4YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ0Bf/9J+esvdSWdPCzMSqC6Fpin
QspVfLBACDE/IUuwKe5iYQUH3AgsC/Tqmoz3H1V8VV8qCf8wSzgYemKuumtxhuWY
r7tPvozkwvl9wdc1V1ZhdBw0VRQnMUqu1z7N4NUGwJon90k4n8qt78k6v2y0Npg8
jvLqwNsV4QLljzbDY5cyvjbaBJ05CJ3d5gFQVXup8t6bkKjWNuUXZNZTCVxfqNmD
Hd0rAGca3RxAnEGWMmT1/Egiro3Iw2EJmMXrjLnRuqhCR+vdKl91B3m2dh3nYTq8
XIMve1bU/VsduumA6XW4qXskG0Rur8U1DhIjWhCDqtRZLqbTAgo0fYaDtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIOZMSvuKYzsIopiUjd0kZSt3Yt6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZzVreEstNHBqT3dpaW1KU04zU1JsSzNkaTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA0A
MA0GCSqGSIb3DQEBCwUAA4IBAQBzVS0ru/SWsdOgyD3tUtGSAAIryBBLz+rFtwUK
W8CsOvqQazQvdaVlX8nTXLZcqqRUXoJ5XBMpbvn/rGmYAUKzFKtbcYe7FscA+4l+
d3CmtMuftpwqsYJOI11gn6Sk50Ir235PQ4TIYIt+Yw2tMsICMDRYtQrSM7AzecYw
0Cmrpmj0Nl5KE8gZXyyG29pmV/P1FfoXXRo+j+n/Hw35BahZ+UFql90bg+q4p6Gn
BoP+tlGXsFwd5oWsBXmJn82Aspa9Wen/NyZAsu2AhNZoO4YD+ebWhlPgeJEfqqmG
PXDCo93pmAb/BQt8/+t3ncfOzZkkzoOnri4CIt5Ehc1FQQBJ
-----END CERTIFICATE-----