Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/XVoDEEZmZHPPWlHCz1WeBOArK7I.roa
File:                     XVoDEEZmZHPPWlHCz1WeBOArK7I.roa (raw, json)
Hash identifier:          bu6Y6RCjBIIMgFWaWgLPFByJeaYbuNZItKe+M6DqlVo=
Subject key identifier:   5D:5A:03:10:46:66:64:73:CF:5A:51:C2:CF:55:9E:04:E0:2B:2B:B2
Certificate issuer:       /CN=79d565f99ff5e0ffb5bdf9995ed7a808d41406e5
Certificate serial:       0186450CBE864F5A45FD55ABA5EC14C70755
Authority key identifier: 79:D5:65:F9:9F:F5:E0:FF:B5:BD:F9:99:5E:D7:A8:08:D4:14:06:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edVl-Z_14P-1vfmZXteoCNQUBuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/XVoDEEZmZHPPWlHCz1WeBOArK7I.roa
Signing time:             Sun 12 Feb 2023 09:55:08 +0000
ROA not before:           Sun 12 Feb 2023 09:55:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208006
IP address blocks:        130.185.123.0/24 maxlen: 24
                          130.185.122.0/24 maxlen: 24
                          185.235.40.0/22 maxlen: 24
                          130.185.120.0/22 maxlen: 24
                          185.215.232.0/22 maxlen: 24
                          185.215.235.0/24 maxlen: 24
                          185.215.234.0/24 maxlen: 24
                          185.204.168.0/22 maxlen: 24
                          194.5.206.0/23 maxlen: 24
                          2a0d:4ac0::/48 maxlen: 48
                          2a0d:4ac0:3::/48 maxlen: 48
                          2a0d:4ac0:1::/48 maxlen: 48
                          2a0d:4ac0:2::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:45:0c:be:86:4f:5a:45:fd:55:ab:a5:ec:14:c7:07:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d565f99ff5e0ffb5bdf9995ed7a808d41406e5
        Validity
            Not Before: Feb 12 09:55:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5d5a031046666473cf5a51c2cf559e04e02b2bb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:97:c2:bc:52:54:ac:c4:7b:2b:1d:ae:b7:a8:
                    8e:82:05:c2:d8:57:95:fe:64:5e:bd:5a:f0:c6:e9:
                    53:7b:95:ac:90:66:4f:ec:2f:0a:32:7c:59:fe:4a:
                    c8:10:01:24:66:cf:47:1d:cb:31:a1:96:45:36:c4:
                    03:f4:e2:f8:82:bf:87:ec:57:08:eb:07:65:59:6c:
                    59:e2:fb:8f:fe:d1:cc:0f:9b:fe:89:16:8a:69:14:
                    17:44:55:8e:4a:78:d2:a6:39:1d:76:56:3e:cd:e5:
                    c8:04:71:3d:de:db:7b:5a:93:79:4a:7a:c7:96:e2:
                    88:ad:a4:c6:30:37:fa:41:2d:b7:be:c8:19:45:07:
                    45:76:c7:9e:4a:73:4a:05:b2:24:91:7a:24:2e:f1:
                    76:70:c3:34:a1:4a:b2:8c:e8:58:53:fb:e2:2c:82:
                    68:46:1d:55:8a:50:c9:8d:25:d5:ab:f0:c5:1a:d2:
                    d5:15:dd:3b:29:2d:13:8a:c4:a7:21:0f:e0:c8:0f:
                    55:f3:20:35:ee:c2:02:c3:00:13:25:20:d9:a2:ac:
                    cb:c3:9f:fb:ea:6c:b5:44:a3:1a:55:57:0d:1c:0b:
                    28:53:2d:b3:9c:50:48:43:1b:01:37:96:e0:5f:45:
                    b4:f1:c0:ce:db:46:97:e0:81:b7:39:fa:02:1e:d7:
                    fe:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:5A:03:10:46:66:64:73:CF:5A:51:C2:CF:55:9E:04:E0:2B:2B:B2
            X509v3 Authority Key Identifier:
                keyid:79:D5:65:F9:9F:F5:E0:FF:B5:BD:F9:99:5E:D7:A8:08:D4:14:06:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edVl-Z_14P-1vfmZXteoCNQUBuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/XVoDEEZmZHPPWlHCz1WeBOArK7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/edVl-Z_14P-1vfmZXteoCNQUBuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.120.0/22
                  185.204.168.0/22
                  185.215.232.0/22
                  185.235.40.0/22
                  194.5.206.0/23
                IPv6:
                  2a0d:4ac0::/46

    Signature Algorithm: sha256WithRSAEncryption
         45:0a:bf:4f:90:d4:55:3f:83:78:c6:45:9a:53:00:b4:7c:91:
         2c:bc:5c:34:d4:b9:88:0f:78:db:d3:36:46:ad:0c:d6:83:87:
         14:1e:76:7b:26:e7:91:c9:db:59:51:d3:50:8c:63:ed:82:72:
         f8:f9:bb:90:22:5d:89:f1:f4:98:54:50:ba:4a:38:50:7b:62:
         f2:11:14:81:80:43:b7:a0:d5:d1:72:e6:45:9e:1a:3e:61:f7:
         0f:07:42:49:8a:f7:f0:77:33:3c:d1:16:11:97:b0:fa:3e:59:
         95:8e:2c:c8:c9:8d:70:21:4d:14:4f:37:9d:38:0d:2a:96:62:
         c2:40:a8:73:d5:12:87:eb:87:79:74:ce:09:0d:0b:a4:2d:e3:
         91:74:18:2c:fe:2a:02:59:d4:fd:80:d5:8b:6f:0d:87:fb:18:
         c5:0a:e6:e8:b8:11:98:25:10:3a:df:14:63:89:b5:ca:cf:20:
         3d:62:5a:91:60:e3:bd:38:c1:7e:fc:79:80:c3:e7:cb:88:bd:
         1b:87:15:44:80:c3:90:15:c1:23:ce:5d:92:0d:52:c8:58:3f:
         33:0b:61:39:a1:3a:f3:2e:ff:a0:aa:a8:65:e9:79:15:bd:62:
         f9:15:3b:9b:60:77:8a:98:fd:c2:3e:76:c0:ee:6b:d9:b4:96:
         04:9b:3f:a5
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYZFDL6GT1pF/VWrpewUxwdVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDU2NWY5OWZmNWUwZmZiNWJkZjk5OTVlZDdhODA4ZDQx
NDA2ZTUwHhcNMjMwMjEyMDk1NTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDVhMDMxMDQ2NjY2NDczY2Y1YTUxYzJjZjU1OWUwNGUwMmIyYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZfCvFJUrMR7Kx2ut6iOggXC2FeV
/mRevVrwxulTe5WskGZP7C8KMnxZ/krIEAEkZs9HHcsxoZZFNsQD9OL4gr+H7FcI
6wdlWWxZ4vuP/tHMD5v+iRaKaRQXRFWOSnjSpjkddlY+zeXIBHE93tt7WpN5SnrH
luKIraTGMDf6QS23vsgZRQdFdseeSnNKBbIkkXokLvF2cMM0oUqyjOhYU/viLIJo
Rh1VilDJjSXVq/DFGtLVFd07KS0TisSnIQ/gyA9V8yA17sICwwATJSDZoqzLw5/7
6my1RKMaVVcNHAsoUy2znFBIQxsBN5bgX0W08cDO20aX4IG3OfoCHtf+CQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFF1aAxBGZmRzz1pRws9VngTgKyuyMB8GA1UdIwQY
MBaAFHnVZfmf9eD/tb35mV7XqAjUFAblMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWRWbC1aXzE0UC0xdmZtWlh0ZW9DTlFVQnVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9lZTVjZDctYjMwZS00NjZiLWFhYWQt
NmMzYjg3NDQzZTA2LzEvWFZvREVFWm1aSFBQV2xIQ3oxV2VCT0FySzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9lZTVjZDctYjMwZS00NjZiLWFhYWQtNmMzYjg3NDQzZTA2
LzEvZWRWbC1aXzE0UC0xdmZtWlh0ZW9DTlFVQnVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQCgrl4AwQC
ucyoAwQCudfoAwQCuesoAwQBwgXOMA8EAgACMAkDBwIqDUrAAAAwDQYJKoZIhvcN
AQELBQADggEBAEUKv0+Q1FU/g3jGRZpTALR8kSy8XDTUuYgPeNvTNkatDNaDhxQe
dnsm55HJ21lR01CMY+2Ccvj5u5AiXYnx9JhUULpKOFB7YvIRFIGAQ7eg1dFy5kWe
Gj5h9w8HQkmK9/B3MzzRFhGXsPo+WZWOLMjJjXAhTRRPN504DSqWYsJAqHPVEofr
h3l0zgkNC6Qt45F0GCz+KgJZ1P2A1YtvDYf7GMUK5ui4EZglEDrfFGOJtcrPID1i
WpFg4704wX78eYDD58uIvRuHFUSAw5AVwSPOXZINUshYPzMLYTmhOvMu/6CqqGXp
eRW9YvkVO5tgd4qY/cI+dsDua9m0lgSbP6U=
-----END CERTIFICATE-----