Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/UKloz3DbkjO7pJDgASmxmXhTr2o.roa
File:                     UKloz3DbkjO7pJDgASmxmXhTr2o.roa (raw, json)
Hash identifier:          ER/YlCnILMPSZgnCXLagJg+p0HNrVHyxqf494hGOUs4=
Subject key identifier:   50:A9:68:CF:70:DB:92:33:BB:A4:90:E0:01:29:B1:99:78:53:AF:6A
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0185E5C1132221F1D550384867E704C85775
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/UKloz3DbkjO7pJDgASmxmXhTr2o.roa
Signing time:             Tue 24 Jan 2023 21:48:33 +0000
ROA not before:           Tue 24 Jan 2023 21:48:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41124
IP address blocks:        93.171.64.0/21 maxlen: 24
                          92.253.208.0/22 maxlen: 24
                          146.158.64.0/22 maxlen: 24
                          31.148.140.0/22 maxlen: 24
                          146.120.200.0/22 maxlen: 24
                          95.47.32.0/22 maxlen: 24
                          146.120.124.0/22 maxlen: 24
                          95.46.232.0/21 maxlen: 24
                          95.47.192.0/22 maxlen: 24
                          146.120.152.0/22 maxlen: 24
                          146.158.24.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e5:c1:13:22:21:f1:d5:50:38:48:67:e7:04:c8:57:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan 24 21:48:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=50a968cf70db9233bba490e00129b1997853af6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9c:1c:01:01:09:8e:0d:d9:fd:50:92:69:13:
                    86:b7:d4:33:37:5c:98:90:09:e2:5f:90:3f:b5:88:
                    7b:23:e5:af:8b:32:40:13:b7:0a:27:ea:11:6c:c7:
                    1c:00:00:56:bd:00:a1:60:46:b0:d4:ef:8a:ed:8c:
                    e0:7b:7b:c0:7c:f0:1b:b4:9d:82:0d:d5:ae:82:aa:
                    10:62:f9:1f:66:05:7f:79:66:cb:ea:98:08:b1:96:
                    ae:ce:3e:54:19:88:57:23:d1:d3:a8:35:96:bf:6d:
                    44:58:4a:fd:c6:08:11:7c:cb:81:9b:05:36:b3:77:
                    76:6a:ef:d1:e4:ee:38:91:11:3a:7f:72:a2:2d:db:
                    03:bb:fe:98:b1:9d:84:7a:87:a0:f1:04:41:c8:4e:
                    e4:94:db:a3:6c:5c:46:f2:51:c6:0e:09:e9:53:3c:
                    66:36:44:dd:47:bb:b5:ff:7c:bb:26:4e:8a:2d:0f:
                    81:75:e9:3b:5f:cb:98:51:95:c4:73:98:0d:3f:f0:
                    17:cb:2a:af:e9:57:46:ae:9c:16:e9:f3:cd:4a:91:
                    35:33:f7:e9:69:c7:33:99:13:af:42:de:74:e0:2c:
                    ce:e8:4a:83:51:26:88:50:e2:fc:77:57:e0:f8:86:
                    b6:79:be:b3:a3:b8:3f:58:25:39:0c:27:09:13:fb:
                    be:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A9:68:CF:70:DB:92:33:BB:A4:90:E0:01:29:B1:99:78:53:AF:6A
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/UKloz3DbkjO7pJDgASmxmXhTr2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.140.0/22
                  92.253.208.0/22
                  93.171.64.0/21
                  95.46.232.0/21
                  95.47.32.0/22
                  95.47.192.0/22
                  146.120.124.0/22
                  146.120.152.0/22
                  146.120.200.0/22
                  146.158.24.0/22
                  146.158.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:2d:83:3d:a4:39:c8:1f:55:f1:a0:73:c2:ec:1c:3b:19:0c:
         53:f1:61:dd:64:cf:11:e8:2f:95:e5:95:20:b8:52:ec:29:28:
         c8:e5:87:92:60:9d:e7:7b:2e:d0:63:8e:80:ac:fd:c1:e7:d6:
         ea:24:bc:36:df:b3:62:df:da:d1:bf:75:9c:b0:52:3f:95:76:
         3a:60:62:cb:4d:f0:0a:e1:65:0a:ff:76:da:c2:10:7b:01:a6:
         0b:f5:13:5c:9d:ca:04:05:be:07:d4:aa:96:c1:3b:e3:ab:79:
         5c:4c:a8:fd:ee:d8:58:1c:17:d4:76:bd:7b:4d:f5:73:96:3a:
         f8:5d:33:fd:f4:ec:13:77:4f:32:db:61:eb:41:7a:8a:9e:09:
         b3:93:2f:f9:92:f3:4c:9f:a1:0e:c7:02:3a:da:6c:2c:54:15:
         39:cb:4b:6a:57:91:28:96:ea:69:c4:19:bf:4c:be:4e:a3:3e:
         dd:ef:a6:26:8d:b6:16:e8:f4:c2:34:9b:ca:fc:69:94:84:c4:
         c1:a1:e4:e1:5c:83:ec:fa:ad:82:4d:31:b7:76:c3:90:ea:fd:
         48:89:bf:cc:dc:6c:ef:20:25:28:31:87:f4:2c:e6:ed:4e:b6:
         72:23:67:7d:c1:33:74:ff:c4:47:64:ce:40:b5:0e:37:4e:e0:
         7b:4d:6f:89
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYXlwRMiIfHVUDhIZ+cEyFd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjMwMTI0MjE0ODMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGE5NjhjZjcwZGI5MjMzYmJhNDkwZTAwMTI5YjE5OTc4NTNhZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5wcAQEJjg3Z/VCSaROGt9QzN1yY
kAniX5A/tYh7I+WvizJAE7cKJ+oRbMccAABWvQChYEaw1O+K7Yzge3vAfPAbtJ2C
DdWugqoQYvkfZgV/eWbL6pgIsZauzj5UGYhXI9HTqDWWv21EWEr9xggRfMuBmwU2
s3d2au/R5O44kRE6f3KiLdsDu/6YsZ2Eeoeg8QRByE7klNujbFxG8lHGDgnpUzxm
NkTdR7u1/3y7Jk6KLQ+Bdek7X8uYUZXEc5gNP/AXyyqv6VdGrpwW6fPNSpE1M/fp
acczmROvQt504CzO6EqDUSaIUOL8d1fg+Ia2eb6zo7g/WCU5DCcJE/u++wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFFCpaM9w25Izu6SQ4AEpsZl4U69qMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvVUtsb3ozRGJrak83cEpEZ0FTbXhtWGhUcjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCH5SMAwQC
XP3QAwQDXatAAwQDXy7oAwQCXy8gAwQCXy/AAwQCknh8AwQCkniYAwQCknjIAwQC
kp4YAwQCkp5AMA0GCSqGSIb3DQEBCwUAA4IBAQCDLYM9pDnIH1XxoHPC7Bw7GQxT
8WHdZM8R6C+V5ZUguFLsKSjI5YeSYJ3ney7QY46ArP3B59bqJLw237Ni39rRv3Wc
sFI/lXY6YGLLTfAK4WUK/3bawhB7AaYL9RNcncoEBb4H1KqWwTvjq3lcTKj97thY
HBfUdr17TfVzljr4XTP99OwTd08y22HrQXqKngmzky/5kvNMn6EOxwI62mwsVBU5
y0tqV5EoluppxBm/TL5Ooz7d76YmjbYW6PTCNJvK/GmUhMTBoeThXIPs+q2CTTG3
dsOQ6v1Iib/M3GzvICUoMYf0LObtTrZyI2d9wTN0/8RHZM5AtQ43TuB7TW+J
-----END CERTIFICATE-----