Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/YmPPNMNqv2QParGCm-1NcNDt8YU.roa
File:                     YmPPNMNqv2QParGCm-1NcNDt8YU.roa (raw, json)
Hash identifier:          UykIGs3+Zts4K/ec12s99+Iddy4y4L1sQYDwhA/vaPk=
Subject key identifier:   62:63:CF:34:C3:6A:BF:64:0F:6A:B1:82:9B:ED:4D:70:D0:ED:F1:85
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0186B77AC3065E9BD865FF41D155BDE02AC1
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/YmPPNMNqv2QParGCm-1NcNDt8YU.roa
Signing time:             Mon 06 Mar 2023 15:12:01 +0000
ROA not before:           Mon 06 Mar 2023 15:12:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44546
IP address blocks:        151.249.128.0/17 maxlen: 24
                          31.148.0.0/16 maxlen: 24
                          91.201.20.0/22 maxlen: 24
                          195.178.4.0/23 maxlen: 24
                          93.170.0.0/15 maxlen: 24
                          92.253.128.0/17 maxlen: 24
                          146.120.0.0/16 maxlen: 24
                          92.38.0.0/17 maxlen: 24
                          146.158.0.0/17 maxlen: 24
                          95.46.0.0/15 maxlen: 24
                          185.67.252.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b7:7a:c3:06:5e:9b:d8:65:ff:41:d1:55:bd:e0:2a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Mar  6 15:12:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6263cf34c36abf640f6ab1829bed4d70d0edf185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cc:4d:e1:a9:07:b6:1b:38:fa:6e:84:6e:89:
                    f4:d4:17:67:8c:6a:05:a3:57:03:3c:16:8d:92:49:
                    ed:ed:62:88:ab:0c:fb:07:0a:c0:b7:74:ea:ef:cb:
                    b3:83:a9:c8:13:bd:d6:8b:be:db:8f:75:6b:44:1d:
                    2b:06:7d:65:ac:ad:90:07:de:c2:21:c9:d5:62:85:
                    d4:45:fa:3b:67:4e:73:b2:cd:86:a0:0f:a3:74:ae:
                    e9:ca:b9:14:95:c0:dc:1b:c8:16:ae:63:39:e8:c9:
                    b3:85:87:43:b1:7b:eb:c4:3c:da:32:ba:8f:71:a6:
                    2e:24:f0:63:1a:63:7b:10:8f:4f:61:e0:57:d2:7f:
                    e4:da:85:87:df:25:b2:03:80:b4:80:b4:9d:93:03:
                    10:6e:2d:47:38:4a:79:02:52:e9:72:e6:a1:78:34:
                    75:09:b7:b1:67:8f:2c:47:0b:12:a3:85:6f:62:03:
                    16:86:8c:5a:40:af:ce:31:c1:33:c6:aa:ee:ab:4c:
                    09:c5:bf:8f:74:c5:0e:ba:87:9d:f3:fd:57:c0:d4:
                    cb:c7:68:b4:8a:c4:d4:54:c4:30:04:68:8c:65:c7:
                    85:c4:8d:91:f6:44:20:a2:4c:47:dc:57:c1:30:9b:
                    d8:27:7e:fd:86:24:4b:5c:2f:79:59:ad:e5:17:88:
                    06:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:63:CF:34:C3:6A:BF:64:0F:6A:B1:82:9B:ED:4D:70:D0:ED:F1:85
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/YmPPNMNqv2QParGCm-1NcNDt8YU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.0.0/16
                  91.201.20.0/22
                  92.38.0.0/17
                  92.253.128.0/17
                  93.170.0.0/15
                  95.46.0.0/15
                  146.120.0.0/16
                  146.158.0.0/17
                  151.249.128.0/17
                  185.67.252.0/22
                  195.178.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:b3:ce:da:3d:08:89:c2:18:35:86:1a:1c:47:a0:df:9b:4c:
         08:cb:8e:81:c5:0f:77:88:1f:c5:07:55:1b:ab:62:a7:71:ca:
         a5:8e:65:ea:1c:94:c5:bc:88:93:ef:18:c3:4a:14:84:83:48:
         9d:4c:ad:ba:cb:5d:f5:f3:e2:b8:c5:1c:68:91:f6:86:dc:05:
         73:40:94:62:52:a9:c4:83:68:48:93:d4:06:1b:c5:28:5c:98:
         13:7e:86:7d:8f:3d:da:3b:e1:c3:3e:92:f9:7c:b3:19:4b:f8:
         b3:fc:49:cb:69:73:7b:b7:1e:90:f8:11:21:39:4d:0e:61:2c:
         81:e2:9d:a4:20:87:77:03:11:7f:88:ce:8c:26:a3:0d:bd:3c:
         17:98:c4:45:f6:8d:d8:ee:99:93:75:5a:44:28:26:45:c5:ab:
         3b:f3:9b:15:b2:b8:19:0c:d2:72:38:0b:2c:47:68:de:aa:a8:
         4e:f0:d4:c0:7e:6e:da:ab:ec:31:63:56:95:32:0e:d5:f7:1a:
         1e:44:b0:1e:41:f0:38:a7:80:82:85:44:1e:8a:2f:be:f0:96:
         a2:25:3a:f8:cd:25:a1:f4:03:a2:aa:26:39:37:6e:29:0c:30:
         51:4a:9b:ac:26:5b:99:c8:f5:2a:da:9a:99:e6:60:cd:c0:96:
         05:b3:c0:08
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYa3esMGXpvYZf9B0VW94CrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjMwMzA2MTUxMjAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjYzY2YzNGMzNmFiZjY0MGY2YWIxODI5YmVkNGQ3MGQwZWRmMTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMxN4akHths4+m6Ebon01BdnjGoF
o1cDPBaNkknt7WKIqwz7BwrAt3Tq78uzg6nIE73Wi77bj3VrRB0rBn1lrK2QB97C
IcnVYoXURfo7Z05zss2GoA+jdK7pyrkUlcDcG8gWrmM56MmzhYdDsXvrxDzaMrqP
caYuJPBjGmN7EI9PYeBX0n/k2oWH3yWyA4C0gLSdkwMQbi1HOEp5AlLpcuaheDR1
CbexZ48sRwsSo4VvYgMWhoxaQK/OMcEzxqruq0wJxb+PdMUOuoed8/1XwNTLx2i0
isTUVMQwBGiMZceFxI2R9kQgokxH3FfBMJvYJ379hiRLXC95Wa3lF4gGYwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGJjzzTDar9kD2qxgpvtTXDQ7fGFMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWW1QUE5NTnF2MlFQYXJHQ20tMU5jTkR0OFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwMAH5QDBAJb
yRQDBAdcJgADBAdc/YADAwFdqgMDAV8uAwMAkngDBAeSngADBAeX+YADBAK5Q/wD
BAHDsgQwDQYJKoZIhvcNAQELBQADggEBAC+zzto9CInCGDWGGhxHoN+bTAjLjoHF
D3eIH8UHVRurYqdxyqWOZeoclMW8iJPvGMNKFISDSJ1MrbrLXfXz4rjFHGiR9obc
BXNAlGJSqcSDaEiT1AYbxShcmBN+hn2PPdo74cM+kvl8sxlL+LP8Sctpc3u3HpD4
ESE5TQ5hLIHinaQgh3cDEX+Izowmow29PBeYxEX2jdjumZN1WkQoJkXFqzvzmxWy
uBkM0nI4CyxHaN6qqE7w1MB+btqr7DFjVpUyDtX3Gh5EsB5B8DingIKFRB6KL77w
lqIlOvjNJaH0A6KqJjk3bikMMFFKm6wmW5nI9SrampnmYM3AlgWzwAg=
-----END CERTIFICATE-----