Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/0mq7zRs_XUhY3vNsL8Nnv7o_ITg.roa
File:                     0mq7zRs_XUhY3vNsL8Nnv7o_ITg.roa (raw, json)
Hash identifier:          Wg8hTSMf5pwtN3Oie28gaMOetwz6AWLKZzsuUCEHxuA=
Subject key identifier:   D2:6A:BB:CD:1B:3F:5D:48:58:DE:F3:6C:2F:C3:67:BF:BA:3F:21:38
Certificate issuer:       /CN=704ab9688427073ff7e179de5af002e09f236013
Certificate serial:       0185810EB079A20BD5E10EE1B8EC3B943BCD
Authority key identifier: 70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/0mq7zRs_XUhY3vNsL8Nnv7o_ITg.roa
Signing time:             Thu 05 Jan 2023 08:31:41 +0000
ROA not before:           Thu 05 Jan 2023 08:31:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52102
IP address blocks:        5.102.136.0/24 maxlen: 24
                          5.102.136.0/23 maxlen: 23
                          5.102.138.0/23 maxlen: 23
                          5.102.138.0/24 maxlen: 24
                          5.102.137.0/24 maxlen: 24
                          5.102.139.0/24 maxlen: 24
                          5.102.143.0/24 maxlen: 24
                          5.102.142.0/24 maxlen: 24
                          5.102.142.0/23 maxlen: 23
                          5.102.140.0/24 maxlen: 24
                          5.102.140.0/23 maxlen: 23
                          5.102.141.0/24 maxlen: 24
                          91.221.230.0/23 maxlen: 24
                          91.221.230.0/24 maxlen: 24
                          91.221.231.0/24 maxlen: 24
                          2a04:8880::/32 maxlen: 32
                          2a04:8881::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:81:0e:b0:79:a2:0b:d5:e1:0e:e1:b8:ec:3b:94:3b:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=704ab9688427073ff7e179de5af002e09f236013
        Validity
            Not Before: Jan  5 08:31:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d26abbcd1b3f5d4858def36c2fc367bfba3f2138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:03:e6:e5:65:95:32:e3:06:f6:1d:af:a1:7f:
                    ce:5c:03:27:e0:5a:ae:e2:e7:bc:de:ee:d8:75:11:
                    ce:76:69:c6:cf:f5:7a:68:4a:2a:3d:c8:d6:9f:71:
                    ca:7c:af:69:b4:d5:36:e6:9b:18:da:b8:3f:94:a8:
                    68:b1:bc:de:cd:00:da:cd:c4:cb:98:40:5d:15:b0:
                    e4:52:67:9a:13:5e:03:6b:00:76:6e:45:9c:57:73:
                    c7:af:5c:01:18:d0:bc:27:1f:af:f6:fb:53:14:6a:
                    42:7a:4f:de:52:ba:e0:86:b8:c8:e1:26:49:c8:6c:
                    66:48:54:b3:06:ce:0d:ec:17:35:92:c0:9a:d0:17:
                    21:60:e2:c3:5c:ee:a8:fd:22:9f:49:fa:71:29:f5:
                    0d:78:01:6b:fd:be:b8:10:c2:29:3d:63:55:f9:0e:
                    3e:18:21:f1:e2:35:2f:a6:2b:c4:0f:d0:3c:f6:43:
                    39:fb:2e:7c:22:25:5e:75:c9:e5:cc:94:65:8c:fc:
                    41:17:47:a9:4d:32:3e:7d:78:c6:12:34:7a:0c:5f:
                    2a:92:cc:cd:7b:c4:5c:22:7a:9d:12:6c:bf:e5:bb:
                    13:99:f8:55:34:45:15:be:ad:67:81:d0:3a:9e:33:
                    b2:fb:a6:eb:b1:b6:aa:08:08:d8:c7:e3:0e:ed:88:
                    11:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:6A:BB:CD:1B:3F:5D:48:58:DE:F3:6C:2F:C3:67:BF:BA:3F:21:38
            X509v3 Authority Key Identifier:
                keyid:70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/0mq7zRs_XUhY3vNsL8Nnv7o_ITg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/cEq5aIQnBz_34XneWvAC4J8jYBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.136.0/21
                  91.221.230.0/23
                IPv6:
                  2a04:8880::/31

    Signature Algorithm: sha256WithRSAEncryption
         1a:86:28:84:a1:f4:cf:8f:fd:58:6f:26:75:aa:e6:3c:74:48:
         4a:84:cd:ea:28:a0:ef:9b:88:ef:f3:07:3a:c8:52:32:04:97:
         79:b3:3e:8a:8a:a9:7b:b0:08:68:dd:f9:fd:77:59:ab:ae:ac:
         f0:a1:64:0e:2d:66:be:89:3b:2b:88:60:78:d6:de:f8:6d:ac:
         ee:59:68:52:ae:41:f2:2c:be:85:82:3b:36:71:1d:16:3b:37:
         2a:10:b6:71:9a:13:e3:a1:cb:5c:7c:6f:25:e9:04:b6:ae:b4:
         f5:0c:62:3a:6d:b1:2f:d0:72:c4:8a:89:67:4d:b3:02:fc:5e:
         f0:21:26:3f:26:20:e6:22:3a:93:d4:14:1c:ab:be:e6:ed:03:
         85:f5:21:80:09:0a:76:bb:58:42:7e:a0:1e:97:af:f7:5f:49:
         41:1e:0e:b1:97:8b:c4:e8:88:6f:85:c6:3f:6b:cc:2d:b9:f9:
         e4:98:12:13:78:18:3d:1e:90:4a:bd:e5:4f:59:59:67:90:59:
         ed:af:04:b1:04:d6:c4:c8:ec:ce:02:cb:4c:04:68:1d:ab:95:
         04:03:9d:43:f4:94:e1:ec:45:5c:c4:aa:e9:2b:7c:dc:16:88:
         7b:34:00:6f:ba:dd:f5:85:71:66:2d:d8:37:a7:03:91:fe:79:
         19:60:e0:1f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYWBDrB5ogvV4Q7huOw7lDvNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNGFiOTY4ODQyNzA3M2ZmN2UxNzlkZTVhZjAwMmUwOWYy
MzYwMTMwHhcNMjMwMTA1MDgzMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjZhYmJjZDFiM2Y1ZDQ4NThkZWYzNmMyZmMzNjdiZmJhM2YyMTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggPm5WWVMuMG9h2voX/OXAMn4Fqu
4ue83u7YdRHOdmnGz/V6aEoqPcjWn3HKfK9ptNU25psY2rg/lKhosbzezQDazcTL
mEBdFbDkUmeaE14DawB2bkWcV3PHr1wBGNC8Jx+v9vtTFGpCek/eUrrghrjI4SZJ
yGxmSFSzBs4N7Bc1ksCa0BchYOLDXO6o/SKfSfpxKfUNeAFr/b64EMIpPWNV+Q4+
GCHx4jUvpivED9A89kM5+y58IiVedcnlzJRljPxBF0epTTI+fXjGEjR6DF8qkszN
e8RcInqdEmy/5bsTmfhVNEUVvq1ngdA6njOy+6brsbaqCAjYx+MO7YgRAwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNJqu80bP11IWN7zbC/DZ7+6PyE4MB8GA1UdIwQY
MBaAFHBKuWiEJwc/9+F53lrwAuCfI2ATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjIt
NDZhOGIxOTFhMzc0LzEvMG1xN3pSc19YVWhZM3ZOc0w4Tm52N29fSVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjItNDZhOGIxOTFhMzc0
LzEvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBWaIAwQB
W93mMA0EAgACMAcDBQEqBIiAMA0GCSqGSIb3DQEBCwUAA4IBAQAahiiEofTPj/1Y
byZ1quY8dEhKhM3qKKDvm4jv8wc6yFIyBJd5sz6Kiql7sAho3fn9d1mrrqzwoWQO
LWa+iTsriGB41t74bazuWWhSrkHyLL6Fgjs2cR0WOzcqELZxmhPjoctcfG8l6QS2
rrT1DGI6bbEv0HLEiolnTbMC/F7wISY/JiDmIjqT1BQcq77m7QOF9SGACQp2u1hC
fqAel6/3X0lBHg6xl4vE6IhvhcY/a8wtufnkmBITeBg9HpBKveVPWVlnkFntrwSx
BNbEyOzOAstMBGgdq5UEA51D9JTh7EVcxKrpK3zcFoh7NABvut31hXFmLdg3pwOR
/nkZYOAf
-----END CERTIFICATE-----