Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/0SzQWXHJDUqm0boRx2ujnAEOXWA.roa
File:                     0SzQWXHJDUqm0boRx2ujnAEOXWA.roa (raw, json)
Hash identifier:          0mpmF8xY56MK+TYSta/vCEDu3McDR0q3xIJwvXqQrmo=
Subject key identifier:   D1:2C:D0:59:71:C9:0D:4A:A6:D1:BA:11:C7:6B:A3:9C:01:0E:5D:60
Certificate issuer:       /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial:       018A0096EB288A71FD2DD7E97CA7BFE9E11E
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/0SzQWXHJDUqm0boRx2ujnAEOXWA.roa
Signing time:             Wed 16 Aug 2023 23:03:25 +0000
ROA not before:           Wed 16 Aug 2023 23:03:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198414
IP address blocks:        185.25.148.0/22 maxlen: 24
                          185.5.96.0/22 maxlen: 24
                          193.17.184.0/24 maxlen: 24
                          91.234.146.0/24 maxlen: 24
                          91.239.66.0/23 maxlen: 24
                          91.228.196.0/22 maxlen: 24
                          185.193.112.0/22 maxlen: 24
                          185.180.204.0/22 maxlen: 24
                          185.201.112.0/22 maxlen: 24
                          91.237.52.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:00:96:eb:28:8a:71:fd:2d:d7:e9:7c:a7:bf:e9:e1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
        Validity
            Not Before: Aug 16 23:03:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d12cd05971c90d4aa6d1ba11c76ba39c010e5d60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8d:62:1e:ef:ca:90:71:cd:50:87:a0:dd:51:
                    15:e8:4c:7d:06:98:54:7a:98:56:51:76:4a:af:97:
                    63:56:a8:8d:f3:ab:68:63:14:5a:43:10:6c:ca:c7:
                    6e:58:fb:b7:a3:a8:8d:f3:07:44:4f:80:99:4d:e5:
                    30:76:f0:99:26:09:ce:cf:7c:40:04:5f:6d:1a:08:
                    c0:29:56:44:6b:42:a6:aa:61:d8:64:b2:84:75:4c:
                    e9:75:2a:cb:52:98:33:52:99:5a:a6:05:20:52:87:
                    e6:ed:8b:4d:9f:a1:9e:3f:0e:f1:68:da:e5:b0:8f:
                    fe:24:04:af:33:45:3b:67:fa:8c:06:a8:ec:ad:5c:
                    c9:5b:6b:0f:61:16:68:ef:63:2a:ee:62:ab:a8:7e:
                    13:b7:cb:e9:0f:00:57:b2:15:c3:7f:28:2b:d6:31:
                    26:1b:dd:da:48:eb:58:97:71:8e:80:77:50:f2:9d:
                    67:9b:da:c5:d7:b8:75:f4:0f:bd:ed:c7:75:35:41:
                    31:77:e8:57:cf:94:24:bf:c7:16:74:a5:74:9c:72:
                    83:b9:47:50:4b:50:48:ad:c6:c5:85:62:bd:f3:73:
                    04:9b:36:ba:eb:5e:57:d5:35:60:40:dc:8f:76:af:
                    c9:f8:25:05:5a:5b:d7:e5:2e:f0:71:cb:73:93:b7:
                    a3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:2C:D0:59:71:C9:0D:4A:A6:D1:BA:11:C7:6B:A3:9C:01:0E:5D:60
            X509v3 Authority Key Identifier:
                keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/0SzQWXHJDUqm0boRx2ujnAEOXWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.196.0/22
                  91.234.146.0/24
                  91.237.52.0/24
                  91.239.66.0/23
                  185.5.96.0/22
                  185.25.148.0/22
                  185.180.204.0/22
                  185.193.112.0/22
                  185.201.112.0/22
                  193.17.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:5d:ef:6e:a6:cf:dc:ff:eb:a6:5f:79:28:b7:ac:0c:a2:c4:
         43:9e:0e:7b:21:6a:1f:f7:07:0b:3a:d9:04:00:54:03:0d:9f:
         a5:c3:69:26:ea:69:45:33:02:7f:41:ca:e9:2c:9d:a0:07:9b:
         a6:71:7e:34:ff:83:26:13:ce:82:19:03:d3:3d:cc:d3:e8:db:
         3c:8c:a7:b5:85:56:49:c5:00:ce:63:12:f3:73:62:0c:06:9c:
         15:e0:39:70:b5:2d:a9:a0:c1:bb:43:d6:ec:c3:c7:b4:24:d9:
         3d:1c:e4:54:01:75:82:d2:d9:9e:df:34:4c:ae:8d:f1:fc:47:
         a7:d6:5d:e3:fa:9a:77:55:01:d3:2a:ca:44:74:5f:8b:f5:9f:
         ea:82:f5:0c:57:fa:27:b5:ef:9b:53:18:c2:59:98:49:67:b0:
         94:39:5e:54:b8:7d:50:1f:09:63:74:f2:9b:10:ad:c6:f2:4d:
         24:1f:33:cd:3f:61:93:11:99:77:1e:e2:f3:d2:f3:39:cf:e9:
         3f:d2:6b:fa:be:28:46:39:42:bc:43:5b:de:1b:f7:b0:79:e0:
         15:7f:3a:d6:2a:2e:25:ad:de:59:5a:15:08:d2:ac:a6:81:25:
         90:1d:6b:dc:12:ae:ac:9d:04:f4:16:f6:ce:29:7e:14:33:73:
         16:f4:31:0b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYoAlusoinH9LdfpfKe/6eEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YTVhYTkxOGNiZmViM2UxMjk5N2YzMzg5MGZlYjI1ODkw
N2IzNDMwHhcNMjMwODE2MjMwMzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTJjZDA1OTcxYzkwZDRhYTZkMWJhMTFjNzZiYTM5YzAxMGU1ZDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuo1iHu/KkHHNUIeg3VEV6Ex9BphU
ephWUXZKr5djVqiN86toYxRaQxBsysduWPu3o6iN8wdET4CZTeUwdvCZJgnOz3xA
BF9tGgjAKVZEa0KmqmHYZLKEdUzpdSrLUpgzUplapgUgUofm7YtNn6GePw7xaNrl
sI/+JASvM0U7Z/qMBqjsrVzJW2sPYRZo72Mq7mKrqH4Tt8vpDwBXshXDfygr1jEm
G93aSOtYl3GOgHdQ8p1nm9rF17h19A+97cd1NUExd+hXz5Qkv8cWdKV0nHKDuUdQ
S1BIrcbFhWK983MEmza6615X1TVgQNyPdq/J+CUFWlvX5S7wcctzk7ejWwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNEs0FlxyQ1KptG6Ecdro5wBDl1gMB8GA1UdIwQY
MBaAFCalqpGMv+s+Epl/M4kP6yWJB7NDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTIt
Mjk3ZTI4MmQ2NmE4LzEvMFN6UVdYSEpEVXFtMGJvUngydWpuQUVPWFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTItMjk3ZTI4MmQ2NmE4
LzEvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCW+TEAwQA
W+qSAwQAW+00AwQBW+9CAwQCuQVgAwQCuRmUAwQCubTMAwQCucFwAwQCuclwAwQA
wRG4MA0GCSqGSIb3DQEBCwUAA4IBAQBaXe9ups/c/+umX3kot6wMosRDng57IWof
9wcLOtkEAFQDDZ+lw2km6mlFMwJ/QcrpLJ2gB5umcX40/4MmE86CGQPTPczT6Ns8
jKe1hVZJxQDOYxLzc2IMBpwV4DlwtS2poMG7Q9bsw8e0JNk9HORUAXWC0tme3zRM
ro3x/Een1l3j+pp3VQHTKspEdF+L9Z/qgvUMV/onte+bUxjCWZhJZ7CUOV5UuH1Q
HwljdPKbEK3G8k0kHzPNP2GTEZl3HuLz0vM5z+k/0mv6vihGOUK8Q1veG/eweeAV
fzrWKi4lrd5ZWhUI0qymgSWQHWvcEq6snQT0FvbOKX4UM3MW9DEL
-----END CERTIFICATE-----