Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/W_J2FqjZcG6p-8BhHbBe3cPhOHM.roa
File:                     W_J2FqjZcG6p-8BhHbBe3cPhOHM.roa (raw, json)
Hash identifier:          /ia/uB3APcDnT3dFZvcVKfS8RqN4OTAdZQFGEupfaPo=
Subject key identifier:   5B:F2:76:16:A8:D9:70:6E:A9:FB:C0:61:1D:B0:5E:DD:C3:E1:38:73
Certificate issuer:       /CN=3474210c28413e26284822abe83ad6d7c0f764fa
Certificate serial:       01856C6EE960C29E57C7DCD91D4B6D013EAA
Authority key identifier: 34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/W_J2FqjZcG6p-8BhHbBe3cPhOHM.roa
Signing time:             Sun 01 Jan 2023 08:24:46 +0000
ROA not before:           Sun 01 Jan 2023 08:24:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207249
IP address blocks:        185.161.232.0/22 maxlen: 24
                          185.68.44.0/22 maxlen: 22
                          185.68.44.0/24 maxlen: 24
                          185.68.46.0/24 maxlen: 24
                          185.68.47.0/24 maxlen: 24
                          91.206.20.0/24 maxlen: 24
                          91.206.20.0/23 maxlen: 23
                          2a05:1600::/32 maxlen: 32
                          2a07:c880::/29 maxlen: 32
                          2a07:c883::/32 maxlen: 32
                          2a05:1600::/29 maxlen: 29
                          2a07:c881::/32 maxlen: 32
                          2a07:c884::/32 maxlen: 32
                          2a07:c880::/32 maxlen: 32
                          2a05:1602::/32 maxlen: 32
                          2a05:1601::/32 maxlen: 32
                          2a07:c882::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:6e:e9:60:c2:9e:57:c7:dc:d9:1d:4b:6d:01:3e:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3474210c28413e26284822abe83ad6d7c0f764fa
        Validity
            Not Before: Jan  1 08:24:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5bf27616a8d9706ea9fbc0611db05eddc3e13873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:39:80:60:15:9b:d9:1e:fd:97:1c:91:be:01:
                    db:28:cf:bb:33:4f:13:51:63:7b:37:28:35:82:09:
                    63:7a:e5:db:8b:c1:11:c1:82:69:c6:e8:96:c4:ca:
                    b7:cb:e7:f8:2f:4e:30:e3:22:be:7d:b4:2c:01:2f:
                    f0:95:46:87:3e:9d:d3:14:75:8a:cd:fa:e1:05:28:
                    2f:16:af:07:45:89:2d:39:f8:a7:b6:c9:8d:ae:bc:
                    59:ca:6f:34:ac:83:52:f6:8d:28:44:1c:f2:68:46:
                    8b:ba:04:f3:98:c7:72:62:d3:69:32:a8:a5:73:49:
                    2e:44:30:d3:37:94:93:8d:7d:11:c3:07:42:40:9f:
                    8a:69:ef:9a:65:83:f1:eb:c5:81:1e:f2:ad:7e:5e:
                    79:f6:ea:0d:96:3b:e9:c2:d8:83:8a:97:55:89:c6:
                    e2:40:ab:e9:75:20:0e:78:0f:c3:bd:ce:73:50:db:
                    75:10:83:8a:a6:27:e3:bc:7a:a4:42:93:4c:0c:aa:
                    c2:bc:ad:a2:d2:e2:63:32:e7:ed:35:95:3d:8e:57:
                    0f:32:5f:fc:f3:18:d5:ea:b5:ee:59:70:fa:13:d4:
                    1f:5e:1c:94:ae:7f:94:f3:1d:25:3c:03:d5:60:6c:
                    1e:d5:65:d8:79:15:85:8e:00:69:bc:71:df:1d:2e:
                    a5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F2:76:16:A8:D9:70:6E:A9:FB:C0:61:1D:B0:5E:DD:C3:E1:38:73
            X509v3 Authority Key Identifier:
                keyid:34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/W_J2FqjZcG6p-8BhHbBe3cPhOHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.20.0/23
                  185.68.44.0/22
                  185.161.232.0/22
                IPv6:
                  2a05:1600::/29
                  2a07:c880::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:e4:1c:c1:e1:82:8e:99:fb:e7:a3:e7:aa:b3:e5:83:8e:42:
         11:7d:2c:1f:e9:71:07:1f:a3:96:7e:90:c0:03:71:82:20:d4:
         d7:16:ce:9d:c2:e7:21:9a:a9:1a:00:3e:a1:9b:ab:78:35:23:
         fc:b6:26:d0:84:7d:5d:b1:31:c4:5d:9d:59:5f:02:d6:b9:24:
         4d:e4:62:87:06:ad:48:b7:85:37:27:55:a6:d5:df:36:b1:0a:
         10:23:16:a0:d7:b2:29:c7:e3:93:3e:57:fe:c4:5a:cc:7d:61:
         87:8b:2a:0a:52:25:6e:46:6f:55:5b:11:2a:98:b1:a9:bb:b2:
         e6:8c:05:d2:5d:84:02:e7:0d:6d:d7:76:6b:78:5d:75:9d:26:
         92:a1:ea:38:a2:d4:61:2e:7f:e3:01:12:fa:c9:b8:96:3a:f6:
         91:b4:b9:f0:62:29:d8:11:32:7f:c0:2b:2c:69:1c:23:d9:bf:
         58:3d:68:2d:a3:cc:3f:da:d6:3c:05:de:da:af:ae:e2:e7:bf:
         f7:4a:9c:cd:08:5f:29:47:52:c0:04:2c:5f:1e:ac:d8:61:c3:
         78:06:09:25:32:0b:9c:dc:db:35:e2:86:37:69:3c:45:f3:da:
         cd:24:6a:f3:ff:b0:4c:0a:45:2c:77:20:5e:62:97:28:5d:4f:
         2c:dd:94:53
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYVsbulgwp5Xx9zZHUttAT6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NzQyMTBjMjg0MTNlMjYyODQ4MjJhYmU4M2FkNmQ3YzBm
NzY0ZmEwHhcNMjMwMTAxMDgyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmYyNzYxNmE4ZDk3MDZlYTlmYmMwNjExZGIwNWVkZGMzZTEzODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojmAYBWb2R79lxyRvgHbKM+7M08T
UWN7Nyg1ggljeuXbi8ERwYJpxuiWxMq3y+f4L04w4yK+fbQsAS/wlUaHPp3TFHWK
zfrhBSgvFq8HRYktOfintsmNrrxZym80rINS9o0oRBzyaEaLugTzmMdyYtNpMqil
c0kuRDDTN5STjX0RwwdCQJ+Kae+aZYPx68WBHvKtfl559uoNljvpwtiDipdVicbi
QKvpdSAOeA/Dvc5zUNt1EIOKpifjvHqkQpNMDKrCvK2i0uJjMuftNZU9jlcPMl/8
8xjV6rXuWXD6E9QfXhyUrn+U8x0lPAPVYGwe1WXYeRWFjgBpvHHfHS6lJwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFFvydhao2XBuqfvAYR2wXt3D4ThzMB8GA1UdIwQY
MBaAFDR0IQwoQT4mKEgiq+g61tfA92T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5Yzkt
YjBjNzRiNzZlMTgyLzEvV19KMkZxalpjRzZwLThCaEhiQmUzY1BoT0hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5YzktYjBjNzRiNzZlMTgy
LzEvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQBW84UAwQC
uUQsAwQCuaHoMBQEAgACMA4DBQMqBRYAAwUDKgfIgDANBgkqhkiG9w0BAQsFAAOC
AQEAXOQcweGCjpn756PnqrPlg45CEX0sH+lxBx+jln6QwANxgiDU1xbOncLnIZqp
GgA+oZureDUj/LYm0IR9XbExxF2dWV8C1rkkTeRihwatSLeFNydVptXfNrEKECMW
oNeyKcfjkz5X/sRazH1hh4sqClIlbkZvVVsRKpixqbuy5owF0l2EAucNbdd2a3hd
dZ0mkqHqOKLUYS5/4wES+sm4ljr2kbS58GIp2BEyf8ArLGkcI9m/WD1oLaPMP9rW
PAXe2q+u4ue/90qczQhfKUdSwAQsXx6s2GHDeAYJJTILnNzbNeKGN2k8RfPazSRq
8/+wTApFLHcgXmKXKF1PLN2UUw==
-----END CERTIFICATE-----