Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/2c4731-89d5-4e9b-b4aa-bf09ad32c888/1/S4swX--cD656_l_W_vQymBR7dYw.roa
File:                     S4swX--cD656_l_W_vQymBR7dYw.roa (raw, json)
Hash identifier:          tp9ncgjKDpBpBmD2yJ8AlB/yJENyXFRbGLEl29nbuEk=
Subject key identifier:   4B:8B:30:5F:EF:9C:0F:AE:7A:FE:5F:D6:FE:F4:32:98:14:7B:75:8C
Certificate issuer:       /CN=b06551937efc96e145e33a1ebca24492dc120ecb
Certificate serial:       018572BA68577336D1002F81923432E68A43
Authority key identifier: B0:65:51:93:7E:FC:96:E1:45:E3:3A:1E:BC:A2:44:92:DC:12:0E:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sGVRk378luFF4zoevKJEktwSDss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/2c4731-89d5-4e9b-b4aa-bf09ad32c888/1/S4swX--cD656_l_W_vQymBR7dYw.roa
Signing time:             Mon 02 Jan 2023 13:44:57 +0000
ROA not before:           Mon 02 Jan 2023 13:44:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9121
IP address blocks:        93.184.144.0/24 maxlen: 24
                          93.184.145.0/24 maxlen: 24
                          93.184.150.0/24 maxlen: 24
                          93.184.151.0/24 maxlen: 24
                          93.184.152.0/24 maxlen: 24
                          93.184.146.0/24 maxlen: 24
                          93.184.147.0/24 maxlen: 24
                          93.184.148.0/24 maxlen: 24
                          93.184.149.0/24 maxlen: 24
                          93.184.157.0/24 maxlen: 24
                          93.184.158.0/24 maxlen: 24
                          93.184.159.0/24 maxlen: 24
                          93.184.153.0/24 maxlen: 24
                          93.184.155.0/24 maxlen: 24
                          93.184.156.0/24 maxlen: 24
                          185.168.152.0/24 maxlen: 24
                          185.168.154.0/23 maxlen: 23
                          185.168.153.0/24 maxlen: 24
                          185.168.154.0/24 maxlen: 24
                          185.168.155.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:ba:68:57:73:36:d1:00:2f:81:92:34:32:e6:8a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b06551937efc96e145e33a1ebca24492dc120ecb
        Validity
            Not Before: Jan  2 13:44:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4b8b305fef9c0fae7afe5fd6fef43298147b758c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:9b:e6:3e:a1:5b:82:6a:9b:6b:41:34:01:1b:
                    14:a6:32:11:66:a3:a4:a6:76:6f:4a:54:69:15:1f:
                    43:20:ca:22:c8:98:79:1d:70:81:7c:65:fc:32:fc:
                    ff:c4:79:02:cb:69:3a:4b:cc:2c:99:e7:ca:e5:d7:
                    54:b2:aa:2d:e5:94:5a:bc:3f:d7:74:07:a6:09:cf:
                    fb:f1:1f:ad:a4:a2:bd:d1:b3:7a:0e:88:a2:2b:4f:
                    29:a6:ce:26:17:66:1b:36:20:d2:12:88:05:7a:3c:
                    d6:5d:1e:3c:1d:28:c0:0a:fc:51:a7:21:3d:ec:b1:
                    18:74:25:80:20:0a:f3:44:0c:f9:19:9d:04:6d:e7:
                    a6:c7:1a:54:86:88:68:2e:45:ba:fc:e6:3b:f8:82:
                    1c:67:08:47:f9:80:ea:26:de:ee:ea:3b:16:0f:43:
                    89:c9:b2:7c:df:b0:4e:38:c5:24:33:70:50:2f:f2:
                    b8:78:31:34:13:2c:52:bc:a4:e2:da:97:67:14:ac:
                    86:0c:2f:68:07:ca:e1:19:d7:85:93:1d:09:3e:7f:
                    3d:e0:ec:25:8c:70:ce:63:03:d6:a4:bf:a0:b4:dc:
                    aa:5d:0d:ac:2e:8c:f4:67:14:5a:28:fd:97:8c:29:
                    c5:cc:c9:f3:23:4d:e6:6f:1e:a4:7f:88:66:5f:08:
                    68:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:8B:30:5F:EF:9C:0F:AE:7A:FE:5F:D6:FE:F4:32:98:14:7B:75:8C
            X509v3 Authority Key Identifier:
                keyid:B0:65:51:93:7E:FC:96:E1:45:E3:3A:1E:BC:A2:44:92:DC:12:0E:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sGVRk378luFF4zoevKJEktwSDss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/2c4731-89d5-4e9b-b4aa-bf09ad32c888/1/S4swX--cD656_l_W_vQymBR7dYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/2c4731-89d5-4e9b-b4aa-bf09ad32c888/1/sGVRk378luFF4zoevKJEktwSDss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.184.144.0-93.184.153.255
                  93.184.155.0-93.184.159.255
                  185.168.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         db:b8:56:0e:e5:79:da:72:27:77:c7:9f:c0:39:06:60:55:ad:
         44:82:7c:a8:77:66:30:0f:f3:34:8b:3c:36:18:64:e4:6d:86:
         1f:3f:5a:1d:e6:da:48:90:a0:59:2f:22:d0:89:0c:2e:00:f0:
         bb:a0:bf:10:01:c6:f3:7c:29:71:45:9b:b7:e6:76:37:10:a2:
         62:f6:93:db:63:3c:93:f6:04:5a:71:48:bf:ea:f5:ed:66:c2:
         94:0c:41:b5:c0:e0:3d:aa:55:0b:3d:0e:d6:7d:58:04:1d:11:
         1c:0f:0c:0f:1c:b9:a5:e7:ad:ef:e5:4c:00:12:e3:b3:15:c2:
         5d:8f:c1:b6:b6:01:0f:f0:4d:5e:81:3e:6c:83:b0:27:29:55:
         51:44:c6:2b:9a:bc:4c:48:11:1b:82:3d:15:79:ef:c9:24:86:
         f2:8f:40:83:18:0b:e1:08:cb:12:8d:52:2b:de:1d:51:14:9e:
         27:21:01:d7:3a:99:17:32:63:1d:ba:2e:0e:58:7c:5a:d4:e0:
         14:96:9c:07:a1:d1:73:46:33:8b:8a:5a:a6:2f:f8:05:04:c5:
         e5:46:2c:0f:a1:2a:5e:91:d3:4a:e8:9e:34:2a:61:35:05:3e:
         5b:de:74:4a:35:a1:76:b6:9d:56:87:4f:57:53:6e:50:af:16:
         7d:3f:c9:81
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVyumhXczbRAC+BkjQy5opDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNjU1MTkzN2VmYzk2ZTE0NWUzM2ExZWJjYTI0NDkyZGMx
MjBlY2IwHhcNMjMwMTAyMTM0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjhiMzA1ZmVmOWMwZmFlN2FmZTVmZDZmZWY0MzI5ODE0N2I3NThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pvmPqFbgmqba0E0ARsUpjIRZqOk
pnZvSlRpFR9DIMoiyJh5HXCBfGX8Mvz/xHkCy2k6S8wsmefK5ddUsqot5ZRavD/X
dAemCc/78R+tpKK90bN6DoiiK08pps4mF2YbNiDSEogFejzWXR48HSjACvxRpyE9
7LEYdCWAIArzRAz5GZ0EbeemxxpUhohoLkW6/OY7+IIcZwhH+YDqJt7u6jsWD0OJ
ybJ837BOOMUkM3BQL/K4eDE0EyxSvKTi2pdnFKyGDC9oB8rhGdeFkx0JPn894Owl
jHDOYwPWpL+gtNyqXQ2sLoz0ZxRaKP2XjCnFzMnzI03mbx6kf4hmXwhoSwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFEuLMF/vnA+uev5f1v70MpgUe3WMMB8GA1UdIwQY
MBaAFLBlUZN+/JbhReM6HryiRJLcEg7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0dWUmszNzhsdUZGNHpvZXZLSkVrdHdTRHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8yYzQ3MzEtODlkNS00ZTliLWI0YWEt
YmYwOWFkMzJjODg4LzEvUzRzd1gtLWNENjU2X2xfV192UXltQlI3ZFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8yYzQ3MzEtODlkNS00ZTliLWI0YWEtYmYwOWFkMzJjODg4
LzEvc0dWUmszNzhsdUZGNHpvZXZLSkVrdHdTRHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBARduJAD
BAFduJgwDAMEAF24mwMEBV24gAMEArmomDANBgkqhkiG9w0BAQsFAAOCAQEA27hW
DuV52nInd8efwDkGYFWtRIJ8qHdmMA/zNIs8Nhhk5G2GHz9aHebaSJCgWS8i0IkM
LgDwu6C/EAHG83wpcUWbt+Z2NxCiYvaT22M8k/YEWnFIv+r17WbClAxBtcDgPapV
Cz0O1n1YBB0RHA8MDxy5peet7+VMABLjsxXCXY/BtrYBD/BNXoE+bIOwJylVUUTG
K5q8TEgRG4I9FXnvySSG8o9AgxgL4QjLEo1SK94dURSeJyEB1zqZFzJjHbouDlh8
WtTgFJacB6HRc0Yzi4papi/4BQTF5UYsD6EqXpHTSuieNCphNQU+W950SjWhdrad
VodPV1NuUK8WfT/JgQ==
-----END CERTIFICATE-----