Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/OAA4jCK2J3rZNrbg6qomvQfmq0s.roa
File:                     OAA4jCK2J3rZNrbg6qomvQfmq0s.roa (raw, json)
Hash identifier:          zo9GiicyUPaV5K79XAT3vVW8Yh9RjYC6JWr0Uywsc9c=
Subject key identifier:   38:00:38:8C:22:B6:27:7A:D9:36:B6:E0:EA:AA:26:BD:07:E6:AB:4B
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       01884DA1BA705FC3B7A0C25F49952D74126A
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/OAA4jCK2J3rZNrbg6qomvQfmq0s.roa
Signing time:             Wed 24 May 2023 12:00:24 +0000
ROA not before:           Wed 24 May 2023 12:00:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51295
IP address blocks:        185.179.156.0/22 maxlen: 22
                          185.248.196.0/22 maxlen: 22
                          194.165.26.0/24 maxlen: 24
                          45.153.88.0/24 maxlen: 24
                          2a0a:8880:1::/48 maxlen: 48
                          2a0a:8880:2::/48 maxlen: 48
                          2a0a:8880:aaaa::/48 maxlen: 48
                          2a0f:4440:aaaa::/48 maxlen: 48
                          2a0f:4440:abcd::/48 maxlen: 48
                          2a0a:8880::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:4d:a1:ba:70:5f:c3:b7:a0:c2:5f:49:95:2d:74:12:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: May 24 12:00:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3800388c22b6277ad936b6e0eaaa26bd07e6ab4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:da:28:dd:44:f1:9b:90:cf:69:8e:8b:f7:a3:
                    6e:d9:45:bb:4f:d7:19:b9:52:d6:9c:02:07:bc:5b:
                    88:85:dc:26:fa:99:14:bf:f6:4a:ff:e1:d0:cd:71:
                    e7:f4:09:bc:df:ea:fe:9e:61:9f:b6:db:7c:b2:5f:
                    06:de:3e:f5:53:ee:93:74:55:9c:b9:c1:cf:43:77:
                    08:d7:a7:95:09:7b:df:6d:49:0f:aa:3a:4d:40:da:
                    d1:59:4c:9d:cc:16:6a:c8:19:42:26:c0:72:a4:2c:
                    94:ef:2f:e3:25:87:67:da:27:be:26:26:e0:df:de:
                    bd:3c:62:df:1e:91:25:57:a3:1c:44:f1:f8:33:62:
                    6f:d0:0e:b0:1c:01:09:a4:cb:ae:4c:f6:f8:0a:29:
                    66:ed:b4:d9:e4:6e:62:dd:85:09:d2:7c:8b:c9:ec:
                    8d:91:4c:b9:b9:cf:fd:cb:15:0b:bc:ec:af:c7:f6:
                    2b:5e:00:f8:ce:ef:fb:ba:b4:d5:d3:10:2c:f9:f5:
                    ad:93:0b:31:fa:aa:f5:14:33:59:85:29:11:d9:ee:
                    71:dd:0c:d6:cc:3f:8f:e2:b6:44:94:00:fe:b5:27:
                    9b:f4:6d:bf:54:20:02:ba:38:2f:5c:70:20:07:25:
                    c1:2d:93:9a:18:36:6c:47:bc:1f:aa:14:c4:53:9d:
                    31:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:00:38:8C:22:B6:27:7A:D9:36:B6:E0:EA:AA:26:BD:07:E6:AB:4B
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/OAA4jCK2J3rZNrbg6qomvQfmq0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.88.0/24
                  185.179.156.0/22
                  185.248.196.0/22
                  194.165.26.0/24
                IPv6:
                  2a0a:8880::-2a0a:8880:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:8880:aaaa::/48
                  2a0f:4440:aaaa::/48
                  2a0f:4440:abcd::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:0f:ed:85:9b:da:e0:6e:48:d0:02:50:6f:29:4e:ec:25:8a:
         05:df:19:9c:7f:9b:a5:c8:74:59:28:41:f1:c7:c1:da:d3:d3:
         c6:b9:99:41:e3:ec:0d:64:42:9c:ae:0f:4e:31:2a:33:bd:9f:
         fa:36:75:c4:91:df:cc:4e:9f:67:d8:fb:c8:3c:46:8d:36:b1:
         fe:eb:ee:94:cd:99:85:8d:03:cb:96:44:0b:db:90:55:b8:03:
         ed:96:aa:be:d9:10:ea:5c:07:35:93:85:08:b6:89:d8:c8:5c:
         38:73:0f:70:30:be:ba:70:27:98:24:35:73:5a:ae:0c:8b:4b:
         99:c4:89:9b:ce:54:c8:56:30:34:34:49:85:38:a8:c4:00:2b:
         94:2f:39:95:64:fb:6c:55:85:82:98:76:08:cc:78:c5:ee:d3:
         9a:e3:77:e9:ce:f8:ae:40:15:e1:b8:ba:dd:2a:c0:ea:dc:a9:
         d3:28:47:e4:69:df:d5:c3:01:df:b0:82:65:ed:71:83:d2:24:
         45:4f:f6:d6:28:35:30:c6:06:0e:89:66:e9:83:de:d6:f9:f2:
         d6:d3:1d:b1:94:f6:21:eb:9f:75:12:97:40:ae:5f:b0:b9:f9:
         b1:63:8d:df:40:3c:7b:00:43:58:40:e9:50:16:e8:c7:b1:ef:
         a7:4a:47:59
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYhNobpwX8O3oMJfSZUtdBJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjMwNTI0MTIwMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODAwMzg4YzIyYjYyNzdhZDkzNmI2ZTBlYWFhMjZiZDA3ZTZhYjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNoo3UTxm5DPaY6L96Nu2UW7T9cZ
uVLWnAIHvFuIhdwm+pkUv/ZK/+HQzXHn9Am83+r+nmGfttt8sl8G3j71U+6TdFWc
ucHPQ3cI16eVCXvfbUkPqjpNQNrRWUydzBZqyBlCJsBypCyU7y/jJYdn2ie+Jibg
3969PGLfHpElV6McRPH4M2Jv0A6wHAEJpMuuTPb4Cilm7bTZ5G5i3YUJ0nyLyeyN
kUy5uc/9yxULvOyvx/YrXgD4zu/7urTV0xAs+fWtkwsx+qr1FDNZhSkR2e5x3QzW
zD+P4rZElAD+tSeb9G2/VCACujgvXHAgByXBLZOaGDZsR7wfqhTEU50xOwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFDgAOIwitid62Ta24OqqJr0H5qtLMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEvT0FBNGpDSzJKM3JaTnJiZzZxb212UWZtcTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAeBAIAATAYAwQALZlYAwQC
ubOcAwQCufjEAwQAwqUaMDMEAgACMC0wEAMFByoKiIADBwAqCoiAAAIDBwAqCoiA
qqoDBwAqD0RAqqoDBwAqD0RAq80wDQYJKoZIhvcNAQELBQADggEBAEcP7YWb2uBu
SNACUG8pTuwligXfGZx/m6XIdFkoQfHHwdrT08a5mUHj7A1kQpyuD04xKjO9n/o2
dcSR38xOn2fY+8g8Ro02sf7r7pTNmYWNA8uWRAvbkFW4A+2Wqr7ZEOpcBzWThQi2
idjIXDhzD3AwvrpwJ5gkNXNargyLS5nEiZvOVMhWMDQ0SYU4qMQAK5QvOZVk+2xV
hYKYdgjMeMXu05rjd+nO+K5AFeG4ut0qwOrcqdMoR+Rp39XDAd+wgmXtcYPSJEVP
9tYoNTDGBg6JZumD3tb58tbTHbGU9iHrn3USl0CuX7C5+bFjjd9APHsAQ1hA6VAW
6Mex76dKR1k=
-----END CERTIFICATE-----