Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/b64837-5e86-4909-a07b-065aa4155ed4/1/o6ouLIcgfGpJj8n4sYk7NZUMzT4.roa
File:                     o6ouLIcgfGpJj8n4sYk7NZUMzT4.roa (raw, json)
Hash identifier:          KEqW4OR00wDc5Augt8YL6ADySZHTUyazsTRFiChkWzE=
Subject key identifier:   A3:AA:2E:2C:87:20:7C:6A:49:8F:C9:F8:B1:89:3B:35:95:0C:CD:3E
Certificate issuer:       /CN=57b77118bd56b2b3b4499c566a7c648aad7a6e9f
Certificate serial:       018570FB9D560FB5545B6B9D889AF86E809F
Authority key identifier: 57:B7:71:18:BD:56:B2:B3:B4:49:9C:56:6A:7C:64:8A:AD:7A:6E:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V7dxGL1WsrO0SZxWanxkiq16bp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/b64837-5e86-4909-a07b-065aa4155ed4/1/o6ouLIcgfGpJj8n4sYk7NZUMzT4.roa
Signing time:             Mon 02 Jan 2023 05:36:56 +0000
ROA not before:           Mon 02 Jan 2023 05:36:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203953
IP address blocks:        185.50.192.0/22 maxlen: 22
                          185.118.248.0/22 maxlen: 22
                          217.61.216.0/21 maxlen: 21
                          185.181.220.0/22 maxlen: 22
                          212.237.128.0/20 maxlen: 20
                          195.192.232.0/22 maxlen: 22
                          213.32.240.0/21 maxlen: 21
                          185.15.72.0/22 maxlen: 22
                          80.210.64.0/20 maxlen: 20
                          2a05:f6c0::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:9d:56:0f:b5:54:5b:6b:9d:88:9a:f8:6e:80:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57b77118bd56b2b3b4499c566a7c648aad7a6e9f
        Validity
            Not Before: Jan  2 05:36:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3aa2e2c87207c6a498fc9f8b1893b35950ccd3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:de:d0:71:24:76:83:fb:5c:22:80:9c:39:f4:
                    3c:02:4a:c6:3f:3e:80:d7:35:47:9d:37:c8:c2:32:
                    e7:41:e3:60:ee:e4:1e:b6:fe:bc:9b:e2:f8:07:84:
                    32:d9:c4:df:a8:45:3a:1f:af:4a:79:d9:a0:4d:ad:
                    05:63:60:61:97:d1:ff:5c:d8:1a:a9:61:59:e4:5e:
                    fe:88:e1:6a:c7:3d:c3:62:3d:a3:0d:c3:57:f0:5a:
                    d5:be:aa:2e:82:0d:9b:cc:32:ca:29:8f:8c:76:4d:
                    c7:d6:52:0e:29:18:38:f4:69:2e:9a:c4:63:36:57:
                    b4:a3:d3:0e:4b:c0:be:44:80:ab:20:80:e6:75:e3:
                    9f:38:95:43:54:53:d3:f5:4d:e5:27:a0:ef:a1:f2:
                    ec:e2:19:d5:c6:c9:cd:aa:cc:33:e3:f0:0b:c7:ae:
                    f1:1f:df:19:69:65:9b:25:f8:13:de:c8:2b:7a:4f:
                    d4:02:b1:cd:3e:75:09:ed:92:67:b9:18:28:f3:b7:
                    42:2a:e9:97:23:21:2b:03:b3:f1:ba:fa:c1:66:04:
                    dd:31:cb:a5:7b:dd:cb:a9:86:fb:83:15:93:ef:6b:
                    4d:71:43:80:88:95:92:b2:ec:df:71:84:e7:93:07:
                    2e:d8:91:3b:e5:57:6a:a3:fd:ec:a4:2c:bb:cb:bc:
                    ba:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:AA:2E:2C:87:20:7C:6A:49:8F:C9:F8:B1:89:3B:35:95:0C:CD:3E
            X509v3 Authority Key Identifier:
                keyid:57:B7:71:18:BD:56:B2:B3:B4:49:9C:56:6A:7C:64:8A:AD:7A:6E:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V7dxGL1WsrO0SZxWanxkiq16bp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/b64837-5e86-4909-a07b-065aa4155ed4/1/o6ouLIcgfGpJj8n4sYk7NZUMzT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/b64837-5e86-4909-a07b-065aa4155ed4/1/V7dxGL1WsrO0SZxWanxkiq16bp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.210.64.0/20
                  185.15.72.0/22
                  185.50.192.0/22
                  185.118.248.0/22
                  185.181.220.0/22
                  195.192.232.0/22
                  212.237.128.0/20
                  213.32.240.0/21
                  217.61.216.0/21
                IPv6:
                  2a05:f6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:8c:e6:58:1f:c8:35:7f:52:7d:35:38:3d:0c:d4:74:c1:51:
         aa:fa:76:68:fe:7e:5f:70:44:f1:03:a1:fa:88:81:39:fd:7f:
         c8:be:e8:de:4e:fc:4e:0a:96:67:44:0d:c3:4b:33:c2:ef:ce:
         27:6d:b2:f7:a9:35:08:6c:1c:74:47:3e:02:14:03:30:9e:3c:
         08:d2:a1:7f:57:84:1a:e2:2e:69:35:aa:ca:3e:fd:e9:39:a4:
         60:06:9b:7f:eb:62:19:01:3d:72:78:9f:fd:44:b5:0e:14:45:
         e4:76:35:38:92:d3:cc:2b:05:03:7b:b9:73:f9:33:d4:7a:43:
         f5:08:6f:05:db:86:af:0c:02:9b:b7:7c:a2:44:a9:fe:8c:e8:
         92:6b:46:49:c6:1c:f6:07:05:e3:4d:d9:08:e4:6e:d9:56:52:
         1e:83:4c:3e:5a:02:30:4e:36:51:33:6c:74:f2:73:33:a2:8e:
         cf:65:a6:09:78:9d:8f:e9:57:2e:fe:fd:33:33:07:86:fb:92:
         05:25:e5:8f:bb:4b:c6:58:bf:ed:25:a5:2e:ee:a3:24:25:b3:
         8a:ac:46:b3:ea:b1:fe:a4:64:90:fc:09:df:2d:45:c2:34:94:
         75:53:c0:3c:bf:22:f5:3c:26:27:f0:aa:eb:b1:04:3f:3a:e6:
         3e:b4:e4:79
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVw+51WD7VUW2udiJr4boCfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3Yjc3MTE4YmQ1NmIyYjNiNDQ5OWM1NjZhN2M2NDhhYWQ3
YTZlOWYwHhcNMjMwMTAyMDUzNjU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2FhMmUyYzg3MjA3YzZhNDk4ZmM5ZjhiMTg5M2IzNTk1MGNjZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAht7QcSR2g/tcIoCcOfQ8AkrGPz6A
1zVHnTfIwjLnQeNg7uQetv68m+L4B4Qy2cTfqEU6H69KedmgTa0FY2Bhl9H/XNga
qWFZ5F7+iOFqxz3DYj2jDcNX8FrVvqougg2bzDLKKY+Mdk3H1lIOKRg49GkumsRj
Nle0o9MOS8C+RICrIIDmdeOfOJVDVFPT9U3lJ6DvofLs4hnVxsnNqswz4/ALx67x
H98ZaWWbJfgT3sgrek/UArHNPnUJ7ZJnuRgo87dCKumXIyErA7PxuvrBZgTdMcul
e93LqYb7gxWT72tNcUOAiJWSsuzfcYTnkwcu2JE75Vdqo/3spCy7y7y6swIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFKOqLiyHIHxqSY/J+LGJOzWVDM0+MB8GA1UdIwQY
MBaAFFe3cRi9VrKztEmcVmp8ZIqtem6fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjdkeEdMMVdzck8wU1p4V2FueGtpcTE2YnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9iNjQ4MzctNWU4Ni00OTA5LWEwN2It
MDY1YWE0MTU1ZWQ0LzEvbzZvdUxJY2dmR3BKajhuNHNZazdOWlVNelQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9iNjQ4MzctNWU4Ni00OTA5LWEwN2ItMDY1YWE0MTU1ZWQ0
LzEvVjdkeEdMMVdzck8wU1p4V2FueGtpcTE2YnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQEUNJAAwQC
uQ9IAwQCuTLAAwQCuXb4AwQCubXcAwQCw8DoAwQE1O2AAwQD1SDwAwQD2T3YMA0E
AgACMAcDBQMqBfbAMA0GCSqGSIb3DQEBCwUAA4IBAQCxjOZYH8g1f1J9NTg9DNR0
wVGq+nZo/n5fcETxA6H6iIE5/X/IvujeTvxOCpZnRA3DSzPC784nbbL3qTUIbBx0
Rz4CFAMwnjwI0qF/V4Qa4i5pNarKPv3pOaRgBpt/62IZAT1yeJ/9RLUOFEXkdjU4
ktPMKwUDe7lz+TPUekP1CG8F24avDAKbt3yiRKn+jOiSa0ZJxhz2BwXjTdkI5G7Z
VlIeg0w+WgIwTjZRM2x08nMzoo7PZaYJeJ2P6Vcu/v0zMweG+5IFJeWPu0vGWL/t
JaUu7qMkJbOKrEaz6rH+pGSQ/AnfLUXCNJR1U8A8vyL1PCYn8KrrsQQ/OuY+tOR5
-----END CERTIFICATE-----