Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e4d903-5baa-4341-9392-a3e481fb51b9/1/KWsrKoyN2ogvFTPR3GP_RQdC9NY.roa
File:                     KWsrKoyN2ogvFTPR3GP_RQdC9NY.roa (raw, json)
Hash identifier:          RGaLO/uHg8Bo+0NkQr3iPqBOX68572HqTDZwWmVn++U=
Subject key identifier:   29:6B:2B:2A:8C:8D:DA:88:2F:15:33:D1:DC:63:FF:45:07:42:F4:D6
Certificate issuer:       /CN=b7f6c33bfb9d94bd0f74a738e7f16d0e9da0c3b9
Certificate serial:       018B2AED979B032EBBEC997FD272B2881518
Authority key identifier: B7:F6:C3:3B:FB:9D:94:BD:0F:74:A7:38:E7:F1:6D:0E:9D:A0:C3:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t_bDO_udlL0PdKc45_FtDp2gw7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e4d903-5baa-4341-9392-a3e481fb51b9/1/KWsrKoyN2ogvFTPR3GP_RQdC9NY.roa
Signing time:             Fri 13 Oct 2023 21:24:55 +0000
ROA not before:           Fri 13 Oct 2023 21:24:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202913
IP address blocks:        185.130.144.0/24 maxlen: 24
                          185.130.145.0/24 maxlen: 24
                          185.130.144.0/22 maxlen: 22
                          185.130.144.0/23 maxlen: 23
                          185.130.146.0/24 maxlen: 24
                          185.130.146.0/23 maxlen: 23
                          185.130.147.0/24 maxlen: 24
                          80.78.131.0/24 maxlen: 24
                          80.78.128.0/22 maxlen: 22
                          80.78.128.0/24 maxlen: 24
                          80.78.129.0/24 maxlen: 24
                          80.78.130.0/24 maxlen: 24
                          45.148.196.0/24 maxlen: 24
                          45.148.197.0/24 maxlen: 24
                          45.148.198.0/24 maxlen: 24
                          45.148.196.0/22 maxlen: 22
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:2a:ed:97:9b:03:2e:bb:ec:99:7f:d2:72:b2:88:15:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7f6c33bfb9d94bd0f74a738e7f16d0e9da0c3b9
        Validity
            Not Before: Oct 13 21:24:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=296b2b2a8c8dda882f1533d1dc63ff450742f4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:12:cb:2f:66:21:2d:82:ae:f9:c8:e5:92:e0:
                    91:ff:fd:af:66:f1:8b:d0:39:c7:29:d9:63:ad:ac:
                    55:81:7f:6f:13:fb:d5:3e:94:84:37:dc:16:75:04:
                    e9:21:6a:2b:ab:c9:17:31:13:c8:2d:09:c7:24:5c:
                    c3:6c:98:32:65:f7:81:f2:39:a0:52:6d:87:3b:f5:
                    22:d2:2b:70:43:47:76:04:74:e9:9a:fb:7a:3d:27:
                    7a:50:be:e1:b9:d0:08:58:ed:dd:84:31:77:4b:26:
                    34:bc:5c:65:61:ac:34:ef:fd:8c:87:09:d4:d9:a1:
                    4b:13:47:e6:02:b2:b0:52:dd:50:b8:43:a6:10:a6:
                    a9:a0:65:9a:44:e9:e5:b8:da:6f:c1:87:41:88:89:
                    38:b6:13:dc:35:5d:b7:45:3a:a1:98:3c:37:96:82:
                    a4:80:ef:77:d1:15:ed:5e:2a:70:f0:ce:b0:0c:40:
                    51:e1:ca:1d:d1:f7:94:9e:0b:8a:66:70:c8:c9:1a:
                    69:8b:bd:65:05:0c:c2:4f:7a:b8:8e:d4:53:9e:7b:
                    41:70:ec:10:3c:11:a3:28:19:a7:65:90:e2:29:10:
                    bb:d1:0e:0a:f5:ff:ca:67:a6:13:73:f0:93:3f:17:
                    10:05:e2:69:f1:47:70:a3:9b:21:72:70:ef:e0:5d:
                    77:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6B:2B:2A:8C:8D:DA:88:2F:15:33:D1:DC:63:FF:45:07:42:F4:D6
            X509v3 Authority Key Identifier:
                keyid:B7:F6:C3:3B:FB:9D:94:BD:0F:74:A7:38:E7:F1:6D:0E:9D:A0:C3:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t_bDO_udlL0PdKc45_FtDp2gw7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e4d903-5baa-4341-9392-a3e481fb51b9/1/KWsrKoyN2ogvFTPR3GP_RQdC9NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e4d903-5baa-4341-9392-a3e481fb51b9/1/t_bDO_udlL0PdKc45_FtDp2gw7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.196.0/22
                  80.78.128.0/22
                  185.130.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:c9:29:da:59:76:9b:b6:98:28:3b:34:74:87:4d:37:64:58:
         66:14:83:36:29:fe:c9:cd:5a:95:a1:11:f2:77:f4:05:31:10:
         69:86:c0:53:1b:53:7e:e6:5a:01:f5:a0:82:61:41:32:0f:ef:
         c3:b8:6b:44:4d:cb:0b:9e:7d:a6:d8:0d:4d:13:4d:8f:ba:56:
         22:c4:59:cc:0f:f4:12:6a:92:53:b0:b3:08:90:ea:6f:af:41:
         44:6f:60:d5:cd:02:5b:fc:f6:b3:f8:b7:c7:b7:2a:90:1b:eb:
         b6:d5:6b:c4:bf:d7:74:cc:7f:2a:ca:3c:e6:d5:ec:3e:71:d2:
         bb:2a:10:ca:8a:fa:c8:97:55:0a:d7:23:41:00:0c:03:4a:8d:
         0b:e1:4c:8c:16:93:39:35:e9:96:82:66:b2:c3:aa:a3:3a:e7:
         58:f8:3f:16:14:83:ac:7b:36:06:4a:ca:cd:df:d3:4d:a2:b9:
         f5:15:04:b6:5c:26:aa:23:f6:76:f2:73:0f:e9:17:7c:47:ae:
         e0:34:2f:9c:4c:63:29:1c:34:58:33:83:60:f3:f9:6b:98:1a:
         da:79:33:82:e6:2b:f2:c4:f8:45:b9:68:13:f6:34:a3:31:e0:
         c4:74:60:5a:aa:4e:3a:7e:c9:b2:28:95:7c:89:00:14:12:da:
         99:94:42:f9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYsq7ZebAy677Jl/0nKyiBUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ZjZjMzNiZmI5ZDk0YmQwZjc0YTczOGU3ZjE2ZDBlOWRh
MGMzYjkwHhcNMjMxMDEzMjEyNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZiMmIyYThjOGRkYTg4MmYxNTMzZDFkYzYzZmY0NTA3NDJmNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBLLL2YhLYKu+cjlkuCR//2vZvGL
0DnHKdljraxVgX9vE/vVPpSEN9wWdQTpIWorq8kXMRPILQnHJFzDbJgyZfeB8jmg
Um2HO/Ui0itwQ0d2BHTpmvt6PSd6UL7hudAIWO3dhDF3SyY0vFxlYaw07/2MhwnU
2aFLE0fmArKwUt1QuEOmEKapoGWaROnluNpvwYdBiIk4thPcNV23RTqhmDw3loKk
gO930RXtXipw8M6wDEBR4cod0feUnguKZnDIyRppi71lBQzCT3q4jtRTnntBcOwQ
PBGjKBmnZZDiKRC70Q4K9f/KZ6YTc/CTPxcQBeJp8Udwo5shcnDv4F13xwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFClrKyqMjdqILxUz0dxj/0UHQvTWMB8GA1UdIwQY
MBaAFLf2wzv7nZS9D3SnOOfxbQ6doMO5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdF9iRE9fdWRsTDBQZEtjNDVfRnREcDJndzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNGQ5MDMtNWJhYS00MzQxLTkzOTIt
YTNlNDgxZmI1MWI5LzEvS1dzcktveU4yb2d2RlRQUjNHUF9SUWRDOU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNGQ5MDMtNWJhYS00MzQxLTkzOTItYTNlNDgxZmI1MWI5
LzEvdF9iRE9fdWRsTDBQZEtjNDVfRnREcDJndzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZTEAwQC
UE6AAwQCuYKQMA0GCSqGSIb3DQEBCwUAA4IBAQASySnaWXabtpgoOzR0h003ZFhm
FIM2Kf7JzVqVoRHyd/QFMRBphsBTG1N+5loB9aCCYUEyD+/DuGtETcsLnn2m2A1N
E02PulYixFnMD/QSapJTsLMIkOpvr0FEb2DVzQJb/Paz+LfHtyqQG+u21WvEv9d0
zH8qyjzm1ew+cdK7KhDKivrIl1UK1yNBAAwDSo0L4UyMFpM5NemWgmayw6qjOudY
+D8WFIOsezYGSsrN39NNorn1FQS2XCaqI/Z28nMP6Rd8R67gNC+cTGMpHDRYM4Ng
8/lrmBraeTOC5ivyxPhFuWgT9jSjMeDEdGBaqk46fsmyKJV8iQAUEtqZlEL5
-----END CERTIFICATE-----