Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c502c1-f314-40b1-a024-8d10fee584fe/1/XJVp6gnG9eik3E9FRoR-hr05s-0.roa
File:                     XJVp6gnG9eik3E9FRoR-hr05s-0.roa (raw, json)
Hash identifier:          07c0fXxiudoX+GxCsIPL8ajBj5sihYyIz3sGnHxOahQ=
Subject key identifier:   5C:95:69:EA:09:C6:F5:E8:A4:DC:4F:45:46:84:7E:86:BD:39:B3:ED
Certificate issuer:       /CN=19622650048107918adf1b22cdf087c8a834f79c
Certificate serial:       01884342B35130999F1CC73B1565BAC110F5
Authority key identifier: 19:62:26:50:04:81:07:91:8A:DF:1B:22:CD:F0:87:C8:A8:34:F7:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GWImUASBB5GK3xsizfCHyKg095w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c502c1-f314-40b1-a024-8d10fee584fe/1/XJVp6gnG9eik3E9FRoR-hr05s-0.roa
Signing time:             Mon 22 May 2023 11:40:24 +0000
ROA not before:           Mon 22 May 2023 11:40:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206170
IP address blocks:        86.106.25.0/24 maxlen: 24
                          86.107.103.0/24 maxlen: 24
                          109.205.246.0/24 maxlen: 24
                          188.66.62.0/24 maxlen: 24
                          188.66.63.0/24 maxlen: 24
                          188.66.60.0/24 maxlen: 24
                          185.189.48.0/22 maxlen: 22
                          188.66.61.0/24 maxlen: 24
                          195.85.54.0/24 maxlen: 24
                          2a0b:dc80::/29 maxlen: 29
                          2001:67c:750::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:43:42:b3:51:30:99:9f:1c:c7:3b:15:65:ba:c1:10:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19622650048107918adf1b22cdf087c8a834f79c
        Validity
            Not Before: May 22 11:40:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c9569ea09c6f5e8a4dc4f4546847e86bd39b3ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:46:01:e1:73:02:70:18:9a:c8:2d:71:3e:c8:
                    2e:58:8c:92:4c:95:79:bd:c7:d9:d2:a9:a7:0b:67:
                    d7:2c:92:e5:be:5e:8f:b6:b5:e5:17:0b:0e:aa:25:
                    46:ae:01:3f:05:cd:93:b0:57:82:b2:4e:d5:c3:cd:
                    57:88:1e:7f:7b:2e:66:f2:2b:c2:43:56:40:66:2c:
                    70:ed:1c:9a:bd:38:e5:63:16:d2:f9:90:35:65:93:
                    db:ac:94:5f:77:0e:cd:5e:0f:dc:ad:48:44:82:56:
                    7c:bd:6f:ff:ee:75:dd:12:11:e2:c4:0b:77:0b:b7:
                    3e:e8:e3:6d:f1:cb:bc:0c:55:4a:1e:0a:00:a8:f5:
                    15:39:4d:c6:0c:36:ba:c0:7c:fd:dc:c5:1e:0f:6d:
                    9d:da:0b:05:97:87:cf:08:40:ad:e0:24:f7:f7:f1:
                    89:cb:b2:88:28:68:b3:5f:a0:9d:b2:87:7d:80:fc:
                    bd:69:7a:f8:eb:35:66:a7:57:68:c6:e0:e4:fb:83:
                    45:36:1c:22:aa:04:54:a5:63:90:90:b1:b9:f5:c1:
                    e6:b4:75:57:3c:fe:69:e9:fa:75:de:56:c5:08:1a:
                    02:75:0f:80:75:83:32:64:24:37:3f:28:2d:0a:4e:
                    e9:9e:bc:d0:9a:4a:62:e4:2b:d7:7e:05:ba:09:97:
                    29:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:95:69:EA:09:C6:F5:E8:A4:DC:4F:45:46:84:7E:86:BD:39:B3:ED
            X509v3 Authority Key Identifier:
                keyid:19:62:26:50:04:81:07:91:8A:DF:1B:22:CD:F0:87:C8:A8:34:F7:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GWImUASBB5GK3xsizfCHyKg095w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c502c1-f314-40b1-a024-8d10fee584fe/1/XJVp6gnG9eik3E9FRoR-hr05s-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c502c1-f314-40b1-a024-8d10fee584fe/1/GWImUASBB5GK3xsizfCHyKg095w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.25.0/24
                  86.107.103.0/24
                  109.205.246.0/24
                  185.189.48.0/22
                  188.66.60.0/22
                  195.85.54.0/24
                IPv6:
                  2001:67c:750::/48
                  2a0b:dc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:65:cd:98:a6:70:a5:4f:6e:09:f4:77:3c:ca:bf:b0:22:74:
         da:9a:8e:9a:06:89:a7:9f:be:37:8f:6b:cd:7a:b0:97:f8:24:
         a8:41:fd:9e:34:51:f8:af:b3:14:e7:ba:7e:e2:7a:0e:13:cc:
         3f:65:4c:38:9b:58:9e:aa:4a:81:38:32:5f:8f:11:ad:77:19:
         10:dc:93:2e:e3:6d:14:34:48:da:8e:be:10:ac:c4:30:29:1d:
         e5:86:0a:a5:ad:d9:9b:d7:35:38:a7:3e:c0:d3:8a:6e:52:af:
         8b:ef:aa:22:b1:19:53:12:ca:45:e3:86:8d:47:1e:a1:77:e5:
         91:80:73:2d:79:39:90:07:9a:a3:37:ed:58:af:cb:30:7e:8c:
         fc:88:28:a8:6b:eb:2a:3f:fd:50:a1:f0:ab:63:af:9a:c5:af:
         b5:b7:54:84:b5:49:59:aa:08:06:b8:25:60:4b:89:19:1a:f2:
         a2:c5:f4:cc:05:c4:2a:aa:1b:03:ce:8f:7d:32:72:da:34:6a:
         73:65:d7:15:a6:59:d6:72:c1:ca:67:55:88:bd:13:31:bf:11:
         75:01:ba:e7:eb:b0:c7:ec:3a:fc:2e:f2:a7:47:79:55:52:f1:
         6e:2a:65:f6:91:fb:9a:d2:96:16:10:5d:52:bb:de:ad:1b:e2:
         d1:4d:cc:f8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYhDQrNRMJmfHMc7FWW6wRD1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NjIyNjUwMDQ4MTA3OTE4YWRmMWIyMmNkZjA4N2M4YTgz
NGY3OWMwHhcNMjMwNTIyMTE0MDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzk1NjllYTA5YzZmNWU4YTRkYzRmNDU0Njg0N2U4NmJkMzliM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0YB4XMCcBiayC1xPsguWIySTJV5
vcfZ0qmnC2fXLJLlvl6PtrXlFwsOqiVGrgE/Bc2TsFeCsk7Vw81XiB5/ey5m8ivC
Q1ZAZixw7RyavTjlYxbS+ZA1ZZPbrJRfdw7NXg/crUhEglZ8vW//7nXdEhHixAt3
C7c+6ONt8cu8DFVKHgoAqPUVOU3GDDa6wHz93MUeD22d2gsFl4fPCECt4CT39/GJ
y7KIKGizX6Cdsod9gPy9aXr46zVmp1doxuDk+4NFNhwiqgRUpWOQkLG59cHmtHVX
PP5p6fp13lbFCBoCdQ+AdYMyZCQ3PygtCk7pnrzQmkpi5CvXfgW6CZcpewIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFyVaeoJxvXopNxPRUaEfoa9ObPtMB8GA1UdIwQY
MBaAFBliJlAEgQeRit8bIs3wh8ioNPecMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1dJbVVBU0JCNUdLM3hzaXpmQ0h5S2cwOTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jNTAyYzEtZjMxNC00MGIxLWEwMjQt
OGQxMGZlZTU4NGZlLzEvWEpWcDZnbkc5ZWlrM0U5RlJvUi1ocjA1cy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jNTAyYzEtZjMxNC00MGIxLWEwMjQtOGQxMGZlZTU4NGZl
LzEvR1dJbVVBU0JCNUdLM3hzaXpmQ0h5S2cwOTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAqBAIAATAkAwQAVmoZAwQA
VmtnAwQAbc32AwQCub0wAwQCvEI8AwQAw1U2MBYEAgACMBADBwAgAQZ8B1ADBQMq
C9yAMA0GCSqGSIb3DQEBCwUAA4IBAQByZc2YpnClT24J9Hc8yr+wInTamo6aBomn
n743j2vNerCX+CSoQf2eNFH4r7MU57p+4noOE8w/ZUw4m1ieqkqBODJfjxGtdxkQ
3JMu420UNEjajr4QrMQwKR3lhgqlrdmb1zU4pz7A04puUq+L76oisRlTEspF44aN
Rx6hd+WRgHMteTmQB5qjN+1Yr8swfoz8iCioa+sqP/1QofCrY6+axa+1t1SEtUlZ
qggGuCVgS4kZGvKixfTMBcQqqhsDzo99MnLaNGpzZdcVplnWcsHKZ1WIvRMxvxF1
Abrn67DH7Dr8LvKnR3lVUvFuKmX2kfua0pYWEF1Su96tG+LRTcz4
-----END CERTIFICATE-----