Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/qBzxrlC_fCvHa19TDTSbLijmCtA.roa
File:                     qBzxrlC_fCvHa19TDTSbLijmCtA.roa (raw, json)
Hash identifier:          xH1m1zKyprmaALVexm+o77I7oPcRLUkGToBSOm2HrJU=
Subject key identifier:   A8:1C:F1:AE:50:BF:7C:2B:C7:6B:5F:53:0D:34:9B:2E:28:E6:0A:D0
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       01856D818AF79F9DC98057F8F726B5F23190
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/qBzxrlC_fCvHa19TDTSbLijmCtA.roa
Signing time:             Sun 01 Jan 2023 13:24:44 +0000
ROA not before:           Sun 01 Jan 2023 13:24:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     196925
IP address blocks:        149.126.112.0/20 maxlen: 20
                          149.126.118.0/24 maxlen: 24
                          149.126.117.0/24 maxlen: 24
                          149.126.116.0/24 maxlen: 24
                          149.126.119.0/24 maxlen: 24
                          185.138.12.0/22 maxlen: 22
                          109.235.192.0/21 maxlen: 21
                          109.235.193.0/24 maxlen: 24
                          109.235.199.0/24 maxlen: 24
                          5.133.224.0/20 maxlen: 20
                          134.19.208.0/20 maxlen: 20
                          131.117.128.0/20 maxlen: 20
                          134.19.217.0/24 maxlen: 24
                          134.19.216.0/24 maxlen: 24
                          2a00:9100::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:8a:f7:9f:9d:c9:80:57:f8:f7:26:b5:f2:31:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Jan  1 13:24:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a81cf1ae50bf7c2bc76b5f530d349b2e28e60ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:92:47:74:81:33:f1:97:47:df:ce:58:6b:ed:
                    78:e0:78:6f:89:76:d8:78:cd:f8:c4:dc:f3:aa:fb:
                    fb:c9:2d:89:18:a9:e9:83:fe:41:4f:27:ab:35:b8:
                    e4:58:a2:3d:2d:b9:e8:fb:7d:32:82:4c:48:8e:74:
                    d8:51:ad:b5:9c:0d:f4:68:18:b7:60:1b:9d:c7:34:
                    ca:bf:f8:a7:9a:09:a2:e2:68:08:e4:2c:6a:80:88:
                    07:14:54:db:1b:c0:76:06:ce:b6:03:bd:64:b3:20:
                    74:f3:8b:02:06:d7:0a:64:d7:b2:84:f7:3f:87:22:
                    f1:5c:58:04:7a:26:9b:8e:c2:70:4c:04:0a:1c:cd:
                    78:85:95:d1:d7:38:de:9f:52:37:e5:95:0f:88:af:
                    b3:a0:a4:ff:4e:5f:04:9d:c8:bc:66:c1:7f:22:c6:
                    65:07:7b:af:51:4e:aa:2d:aa:a9:ea:d3:de:ba:c6:
                    e0:75:6f:42:04:66:f9:ab:e7:c5:26:93:35:4f:aa:
                    db:7f:a9:71:ca:74:96:34:1f:66:30:01:b3:ae:36:
                    7b:cb:49:33:74:72:1b:cf:8a:29:bf:19:91:0f:59:
                    87:58:b4:c4:6e:61:18:0c:48:77:a7:52:c3:c0:bc:
                    d7:9b:d9:5d:df:a5:64:4c:27:d4:ad:7c:62:2b:e5:
                    21:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:1C:F1:AE:50:BF:7C:2B:C7:6B:5F:53:0D:34:9B:2E:28:E6:0A:D0
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/qBzxrlC_fCvHa19TDTSbLijmCtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.224.0/20
                  109.235.192.0/21
                  131.117.128.0/20
                  134.19.208.0/20
                  149.126.112.0/20
                  185.138.12.0/22
                IPv6:
                  2a00:9100::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:98:11:e4:0e:47:e4:bc:9e:60:c4:05:af:c1:df:aa:7d:c2:
         b5:3e:0b:22:ed:62:ba:cc:64:91:54:49:a7:5d:ae:94:64:a8:
         4f:c6:24:00:24:f0:7c:cb:ca:03:50:45:b0:84:67:b8:c4:aa:
         96:32:bf:71:77:e8:a3:2d:ec:f8:29:68:de:18:12:13:93:ab:
         29:74:92:ce:ea:10:d2:68:2f:78:0d:e5:a8:bd:d2:4f:0d:3d:
         54:49:ee:cf:15:b6:71:d0:a1:54:8f:a9:dd:67:ca:58:9e:56:
         b6:4f:87:36:1a:9e:ee:e7:d4:e1:c6:e8:eb:c7:51:20:15:99:
         43:23:ba:27:18:92:34:ff:89:da:fb:f9:4f:13:7c:2b:38:32:
         61:23:ac:13:0b:9b:21:27:b0:ce:41:ae:17:b1:ea:70:df:4a:
         8f:35:12:33:ba:fe:67:06:2f:f5:07:c0:92:d9:40:e6:65:29:
         27:19:61:7a:bd:45:d4:b6:a0:05:c1:fa:b4:c1:2c:6e:72:6d:
         2e:50:18:c6:a7:12:fb:91:64:43:91:cf:97:84:52:0f:50:d9:
         1b:c6:32:60:2a:99:67:89:5b:50:20:39:69:cb:26:35:e0:fd:
         9b:89:49:a0:2e:0a:7e:8b:91:2d:78:5d:4a:7d:f4:9c:9f:73:
         92:3b:cb:e0
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVtgYr3n53JgFf49ya18jGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjMwMTAxMTMyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODFjZjFhZTUwYmY3YzJiYzc2YjVmNTMwZDM0OWIyZTI4ZTYwYWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJJHdIEz8ZdH385Ya+144HhviXbY
eM34xNzzqvv7yS2JGKnpg/5BTyerNbjkWKI9Lbno+30ygkxIjnTYUa21nA30aBi3
YBudxzTKv/inmgmi4mgI5CxqgIgHFFTbG8B2Bs62A71ksyB084sCBtcKZNeyhPc/
hyLxXFgEeiabjsJwTAQKHM14hZXR1zjen1I35ZUPiK+zoKT/Tl8Enci8ZsF/IsZl
B3uvUU6qLaqp6tPeusbgdW9CBGb5q+fFJpM1T6rbf6lxynSWNB9mMAGzrjZ7y0kz
dHIbz4opvxmRD1mHWLTEbmEYDEh3p1LDwLzXm9ld36VkTCfUrXxiK+UhewIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFKgc8a5Qv3wrx2tfUw00my4o5grQMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvcUJ6eHJsQ19mQ3ZIYTE5VERUU2JMaWptQ3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEBYXgAwQD
bevAAwQEg3WAAwQEhhPQAwQElX5wAwQCuYoMMA0EAgACMAcDBQAqAJEAMA0GCSqG
SIb3DQEBCwUAA4IBAQBRmBHkDkfkvJ5gxAWvwd+qfcK1Pgsi7WK6zGSRVEmnXa6U
ZKhPxiQAJPB8y8oDUEWwhGe4xKqWMr9xd+ijLez4KWjeGBITk6spdJLO6hDSaC94
DeWovdJPDT1USe7PFbZx0KFUj6ndZ8pYnla2T4c2Gp7u59Thxujrx1EgFZlDI7on
GJI0/4na+/lPE3wrODJhI6wTC5shJ7DOQa4Xsepw30qPNRIzuv5nBi/1B8CS2UDm
ZSknGWF6vUXUtqAFwfq0wSxucm0uUBjGpxL7kWRDkc+XhFIPUNkbxjJgKplniVtQ
IDlpyyY14P2biUmgLgp+i5EteF1KffScn3OSO8vg
-----END CERTIFICATE-----