Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/tbWpRa3qRt1VISKxQ_vQ9PZW7jc.roa
File:                     tbWpRa3qRt1VISKxQ_vQ9PZW7jc.roa (raw, json)
Hash identifier:          h847kEvRo8omv0jl8awLS4YwjxXSSxw+iVb7Er0knr0=
Subject key identifier:   B5:B5:A9:45:AD:EA:46:DD:55:21:22:B1:43:FB:D0:F4:F6:56:EE:37
Certificate issuer:       /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial:       01856FC29A8044DA77CB2F54182E4F158C00
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/tbWpRa3qRt1VISKxQ_vQ9PZW7jc.roa
Signing time:             Sun 01 Jan 2023 23:55:02 +0000
ROA not before:           Sun 01 Jan 2023 23:55:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35332
IP address blocks:        185.151.96.0/22 maxlen: 24
                          87.236.0.0/21 maxlen: 24
                          194.5.181.0/24 maxlen: 24
                          77.242.112.0/20 maxlen: 24
                          188.92.56.0/21 maxlen: 24
                          37.235.112.0/21 maxlen: 24
                          45.116.184.0/22 maxlen: 24
                          208.88.128.0/22 maxlen: 24
                          185.113.212.0/22 maxlen: 24
                          139.28.200.0/22 maxlen: 24
                          2a00:a000::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:c2:9a:80:44:da:77:cb:2f:54:18:2e:4f:15:8c:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
        Validity
            Not Before: Jan  1 23:55:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b5b5a945adea46dd552122b143fbd0f4f656ee37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:9d:ae:70:7a:30:9c:16:78:2d:f5:e1:f9:ae:
                    fa:11:c8:72:a3:b4:d8:58:30:36:d6:a3:29:13:2c:
                    d5:57:93:80:f1:79:7c:8a:60:5b:15:ef:82:e6:38:
                    cb:9e:90:0a:42:78:32:a8:49:85:68:d2:c1:96:41:
                    28:8b:8b:1a:b5:32:25:96:f4:e9:d1:36:db:53:cf:
                    cb:8b:a7:f5:d3:0b:7a:9d:19:27:eb:6e:b2:63:d7:
                    ea:2c:f8:1c:34:16:81:96:53:82:fe:3f:9a:c0:8d:
                    54:ba:07:c6:bf:22:70:4b:6e:1d:d4:3c:46:e8:d3:
                    cf:84:c0:41:82:61:93:2d:ca:74:1e:a9:32:98:9b:
                    56:48:22:e0:70:f6:c4:5e:3f:6a:1f:3f:89:86:6c:
                    8c:6d:f3:08:96:e8:db:41:59:20:0f:21:0b:ca:43:
                    f8:8c:c4:88:5e:12:7a:2e:e1:b6:9c:65:d4:9a:c3:
                    f7:49:d1:90:a9:bf:37:68:9a:ca:e8:b7:2f:52:f7:
                    77:97:6e:0b:87:b5:25:c1:61:f4:92:86:c6:a0:88:
                    95:c8:51:37:81:43:08:4c:00:6f:0e:f7:33:09:37:
                    7a:96:42:bc:ca:fc:21:48:cf:31:62:76:cb:d9:bb:
                    c7:49:56:fd:17:f9:c0:e0:8e:9b:4f:b4:d8:63:e2:
                    5c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B5:A9:45:AD:EA:46:DD:55:21:22:B1:43:FB:D0:F4:F6:56:EE:37
            X509v3 Authority Key Identifier:
                keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/tbWpRa3qRt1VISKxQ_vQ9PZW7jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.112.0/21
                  45.116.184.0/22
                  77.242.112.0/20
                  87.236.0.0/21
                  139.28.200.0/22
                  185.113.212.0/22
                  185.151.96.0/22
                  188.92.56.0/21
                  194.5.181.0/24
                  208.88.128.0/22
                IPv6:
                  2a00:a000::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:14:0a:ab:9a:4d:ef:f9:c3:71:99:e7:b7:50:6f:a4:2b:78:
         c5:24:75:fc:e7:97:a0:db:fa:ac:56:fb:e4:c2:32:70:97:fe:
         be:98:50:74:d9:41:30:84:ba:3a:65:1f:f5:f6:fd:4e:85:46:
         10:12:b6:af:e4:ec:fb:d6:19:b2:83:d6:2b:92:d8:42:29:dd:
         a9:1e:9f:9f:35:d9:fc:a4:da:69:0c:2c:d8:53:38:05:a3:b5:
         3e:32:a9:bc:8b:cb:eb:80:0e:5e:fe:a8:9e:86:db:49:d7:fc:
         1b:a0:cb:ae:2f:52:34:c3:83:71:c2:d9:08:68:20:9e:60:9c:
         a7:68:bb:6b:9c:72:8c:8d:df:0c:f2:73:c5:ea:ed:24:27:73:
         8b:a4:4b:a8:20:f2:b3:08:5a:5d:c4:72:fe:7f:dc:6d:8d:53:
         8e:c7:70:af:56:d3:02:46:52:dd:83:d1:f7:2d:a4:7a:f0:96:
         f0:f4:c0:88:cd:ec:72:82:56:55:c8:54:59:3f:f4:a0:3c:87:
         4f:55:ba:b0:91:91:8e:29:a1:e6:41:16:c9:8c:bf:dc:6b:39:
         c6:c0:9b:94:2f:ca:9a:98:64:64:3f:f0:89:b3:07:68:5b:ae:
         30:ed:e5:b2:ba:85:7e:c3:b9:e4:bb:44:8c:e8:f8:a4:10:61:
         61:d2:1a:d7
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYVvwpqARNp3yy9UGC5PFYwAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjMwMTAxMjM1NTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI1YTk0NWFkZWE0NmRkNTUyMTIyYjE0M2ZiZDBmNGY2NTZlZTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJ2ucHownBZ4LfXh+a76Echyo7TY
WDA21qMpEyzVV5OA8Xl8imBbFe+C5jjLnpAKQngyqEmFaNLBlkEoi4satTIllvTp
0TbbU8/Li6f10wt6nRkn626yY9fqLPgcNBaBllOC/j+awI1UugfGvyJwS24d1DxG
6NPPhMBBgmGTLcp0HqkymJtWSCLgcPbEXj9qHz+JhmyMbfMIlujbQVkgDyELykP4
jMSIXhJ6LuG2nGXUmsP3SdGQqb83aJrK6LcvUvd3l24Lh7UlwWH0kobGoIiVyFE3
gUMITABvDvczCTd6lkK8yvwhSM8xYnbL2bvHSVb9F/nA4I6bT7TYY+Jc3wIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFLW1qUWt6kbdVSEisUP70PT2Vu43MB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvdGJXcFJhM3FSdDFWSVNLeFFfdlE5UFpXN2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDJetwAwQC
LXS4AwQETfJwAwQDV+wAAwQCixzIAwQCuXHUAwQCuZdgAwQDvFw4AwQAwgW1AwQC
0FiAMA0EAgACMAcDBQAqAKAAMA0GCSqGSIb3DQEBCwUAA4IBAQB4FAqrmk3v+cNx
mee3UG+kK3jFJHX855eg2/qsVvvkwjJwl/6+mFB02UEwhLo6ZR/19v1OhUYQErav
5Oz71hmyg9YrkthCKd2pHp+fNdn8pNppDCzYUzgFo7U+Mqm8i8vrgA5e/qiehttJ
1/wboMuuL1I0w4NxwtkIaCCeYJynaLtrnHKMjd8M8nPF6u0kJ3OLpEuoIPKzCFpd
xHL+f9xtjVOOx3CvVtMCRlLdg9H3LaR68Jbw9MCIzexyglZVyFRZP/SgPIdPVbqw
kZGOKaHmQRbJjL/caznGwJuUL8qamGRkP/CJswdoW64w7eWyuoV+w7nku0SM6Pik
EGFh0hrX
-----END CERTIFICATE-----