Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/bb3b62-3302-45aa-968a-ecbb3fc0a725/1/xp-DWH2e1E1DkAM_2cCrtCUeqtw.roa
File:                     xp-DWH2e1E1DkAM_2cCrtCUeqtw.roa (raw, json)
Hash identifier:          dWgz/t/17T0iHigwC5RYittCxSXyH/ifZndZ4V7HDKQ=
Subject key identifier:   C6:9F:83:58:7D:9E:D4:4D:43:90:03:3F:D9:C0:AB:B4:25:1E:AA:DC
Certificate issuer:       /CN=b172c8d4fc986deb9fceb1f0d0cae27c1c3135c3
Certificate serial:       018B51AAE506A2D680B4097F64BA8F4AAA97
Authority key identifier: B1:72:C8:D4:FC:98:6D:EB:9F:CE:B1:F0:D0:CA:E2:7C:1C:31:35:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sXLI1PyYbeufzrHw0MrifBwxNcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/bb3b62-3302-45aa-968a-ecbb3fc0a725/1/xp-DWH2e1E1DkAM_2cCrtCUeqtw.roa
Signing time:             Sat 21 Oct 2023 09:57:15 +0000
ROA not before:           Sat 21 Oct 2023 09:57:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61310
IP address blocks:        5.63.179.0/24 maxlen: 24
                          5.63.178.0/24 maxlen: 24
                          5.63.177.0/24 maxlen: 24
                          5.63.176.0/23 maxlen: 23
                          5.63.176.0/24 maxlen: 24
                          5.63.176.0/21 maxlen: 21
                          5.63.176.0/22 maxlen: 22
                          5.63.183.0/24 maxlen: 24
                          5.63.182.0/23 maxlen: 23
                          5.63.182.0/24 maxlen: 24
                          5.63.181.0/24 maxlen: 24
                          5.63.180.0/22 maxlen: 22
                          5.63.180.0/23 maxlen: 23
                          5.63.180.0/24 maxlen: 24
                          2a04:5d80::/30 maxlen: 30
                          2a04:5d84::/30 maxlen: 30
                          2a04:5d80::/31 maxlen: 31
                          2a04:5d84::/31 maxlen: 31
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:51:aa:e5:06:a2:d6:80:b4:09:7f:64:ba:8f:4a:aa:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b172c8d4fc986deb9fceb1f0d0cae27c1c3135c3
        Validity
            Not Before: Oct 21 09:57:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c69f83587d9ed44d4390033fd9c0abb4251eaadc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d5:76:3e:b4:35:5c:b3:ea:b8:4a:9c:a1:b6:
                    aa:bc:b8:8e:8e:1d:d1:1b:67:40:10:4b:61:fe:de:
                    2b:19:82:61:4d:05:51:48:5f:3f:6b:96:89:e0:85:
                    c1:8d:27:76:75:00:32:03:ba:62:29:d2:1b:03:02:
                    ce:2e:2c:24:14:43:7a:4e:11:f5:9c:ad:af:b2:e8:
                    59:bb:98:50:e4:2f:b1:7c:98:91:6f:cc:bb:d4:32:
                    6d:18:17:d5:75:e0:82:ac:e6:10:e9:68:9f:15:5a:
                    94:e7:da:bd:df:26:a8:87:44:4e:15:4c:2a:04:63:
                    7e:9a:a9:47:c2:e5:d6:24:ca:de:d0:5e:5d:78:15:
                    06:15:6f:7b:d3:78:50:cc:ee:63:30:ad:46:7f:45:
                    67:df:77:2c:f8:e0:eb:2c:60:c5:9b:77:7a:b4:32:
                    b0:5c:e5:9b:ca:b1:c3:35:c6:c0:15:77:dc:aa:bb:
                    bf:55:55:90:6c:30:01:7c:4c:81:db:2f:4d:c0:4c:
                    b5:06:45:8c:48:b4:2b:4b:95:4e:5f:fd:22:b2:12:
                    ea:a4:ab:2b:01:51:6b:d5:f6:7d:bc:05:4c:d9:c5:
                    52:15:b2:22:6b:1d:60:63:a5:3e:c3:e2:1f:ea:38:
                    a1:51:8a:4b:98:f0:a2:09:16:84:c0:26:57:ce:89:
                    d2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:9F:83:58:7D:9E:D4:4D:43:90:03:3F:D9:C0:AB:B4:25:1E:AA:DC
            X509v3 Authority Key Identifier:
                keyid:B1:72:C8:D4:FC:98:6D:EB:9F:CE:B1:F0:D0:CA:E2:7C:1C:31:35:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sXLI1PyYbeufzrHw0MrifBwxNcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/bb3b62-3302-45aa-968a-ecbb3fc0a725/1/xp-DWH2e1E1DkAM_2cCrtCUeqtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/bb3b62-3302-45aa-968a-ecbb3fc0a725/1/sXLI1PyYbeufzrHw0MrifBwxNcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.176.0/21
                IPv6:
                  2a04:5d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:bc:ac:6c:53:62:0a:a4:d4:e3:df:e4:aa:92:0a:cf:08:8c:
         5e:b2:4d:18:9a:6c:38:a5:01:b7:2d:d3:3a:61:10:fe:64:5d:
         2d:d5:03:62:da:af:a7:40:83:ab:c6:88:f7:bb:8d:19:66:c2:
         f1:c4:68:93:85:63:7b:48:68:82:73:12:e9:e4:8f:5a:ae:ab:
         01:92:38:4a:25:20:42:2e:80:06:8d:f1:95:ba:3d:99:b0:02:
         4c:f0:9a:71:89:bd:06:b7:60:b7:46:e7:ca:69:7c:55:03:4e:
         7e:a8:79:c8:33:e4:c7:55:28:c7:8a:43:8f:a7:24:40:ff:48:
         e3:8e:08:8c:8f:bf:b3:33:7f:21:37:53:e6:db:b1:9e:24:54:
         08:c8:49:47:df:10:fa:90:31:63:fb:91:a8:62:6b:ee:9c:c4:
         8f:42:01:18:b3:66:99:73:d9:9a:0b:91:33:f8:51:25:a6:35:
         6e:15:01:42:d4:e0:a7:9e:6b:19:c1:d6:a0:1c:90:11:5d:be:
         30:46:01:7d:b3:7e:d6:c3:be:ae:2a:db:19:ea:a1:ee:8e:0a:
         af:dd:66:d3:ff:17:d9:71:3f:1c:7b:f6:7a:50:bd:c6:e9:3c:
         c4:3d:a8:47:88:ef:94:c8:23:f6:7a:5f:18:18:17:59:b7:c9:
         e5:af:e2:ac
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYtRquUGotaAtAl/ZLqPSqqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNzJjOGQ0ZmM5ODZkZWI5ZmNlYjFmMGQwY2FlMjdjMWMz
MTM1YzMwHhcNMjMxMDIxMDk1NzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjlmODM1ODdkOWVkNDRkNDM5MDAzM2ZkOWMwYWJiNDI1MWVhYWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldV2PrQ1XLPquEqcobaqvLiOjh3R
G2dAEEth/t4rGYJhTQVRSF8/a5aJ4IXBjSd2dQAyA7piKdIbAwLOLiwkFEN6ThH1
nK2vsuhZu5hQ5C+xfJiRb8y71DJtGBfVdeCCrOYQ6WifFVqU59q93yaoh0ROFUwq
BGN+mqlHwuXWJMre0F5deBUGFW9703hQzO5jMK1Gf0Vn33cs+ODrLGDFm3d6tDKw
XOWbyrHDNcbAFXfcqru/VVWQbDABfEyB2y9NwEy1BkWMSLQrS5VOX/0ishLqpKsr
AVFr1fZ9vAVM2cVSFbIiax1gY6U+w+If6jihUYpLmPCiCRaEwCZXzonSewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMafg1h9ntRNQ5ADP9nAq7QlHqrcMB8GA1UdIwQY
MBaAFLFyyNT8mG3rn86x8NDK4nwcMTXDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1hMSTFQeVliZXVmenJIdzBNcmlmQnd4TmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9iYjNiNjItMzMwMi00NWFhLTk2OGEt
ZWNiYjNmYzBhNzI1LzEveHAtRFdIMmUxRTFEa0FNXzJjQ3J0Q1VlcXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9iYjNiNjItMzMwMi00NWFhLTk2OGEtZWNiYjNmYzBhNzI1
LzEvc1hMSTFQeVliZXVmenJIdzBNcmlmQnd4TmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDBT+wMA0E
AgACMAcDBQMqBF2AMA0GCSqGSIb3DQEBCwUAA4IBAQALvKxsU2IKpNTj3+SqkgrP
CIxesk0Ymmw4pQG3LdM6YRD+ZF0t1QNi2q+nQIOrxoj3u40ZZsLxxGiThWN7SGiC
cxLp5I9arqsBkjhKJSBCLoAGjfGVuj2ZsAJM8Jpxib0Gt2C3RufKaXxVA05+qHnI
M+THVSjHikOPpyRA/0jjjgiMj7+zM38hN1Pm27GeJFQIyElH3xD6kDFj+5GoYmvu
nMSPQgEYs2aZc9maC5Ez+FElpjVuFQFC1OCnnmsZwdagHJARXb4wRgF9s37Ww76u
KtsZ6qHujgqv3WbT/xfZcT8ce/Z6UL3G6TzEPahHiO+UyCP2el8YGBdZt8nlr+Ks
-----END CERTIFICATE-----