Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/XXmMnRazvcVxzKTF127KweWJXOA.roa
File:                     XXmMnRazvcVxzKTF127KweWJXOA.roa (raw, json)
Hash identifier:          8gn5yI4L4LC36xIH1bmqLNS+pZZExpOzC5jJ9D2ch4E=
Subject key identifier:   5D:79:8C:9D:16:B3:BD:C5:71:CC:A4:C5:D7:6E:CA:C1:E5:89:5C:E0
Certificate issuer:       /CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Certificate serial:       0187505FFD41FB330E95FC517228C011C863
Authority key identifier: 08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/XXmMnRazvcVxzKTF127KweWJXOA.roa
Signing time:             Wed 05 Apr 2023 07:44:40 +0000
ROA not before:           Wed 05 Apr 2023 07:44:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21472
IP address blocks:        162.33.228.0/23 maxlen: 23
                          5.2.16.0/21 maxlen: 21
                          5.2.16.0/23 maxlen: 23
                          5.2.18.0/23 maxlen: 23
                          5.2.23.0/24 maxlen: 24
                          5.2.20.0/23 maxlen: 23
                          185.79.56.0/24 maxlen: 24
                          185.79.56.0/22 maxlen: 22
                          185.229.40.0/22 maxlen: 22
                          185.149.176.0/22 maxlen: 22
                          195.49.144.0/22 maxlen: 22
                          91.224.190.0/23 maxlen: 23
                          2a00:e740::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:50:5f:fd:41:fb:33:0e:95:fc:51:72:28:c0:11:c8:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08953a5f11a8279cdf8798960de1e22eb1227d95
        Validity
            Not Before: Apr  5 07:44:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5d798c9d16b3bdc571cca4c5d76ecac1e5895ce0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ab:08:a0:a1:94:0a:73:c2:42:38:6b:c4:fc:
                    5b:b2:c2:ea:56:0d:03:a6:3b:0c:27:7f:9f:8d:84:
                    45:22:03:a2:97:79:74:e2:fb:03:5c:ff:72:65:72:
                    60:e5:78:27:8a:55:b5:41:00:c0:f8:77:2a:f5:d8:
                    73:3d:4d:b1:65:40:01:8c:3b:d8:dc:04:f7:a2:8b:
                    0a:53:cb:ff:e5:88:fd:7b:c9:31:63:3f:2a:59:1a:
                    4f:0c:d1:33:28:d8:04:9b:e8:c0:cb:61:5b:bf:40:
                    bb:25:80:a5:29:e8:91:4d:e2:3e:ca:1c:f5:0d:5e:
                    3e:f2:66:5f:04:1d:a9:99:86:6f:ed:a5:57:11:c6:
                    82:0e:14:59:79:6e:a4:25:ae:58:81:4b:92:e3:51:
                    44:b4:55:07:a2:9c:03:35:66:0c:11:35:8c:d4:4e:
                    24:68:fd:ad:21:ab:3f:27:01:38:2a:5c:1a:1b:f1:
                    61:31:67:87:9d:24:43:6c:96:c0:2b:1e:ef:0f:bb:
                    bd:12:ba:73:fa:5b:c8:48:68:79:d0:67:4d:58:47:
                    63:05:bc:39:3d:ae:26:88:de:37:f9:dd:0c:e8:b3:
                    26:90:5e:da:bf:1e:5f:1f:97:a9:51:08:46:87:6d:
                    3a:0a:53:3b:8f:9e:e7:b1:3f:0f:52:17:11:d6:b3:
                    26:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:79:8C:9D:16:B3:BD:C5:71:CC:A4:C5:D7:6E:CA:C1:E5:89:5C:E0
            X509v3 Authority Key Identifier:
                keyid:08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/XXmMnRazvcVxzKTF127KweWJXOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.2.16.0/21
                  91.224.190.0/23
                  162.33.228.0/23
                  185.79.56.0/22
                  185.149.176.0/22
                  185.229.40.0/22
                  195.49.144.0/22
                IPv6:
                  2a00:e740::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:f6:b6:04:f1:42:e5:12:a5:a2:08:3e:13:35:05:83:b6:2f:
         fd:67:ee:61:68:3e:7a:f8:ff:ea:54:47:af:92:a2:c4:4d:13:
         65:5b:e0:88:8d:39:39:21:be:d8:7c:8e:0c:43:d9:a9:40:91:
         5f:7a:1f:fa:a7:1e:1c:ef:9b:f7:3d:e6:63:af:a9:4a:df:6e:
         d2:23:65:f0:46:5c:48:5c:0f:10:22:58:02:74:c1:28:e5:b9:
         29:5d:d2:29:a2:8e:82:52:d4:26:34:e9:d7:0b:d5:50:e2:e6:
         f4:73:c3:9d:0e:56:99:b2:96:52:dc:53:c4:ff:29:17:05:cd:
         21:cf:dc:ca:ac:9b:4a:42:c2:83:2d:cf:c0:a9:55:98:bf:f9:
         20:02:60:e1:e3:9a:be:6e:4e:28:4d:4d:8f:0f:9b:38:39:55:
         5d:5b:ec:24:bf:73:84:c3:d9:0d:5d:5f:98:6e:84:36:b0:a0:
         90:4a:78:c3:2e:34:b7:26:6c:c2:4a:ea:5c:b2:11:a9:ff:e7:
         c6:c2:9d:2d:c7:78:1d:d2:32:e4:ff:ba:1d:fb:ab:16:df:f3:
         92:bd:1d:4d:70:dd:59:5e:d0:77:3f:9f:97:c0:fd:60:77:32:
         b1:54:c9:e2:b0:16:c8:e5:a3:b5:da:29:e3:97:3c:f2:53:91:
         f9:a4:d3:a2
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYdQX/1B+zMOlfxRcijAEchjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4OTUzYTVmMTFhODI3OWNkZjg3OTg5NjBkZTFlMjJlYjEy
MjdkOTUwHhcNMjMwNDA1MDc0NDQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDc5OGM5ZDE2YjNiZGM1NzFjY2E0YzVkNzZlY2FjMWU1ODk1Y2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6sIoKGUCnPCQjhrxPxbssLqVg0D
pjsMJ3+fjYRFIgOil3l04vsDXP9yZXJg5XgnilW1QQDA+Hcq9dhzPU2xZUABjDvY
3AT3oosKU8v/5Yj9e8kxYz8qWRpPDNEzKNgEm+jAy2Fbv0C7JYClKeiRTeI+yhz1
DV4+8mZfBB2pmYZv7aVXEcaCDhRZeW6kJa5YgUuS41FEtFUHopwDNWYMETWM1E4k
aP2tIas/JwE4KlwaG/FhMWeHnSRDbJbAKx7vD7u9Erpz+lvISGh50GdNWEdjBbw5
Pa4miN43+d0M6LMmkF7avx5fH5epUQhGh206ClM7j57nsT8PUhcR1rMmfwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFF15jJ0Ws73FccykxdduysHliVzgMB8GA1UdIwQY
MBaAFAiVOl8RqCec34eYlg3h4i6xIn2VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2It
NzExNjk1NjdlMzljLzEvWFhtTW5SYXp2Y1Z4ektURjEyN0t3ZVdKWE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2ItNzExNjk1NjdlMzlj
LzEvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDBQIQAwQB
W+C+AwQBoiHkAwQCuU84AwQCuZWwAwQCueUoAwQCwzGQMA0EAgACMAcDBQAqAOdA
MA0GCSqGSIb3DQEBCwUAA4IBAQAg9rYE8ULlEqWiCD4TNQWDti/9Z+5haD56+P/q
VEevkqLETRNlW+CIjTk5Ib7YfI4MQ9mpQJFfeh/6px4c75v3PeZjr6lK327SI2Xw
RlxIXA8QIlgCdMEo5bkpXdIpoo6CUtQmNOnXC9VQ4ub0c8OdDlaZspZS3FPE/ykX
Bc0hz9zKrJtKQsKDLc/AqVWYv/kgAmDh45q+bk4oTU2PD5s4OVVdW+wkv3OEw9kN
XV+YboQ2sKCQSnjDLjS3JmzCSupcshGp/+fGwp0tx3gd0jLk/7od+6sW3/OSvR1N
cN1ZXtB3P5+XwP1gdzKxVMnisBbI5aO12injlzzyU5H5pNOi
-----END CERTIFICATE-----