Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/9Zz7C4NrglF4HHjI22LoWn6n9CQ.roa
File:                     9Zz7C4NrglF4HHjI22LoWn6n9CQ.roa (raw, json)
Hash identifier:          L3B5GRoG4sPPaDCTqJ8UPRe6FLnTXpfRGBOOKQJhH9U=
Subject key identifier:   F5:9C:FB:0B:83:6B:82:51:78:1C:78:C8:DB:62:E8:5A:7E:A7:F4:24
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018927D58279AB3375BD609E8F6BA8B0A948
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/9Zz7C4NrglF4HHjI22LoWn6n9CQ.roa
Signing time:             Wed 05 Jul 2023 20:54:11 +0000
ROA not before:           Wed 05 Jul 2023 20:54:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197343
IP address blocks:        5.56.128.0/22 maxlen: 22
                          37.32.42.0/24 maxlen: 24
                          37.32.41.0/24 maxlen: 24
                          37.32.40.0/22 maxlen: 24
                          5.57.34.0/24 maxlen: 24
                          5.57.33.0/24 maxlen: 24
                          5.57.36.0/24 maxlen: 24
                          5.57.35.0/24 maxlen: 24
                          185.212.48.0/24 maxlen: 24
                          185.212.49.0/24 maxlen: 24
                          178.239.150.0/24 maxlen: 24
                          178.239.156.0/23 maxlen: 23
                          178.239.156.0/22 maxlen: 22
                          178.239.153.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:27:d5:82:79:ab:33:75:bd:60:9e:8f:6b:a8:b0:a9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jul  5 20:54:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f59cfb0b836b8251781c78c8db62e85a7ea7f424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:73:b7:3d:5d:90:d1:77:f8:36:00:7b:29:5b:
                    f7:1b:9c:9e:6b:8b:9e:4d:70:99:7a:33:60:04:9e:
                    7f:81:73:fb:85:9e:d2:9f:2d:2a:67:1e:49:af:d2:
                    05:28:97:b9:35:4d:16:ac:32:58:14:4d:3a:e9:28:
                    4f:b1:6e:c6:09:82:bb:ef:b5:1a:7a:bc:b4:e9:6e:
                    76:35:ad:24:12:8b:c7:f0:48:d9:d0:67:f9:95:22:
                    c8:ff:46:92:43:b3:af:1f:2f:56:f1:37:db:cd:c5:
                    8e:c3:17:4e:d2:e6:6f:1a:cf:b6:02:5b:07:a8:f8:
                    f3:47:05:c3:f9:d6:b0:97:8e:c0:b7:29:9e:c5:3e:
                    2b:27:78:71:e4:4c:8f:e8:71:0a:6b:09:a9:33:5c:
                    02:be:4d:d7:2d:8c:a4:79:4e:14:a7:74:f1:9f:e3:
                    40:5c:ee:c0:a9:a5:19:48:7f:21:e8:ad:9f:44:b9:
                    92:2f:ca:64:a9:d0:6e:bf:8a:ff:16:a6:4f:ec:f4:
                    e3:6e:79:74:0c:db:77:a9:82:6f:95:55:1a:61:5e:
                    5c:42:de:06:28:60:ef:c7:3b:e3:f5:01:de:c5:ac:
                    9c:74:66:28:e4:ff:3f:89:99:d5:54:91:27:83:e9:
                    4c:b7:92:d2:e3:9f:8d:e2:21:c9:7e:82:fb:c1:e5:
                    db:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:9C:FB:0B:83:6B:82:51:78:1C:78:C8:DB:62:E8:5A:7E:A7:F4:24
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/9Zz7C4NrglF4HHjI22LoWn6n9CQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.128.0/22
                  5.57.33.0-5.57.36.255
                  37.32.40.0/22
                  178.239.150.0/24
                  178.239.153.0/24
                  178.239.156.0/22
                  185.212.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:95:1f:0d:45:ac:5b:8a:64:80:03:e9:d9:aa:89:0a:38:22:
         ba:5d:a5:63:8a:92:81:f9:df:69:a6:25:f0:5f:eb:19:c7:77:
         35:e1:0c:78:af:28:6f:f2:eb:77:6b:a2:ff:ba:39:9c:d8:18:
         7f:78:9f:9d:99:38:63:e4:5b:68:30:e9:6a:6d:48:92:55:52:
         ab:80:b7:af:32:5c:6b:c0:23:ae:d0:0e:fd:6a:1c:7c:35:83:
         6c:53:9b:24:d1:6f:4d:f0:e2:80:26:da:6b:0e:66:03:fe:7d:
         e9:c8:25:d7:7c:e8:69:4b:31:31:f9:bf:1b:a8:b4:04:45:f0:
         a8:fb:d8:bd:d2:3d:c2:56:c1:87:e2:6c:28:b4:82:8b:7c:fe:
         85:ab:4f:99:87:3e:15:c8:db:ce:87:3d:74:2a:ef:c8:85:3b:
         c9:10:64:65:a0:d3:95:a3:d9:7c:54:15:84:42:13:3a:dc:c3:
         2c:41:bf:b2:29:cb:e9:5a:e8:c1:41:c8:0a:e9:24:1f:9e:26:
         5b:4a:6d:83:1e:b0:05:c8:00:07:73:73:90:76:1e:b1:52:67:
         da:b1:6b:49:59:23:40:24:c6:31:ce:11:25:b9:8a:2e:58:2f:
         8f:ed:9a:02:36:7d:ba:ef:95:94:5f:03:8f:ef:e9:bf:cd:a9:
         f4:27:9e:30
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYkn1YJ5qzN1vWCej2uosKlIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjMwNzA1MjA1NDExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTljZmIwYjgzNmI4MjUxNzgxYzc4YzhkYjYyZTg1YTdlYTdmNDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXO3PV2Q0Xf4NgB7KVv3G5yea4ue
TXCZejNgBJ5/gXP7hZ7Sny0qZx5Jr9IFKJe5NU0WrDJYFE066ShPsW7GCYK777Ua
ery06W52Na0kEovH8EjZ0Gf5lSLI/0aSQ7OvHy9W8TfbzcWOwxdO0uZvGs+2AlsH
qPjzRwXD+dawl47AtymexT4rJ3hx5EyP6HEKawmpM1wCvk3XLYykeU4Up3Txn+NA
XO7AqaUZSH8h6K2fRLmSL8pkqdBuv4r/FqZP7PTjbnl0DNt3qYJvlVUaYV5cQt4G
KGDvxzvj9QHexaycdGYo5P8/iZnVVJEng+lMt5LS45+N4iHJfoL7weXbNQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFPWc+wuDa4JReBx4yNti6Fp+p/QkMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvOVp6N0M0TnJnbEY0SEhqSTIyTG9XbjZuOUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCBTiAMAwD
BAAFOSEDBAAFOSQDBAIlICgDBACy75YDBACy75kDBAKy75wDBAG51DAwDQYJKoZI
hvcNAQELBQADggEBAEGVHw1FrFuKZIAD6dmqiQo4IrpdpWOKkoH532mmJfBf6xnH
dzXhDHivKG/y63drov+6OZzYGH94n52ZOGPkW2gw6WptSJJVUquAt68yXGvAI67Q
Dv1qHHw1g2xTmyTRb03w4oAm2msOZgP+fenIJdd86GlLMTH5vxuotARF8Kj72L3S
PcJWwYfibCi0got8/oWrT5mHPhXI286HPXQq78iFO8kQZGWg05Wj2XxUFYRCEzrc
wyxBv7Ipy+la6MFByArpJB+eJltKbYMesAXIAAdzc5B2HrFSZ9qxa0lZI0AkxjHO
ESW5ii5YL4/tmgI2fbrvlZRfA4/v6b/NqfQnnjA=
-----END CERTIFICATE-----