Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/UR5aX1xJczNKM0TvZrdoiICdNPc.roa
File:                     UR5aX1xJczNKM0TvZrdoiICdNPc.roa (raw, json)
Hash identifier:          W/Z3iHoGsAEqMuCxhaWZr2Z1f+6ZMdp0ML+B8RtOwQY=
Subject key identifier:   51:1E:5A:5F:5C:49:73:33:4A:33:44:EF:66:B7:68:88:80:9D:34:F7
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0184E76B02FAF28E7FB69C45081586D0EBDC
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/UR5aX1xJczNKM0TvZrdoiICdNPc.roa
Signing time:             Tue 06 Dec 2022 12:31:00 +0000
ROA not before:           Tue 06 Dec 2022 12:31:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48944
IP address blocks:        185.215.228.0/23 maxlen: 23
                          178.239.144.0/22 maxlen: 22
                          37.32.43.0/24 maxlen: 24
                          37.32.46.0/24 maxlen: 24
                          185.243.51.0/24 maxlen: 24
                          185.243.50.0/24 maxlen: 24
                          5.57.32.0/24 maxlen: 24
                          5.57.37.0/24 maxlen: 24
                          185.212.51.0/24 maxlen: 24
                          185.212.50.0/24 maxlen: 24
                          178.239.149.0/24 maxlen: 24
                          178.239.148.0/24 maxlen: 24
                          178.239.159.0/24 maxlen: 24
                          178.239.158.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e7:6b:02:fa:f2:8e:7f:b6:9c:45:08:15:86:d0:eb:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Dec  6 12:31:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=511e5a5f5c4973334a3344ef66b76888809d34f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fd:1a:2b:75:82:f3:08:24:dc:8e:3c:b0:e7:
                    be:0e:f8:39:63:4b:1d:b1:bc:17:45:70:c7:6f:7a:
                    8b:9f:af:f2:ea:bc:2c:54:0f:b0:ea:b6:5d:89:79:
                    d9:f4:cd:74:b6:5d:55:78:0b:f3:f1:ac:a4:94:c4:
                    a1:17:c0:90:d5:5b:9b:c9:ff:a1:0d:69:ef:e5:47:
                    11:5d:02:4b:78:5e:e7:18:47:62:20:af:b1:9d:32:
                    a3:26:de:14:57:d2:3c:3e:a7:72:61:e0:6e:b9:1d:
                    2d:0c:db:74:5b:97:84:d0:bc:c0:67:8a:0b:3d:35:
                    da:15:3e:d6:f1:f6:52:ac:60:09:18:fa:22:22:34:
                    ce:5f:2d:eb:d9:be:e4:e2:f4:a4:12:df:12:b2:c2:
                    12:f2:ac:bf:41:4d:ce:9b:be:72:44:c4:b4:d6:97:
                    ac:b5:7a:96:d5:4a:f4:6b:1f:10:1d:70:04:cd:53:
                    3f:df:93:f7:19:58:37:dc:63:00:03:c9:71:c4:ec:
                    2a:5e:46:12:40:db:01:76:ef:b0:9a:5e:e4:c7:0b:
                    b9:fd:ca:dd:7d:4e:b2:92:40:79:4f:b5:e9:12:bd:
                    a3:e4:f5:99:7d:00:f9:ae:9e:e6:a4:ab:dc:1a:a7:
                    dd:67:25:10:44:0f:0e:3a:6d:23:54:eb:53:c0:42:
                    d6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:1E:5A:5F:5C:49:73:33:4A:33:44:EF:66:B7:68:88:80:9D:34:F7
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/UR5aX1xJczNKM0TvZrdoiICdNPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.32.0/24
                  5.57.37.0/24
                  37.32.43.0/24
                  37.32.46.0/24
                  178.239.144.0-178.239.149.255
                  178.239.158.0/23
                  185.212.50.0/23
                  185.215.228.0/23
                  185.243.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:87:be:ea:6b:0e:c0:67:29:62:35:45:38:71:8c:7d:fb:45:
         9e:b8:f5:6d:25:73:bd:33:6c:a2:7b:0a:71:f7:69:b1:1c:c5:
         ee:b2:7b:2b:b7:fb:dd:65:00:7a:04:2b:e0:14:2c:55:4c:0c:
         9b:02:b7:72:62:f2:e8:11:21:0d:91:7f:d3:42:85:fd:75:18:
         19:b4:e0:cf:77:07:ba:35:79:28:a7:69:a0:37:05:34:e8:6c:
         46:3c:88:f3:78:9e:bb:75:b8:e7:d0:50:03:24:5c:47:38:6c:
         2a:a3:52:d3:13:fa:00:6f:5a:a2:17:b0:c7:49:92:09:8c:8e:
         22:e4:ec:30:da:69:ca:94:b2:ea:b0:fe:a6:53:b2:32:cb:da:
         25:ab:9f:ed:a2:9f:b0:48:7d:71:c7:2e:5a:1f:99:ac:51:7b:
         55:ce:36:6d:52:cb:78:25:c1:86:dd:d6:bc:2f:8f:5a:89:30:
         8a:31:fb:c4:c3:86:31:93:89:bc:8d:f5:c2:f2:20:bb:8a:3b:
         fa:d7:74:bb:f3:77:59:0f:e7:57:51:4c:86:65:85:99:be:9e:
         96:ea:37:8f:db:0d:58:f5:34:8f:66:7d:7c:71:c5:d8:a0:6b:
         d9:fb:3e:91:a1:83:9b:96:42:e7:de:8a:ab:2b:55:d2:89:51:
         4d:63:eb:03
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYTnawL68o5/tpxFCBWG0OvcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjIxMjA2MTIzMTAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTFlNWE1ZjVjNDk3MzMzNGEzMzQ0ZWY2NmI3Njg4ODgwOWQzNGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/0aK3WC8wgk3I48sOe+Dvg5Y0sd
sbwXRXDHb3qLn6/y6rwsVA+w6rZdiXnZ9M10tl1VeAvz8ayklMShF8CQ1Vubyf+h
DWnv5UcRXQJLeF7nGEdiIK+xnTKjJt4UV9I8PqdyYeBuuR0tDNt0W5eE0LzAZ4oL
PTXaFT7W8fZSrGAJGPoiIjTOXy3r2b7k4vSkEt8SssIS8qy/QU3Om75yRMS01pes
tXqW1Ur0ax8QHXAEzVM/35P3GVg33GMAA8lxxOwqXkYSQNsBdu+wml7kxwu5/crd
fU6ykkB5T7XpEr2j5PWZfQD5rp7mpKvcGqfdZyUQRA8OOm0jVOtTwELWJwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFFEeWl9cSXMzSjNE72a3aIiAnTT3MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvVVI1YVgxeEpjek5LTTBUdlpyZG9pSUNkTlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABTkgAwQA
BTklAwQAJSArAwQAJSAuMAwDBASy75ADBAGy75QDBAGy754DBAG51DIDBAG51+QD
BAG58zIwDQYJKoZIhvcNAQELBQADggEBAFGHvuprDsBnKWI1RThxjH37RZ649W0l
c70zbKJ7CnH3abEcxe6yeyu3+91lAHoEK+AULFVMDJsCt3Ji8ugRIQ2Rf9NChf11
GBm04M93B7o1eSinaaA3BTTobEY8iPN4nrt1uOfQUAMkXEc4bCqjUtMT+gBvWqIX
sMdJkgmMjiLk7DDaacqUsuqw/qZTsjLL2iWrn+2in7BIfXHHLlofmaxRe1XONm1S
y3glwYbd1rwvj1qJMIox+8TDhjGTibyN9cLyILuKO/rXdLvzd1kP51dRTIZlhZm+
npbqN4/bDVj1NI9mfXxxxdiga9n7PpGhg5uWQufeiqsrVdKJUU1j6wM=
-----END CERTIFICATE-----