Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/53741e-9392-4d19-99d2-ced29650a280/1/6K3cQml8sMfhftr3ONv59J75qOU.roa
File:                     6K3cQml8sMfhftr3ONv59J75qOU.roa (raw, json)
Hash identifier:          OGPNWehnJ6wy6O0gHoglRX9VHnZjHFoDppDqBNpztJc=
Subject key identifier:   E8:AD:DC:42:69:7C:B0:C7:E1:7E:DA:F7:38:DB:F9:F4:9E:F9:A8:E5
Certificate issuer:       /CN=0da3cbf1e0e856ea4c53b5abae86594ec9933982
Certificate serial:       0182212E6847F8EBADEF57375E7819A03412
Authority key identifier: 0D:A3:CB:F1:E0:E8:56:EA:4C:53:B5:AB:AE:86:59:4E:C9:93:39:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DaPL8eDoVupMU7WrroZZTsmTOYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/53741e-9392-4d19-99d2-ced29650a280/1/6K3cQml8sMfhftr3ONv59J75qOU.roa
Signing time:             Thu 21 Jul 2022 14:34:25 +0000
ROA not before:           Thu 21 Jul 2022 14:34:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208545
IP address blocks:        178.175.180.0/23 maxlen: 23
                          178.175.180.0/24 maxlen: 24
                          178.175.181.0/24 maxlen: 24
                          2a12:be40:f::/48 maxlen: 48
                          2a12:be40:a::/48 maxlen: 48
                          2a12:be40:5::/48 maxlen: 48
                          2a12:be40::/48 maxlen: 48
                          2a12:be40:3::/48 maxlen: 48
                          2a12:be40:e::/48 maxlen: 48
                          2a12:be40:9::/48 maxlen: 48
                          2a12:be40:4::/48 maxlen: 48
                          2a12:be40:7::/48 maxlen: 48
                          2a12:be40::/29 maxlen: 29
                          2a12:be40:2::/48 maxlen: 48
                          2a12:be40:d::/48 maxlen: 48
                          2a12:be40:8::/48 maxlen: 48
                          2a12:be40:b::/48 maxlen: 48
                          2a12:be40:6::/48 maxlen: 48
                          2a12:be40:1::/48 maxlen: 48
                          2a12:be40:c::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:21:2e:68:47:f8:eb:ad:ef:57:37:5e:78:19:a0:34:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0da3cbf1e0e856ea4c53b5abae86594ec9933982
        Validity
            Not Before: Jul 21 14:34:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e8addc42697cb0c7e17edaf738dbf9f49ef9a8e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:89:c1:a4:70:91:29:91:bd:e7:b9:27:42:79:
                    95:c8:6b:69:16:74:52:f1:a0:52:79:ef:2b:48:5f:
                    d9:0b:64:51:a1:39:20:05:77:90:36:90:eb:b3:e4:
                    13:35:3b:f6:08:e5:cb:55:33:82:9f:91:b2:38:f2:
                    bf:40:08:bc:48:d0:25:a4:8f:53:fb:54:0e:83:e9:
                    a7:9e:cc:50:95:56:17:36:9c:7a:b7:e3:c4:26:88:
                    a5:42:28:81:f3:c2:2a:85:f3:f4:d9:bd:92:19:7f:
                    46:aa:9e:8b:4f:49:49:b4:b7:d8:78:c0:91:00:e2:
                    47:2e:53:d4:82:f7:0d:be:61:aa:90:4b:2e:d9:fa:
                    91:2e:45:75:53:79:8e:43:e7:69:f0:92:25:03:c4:
                    e9:c6:40:ea:c7:80:0d:c2:a9:04:c1:f3:26:e7:d0:
                    a5:95:21:3e:cb:45:c3:01:9a:e5:79:29:44:a9:3b:
                    99:32:e0:00:77:ab:4f:e8:fb:3c:d6:f6:51:74:44:
                    55:df:58:ba:92:3a:0b:bd:11:50:1d:82:4e:2a:29:
                    75:d1:8f:ba:fa:a0:39:a7:93:cd:69:60:a8:8e:ed:
                    32:6b:1e:f1:1d:e0:00:b5:4f:5d:a8:86:6f:2a:99:
                    08:2d:86:cf:a1:7b:ca:e8:6a:78:70:10:d3:f2:7d:
                    14:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:AD:DC:42:69:7C:B0:C7:E1:7E:DA:F7:38:DB:F9:F4:9E:F9:A8:E5
            X509v3 Authority Key Identifier:
                keyid:0D:A3:CB:F1:E0:E8:56:EA:4C:53:B5:AB:AE:86:59:4E:C9:93:39:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DaPL8eDoVupMU7WrroZZTsmTOYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/53741e-9392-4d19-99d2-ced29650a280/1/6K3cQml8sMfhftr3ONv59J75qOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/53741e-9392-4d19-99d2-ced29650a280/1/DaPL8eDoVupMU7WrroZZTsmTOYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.180.0/23
                IPv6:
                  2a12:be40::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:94:8b:be:2a:d8:4f:ed:68:6d:e2:8c:f7:4f:b2:69:3b:29:
         d4:7a:02:58:7b:3e:87:9b:22:c7:4d:9a:05:a9:fe:1a:74:34:
         4b:d1:11:62:5c:49:3d:97:37:72:c0:df:a7:fe:1a:85:35:df:
         fc:21:29:9c:ed:fd:7b:aa:98:28:dc:09:9e:74:e1:83:f5:a6:
         fa:b6:0a:eb:99:21:b1:0e:a8:d0:4d:56:81:9e:a1:2d:54:f8:
         4b:89:e0:3b:f0:b7:34:09:21:24:65:0b:49:fc:af:0c:34:98:
         26:5a:5f:5f:74:2d:f1:ed:79:d2:ab:9c:da:3f:f4:2d:fc:0b:
         02:58:57:18:e6:2b:fd:dc:2e:fb:98:08:e2:af:cf:bd:fd:86:
         06:51:90:cd:ad:1b:05:f1:72:93:07:33:84:fe:b4:53:57:21:
         17:9a:84:a1:24:8f:06:e5:9a:ca:21:a3:62:6d:32:90:4d:d8:
         01:2d:ff:e5:fb:45:60:33:e3:6e:ad:3d:a6:a3:03:16:fd:13:
         c5:c6:3c:20:c3:43:f5:43:73:75:3f:9f:8d:ec:61:94:54:db:
         e2:12:4e:17:fe:ce:f5:2a:e6:c1:6d:59:a5:7a:ba:07:d6:2d:
         66:3b:2a:b4:25:97:aa:2d:be:f1:e9:39:5a:59:3c:69:6e:6f:
         fb:01:08:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYIhLmhH+Out71c3XngZoDQSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYTNjYmYxZTBlODU2ZWE0YzUzYjVhYmFlODY1OTRlYzk5
MzM5ODIwHhcNMjIwNzIxMTQzNDI1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGFkZGM0MjY5N2NiMGM3ZTE3ZWRhZjczOGRiZjlmNDllZjlhOGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoInBpHCRKZG957knQnmVyGtpFnRS
8aBSee8rSF/ZC2RRoTkgBXeQNpDrs+QTNTv2COXLVTOCn5GyOPK/QAi8SNAlpI9T
+1QOg+mnnsxQlVYXNpx6t+PEJoilQiiB88IqhfP02b2SGX9Gqp6LT0lJtLfYeMCR
AOJHLlPUgvcNvmGqkEsu2fqRLkV1U3mOQ+dp8JIlA8TpxkDqx4ANwqkEwfMm59Cl
lSE+y0XDAZrleSlEqTuZMuAAd6tP6Ps81vZRdERV31i6kjoLvRFQHYJOKil10Y+6
+qA5p5PNaWCoju0yax7xHeAAtU9dqIZvKpkILYbPoXvK6Gp4cBDT8n0UqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOit3EJpfLDH4X7a9zjb+fSe+ajlMB8GA1UdIwQY
MBaAFA2jy/Hg6FbqTFO1q66GWU7JkzmCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGFQTDhlRG9WdXBNVTdXcnJvWlpUc21UT1lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC81Mzc0MWUtOTM5Mi00ZDE5LTk5ZDIt
Y2VkMjk2NTBhMjgwLzEvNkszY1FtbDhzTWZoZnRyM09OdjU5Sjc1cU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC81Mzc0MWUtOTM5Mi00ZDE5LTk5ZDItY2VkMjk2NTBhMjgw
LzEvRGFQTDhlRG9WdXBNVTdXcnJvWlpUc21UT1lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBsq+0MA0E
AgACMAcDBQMqEr5AMA0GCSqGSIb3DQEBCwUAA4IBAQBqlIu+KthP7Wht4oz3T7Jp
OynUegJYez6HmyLHTZoFqf4adDRL0RFiXEk9lzdywN+n/hqFNd/8ISmc7f17qpgo
3AmedOGD9ab6tgrrmSGxDqjQTVaBnqEtVPhLieA78Lc0CSEkZQtJ/K8MNJgmWl9f
dC3x7XnSq5zaP/Qt/AsCWFcY5iv93C77mAjir8+9/YYGUZDNrRsF8XKTBzOE/rRT
VyEXmoShJI8G5ZrKIaNibTKQTdgBLf/l+0VgM+NurT2mowMW/RPFxjwgw0P1Q3N1
P5+N7GGUVNviEk4X/s71KubBbVmleroH1i1mOyq0JZeqLb7x6TlaWTxpbm/7AQgL
-----END CERTIFICATE-----