Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/Jn_KIXIvp9T-bS8SEwnaZDGdifU.roa
File:                     Jn_KIXIvp9T-bS8SEwnaZDGdifU.roa (raw, json)
Hash identifier:          VKqFnbivCJXLGvkvKioIKULnFWKRBJ6PzRLPT6qde/g=
Subject key identifier:   26:7F:CA:21:72:2F:A7:D4:FE:6D:2F:12:13:09:DA:64:31:9D:89:F5
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       018A17BFDF67AEAF9E5D0F761B9101AEFF04
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/Jn_KIXIvp9T-bS8SEwnaZDGdifU.roa
Signing time:             Mon 21 Aug 2023 10:59:25 +0000
ROA not before:           Mon 21 Aug 2023 10:59:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25521
IP address blocks:        185.223.112.0/22 maxlen: 22
                          46.30.160.0/21 maxlen: 21
                          93.188.32.0/21 maxlen: 21
                          176.115.96.0/21 maxlen: 21
                          193.0.216.0/22 maxlen: 22
                          193.106.136.0/22 maxlen: 22
                          91.224.24.0/23 maxlen: 23
                          82.193.96.0/19 maxlen: 19
                          195.64.148.0/23 maxlen: 23
                          2a02:2610::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:17:bf:df:67:ae:af:9e:5d:0f:76:1b:91:01:ae:ff:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Aug 21 10:59:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=267fca21722fa7d4fe6d2f121309da64319d89f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:36:74:e7:e5:7d:ae:3d:cb:e4:8a:3a:df:6d:
                    6c:74:b1:6a:97:38:c0:89:02:b9:80:f7:d7:1a:e7:
                    52:08:7b:e3:78:2a:ba:92:27:25:0c:09:ac:db:b3:
                    14:32:39:ca:c4:2a:9c:4c:64:38:7b:6a:ae:e0:54:
                    0c:81:20:df:98:c7:34:33:22:77:34:59:50:1b:bb:
                    f3:b7:19:60:d0:37:dd:24:bb:f5:d8:90:ff:e6:7e:
                    7d:6b:3e:a4:20:2d:7f:a9:46:56:da:53:b3:71:dc:
                    69:65:1b:eb:9c:7a:14:b6:d4:6c:7b:89:d1:d4:b3:
                    c4:42:45:d6:7e:88:87:3f:1a:cc:05:e0:aa:8c:89:
                    76:29:d4:aa:e7:f2:79:82:49:09:e1:57:6f:f3:1e:
                    e4:a7:0e:19:1b:a8:a3:4a:b0:fd:b2:38:83:da:b8:
                    70:cf:f3:6d:43:ab:b9:d5:30:21:35:71:cd:1e:10:
                    29:2c:6d:ad:ee:c9:01:66:79:55:1b:51:72:c1:39:
                    aa:0c:ee:0b:d1:7a:59:f5:3d:a4:6f:60:63:b2:cf:
                    b8:73:d3:f1:30:4d:ac:7b:07:62:b6:43:3f:ff:49:
                    bb:c2:11:5e:3f:ca:51:4c:eb:4b:aa:b0:05:05:d1:
                    08:be:fb:20:df:26:73:e7:cd:7a:35:82:ef:a6:11:
                    69:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7F:CA:21:72:2F:A7:D4:FE:6D:2F:12:13:09:DA:64:31:9D:89:F5
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/Jn_KIXIvp9T-bS8SEwnaZDGdifU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.160.0/21
                  82.193.96.0/19
                  91.224.24.0/23
                  93.188.32.0/21
                  176.115.96.0/21
                  185.223.112.0/22
                  193.0.216.0/22
                  193.106.136.0/22
                  195.64.148.0/23
                IPv6:
                  2a02:2610::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:59:e9:f9:85:c3:f2:1d:5b:7b:fb:27:2a:98:a6:65:d8:57:
         54:1b:d8:9f:d8:d9:a1:a1:06:7d:7f:f5:ec:8f:48:c5:4c:97:
         b7:27:62:40:0c:c7:92:8b:da:43:f7:bc:1a:01:6a:95:75:69:
         5b:73:10:00:5a:e9:44:55:25:fd:10:33:f9:14:0d:9e:78:98:
         89:4c:18:64:0d:77:3e:3c:e6:1e:93:93:e1:db:59:02:45:8d:
         85:4d:d4:12:36:0f:91:95:d5:ad:69:60:c9:45:4b:46:a3:ca:
         ba:39:2a:64:a0:b6:a8:a6:d5:d8:85:19:28:42:12:2b:e6:7c:
         a1:0f:0f:7b:0e:26:10:76:f5:e9:54:44:b1:8e:4e:d1:1f:3b:
         4a:da:77:17:d0:58:01:6d:9c:e2:bb:a5:21:44:0e:91:dc:52:
         ed:e7:6e:26:3f:76:15:89:6d:a8:96:06:17:5d:ea:05:93:c4:
         b4:34:a2:c7:d8:e9:4b:ff:62:50:06:e8:2d:b7:c2:86:bb:e7:
         60:ca:b2:cc:d9:d1:87:c5:ff:74:28:7d:c9:f0:42:99:81:e5:
         28:ba:05:98:49:2a:90:f9:d9:04:7e:f7:e2:1d:57:0a:10:1f:
         78:c0:6a:4e:83:2b:cc:4d:68:bc:8d:63:cc:25:91:f5:69:05:
         b8:c4:9f:57
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYoXv99nrq+eXQ92G5EBrv8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjMwODIxMTA1OTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdmY2EyMTcyMmZhN2Q0ZmU2ZDJmMTIxMzA5ZGE2NDMxOWQ4OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojZ05+V9rj3L5Io6321sdLFqlzjA
iQK5gPfXGudSCHvjeCq6kiclDAms27MUMjnKxCqcTGQ4e2qu4FQMgSDfmMc0MyJ3
NFlQG7vztxlg0DfdJLv12JD/5n59az6kIC1/qUZW2lOzcdxpZRvrnHoUttRse4nR
1LPEQkXWfoiHPxrMBeCqjIl2KdSq5/J5gkkJ4Vdv8x7kpw4ZG6ijSrD9sjiD2rhw
z/NtQ6u51TAhNXHNHhApLG2t7skBZnlVG1FywTmqDO4L0XpZ9T2kb2Bjss+4c9Px
ME2sewditkM//0m7whFeP8pRTOtLqrAFBdEIvvsg3yZz5816NYLvphFpcQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCZ/yiFyL6fU/m0vEhMJ2mQxnYn1MB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvSm5fS0lYSXZwOVQtYlM4U0V3bmFaREdkaWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDLh6gAwQF
UsFgAwQBW+AYAwQDXbwgAwQDsHNgAwQCud9wAwQCwQDYAwQCwWqIAwQBw0CUMA0E
AgACMAcDBQAqAiYQMA0GCSqGSIb3DQEBCwUAA4IBAQA9Wen5hcPyHVt7+ycqmKZl
2FdUG9if2NmhoQZ9f/Xsj0jFTJe3J2JADMeSi9pD97waAWqVdWlbcxAAWulEVSX9
EDP5FA2eeJiJTBhkDXc+POYek5Ph21kCRY2FTdQSNg+RldWtaWDJRUtGo8q6OSpk
oLaoptXYhRkoQhIr5nyhDw97DiYQdvXpVESxjk7RHztK2ncX0FgBbZziu6UhRA6R
3FLt524mP3YViW2olgYXXeoFk8S0NKLH2OlL/2JQBugtt8KGu+dgyrLM2dGHxf90
KH3J8EKZgeUougWYSSqQ+dkEfvfiHVcKEB94wGpOgyvMTWi8jWPMJZH1aQW4xJ9X
-----END CERTIFICATE-----