Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/9ULPbMsvdXZa-JajYdF2PNwqjsI.roa
File:                     9ULPbMsvdXZa-JajYdF2PNwqjsI.roa (raw, json)
Hash identifier:          0av5o4VIaQBlx//7fS+CMgxfkXkPkx4kIH2UjFBFwws=
Subject key identifier:   F5:42:CF:6C:CB:2F:75:76:5A:F8:96:A3:61:D1:76:3C:DC:2A:8E:C2
Certificate issuer:       /CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
Certificate serial:       01857102E9A3D1A67E574072FF82CAE85EE0
Authority key identifier: FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/9ULPbMsvdXZa-JajYdF2PNwqjsI.roa
Signing time:             Mon 02 Jan 2023 05:44:54 +0000
ROA not before:           Mon 02 Jan 2023 05:44:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204196
IP address blocks:        185.240.160.0/22 maxlen: 22
                          185.207.204.0/22 maxlen: 22
                          185.145.128.0/22 maxlen: 22
                          80.209.252.0/23 maxlen: 23
                          185.235.176.0/22 maxlen: 22
                          185.221.200.0/22 maxlen: 22
                          185.224.80.0/22 maxlen: 22
                          185.243.188.0/22 maxlen: 22
                          185.217.92.0/22 maxlen: 22
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:02:e9:a3:d1:a6:7e:57:40:72:ff:82:ca:e8:5e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
        Validity
            Not Before: Jan  2 05:44:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f542cf6ccb2f75765af896a361d1763cdc2a8ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1d:b1:09:cf:99:3f:37:40:c4:7a:ca:83:b6:
                    85:8e:a2:cc:c2:56:53:e0:07:62:50:01:0c:c1:43:
                    20:27:c8:b1:07:62:69:b2:95:b3:72:86:7a:e9:c6:
                    fc:af:1b:38:ce:71:97:3d:cc:36:66:73:ea:94:b4:
                    55:6f:75:3d:2d:5a:0f:18:9e:c5:ea:d7:4f:eb:d0:
                    22:7b:b4:d2:f7:b1:90:a8:3d:ee:a5:96:83:5f:6b:
                    6e:44:40:9c:cf:08:56:22:e9:88:24:a4:65:a9:f5:
                    18:54:51:54:96:39:b8:45:3b:8f:79:0d:73:85:06:
                    20:98:2f:a2:e1:65:30:a4:72:1d:2f:e1:25:15:a1:
                    e8:22:6c:52:04:5d:34:9e:e6:2e:8f:04:2c:04:ac:
                    14:59:7b:1f:9b:59:ab:6a:eb:7c:b9:30:dd:75:b9:
                    69:a1:2d:b5:68:2e:50:61:4b:72:9a:fd:16:00:a8:
                    26:78:41:21:8f:da:0b:0d:9b:dd:a6:b1:2c:3a:a3:
                    9a:6b:0e:42:ab:4d:23:d8:e9:25:51:85:da:8e:fc:
                    44:b6:b6:65:f4:af:f1:69:96:ca:64:f0:5d:46:da:
                    db:63:49:c6:2b:57:63:d6:03:79:4c:11:17:d5:73:
                    2a:f8:b4:6d:4d:be:8b:a0:20:7a:53:b8:5f:cb:7b:
                    12:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:42:CF:6C:CB:2F:75:76:5A:F8:96:A3:61:D1:76:3C:DC:2A:8E:C2
            X509v3 Authority Key Identifier:
                keyid:FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/9ULPbMsvdXZa-JajYdF2PNwqjsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.209.252.0/23
                  185.145.128.0/22
                  185.207.204.0/22
                  185.217.92.0/22
                  185.221.200.0/22
                  185.224.80.0/22
                  185.235.176.0/22
                  185.240.160.0/22
                  185.243.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:fc:d8:ee:ad:ce:3f:72:af:12:17:6f:1b:cf:09:d3:6e:98:
         40:23:6c:23:88:00:90:75:3b:9f:c2:e9:db:1d:02:ea:03:8e:
         3e:22:4e:91:c7:0f:5f:07:85:f9:2d:2a:5a:19:3d:51:9f:a5:
         80:df:c6:8e:0b:19:d4:87:f3:24:16:93:db:84:6c:cc:7f:f9:
         ac:27:e6:8d:35:26:e6:c4:13:e9:49:00:48:ab:fe:65:79:37:
         d4:71:e6:6d:3c:93:58:b8:8c:2f:84:c8:bc:91:76:c8:d7:46:
         8f:8e:e9:f5:67:50:cd:ff:c0:fd:af:87:c6:00:12:90:b2:20:
         e1:23:db:4a:e3:f9:33:f5:95:ff:1c:c0:75:1a:39:69:1a:02:
         3c:ca:13:5b:b9:63:f7:39:92:ae:3e:06:47:5f:20:92:c5:69:
         48:23:73:04:f2:4e:3b:19:c1:2d:6a:c9:f2:20:a2:6f:c8:93:
         50:a2:aa:06:dc:be:27:82:ba:a9:a3:72:bd:ae:5a:00:d3:3c:
         4a:eb:6d:6f:59:de:77:b4:e6:2d:b5:29:d2:36:0e:90:33:7c:
         64:ef:c3:63:9f:b4:13:5b:df:b1:49:33:f7:5c:e0:48:35:84:
         0f:04:f6:54:2d:43:ea:a6:b4:1c:b3:ee:dd:c1:02:de:62:cc:
         eb:12:d7:d5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVxAumj0aZ+V0By/4LK6F7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMmU3MmFiZjdiMTcyOGZkYTZhYTBiMDQxM2Q4ODU0ODEy
ZWEzNjEwHhcNMjMwMTAyMDU0NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQyY2Y2Y2NiMmY3NTc2NWFmODk2YTM2MWQxNzYzY2RjMmE4ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzh2xCc+ZPzdAxHrKg7aFjqLMwlZT
4AdiUAEMwUMgJ8ixB2JpspWzcoZ66cb8rxs4znGXPcw2ZnPqlLRVb3U9LVoPGJ7F
6tdP69Aie7TS97GQqD3upZaDX2tuRECczwhWIumIJKRlqfUYVFFUljm4RTuPeQ1z
hQYgmC+i4WUwpHIdL+ElFaHoImxSBF00nuYujwQsBKwUWXsfm1mraut8uTDddblp
oS21aC5QYUtymv0WAKgmeEEhj9oLDZvdprEsOqOaaw5Cq00j2OklUYXajvxEtrZl
9K/xaZbKZPBdRtrbY0nGK1dj1gN5TBEX1XMq+LRtTb6LoCB6U7hfy3sSyQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFPVCz2zLL3V2WviWo2HRdjzcKo7CMB8GA1UdIwQY
MBaAFPoucqv3sXKP2mqgsEE9iFSBLqNhMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1pNXlxX2V4Y29fYWFxQ3dRVDJJVklFdW8yRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlm
LWEzNjZkYTI1MWE4My8xLzlVTFBiTXN2ZFhaYS1KYWpZZEYyUE53cWpzSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlmLWEzNjZkYTI1MWE4
My8xLzEtaTV5cV9leGNvX2FhcUN3UVQySVZJRXVvMkUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTwYIKwYBBQUHAQcBAf8EQDA+MDwEAgABMDYDBAFQ0fwD
BAK5kYADBAK5z8wDBAK52VwDBAK53cgDBAK54FADBAK567ADBAK58KADBAK587ww
DQYJKoZIhvcNAQELBQADggEBAJb82O6tzj9yrxIXbxvPCdNumEAjbCOIAJB1O5/C
6dsdAuoDjj4iTpHHD18HhfktKloZPVGfpYDfxo4LGdSH8yQWk9uEbMx/+awn5o01
JubEE+lJAEir/mV5N9Rx5m08k1i4jC+EyLyRdsjXRo+O6fVnUM3/wP2vh8YAEpCy
IOEj20rj+TP1lf8cwHUaOWkaAjzKE1u5Y/c5kq4+BkdfIJLFaUgjcwTyTjsZwS1q
yfIgom/Ik1CiqgbcvieCuqmjcr2uWgDTPErrbW9Z3ne05i21KdI2DpAzfGTvw2Of
tBNb37FJM/dc4Eg1hA8E9lQtQ+qmtByz7t3BAt5izOsS19U=
-----END CERTIFICATE-----