Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/4f6187-bc67-4ac3-9c8d-a70f992a5529/1/4uWuDylHbS0epVG0uBDfWNWtlno.roa
File:                     4uWuDylHbS0epVG0uBDfWNWtlno.roa (raw, json)
Hash identifier:          9QKWEn0hJ6Y4PVlaec6n/CrOwJdct8FT2bibwF9BT3E=
Subject key identifier:   E2:E5:AE:0F:29:47:6D:2D:1E:A5:51:B4:B8:10:DF:58:D5:AD:96:7A
Certificate issuer:       /CN=c49c88442ba97345bc0106559e6fa786944adca4
Certificate serial:       018570F0A420A49F44697A0DF3F615919A63
Authority key identifier: C4:9C:88:44:2B:A9:73:45:BC:01:06:55:9E:6F:A7:86:94:4A:DC:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xJyIRCupc0W8AQZVnm-nhpRK3KQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/4f6187-bc67-4ac3-9c8d-a70f992a5529/1/4uWuDylHbS0epVG0uBDfWNWtlno.roa
Signing time:             Mon 02 Jan 2023 05:24:56 +0000
ROA not before:           Mon 02 Jan 2023 05:24:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8749
IP address blocks:        164.138.88.0/21 maxlen: 21
                          185.3.180.0/22 maxlen: 22
                          159.253.168.0/21 maxlen: 21
                          46.183.128.0/22 maxlen: 22
                          46.183.128.0/21 maxlen: 21
                          46.183.132.0/23 maxlen: 23
                          46.183.135.0/24 maxlen: 24
                          46.183.134.0/24 maxlen: 24
                          212.19.0.0/19 maxlen: 19
                          94.125.48.0/21 maxlen: 21
                          212.19.18.0/24 maxlen: 24
                          212.19.24.0/24 maxlen: 24
                          2a00:c040::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:f0:a4:20:a4:9f:44:69:7a:0d:f3:f6:15:91:9a:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c49c88442ba97345bc0106559e6fa786944adca4
        Validity
            Not Before: Jan  2 05:24:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e2e5ae0f29476d2d1ea551b4b810df58d5ad967a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:24:7d:fb:c6:71:b3:43:6c:c0:91:93:b6:11:
                    e5:04:52:9f:f9:bd:17:d0:e1:b3:40:8e:1e:d1:0a:
                    e2:7c:45:60:e9:a6:ed:30:44:77:e6:97:f7:34:74:
                    2f:b0:a1:eb:30:86:99:04:45:c7:d5:a6:c8:72:3b:
                    92:a0:78:fb:a0:6a:79:0a:b3:d4:8e:cb:0e:8a:98:
                    2e:a0:97:31:52:20:48:e0:2a:62:50:53:aa:6e:a5:
                    0f:74:75:76:01:8e:85:fa:53:eb:5a:32:d8:80:04:
                    bc:1d:cf:84:7d:9e:3c:8f:2b:a9:6c:cb:ba:a3:bf:
                    b0:2f:d5:ea:ae:8d:ff:6b:b9:fa:5d:3c:b3:b3:73:
                    14:01:c6:90:62:d9:2d:24:4e:20:35:72:7b:e7:01:
                    6e:30:15:6b:52:9b:35:36:43:c8:8b:1b:2d:a2:8c:
                    04:6f:da:a4:bb:0f:a8:49:bc:34:b9:e0:4a:cd:18:
                    90:2b:4f:22:c7:0c:11:d0:a2:e9:de:1c:77:fb:0c:
                    38:e7:4e:c7:e4:4a:d8:a7:e8:41:91:65:cd:ec:3b:
                    f1:1b:e0:55:95:9a:03:9f:7b:3a:de:94:46:36:17:
                    19:65:3c:8b:ea:24:92:31:0b:58:2a:5e:ec:7f:5a:
                    25:38:2c:a8:53:95:97:bb:74:b7:b3:95:3f:0a:b1:
                    53:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:E5:AE:0F:29:47:6D:2D:1E:A5:51:B4:B8:10:DF:58:D5:AD:96:7A
            X509v3 Authority Key Identifier:
                keyid:C4:9C:88:44:2B:A9:73:45:BC:01:06:55:9E:6F:A7:86:94:4A:DC:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xJyIRCupc0W8AQZVnm-nhpRK3KQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/4f6187-bc67-4ac3-9c8d-a70f992a5529/1/4uWuDylHbS0epVG0uBDfWNWtlno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/4f6187-bc67-4ac3-9c8d-a70f992a5529/1/xJyIRCupc0W8AQZVnm-nhpRK3KQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.128.0/21
                  94.125.48.0/21
                  159.253.168.0/21
                  164.138.88.0/21
                  185.3.180.0/22
                  212.19.0.0/19
                IPv6:
                  2a00:c040::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:92:73:1b:d1:a9:b3:01:cb:e9:03:61:5b:e0:51:83:bb:74:
         57:1e:fe:b3:83:ae:c6:28:d7:4e:cf:30:a2:38:5d:8d:ba:3a:
         1c:b9:3f:d7:ae:64:7e:37:e7:14:ff:c3:2d:87:1b:8a:92:ee:
         4d:bf:ad:ab:3a:90:62:5d:ef:b2:05:7f:80:89:48:67:d4:94:
         89:7c:59:a7:1c:96:b2:90:5f:4b:d8:49:6d:b7:12:7d:e8:42:
         37:0d:dc:0a:33:d8:77:85:4f:83:71:2a:4e:97:08:cb:f4:64:
         75:29:3c:a8:c0:6a:e2:a4:33:ff:7b:3e:7b:02:87:da:60:c4:
         99:32:83:57:da:7e:2f:f6:70:31:80:a5:90:11:3e:42:a7:a5:
         56:3b:6b:97:8d:48:44:60:86:6c:29:b5:d8:e5:7a:89:ab:8d:
         80:79:33:01:58:84:1c:0f:ec:22:6c:7c:9b:b8:d8:f8:e7:8f:
         82:02:03:cf:fe:87:7e:8c:df:f9:a9:48:24:16:6e:f3:49:96:
         08:ec:ee:4b:b1:9d:05:2b:89:8f:ca:db:c1:ba:04:52:0d:98:
         08:68:0e:ec:90:75:36:fe:ff:b7:8c:f5:2e:a2:fe:f5:f4:07:
         20:00:5d:df:06:40:64:da:16:91:be:f5:1d:a5:61:ff:48:f1:
         6f:8e:9f:93
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVw8KQgpJ9EaXoN8/YVkZpjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OWM4ODQ0MmJhOTczNDViYzAxMDY1NTllNmZhNzg2OTQ0
YWRjYTQwHhcNMjMwMTAyMDUyNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmU1YWUwZjI5NDc2ZDJkMWVhNTUxYjRiODEwZGY1OGQ1YWQ5NjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyR9+8Zxs0NswJGTthHlBFKf+b0X
0OGzQI4e0QrifEVg6abtMER35pf3NHQvsKHrMIaZBEXH1abIcjuSoHj7oGp5CrPU
jssOipguoJcxUiBI4CpiUFOqbqUPdHV2AY6F+lPrWjLYgAS8Hc+EfZ48jyupbMu6
o7+wL9Xqro3/a7n6XTyzs3MUAcaQYtktJE4gNXJ75wFuMBVrUps1NkPIixstoowE
b9qkuw+oSbw0ueBKzRiQK08ixwwR0KLp3hx3+ww4507H5ErYp+hBkWXN7DvxG+BV
lZoDn3s63pRGNhcZZTyL6iSSMQtYKl7sf1olOCyoU5WXu3S3s5U/CrFTiQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFOLlrg8pR20tHqVRtLgQ31jVrZZ6MB8GA1UdIwQY
MBaAFMSciEQrqXNFvAEGVZ5vp4aUStykMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEp5SVJDdXBjMFc4QVFaVm5tLW5ocFJLM0tRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi80ZjYxODctYmM2Ny00YWMzLTljOGQt
YTcwZjk5MmE1NTI5LzEvNHVXdUR5bEhiUzBlcFZHMHVCRGZXTld0bG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi80ZjYxODctYmM2Ny00YWMzLTljOGQtYTcwZjk5MmE1NTI5
LzEveEp5SVJDdXBjMFc4QVFaVm5tLW5ocFJLM0tRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDLreAAwQD
Xn0wAwQDn/2oAwQDpIpYAwQCuQO0AwQF1BMAMA0EAgACMAcDBQAqAMBAMA0GCSqG
SIb3DQEBCwUAA4IBAQBMknMb0amzAcvpA2Fb4FGDu3RXHv6zg67GKNdOzzCiOF2N
ujocuT/XrmR+N+cU/8MthxuKku5Nv62rOpBiXe+yBX+AiUhn1JSJfFmnHJaykF9L
2ElttxJ96EI3DdwKM9h3hU+DcSpOlwjL9GR1KTyowGripDP/ez57AofaYMSZMoNX
2n4v9nAxgKWQET5Cp6VWO2uXjUhEYIZsKbXY5XqJq42AeTMBWIQcD+wibHybuNj4
54+CAgPP/od+jN/5qUgkFm7zSZYI7O5LsZ0FK4mPytvBugRSDZgIaA7skHU2/v+3
jPUuov719AcgAF3fBkBk2haRvvUdpWH/SPFvjp+T
-----END CERTIFICATE-----