Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/2jHtFhbh6aHkCYtRJagYOwgaKiU.roa
File:                     2jHtFhbh6aHkCYtRJagYOwgaKiU.roa (raw, json)
Hash identifier:          MHoOdfcA8AN3U/c5Lu13Qq/7eTVoecVUrk+Fyl/Iv3U=
Subject key identifier:   DA:31:ED:16:16:E1:E9:A1:E4:09:8B:51:25:A8:18:3B:08:1A:2A:25
Certificate issuer:       /CN=2875f185823dbc6a82d105b3ca16077db5729377
Certificate serial:       01856DCAF98F8BD6868F60137D65C5F70E02
Authority key identifier: 28:75:F1:85:82:3D:BC:6A:82:D1:05:B3:CA:16:07:7D:B5:72:93:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KHXxhYI9vGqC0QWzyhYHfbVyk3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/2jHtFhbh6aHkCYtRJagYOwgaKiU.roa
Signing time:             Sun 01 Jan 2023 14:44:56 +0000
ROA not before:           Sun 01 Jan 2023 14:44:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31472
IP address blocks:        185.91.41.0/24 maxlen: 24
                          185.91.40.0/22 maxlen: 22
                          185.60.4.0/22 maxlen: 22
                          149.19.176.0/22 maxlen: 22
                          195.206.184.0/21 maxlen: 21
                          185.86.20.0/22 maxlen: 22
                          185.34.80.0/22 maxlen: 22
                          185.61.88.0/22 maxlen: 22
                          37.157.48.0/21 maxlen: 21
                          185.2.76.0/23 maxlen: 23
                          185.2.76.0/22 maxlen: 22
                          2a00:b840:1::/48 maxlen: 48
                          2a00:b840::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:ca:f9:8f:8b:d6:86:8f:60:13:7d:65:c5:f7:0e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2875f185823dbc6a82d105b3ca16077db5729377
        Validity
            Not Before: Jan  1 14:44:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da31ed1616e1e9a1e4098b5125a8183b081a2a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e1:8c:45:1e:d6:e0:0e:34:66:3e:31:c8:5f:
                    8e:d5:60:57:1c:18:f1:3a:ab:5b:bf:b6:ca:89:7f:
                    72:7c:95:63:55:ee:2d:35:d1:7d:44:d9:7e:72:67:
                    4d:b3:2b:31:3b:ec:3b:58:b5:52:1b:9e:08:55:9f:
                    f9:f6:b3:d2:3e:9e:82:dc:db:e0:8a:e9:e9:c8:1e:
                    1a:68:ed:81:14:7b:d6:8b:30:b6:80:c0:6b:5e:13:
                    71:5a:85:35:6a:78:df:a3:09:93:7a:22:f0:70:0a:
                    18:15:3a:bd:03:ac:26:9a:9a:31:dd:46:64:3f:4f:
                    1e:5c:f0:51:69:25:d6:c8:80:60:68:30:e4:3c:b0:
                    07:19:ae:e5:39:48:61:76:33:2e:b9:48:5b:fd:5f:
                    ab:46:b1:04:e3:c5:fa:ab:a1:45:fa:48:4d:65:f3:
                    6d:b3:41:32:1e:66:c3:2f:c5:8c:81:bc:8e:3d:a6:
                    e3:b6:b7:51:cb:49:3f:32:7a:9a:83:ab:34:55:5b:
                    6f:ad:30:1b:c2:5f:a9:c6:9c:98:45:0b:df:66:d8:
                    87:55:cd:cc:57:a1:e8:17:2c:7d:77:bf:44:2e:90:
                    fe:67:87:f7:91:ac:73:4d:a9:f8:3c:ab:68:7c:ed:
                    33:9d:2a:09:0e:0f:b0:89:a9:a0:e9:2b:b3:7f:dc:
                    cc:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:31:ED:16:16:E1:E9:A1:E4:09:8B:51:25:A8:18:3B:08:1A:2A:25
            X509v3 Authority Key Identifier:
                keyid:28:75:F1:85:82:3D:BC:6A:82:D1:05:B3:CA:16:07:7D:B5:72:93:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KHXxhYI9vGqC0QWzyhYHfbVyk3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/2jHtFhbh6aHkCYtRJagYOwgaKiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a04da6-9887-42a5-8ed7-94e5d49cc628/1/KHXxhYI9vGqC0QWzyhYHfbVyk3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.48.0/21
                  149.19.176.0/22
                  185.2.76.0/22
                  185.34.80.0/22
                  185.60.4.0/22
                  185.61.88.0/22
                  185.86.20.0/22
                  185.91.40.0/22
                  195.206.184.0/21
                IPv6:
                  2a00:b840::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:7a:82:12:bb:00:24:89:39:fc:00:92:b6:cc:0a:0b:7b:78:
         27:07:e2:c5:76:49:e7:75:5f:8a:b1:4e:03:b0:5b:9c:df:73:
         04:89:27:7c:82:e7:a5:a2:7b:d0:d4:e3:c8:ef:0e:e9:ee:63:
         6e:1f:9c:f9:17:8d:f3:63:8a:75:21:d8:75:c4:9a:c5:4d:7e:
         9a:a5:93:6b:6e:bc:8d:e3:5d:e7:6b:86:50:64:9f:ce:1d:14:
         97:74:d2:5a:4f:df:e7:64:17:68:dd:60:5c:f3:fa:78:37:8f:
         31:dc:2c:8b:f5:75:1d:e1:08:a6:70:21:d8:be:7b:07:27:cd:
         7b:db:42:50:01:29:b9:c4:53:bb:13:7a:ca:c7:f8:ac:12:07:
         b5:4e:91:09:d8:fc:3e:ec:65:12:75:7e:af:67:f3:f5:13:26:
         3c:26:cd:5c:24:de:99:bb:72:f4:7e:ef:75:37:04:2d:13:15:
         2e:f2:1e:85:a2:dc:04:85:4e:a2:56:32:56:00:e5:7a:fd:fc:
         96:8a:9b:32:7f:df:8d:61:a4:0a:68:70:e1:39:2f:82:b4:f1:
         55:77:43:9f:ae:8b:7b:1d:82:5a:18:b3:46:60:4b:ed:91:93:
         2a:a3:91:68:b5:2f:a5:2a:6c:a0:2c:ec:1a:85:af:87:5d:a2:
         84:de:01:f3
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVtyvmPi9aGj2ATfWXF9w4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NzVmMTg1ODIzZGJjNmE4MmQxMDViM2NhMTYwNzdkYjU3
MjkzNzcwHhcNMjMwMTAxMTQ0NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTMxZWQxNjE2ZTFlOWExZTQwOThiNTEyNWE4MTgzYjA4MWEyYTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+GMRR7W4A40Zj4xyF+O1WBXHBjx
Oqtbv7bKiX9yfJVjVe4tNdF9RNl+cmdNsysxO+w7WLVSG54IVZ/59rPSPp6C3Nvg
iunpyB4aaO2BFHvWizC2gMBrXhNxWoU1anjfowmTeiLwcAoYFTq9A6wmmpox3UZk
P08eXPBRaSXWyIBgaDDkPLAHGa7lOUhhdjMuuUhb/V+rRrEE48X6q6FF+khNZfNt
s0EyHmbDL8WMgbyOPabjtrdRy0k/Mnqag6s0VVtvrTAbwl+pxpyYRQvfZtiHVc3M
V6HoFyx9d79ELpD+Z4f3kaxzTan4PKtofO0znSoJDg+wiamg6Suzf9zMLQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFNox7RYW4emh5AmLUSWoGDsIGiolMB8GA1UdIwQY
MBaAFCh18YWCPbxqgtEFs8oWB321cpN3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0hYeGhZSTl2R3FDMFFXenloWUhmYlZ5azNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9hMDRkYTYtOTg4Ny00MmE1LThlZDct
OTRlNWQ0OWNjNjI4LzEvMmpIdEZoYmg2YUhrQ1l0UkphZ1lPd2dhS2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9hMDRkYTYtOTg4Ny00MmE1LThlZDctOTRlNWQ0OWNjNjI4
LzEvS0hYeGhZSTl2R3FDMFFXenloWUhmYlZ5azNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDJZ0wAwQC
lROwAwQCuQJMAwQCuSJQAwQCuTwEAwQCuT1YAwQCuVYUAwQCuVsoAwQDw864MA0E
AgACMAcDBQMqALhAMA0GCSqGSIb3DQEBCwUAA4IBAQA/eoISuwAkiTn8AJK2zAoL
e3gnB+LFdknndV+KsU4DsFuc33MEiSd8guelonvQ1OPI7w7p7mNuH5z5F43zY4p1
Idh1xJrFTX6apZNrbryN413na4ZQZJ/OHRSXdNJaT9/nZBdo3WBc8/p4N48x3CyL
9XUd4QimcCHYvnsHJ81720JQASm5xFO7E3rKx/isEge1TpEJ2Pw+7GUSdX6vZ/P1
EyY8Js1cJN6Zu3L0fu91NwQtExUu8h6FotwEhU6iVjJWAOV6/fyWipsyf9+NYaQK
aHDhOS+CtPFVd0Ofrot7HYJaGLNGYEvtkZMqo5FotS+lKmygLOwaha+HXaKE3gHz
-----END CERTIFICATE-----