Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/_mHt9x4HVv2PXm4Vo9R6iulxgi4.roa
File:                     _mHt9x4HVv2PXm4Vo9R6iulxgi4.roa (raw, json)
Hash identifier:          TiU2td2KvpOsJFRxkRTXDlG/LGqHJOFsws0nc9SD8JI=
Subject key identifier:   FE:61:ED:F7:1E:07:56:FD:8F:5E:6E:15:A3:D4:7A:8A:E9:71:82:2E
Certificate issuer:       /CN=0191496469167c5b1d8920b98bd51af3fe35ade5
Certificate serial:       01867929F28B5FC0D6A99006BA475FF44302
Authority key identifier: 01:91:49:64:69:16:7C:5B:1D:89:20:B9:8B:D5:1A:F3:FE:35:AD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZFJZGkWfFsdiSC5i9Ua8_41reU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/_mHt9x4HVv2PXm4Vo9R6iulxgi4.roa
Signing time:             Wed 22 Feb 2023 12:47:17 +0000
ROA not before:           Wed 22 Feb 2023 12:47:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42353
IP address blocks:        185.63.140.0/24 maxlen: 24
                          185.63.141.0/24 maxlen: 24
                          185.63.142.0/24 maxlen: 24
                          185.63.143.0/24 maxlen: 24
                          178.22.136.0/24 maxlen: 24
                          178.22.137.0/24 maxlen: 24
                          178.22.139.0/24 maxlen: 24
                          178.22.136.0/23 maxlen: 23
                          178.22.136.0/21 maxlen: 21
                          178.22.142.0/23 maxlen: 24
                          178.22.143.0/24 maxlen: 24
                          178.22.140.0/23 maxlen: 23
                          178.22.140.0/24 maxlen: 24
                          178.22.141.0/24 maxlen: 24
                          194.0.210.0/24 maxlen: 24
                          2a02:28c8::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:79:29:f2:8b:5f:c0:d6:a9:90:06:ba:47:5f:f4:43:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0191496469167c5b1d8920b98bd51af3fe35ade5
        Validity
            Not Before: Feb 22 12:47:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fe61edf71e0756fd8f5e6e15a3d47a8ae971822e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d2:5e:b3:4b:f3:42:06:d8:2d:f1:26:15:c2:
                    fc:96:94:d2:8c:d3:27:14:3b:dc:99:03:f6:18:a0:
                    ce:64:e7:a3:88:67:e7:c3:32:24:77:ff:94:13:76:
                    25:ec:bf:e7:3f:bc:a0:a2:34:ce:b5:a2:13:39:00:
                    bb:69:6b:19:18:2e:7f:24:0b:5e:66:7d:26:5e:a7:
                    44:f1:04:cd:5a:20:f8:53:dd:35:f0:d7:f1:42:84:
                    ac:95:e7:7b:e9:55:ad:10:dc:8d:27:5d:7a:fe:68:
                    9d:16:b2:07:d3:99:d5:57:c8:c8:47:3a:7c:7f:05:
                    67:8e:0a:f4:a8:65:5f:99:0f:20:c0:21:f5:a0:d8:
                    80:ce:65:fe:62:08:bb:e8:d1:85:a7:d7:c2:53:08:
                    61:7d:4c:c4:09:93:6b:2d:3e:2a:c3:d4:d8:2e:d2:
                    93:5a:e1:ba:01:8e:64:13:c2:02:43:93:1e:03:9f:
                    1f:a3:9b:e8:79:4f:6f:72:df:82:2e:d0:62:d8:67:
                    29:c8:34:8d:29:23:1d:6f:61:7d:64:71:fa:0c:6f:
                    24:61:69:b4:0f:c0:3a:3e:89:db:5f:c2:7a:f1:bd:
                    5b:35:c9:17:c1:46:2b:60:f1:d1:e8:19:a6:88:30:
                    a5:d8:0e:3c:6a:39:86:02:5f:94:3d:00:ac:fd:91:
                    d8:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:61:ED:F7:1E:07:56:FD:8F:5E:6E:15:A3:D4:7A:8A:E9:71:82:2E
            X509v3 Authority Key Identifier:
                keyid:01:91:49:64:69:16:7C:5B:1D:89:20:B9:8B:D5:1A:F3:FE:35:AD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZFJZGkWfFsdiSC5i9Ua8_41reU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/_mHt9x4HVv2PXm4Vo9R6iulxgi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1d0152-856d-4717-8219-bf2f97f1e34f/1/AZFJZGkWfFsdiSC5i9Ua8_41reU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.136.0/21
                  185.63.140.0/22
                  194.0.210.0/24
                IPv6:
                  2a02:28c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:ad:9c:ad:0d:41:c5:69:a4:e8:71:ef:b3:7d:d0:fd:d2:93:
         c5:13:7e:6e:08:d7:ff:0a:91:88:7c:ee:d0:e0:2f:74:6a:46:
         a4:2e:70:eb:7d:51:b7:f6:13:90:85:50:d2:de:94:a5:ad:2c:
         e4:30:03:49:21:12:ba:8c:9a:cc:af:0e:27:89:28:8d:e8:64:
         70:5f:94:a0:f4:a5:69:5e:45:9d:79:9e:ad:9e:de:f3:2a:be:
         c4:28:35:d5:25:96:fa:a0:a3:48:93:b0:89:30:87:92:2d:4d:
         e4:2a:44:a2:09:c9:f1:bf:ce:ca:c8:b9:01:08:04:11:f6:2f:
         11:64:f8:8e:1c:ab:b4:22:b3:33:82:04:90:d7:28:5a:dc:57:
         62:a8:2f:3b:aa:57:f6:75:f3:a3:37:c0:bb:54:dd:56:b5:b0:
         7d:3b:ab:fb:e3:b6:47:f1:84:09:a6:35:dd:4d:d6:e1:7f:9b:
         bd:42:48:87:ef:cc:75:e8:a2:b6:55:7b:12:1d:fb:9f:ad:cb:
         2d:d2:b5:77:9d:99:84:54:95:88:28:3a:da:9d:fa:7b:81:97:
         ea:b9:49:4a:3e:08:3f:42:dc:b8:a1:67:77:6b:3f:fe:d4:13:
         7d:92:46:08:c1:15:0c:a4:57:5b:4b:a4:a7:c4:d0:f8:17:b9:
         05:44:58:02
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYZ5KfKLX8DWqZAGukdf9EMCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTE0OTY0NjkxNjdjNWIxZDg5MjBiOThiZDUxYWYzZmUz
NWFkZTUwHhcNMjMwMjIyMTI0NzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTYxZWRmNzFlMDc1NmZkOGY1ZTZlMTVhM2Q0N2E4YWU5NzE4MjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9Jes0vzQgbYLfEmFcL8lpTSjNMn
FDvcmQP2GKDOZOejiGfnwzIkd/+UE3Yl7L/nP7ygojTOtaITOQC7aWsZGC5/JAte
Zn0mXqdE8QTNWiD4U9018NfxQoSsled76VWtENyNJ116/midFrIH05nVV8jIRzp8
fwVnjgr0qGVfmQ8gwCH1oNiAzmX+Ygi76NGFp9fCUwhhfUzECZNrLT4qw9TYLtKT
WuG6AY5kE8ICQ5MeA58fo5voeU9vct+CLtBi2GcpyDSNKSMdb2F9ZHH6DG8kYWm0
D8A6PonbX8J68b1bNckXwUYrYPHR6BmmiDCl2A48ajmGAl+UPQCs/ZHYVwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFP5h7fceB1b9j15uFaPUeorpcYIuMB8GA1UdIwQY
MBaAFAGRSWRpFnxbHYkguYvVGvP+Na3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpGSlpHa1dmRnNkaVNDNWk5VWE4XzQxcmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8xZDAxNTItODU2ZC00NzE3LTgyMTkt
YmYyZjk3ZjFlMzRmLzEvX21IdDl4NEhWdjJQWG00Vm85UjZpdWx4Z2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8xZDAxNTItODU2ZC00NzE3LTgyMTktYmYyZjk3ZjFlMzRm
LzEvQVpGSlpHa1dmRnNkaVNDNWk5VWE4XzQxcmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDshaIAwQC
uT+MAwQAwgDSMA0EAgACMAcDBQAqAijIMA0GCSqGSIb3DQEBCwUAA4IBAQBcrZyt
DUHFaaToce+zfdD90pPFE35uCNf/CpGIfO7Q4C90akakLnDrfVG39hOQhVDS3pSl
rSzkMANJIRK6jJrMrw4niSiN6GRwX5Sg9KVpXkWdeZ6tnt7zKr7EKDXVJZb6oKNI
k7CJMIeSLU3kKkSiCcnxv87KyLkBCAQR9i8RZPiOHKu0IrMzggSQ1yha3FdiqC87
qlf2dfOjN8C7VN1WtbB9O6v747ZH8YQJpjXdTdbhf5u9QkiH78x16KK2VXsSHfuf
rcst0rV3nZmEVJWIKDranfp7gZfquUlKPgg/Qty4oWd3az/+1BN9kkYIwRUMpFdb
S6SnxND4F7kFRFgC
-----END CERTIFICATE-----