Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/1VGX2rljW7tNpBdEbH5bhtLyyjI.roa
File:                     1VGX2rljW7tNpBdEbH5bhtLyyjI.roa (raw, json)
Hash identifier:          Pi0DFjA7PmrgHM1CE0hB8zcLiomW7vAuF31Q6ip/230=
Subject key identifier:   D5:51:97:DA:B9:63:5B:BB:4D:A4:17:44:6C:7E:5B:86:D2:F2:CA:32
Certificate issuer:       /CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
Certificate serial:       01856EF42355B6735EBC7385FDA3E4FBD00D
Authority key identifier: 5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/1VGX2rljW7tNpBdEbH5bhtLyyjI.roa
Signing time:             Sun 01 Jan 2023 20:09:31 +0000
ROA not before:           Sun 01 Jan 2023 20:09:31 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47862
IP address blocks:        176.74.48.0/21 maxlen: 21
                          176.74.49.0/24 maxlen: 24
                          176.74.48.0/24 maxlen: 24
                          176.74.50.0/24 maxlen: 24
                          176.74.51.0/24 maxlen: 24
                          176.74.54.0/24 maxlen: 24
                          176.74.53.0/24 maxlen: 24
                          176.74.55.0/24 maxlen: 24
                          176.74.52.0/24 maxlen: 24
                          185.76.128.0/24 maxlen: 24
                          109.205.24.0/24 maxlen: 24
                          109.205.25.0/24 maxlen: 24
                          109.205.27.0/24 maxlen: 24
                          109.205.26.0/24 maxlen: 24
                          2a00:1b00::/48 maxlen: 48
                          2a00:1b00:1000::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:f4:23:55:b6:73:5e:bc:73:85:fd:a3:e4:fb:d0:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
        Validity
            Not Before: Jan  1 20:09:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d55197dab9635bbb4da417446c7e5b86d2f2ca32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:54:47:a8:0f:52:e4:62:f1:ae:20:d6:0c:0d:
                    37:88:c3:b9:62:de:22:1b:1d:2b:cf:c7:64:7c:ca:
                    c5:d7:79:bc:4b:ef:64:af:be:75:5e:e6:05:7c:8c:
                    a3:c7:3a:5a:b7:39:e8:18:a8:38:02:f0:10:44:f1:
                    b5:26:88:2b:95:20:01:b4:a8:95:bf:1e:59:6d:ad:
                    af:d2:9a:90:ab:4b:ae:73:82:db:66:2f:68:1d:87:
                    b8:26:b0:43:be:88:b0:bb:ba:ad:b8:48:06:62:00:
                    d5:dc:4d:13:c7:24:0c:57:15:bd:06:e6:4c:c7:b0:
                    c2:b4:fe:e9:7f:5e:1b:24:29:b5:8a:0d:6e:dd:ce:
                    06:60:92:df:44:b9:c6:3b:28:ed:83:9f:30:17:60:
                    65:42:15:d3:32:f1:8c:ff:ad:f8:11:5c:f6:a8:b8:
                    3a:01:30:8b:e6:b8:3d:c8:3d:d8:10:cf:9c:6a:81:
                    47:3c:ea:b3:a6:7e:8f:6d:c0:d4:c4:7a:03:4e:55:
                    e2:a2:40:eb:74:3a:25:d5:4e:db:28:c9:6a:4b:11:
                    65:d7:74:3f:42:2a:3b:18:3f:f9:f4:7a:5d:81:83:
                    f7:a3:03:4f:f3:5f:8e:d8:86:20:fe:1d:1a:32:cd:
                    e9:2f:4e:14:64:10:13:6e:bc:2b:41:f5:81:62:bd:
                    f4:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:51:97:DA:B9:63:5B:BB:4D:A4:17:44:6C:7E:5B:86:D2:F2:CA:32
            X509v3 Authority Key Identifier:
                keyid:5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/1VGX2rljW7tNpBdEbH5bhtLyyjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.24.0/22
                  176.74.48.0/21
                  185.76.128.0/24
                IPv6:
                  2a00:1b00::/48
                  2a00:1b00:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:64:44:3b:fd:01:c7:7b:24:43:d9:31:cb:b8:a3:7d:68:5b:
         d8:b6:a1:7e:96:a9:58:14:87:e2:ac:c7:c9:be:3b:30:b0:75:
         f7:94:90:cb:f0:94:12:6b:cb:fc:a8:07:04:58:b7:32:74:c1:
         1a:64:fb:7b:b3:bd:63:ff:7e:ea:72:68:57:5a:66:ed:14:a7:
         3e:42:4c:28:9f:41:35:c2:18:c2:b4:6a:22:f3:e1:c4:a1:37:
         ea:fe:32:3d:03:7b:b4:a5:f4:e9:26:85:99:04:07:71:49:4c:
         8b:32:62:be:9f:55:bc:db:c6:24:9e:09:1b:57:42:73:ca:af:
         dc:39:02:a3:b5:8f:48:06:68:ec:49:eb:41:46:dc:5e:ac:b0:
         89:dc:96:8b:70:0f:b2:05:93:22:99:11:27:2a:6d:6a:7b:79:
         b6:c2:1c:c4:03:5b:0d:17:70:7a:6f:04:e7:16:36:a6:3c:44:
         e8:5d:c3:9c:a3:8a:84:15:29:d8:16:03:27:14:73:e6:38:5e:
         bb:1d:cd:b9:b2:15:d4:af:97:9c:af:6e:0d:f4:fd:77:d6:7c:
         c6:1f:73:2b:77:06:8e:3c:b4:3e:f2:11:9c:03:19:c0:04:ae:
         6e:9e:8c:a7:bb:ec:90:bc:33:ac:98:0a:6c:92:3b:59:b9:c2:
         38:51:8d:e7
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVu9CNVtnNevHOF/aPk+9ANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNGE0N2Q1ODJiYjBlOTY4MGY4OTI1OGFiOTZkMDU4Njdk
MzUyZWYwHhcNMjMwMTAxMjAwOTMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTUxOTdkYWI5NjM1YmJiNGRhNDE3NDQ2YzdlNWI4NmQyZjJjYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVRHqA9S5GLxriDWDA03iMO5Yt4i
Gx0rz8dkfMrF13m8S+9kr751XuYFfIyjxzpatznoGKg4AvAQRPG1JogrlSABtKiV
vx5Zba2v0pqQq0uuc4LbZi9oHYe4JrBDvoiwu7qtuEgGYgDV3E0TxyQMVxW9BuZM
x7DCtP7pf14bJCm1ig1u3c4GYJLfRLnGOyjtg58wF2BlQhXTMvGM/634EVz2qLg6
ATCL5rg9yD3YEM+caoFHPOqzpn6PbcDUxHoDTlXiokDrdDol1U7bKMlqSxFl13Q/
Qio7GD/59HpdgYP3owNP81+O2IYg/h0aMs3pL04UZBATbrwrQfWBYr30LwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFNVRl9q5Y1u7TaQXRGx+W4bS8soyMB8GA1UdIwQY
MBaAFFpKR9WCuw6WgPiSWKuW0Fhn01LvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTct
NmIwMDY1NTA4OTk2LzEvMVZHWDJybGpXN3ROcEJkRWJINWJodEx5eWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTctNmIwMDY1NTA4OTk2
LzEvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAYBAIAATASAwQCbc0YAwQD
sEowAwQAuUyAMBgEAgACMBIDBwAqABsAAAADBwAqABsAEAAwDQYJKoZIhvcNAQEL
BQADggEBAC5kRDv9Acd7JEPZMcu4o31oW9i2oX6WqVgUh+Ksx8m+OzCwdfeUkMvw
lBJry/yoBwRYtzJ0wRpk+3uzvWP/fupyaFdaZu0Upz5CTCifQTXCGMK0aiLz4cSh
N+r+Mj0De7Sl9OkmhZkEB3FJTIsyYr6fVbzbxiSeCRtXQnPKr9w5AqO1j0gGaOxJ
60FG3F6ssInclotwD7IFkyKZEScqbWp7ebbCHMQDWw0XcHpvBOcWNqY8ROhdw5yj
ioQVKdgWAycUc+Y4XrsdzbmyFdSvl5yvbg30/XfWfMYfcyt3Bo48tD7yEZwDGcAE
rm6ejKe77JC8M6yYCmySO1m5wjhRjec=
-----END CERTIFICATE-----