Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/QMRW242-2rNE9-D3rduERp75v8U.roa
File:                     QMRW242-2rNE9-D3rduERp75v8U.roa (raw, json)
Hash identifier:          73K65HLGsTqzYqWqXu337EVKbam9IqvM2XWaRMIISYM=
Subject key identifier:   40:C4:56:DB:8D:BE:DA:B3:44:F7:E0:F7:AD:DB:84:46:9E:F9:BF:C5
Certificate issuer:       /CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
Certificate serial:       381F915F
Authority key identifier: BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/QMRW242-2rNE9-D3rduERp75v8U.roa
Signing time:             Wed 09 Feb 2022 10:42:34 +0000
ROA not before:           Wed 09 Feb 2022 10:42:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50596
IP address blocks:        188.68.8.0/21 maxlen: 21
                          46.254.160.0/21 maxlen: 21
                          37.75.200.0/21 maxlen: 21
                          185.8.220.0/22 maxlen: 22
                          93.179.104.0/21 maxlen: 21
                          188.68.168.0/21 maxlen: 21
                          109.201.96.0/21 maxlen: 21
                          188.68.192.0/21 maxlen: 21
                          178.57.208.0/21 maxlen: 21
                          109.201.104.0/21 maxlen: 21
                          109.201.112.0/20 maxlen: 22
                          2a03:3cc0::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 941592927 (0x381f915f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
        Validity
            Not Before: Feb  9 10:42:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=40c456db8dbedab344f7e0f7addb84469ef9bfc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cc:c1:a1:c1:c4:a1:33:39:cb:1d:7a:21:e2:
                    72:9b:4b:78:87:1d:1d:f4:62:8c:aa:02:c1:21:42:
                    69:ec:86:88:55:d1:38:0d:60:db:e7:53:c9:3d:45:
                    a2:90:3a:7a:fa:dd:10:78:a0:a5:0b:49:28:bf:bd:
                    c1:2b:70:b4:59:41:4e:64:2a:75:f5:6b:f4:d2:21:
                    ee:47:01:49:71:ec:1a:94:31:d4:6c:da:49:2a:79:
                    94:fe:af:c7:36:07:e6:24:da:1f:e0:fc:0d:46:00:
                    56:59:7d:16:da:00:06:3b:de:5e:c3:33:20:5e:ad:
                    fc:1c:45:9e:1b:a8:3d:3c:c6:e0:67:d8:43:90:50:
                    16:94:f0:ae:d1:b6:f5:54:72:a5:5b:c2:66:8c:0a:
                    31:72:63:bd:f6:20:3d:72:1c:c8:fa:cc:54:02:65:
                    32:0f:7d:b9:b6:20:44:72:e9:e5:28:4f:07:72:5a:
                    04:c0:f5:be:4e:d0:02:14:51:8e:9a:7b:66:14:ec:
                    1a:79:b9:38:78:43:78:a6:a7:25:7e:c1:e0:cd:b3:
                    e4:1d:8b:a1:59:70:3e:19:da:0e:d3:41:8b:9f:cd:
                    e0:db:cd:88:6f:2e:13:7c:83:e4:f6:ae:12:d2:5f:
                    a9:d8:6c:34:dc:fa:4a:6f:f9:20:a3:6e:50:4e:a0:
                    17:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:C4:56:DB:8D:BE:DA:B3:44:F7:E0:F7:AD:DB:84:46:9E:F9:BF:C5
            X509v3 Authority Key Identifier:
                keyid:BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/QMRW242-2rNE9-D3rduERp75v8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/ug4SZOB7Nwi8udtaFOfMknCGOVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.75.200.0/21
                  46.254.160.0/21
                  93.179.104.0/21
                  109.201.96.0/19
                  178.57.208.0/21
                  185.8.220.0/22
                  188.68.8.0/21
                  188.68.168.0/21
                  188.68.192.0/21
                IPv6:
                  2a03:3cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:08:97:c9:6a:ca:b5:75:22:dc:be:45:b3:84:8a:ec:ca:6a:
         4c:87:63:e6:2b:0b:cd:cf:3a:85:29:ff:47:c4:de:9d:49:6d:
         22:0b:3e:20:94:92:7e:5c:3a:ae:a7:3f:25:bc:b2:34:68:15:
         bc:80:2a:66:23:78:31:83:40:cf:9e:e6:6f:e3:9f:92:50:d8:
         01:98:3b:c1:2a:2f:e7:46:1d:5a:a4:55:29:11:14:95:57:eb:
         8f:94:c0:29:6c:1d:1d:ec:1b:1a:b4:c9:da:c7:02:58:d1:ed:
         cb:1b:1f:d8:cf:d8:2c:78:29:8d:c6:15:67:b6:d3:a4:81:48:
         69:8d:13:95:d2:7f:19:5e:f6:0a:8e:bd:ee:70:4f:30:39:51:
         f6:d8:67:c2:97:77:a7:75:c7:e4:70:6d:fc:56:1c:6f:e8:6c:
         ab:9b:2b:32:b3:ed:f3:e1:61:ef:e5:4c:17:9f:07:f8:8c:de:
         b1:e8:b4:be:ec:fe:df:b0:03:9a:1c:32:09:73:fa:14:17:cd:
         ce:26:74:74:7e:71:84:2a:bd:a3:52:30:a0:48:74:f7:12:b9:
         7f:09:35:54:79:b5:d0:4c:1b:8e:2d:0d:59:23:7e:9c:ff:29:
         d1:fc:cb:16:4d:91:ca:b4:96:21:88:35:64:a6:e2:b5:74:aa:
         bf:f0:ea:b3
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIEOB+RXzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YTBlMTI2NGUwN2IzNzA4YmNiOWRiNWExNGU3Y2M5MjcwODYzOTU4MB4XDTIyMDIw
OTEwNDIzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDBjNDU2ZGI4ZGJl
ZGFiMzQ0ZjdlMGY3YWRkYjg0NDY5ZWY5YmZjNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANDMwaHBxKEzOcsdeiHicptLeIcdHfRijKoCwSFCaeyGiFXR
OA1g2+dTyT1FopA6evrdEHigpQtJKL+9wStwtFlBTmQqdfVr9NIh7kcBSXHsGpQx
1GzaSSp5lP6vxzYH5iTaH+D8DUYAVll9FtoABjveXsMzIF6t/BxFnhuoPTzG4GfY
Q5BQFpTwrtG29VRypVvCZowKMXJjvfYgPXIcyPrMVAJlMg99ubYgRHLp5ShPB3Ja
BMD1vk7QAhRRjpp7ZhTsGnm5OHhDeKanJX7B4M2z5B2LoVlwPhnaDtNBi5/N4NvN
iG8uE3yD5PauEtJfqdhsNNz6Sm/5IKNuUE6gF30CAwEAAaOCAkgwggJEMB0GA1Ud
DgQWBBRAxFbbjb7as0T34Pet24RGnvm/xTAfBgNVHSMEGDAWgBS6DhJk4Hs3CLy5
21oU58yScIY5WDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VnNFNaT0I3TndpOHVkdGFGT2ZNa25DR09WZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWEvNjRjMmZhLWRmNTQtNDdmZi1hOGM5LWJmZTBjY2I3OWZjYy8x
L1FNUlcyNDItMnJORTktRDNyZHVFUnA3NXY4VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEv
NjRjMmZhLWRmNTQtNDdmZi1hOGM5LWJmZTBjY2I3OWZjYy8xL3VnNFNaT0I3Tndp
OHVkdGFGT2ZNa25DR09WZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBe
BggrBgEFBQcBBwEB/wRPME0wPAQCAAEwNgMEAyVLyAMEAy7+oAMEA12zaAMEBW3J
YAMEA7I50AMEArkI3AMEA7xECAMEA7xEqAMEA7xEwDANBAIAAjAHAwUDKgM8wDAN
BgkqhkiG9w0BAQsFAAOCAQEAVQiXyWrKtXUi3L5Fs4SK7MpqTIdj5isLzc86hSn/
R8TenUltIgs+IJSSflw6rqc/JbyyNGgVvIAqZiN4MYNAz57mb+OfklDYAZg7wSov
50YdWqRVKREUlVfrj5TAKWwdHewbGrTJ2scCWNHtyxsf2M/YLHgpjcYVZ7bTpIFI
aY0TldJ/GV72Co697nBPMDlR9thnwpd3p3XH5HBt/FYcb+hsq5srMrPt8+Fh7+VM
F58H+Izesei0vuz+37ADmhwyCXP6FBfNziZ0dH5xhCq9o1IwoEh09xK5fwk1VHm1
0Ewbji0NWSN+nP8p0fzLFk2RyrSWIYg1ZKbitXSqv/Dqsw==
-----END CERTIFICATE-----