Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/qRV_UDWeyRFbRai-_VeQlRQTk2U.roa
File:                     qRV_UDWeyRFbRai-_VeQlRQTk2U.roa (raw, json)
Hash identifier:          qJsrtwC88Y5L/IMtlrukBc36U8j9fH1NDKY0+sqPNCQ=
Subject key identifier:   A9:15:7F:50:35:9E:C9:11:5B:45:A8:BE:FD:57:90:95:14:13:93:65
Certificate issuer:       /CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
Certificate serial:       018CA5E1A73AEBD9FEC41B14233B7BFC0F34
Authority key identifier: BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/qRV_UDWeyRFbRai-_VeQlRQTk2U.roa
Signing time:             Tue 26 Dec 2023 11:27:58 +0000
ROA not before:           Tue 26 Dec 2023 11:27:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50596
IP address blocks:        188.68.8.0/21 maxlen: 22
                          46.254.160.0/21 maxlen: 22
                          37.75.200.0/21 maxlen: 22
                          185.8.220.0/22 maxlen: 23
                          188.68.168.0/21 maxlen: 22
                          93.179.104.0/21 maxlen: 22
                          109.201.96.0/21 maxlen: 21
                          188.68.192.0/21 maxlen: 22
                          178.57.208.0/21 maxlen: 22
                          109.201.104.0/21 maxlen: 21
                          109.201.112.0/20 maxlen: 22
                          2a03:3cc0::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:a5:e1:a7:3a:eb:d9:fe:c4:1b:14:23:3b:7b:fc:0f:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
        Validity
            Not Before: Dec 26 11:27:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a9157f50359ec9115b45a8befd57909514139365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:50:05:05:c6:41:73:67:88:f0:ba:95:d7:17:
                    de:0a:82:fc:99:1a:73:c4:1d:39:f0:99:04:1a:21:
                    fc:02:35:e2:ff:67:c8:e4:da:6d:dd:f7:38:d7:3b:
                    17:39:ac:69:18:fe:a7:2d:8c:00:ce:11:5a:13:47:
                    17:c1:42:0f:f2:b1:96:81:14:dd:2c:42:fd:8d:a2:
                    a5:39:d2:d7:10:0a:e8:ba:84:61:7f:73:06:cf:69:
                    aa:c5:a8:3b:ef:8d:f0:eb:18:d8:7a:ad:ad:3d:83:
                    3a:0b:34:dd:2c:74:3a:25:3b:78:ad:2d:1c:7f:b0:
                    97:6d:3d:39:56:05:ef:e8:f9:bd:98:55:a5:43:9a:
                    81:63:61:13:b0:99:a2:8f:ee:b6:6b:bb:a4:d4:bc:
                    d5:72:23:6e:b2:e4:54:f6:e6:13:70:e0:25:d2:18:
                    e2:8b:eb:45:53:6e:66:de:0d:26:1b:26:37:80:44:
                    7a:da:43:6a:2f:4d:94:1f:55:2c:ce:6b:ba:4d:83:
                    45:94:a0:3a:f7:c0:e5:6d:09:9d:49:19:a4:5b:db:
                    c4:ac:a0:19:ca:87:a7:74:ed:37:9b:4a:69:7c:b1:
                    f9:f5:ba:f0:22:e3:bc:c0:3d:3d:23:69:b5:c3:e9:
                    bc:f0:94:13:37:ac:ec:0b:96:c3:7f:59:93:91:1f:
                    32:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:15:7F:50:35:9E:C9:11:5B:45:A8:BE:FD:57:90:95:14:13:93:65
            X509v3 Authority Key Identifier:
                keyid:BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/qRV_UDWeyRFbRai-_VeQlRQTk2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/ug4SZOB7Nwi8udtaFOfMknCGOVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.75.200.0/21
                  46.254.160.0/21
                  93.179.104.0/21
                  109.201.96.0/19
                  178.57.208.0/21
                  185.8.220.0/22
                  188.68.8.0/21
                  188.68.168.0/21
                  188.68.192.0/21
                IPv6:
                  2a03:3cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         d6:7e:50:e4:e7:db:ce:ab:0e:a9:65:69:24:5a:5e:a4:b2:94:
         87:e2:d0:1b:92:f1:a5:81:88:13:6b:93:4f:8c:7e:56:aa:fc:
         62:74:41:b6:ae:5c:93:42:7d:c6:02:ae:24:b6:5f:bf:54:2b:
         9b:d1:88:0b:15:02:91:96:bf:35:6b:37:06:90:80:c1:2c:dc:
         4e:93:7b:f0:e0:a0:fa:49:e7:3d:11:ad:65:e6:2a:e5:fd:8b:
         44:f3:4f:58:34:85:f9:4a:64:4a:d2:e3:13:c6:d8:62:73:d7:
         ed:d1:1a:04:1c:19:31:f4:be:32:4f:28:c2:ec:f0:af:8d:05:
         2b:e4:2e:cd:f7:5e:f8:1b:3f:93:ba:fc:1b:be:4a:35:b2:de:
         59:16:b1:01:d8:7a:67:b4:79:69:77:cb:1d:56:5a:af:2f:72:
         ca:20:7b:d5:d3:eb:11:01:0c:88:71:1a:49:fa:c3:8b:97:9c:
         be:6f:7b:89:28:5f:e0:8c:aa:ce:4e:e0:f6:28:7a:fe:d2:fd:
         88:11:eb:f0:a0:10:94:f2:e2:6c:ff:5b:b8:06:03:c3:03:e6:
         23:b2:5f:37:b0:43:85:05:20:72:8f:08:11:6e:b6:15:41:df:
         4f:75:03:18:71:ec:35:a8:09:66:90:7a:e8:4d:6d:e1:d7:4d:
         cb:70:da:90
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYyl4ac669n+xBsUIzt7/A80MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMGUxMjY0ZTA3YjM3MDhiY2I5ZGI1YTE0ZTdjYzkyNzA4
NjM5NTgwHhcNMjMxMjI2MTEyNzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTE1N2Y1MDM1OWVjOTExNWI0NWE4YmVmZDU3OTA5NTE0MTM5MzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklAFBcZBc2eI8LqV1xfeCoL8mRpz
xB058JkEGiH8AjXi/2fI5Npt3fc41zsXOaxpGP6nLYwAzhFaE0cXwUIP8rGWgRTd
LEL9jaKlOdLXEArouoRhf3MGz2mqxag7743w6xjYeq2tPYM6CzTdLHQ6JTt4rS0c
f7CXbT05VgXv6Pm9mFWlQ5qBY2ETsJmij+62a7uk1LzVciNusuRU9uYTcOAl0hji
i+tFU25m3g0mGyY3gER62kNqL02UH1Uszmu6TYNFlKA698DlbQmdSRmkW9vErKAZ
yoendO03m0ppfLH59brwIuO8wD09I2m1w+m88JQTN6zsC5bDf1mTkR8yRwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFKkVf1A1nskRW0Wovv1XkJUUE5NlMB8GA1UdIwQY
MBaAFLoOEmTgezcIvLnbWhTnzJJwhjlYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWc0U1pPQjdOd2k4dWR0YUZPZk1rbkNHT1ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS82NGMyZmEtZGY1NC00N2ZmLWE4Yzkt
YmZlMGNjYjc5ZmNjLzEvcVJWX1VEV2V5UkZiUmFpLV9WZVFsUlFUazJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS82NGMyZmEtZGY1NC00N2ZmLWE4YzktYmZlMGNjYjc5ZmNj
LzEvdWc0U1pPQjdOd2k4dWR0YUZPZk1rbkNHT1ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDJUvIAwQD
Lv6gAwQDXbNoAwQFbclgAwQDsjnQAwQCuQjcAwQDvEQIAwQDvESoAwQDvETAMA0E
AgACMAcDBQMqAzzAMA0GCSqGSIb3DQEBCwUAA4IBAQDWflDk59vOqw6pZWkkWl6k
spSH4tAbkvGlgYgTa5NPjH5WqvxidEG2rlyTQn3GAq4ktl+/VCub0YgLFQKRlr81
azcGkIDBLNxOk3vw4KD6Sec9Ea1l5irl/YtE809YNIX5SmRK0uMTxthic9ft0RoE
HBkx9L4yTyjC7PCvjQUr5C7N9174Gz+Tuvwbvko1st5ZFrEB2HpntHlpd8sdVlqv
L3LKIHvV0+sRAQyIcRpJ+sOLl5y+b3uJKF/gjKrOTuD2KHr+0v2IEevwoBCU8uJs
/1u4BgPDA+Yjsl83sEOFBSByjwgRbrYVQd9PdQMYcew1qAlmkHroTW3h103LcNqQ
-----END CERTIFICATE-----