Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/572ea6-1436-4f26-af57-5975913f52c5/1/63jbaLJLicHf6163WQh-I8GGLAw.roa
File:                     63jbaLJLicHf6163WQh-I8GGLAw.roa (raw, json)
Hash identifier:          IxDM/p9KVQBp6ZHOXCz1GSAmk5VWifzAc4vKfH/sP8I=
Subject key identifier:   EB:78:DB:68:B2:4B:89:C1:DF:EB:5E:B7:59:08:7E:23:C1:86:2C:0C
Certificate issuer:       /CN=f3b5646b360379924cb6d9c3d99669ce7f3b2ca2
Certificate serial:       0185724C571DEE3FA6E93259C483B55A2005
Authority key identifier: F3:B5:64:6B:36:03:79:92:4C:B6:D9:C3:D9:96:69:CE:7F:3B:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87VkazYDeZJMttnD2ZZpzn87LKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/572ea6-1436-4f26-af57-5975913f52c5/1/63jbaLJLicHf6163WQh-I8GGLAw.roa
Signing time:             Mon 02 Jan 2023 11:44:43 +0000
ROA not before:           Mon 02 Jan 2023 11:44:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28968
IP address blocks:        212.59.96.0/20 maxlen: 20
                          62.181.34.0/23 maxlen: 23
                          62.181.36.0/22 maxlen: 22
                          77.232.32.0/23 maxlen: 23
                          62.181.48.0/23 maxlen: 23
                          77.232.35.0/24 maxlen: 24
                          62.181.46.0/23 maxlen: 23
                          62.181.56.0/21 maxlen: 21
                          62.181.56.0/22 maxlen: 22
                          77.232.48.0/23 maxlen: 23
                          2a00:f460::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:4c:57:1d:ee:3f:a6:e9:32:59:c4:83:b5:5a:20:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b5646b360379924cb6d9c3d99669ce7f3b2ca2
        Validity
            Not Before: Jan  2 11:44:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eb78db68b24b89c1dfeb5eb759087e23c1862c0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6a:f1:25:2e:c1:f7:b2:57:88:a9:d4:b6:60:
                    8b:a8:0c:12:64:d8:f8:18:08:9f:1c:76:76:64:d6:
                    b3:1e:98:56:35:0b:99:0f:8b:d4:ea:cf:7a:a8:36:
                    83:69:e5:ae:33:c3:7b:a6:df:7d:5c:3a:a1:eb:56:
                    53:55:82:16:dd:15:b4:9a:89:72:da:70:58:df:da:
                    55:c7:cf:a6:95:d0:b4:5b:cc:b2:00:dc:0e:3e:dc:
                    87:a3:1d:04:31:4a:f6:f5:08:63:c9:f2:3a:57:d7:
                    85:9e:e2:be:c2:13:c9:d7:d2:6b:b0:b9:72:9c:0c:
                    de:85:d6:73:08:66:78:62:2f:e2:85:31:d1:49:a9:
                    ac:be:99:d1:e6:1a:f6:59:25:7b:e8:78:a0:2f:21:
                    af:30:04:b3:54:76:48:36:3b:02:96:31:2f:61:e9:
                    62:8f:59:8e:35:da:e2:f0:6f:00:16:80:e8:78:e5:
                    37:44:a8:24:27:35:ac:fd:93:67:f6:f5:54:52:04:
                    b8:cb:fa:61:36:00:b6:01:c6:78:68:94:a5:c3:2d:
                    d3:49:ba:06:92:1b:96:96:48:c7:ac:b1:d8:44:65:
                    3a:ad:5e:b9:b4:ed:53:3a:2c:9c:9e:31:5f:08:3d:
                    7b:c6:47:d9:88:df:23:19:b9:8f:76:22:b4:a3:1b:
                    50:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:78:DB:68:B2:4B:89:C1:DF:EB:5E:B7:59:08:7E:23:C1:86:2C:0C
            X509v3 Authority Key Identifier:
                keyid:F3:B5:64:6B:36:03:79:92:4C:B6:D9:C3:D9:96:69:CE:7F:3B:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87VkazYDeZJMttnD2ZZpzn87LKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/572ea6-1436-4f26-af57-5975913f52c5/1/63jbaLJLicHf6163WQh-I8GGLAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/572ea6-1436-4f26-af57-5975913f52c5/1/87VkazYDeZJMttnD2ZZpzn87LKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.181.34.0-62.181.39.255
                  62.181.46.0-62.181.49.255
                  62.181.56.0/21
                  77.232.32.0/23
                  77.232.35.0/24
                  77.232.48.0/23
                  212.59.96.0/20
                IPv6:
                  2a00:f460::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:a1:ed:0e:15:a8:6c:42:89:24:08:98:d5:a5:21:84:6d:ce:
         68:1c:45:74:a9:b8:b0:99:1a:ad:4f:0e:bc:d4:7c:77:12:39:
         b6:65:6f:d6:42:28:5c:99:09:b0:18:60:d6:2b:95:16:26:fb:
         23:53:34:bd:57:7d:7c:6a:6b:fb:4f:60:6e:de:6c:3a:6b:36:
         cd:18:b5:99:e7:54:2a:c3:c7:23:d5:d3:a8:d6:e4:c9:98:f9:
         7c:de:97:25:3c:9f:4d:68:d6:58:db:d5:7d:f9:54:32:e4:1d:
         9a:f2:96:24:0b:2c:24:e3:c2:42:1b:25:66:2a:c6:3e:54:6e:
         51:f0:d9:80:b8:18:36:5e:ce:35:75:36:01:64:93:6f:5a:1c:
         1e:0a:10:64:36:cd:1e:49:70:81:10:bc:a9:d1:16:a5:39:42:
         57:d7:a3:09:d7:83:66:2c:c9:04:c4:50:7c:e4:b0:1c:19:a1:
         c8:cd:c5:93:19:86:22:68:79:38:7b:b2:09:e0:84:fe:50:b9:
         d0:b8:ce:0e:6d:a3:38:f5:5e:3e:d3:83:59:b4:dd:5b:c9:b7:
         90:c6:2f:ed:97:1a:70:ba:12:89:9a:e2:4b:5a:85:63:ed:c4:
         cf:1f:65:e2:82:04:56:cf:63:cf:63:45:80:f7:15:a6:85:35:
         c2:e1:5b:24
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYVyTFcd7j+m6TJZxIO1WiAFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjU2NDZiMzYwMzc5OTI0Y2I2ZDljM2Q5OTY2OWNlN2Yz
YjJjYTIwHhcNMjMwMTAyMTE0NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjc4ZGI2OGIyNGI4OWMxZGZlYjVlYjc1OTA4N2UyM2MxODYyYzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmrxJS7B97JXiKnUtmCLqAwSZNj4
GAifHHZ2ZNazHphWNQuZD4vU6s96qDaDaeWuM8N7pt99XDqh61ZTVYIW3RW0moly
2nBY39pVx8+mldC0W8yyANwOPtyHox0EMUr29QhjyfI6V9eFnuK+whPJ19JrsLly
nAzehdZzCGZ4Yi/ihTHRSamsvpnR5hr2WSV76HigLyGvMASzVHZINjsCljEvYeli
j1mONdri8G8AFoDoeOU3RKgkJzWs/ZNn9vVUUgS4y/phNgC2AcZ4aJSlwy3TSboG
khuWlkjHrLHYRGU6rV65tO1TOiycnjFfCD17xkfZiN8jGbmPdiK0oxtQowIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFOt422iyS4nB3+tet1kIfiPBhiwMMB8GA1UdIwQY
MBaAFPO1ZGs2A3mSTLbZw9mWac5/OyyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdWa2F6WURlWkpNdHRuRDJaWnB6bjg3TEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81NzJlYTYtMTQzNi00ZjI2LWFmNTct
NTk3NTkxM2Y1MmM1LzEvNjNqYmFMSkxpY0hmNjE2M1dRaC1JOEdHTEF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81NzJlYTYtMTQzNi00ZjI2LWFmNTctNTk3NTkxM2Y1MmM1
LzEvODdWa2F6WURlWkpNdHRuRDJaWnB6bjg3TEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBABAIAATA6MAwDBAE+tSID
BAM+tSAwDAMEAT61LgMEAT61MAMEAz61OAMEAU3oIAMEAE3oIwMEAU3oMAMEBNQ7
YDANBAIAAjAHAwUAKgD0YDANBgkqhkiG9w0BAQsFAAOCAQEAGaHtDhWobEKJJAiY
1aUhhG3OaBxFdKm4sJkarU8OvNR8dxI5tmVv1kIoXJkJsBhg1iuVFib7I1M0vVd9
fGpr+09gbt5sOms2zRi1medUKsPHI9XTqNbkyZj5fN6XJTyfTWjWWNvVfflUMuQd
mvKWJAssJOPCQhslZirGPlRuUfDZgLgYNl7ONXU2AWSTb1ocHgoQZDbNHklwgRC8
qdEWpTlCV9ejCdeDZizJBMRQfOSwHBmhyM3FkxmGImh5OHuyCeCE/lC50LjODm2j
OPVePtODWbTdW8m3kMYv7ZcacLoSiZriS1qFY+3Ezx9l4oIEVs9jz2NFgPcVpoU1
wuFbJA==
-----END CERTIFICATE-----