Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/c5e0UnEFhWftrrBshhLS2i1VZKw.roa
File:                     c5e0UnEFhWftrrBshhLS2i1VZKw.roa (raw, json)
Hash identifier:          9vRKhVr3Y6fLzH9Ie4qE+8oVbvHCKS7OoMda4vIOWfs=
Subject key identifier:   73:97:B4:52:71:05:85:67:ED:AE:B0:6C:86:12:D2:DA:2D:55:64:AC
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       018956EB0D48A7BDF8E426F9DCAC370B8D37
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/c5e0UnEFhWftrrBshhLS2i1VZKw.roa
Signing time:             Sat 15 Jul 2023 00:19:52 +0000
ROA not before:           Sat 15 Jul 2023 00:19:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     23470
IP address blocks:        155.254.63.0/24 maxlen: 24
                          107.161.166.0/24 maxlen: 24
                          107.161.165.0/24 maxlen: 24
                          107.161.164.0/24 maxlen: 24
                          107.161.163.0/24 maxlen: 24
                          107.161.167.0/24 maxlen: 24
                          107.161.172.0/24 maxlen: 24
                          107.161.173.0/24 maxlen: 24
                          2a07:9944:40::/48 maxlen: 48
                          2a07:9945:45::/48 maxlen: 48
                          2a07:9942:39d6::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:56:eb:0d:48:a7:bd:f8:e4:26:f9:dc:ac:37:0b:8d:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Jul 15 00:19:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7397b45271058567edaeb06c8612d2da2d5564ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:90:cc:a2:41:c7:0a:2c:c0:f5:c4:bb:cc:4d:
                    b7:2b:45:c2:a2:8e:37:26:2a:ca:9c:92:90:20:91:
                    73:3b:83:07:cc:70:fa:53:ed:b9:c0:f9:6c:a3:99:
                    21:c4:5b:27:82:45:7d:03:7f:f0:e3:0c:06:32:f5:
                    19:4b:24:f6:c2:05:9b:d1:a1:d3:80:30:c0:7c:c3:
                    47:13:69:88:b7:e6:f2:c0:5c:17:ed:93:9f:44:86:
                    56:e5:e9:e9:b0:29:30:74:28:0b:0c:b4:52:9c:be:
                    a3:d4:34:58:7d:86:87:56:ce:78:6b:8e:9b:2d:34:
                    26:ce:c9:b4:bb:4c:7b:3b:4e:79:4c:d5:fc:e9:d6:
                    0f:b8:1d:6d:cb:03:65:39:96:a6:99:45:0f:52:48:
                    fe:3c:09:c8:28:a1:b3:48:81:be:98:c7:f2:a1:0e:
                    4c:75:40:70:17:7c:42:21:ea:07:d1:a9:f8:59:e8:
                    e7:b1:6c:c7:35:c7:a7:84:85:7e:c6:fc:37:a9:c6:
                    fc:ae:ac:4a:c2:96:f3:70:95:89:84:e4:21:6d:fb:
                    f4:3f:d1:2d:f7:e3:70:3b:d7:d0:97:a0:ef:44:8b:
                    82:8f:48:a8:c6:0a:4a:e5:29:95:bc:34:88:9c:8f:
                    6e:be:4f:71:25:c0:58:40:46:a7:af:11:2d:6b:62:
                    82:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:97:B4:52:71:05:85:67:ED:AE:B0:6C:86:12:D2:DA:2D:55:64:AC
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/c5e0UnEFhWftrrBshhLS2i1VZKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.161.163.0-107.161.167.255
                  107.161.172.0/23
                  155.254.63.0/24
                IPv6:
                  2a07:9942:39d6::/48
                  2a07:9944:40::/48
                  2a07:9945:45::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:99:c3:fd:b9:69:77:9a:8e:9f:74:87:06:81:d5:04:04:3d:
         b2:a4:ed:ad:13:7e:bb:97:e9:a8:7e:ae:02:f2:04:a9:0f:3a:
         57:65:36:62:a5:2d:c9:78:c1:5c:4a:d1:e9:36:e0:14:4b:86:
         75:b9:c6:a3:74:21:62:d3:5f:bc:16:0a:5c:a5:99:0c:16:cb:
         66:41:1b:6c:d1:6f:1b:ec:7c:be:65:3c:39:39:e8:8c:f5:a4:
         64:f3:a1:ee:6c:40:b7:01:09:4a:02:d0:6b:be:9c:cf:a6:b9:
         9d:9e:91:7e:18:b8:22:23:ab:ea:37:4e:e4:63:88:53:cf:f8:
         3f:54:6c:cd:ff:b4:6f:f9:f9:c2:c8:b8:2d:57:0c:df:7f:90:
         53:1f:0b:11:d3:d9:12:f9:ec:ab:94:bd:b8:f9:eb:bd:41:91:
         62:fc:ea:73:5c:c7:e9:f0:f5:80:47:98:44:7f:13:f5:c2:19:
         26:a0:3c:73:36:90:fc:05:f1:f7:f6:ac:25:79:6f:ca:bd:64:
         fd:fe:f2:53:eb:52:b6:76:e6:1d:ed:c1:e1:3d:03:66:6b:04:
         8c:b8:10:7d:0b:bb:9c:29:b0:5c:8d:33:f3:af:a1:46:2d:4e:
         e4:f9:5b:67:65:99:a2:d2:9a:76:5c:1f:7f:76:a3:87:14:72:
         d6:ae:b8:89
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYlW6w1Ip7345Cb53Kw3C403MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjMwNzE1MDAxOTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzk3YjQ1MjcxMDU4NTY3ZWRhZWIwNmM4NjEyZDJkYTJkNTU2NGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZDMokHHCizA9cS7zE23K0XCoo43
JirKnJKQIJFzO4MHzHD6U+25wPlso5khxFsngkV9A3/w4wwGMvUZSyT2wgWb0aHT
gDDAfMNHE2mIt+bywFwX7ZOfRIZW5enpsCkwdCgLDLRSnL6j1DRYfYaHVs54a46b
LTQmzsm0u0x7O055TNX86dYPuB1tywNlOZammUUPUkj+PAnIKKGzSIG+mMfyoQ5M
dUBwF3xCIeoH0an4WejnsWzHNcenhIV+xvw3qcb8rqxKwpbzcJWJhOQhbfv0P9Et
9+NwO9fQl6DvRIuCj0ioxgpK5SmVvDSInI9uvk9xJcBYQEanrxEta2KC9QIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFHOXtFJxBYVn7a6wbIYS0totVWSsMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvYzVlMFVuRUZoV2Z0cnJCc2hoTFMyaTFWWkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAgBAIAATAaMAwDBABroaMD
BANroaADBAFroawDBACb/j8wIQQCAAIwGwMHACoHmUI51gMHACoHmUQAQAMHACoH
mUUARTANBgkqhkiG9w0BAQsFAAOCAQEATZnD/blpd5qOn3SHBoHVBAQ9sqTtrRN+
u5fpqH6uAvIEqQ86V2U2YqUtyXjBXErR6TbgFEuGdbnGo3QhYtNfvBYKXKWZDBbL
ZkEbbNFvG+x8vmU8OTnojPWkZPOh7mxAtwEJSgLQa76cz6a5nZ6Rfhi4IiOr6jdO
5GOIU8/4P1Rszf+0b/n5wsi4LVcM33+QUx8LEdPZEvnsq5S9uPnrvUGRYvzqc1zH
6fD1gEeYRH8T9cIZJqA8czaQ/AXx9/asJXlvyr1k/f7yU+tStnbmHe3B4T0DZmsE
jLgQfQu7nCmwXI0z86+hRi1O5PlbZ2WZotKadlwff3ajhxRy1q64iQ==
-----END CERTIFICATE-----