Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/UC6sFLrXLdPiBFZoaFAFBpt6x9s.roa
File:                     UC6sFLrXLdPiBFZoaFAFBpt6x9s.roa (raw, json)
Hash identifier:          xOg7i+l0nf303n+xoVnBX5h7cVNocS1+1gmqeOx16d4=
Subject key identifier:   50:2E:AC:14:BA:D7:2D:D3:E2:04:56:68:68:50:05:06:9B:7A:C7:DB
Certificate issuer:       /CN=93202129969576ce357fae26c9c7cf98a8250ea6
Certificate serial:       018C62F0EFA6C3470580E1C9C7CAEF785FA1
Authority key identifier: 93:20:21:29:96:95:76:CE:35:7F:AE:26:C9:C7:CF:98:A8:25:0E:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kyAhKZaVds41f64mycfPmKglDqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/UC6sFLrXLdPiBFZoaFAFBpt6x9s.roa
Signing time:             Wed 13 Dec 2023 11:30:06 +0000
ROA not before:           Wed 13 Dec 2023 11:30:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6677
IP address blocks:        85.220.0.0/17 maxlen: 17
                          157.157.2.0/24 maxlen: 24
                          157.157.4.0/24 maxlen: 24
                          157.157.0.0/16 maxlen: 16
                          213.167.150.0/24 maxlen: 24
                          31.209.192.0/18 maxlen: 18
                          213.167.128.0/19 maxlen: 19
                          212.30.192.0/19 maxlen: 19
                          192.147.34.0/24 maxlen: 24
                          194.105.224.0/24 maxlen: 24
                          194.105.224.0/19 maxlen: 19
                          2001:1a98::/32 maxlen: 32
                          2001:1a98::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:62:f0:ef:a6:c3:47:05:80:e1:c9:c7:ca:ef:78:5f:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93202129969576ce357fae26c9c7cf98a8250ea6
        Validity
            Not Before: Dec 13 11:30:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=502eac14bad72dd3e2045668685005069b7ac7db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ad:8d:e1:0f:25:49:f5:cf:de:eb:f6:e7:8a:
                    7f:d8:cf:5a:b3:84:04:e6:2f:cf:24:30:90:44:e6:
                    62:b2:c1:48:3c:15:3b:ee:b2:e9:48:26:c5:3a:1a:
                    04:3d:5b:5c:91:d4:a6:7b:e9:40:b8:3e:2a:b7:c0:
                    5b:a1:b3:e4:e0:ab:4a:70:ad:ca:d1:8b:2d:1a:d5:
                    34:e5:3a:1a:a5:40:bf:33:ec:f6:66:b9:0c:56:06:
                    44:ba:87:9d:db:10:e3:96:54:01:b3:ee:d8:5d:6c:
                    01:d6:a4:8a:b1:45:fc:3b:ef:a7:72:2f:0d:24:80:
                    1e:d7:aa:02:c0:26:f1:43:49:6c:d2:4d:43:8d:87:
                    c3:7b:b6:d5:ef:a0:3a:21:85:4e:60:e4:3e:75:78:
                    43:83:75:80:31:e4:45:3f:07:95:69:42:b0:63:9a:
                    33:a1:be:09:4a:9a:6c:9a:0e:fd:5d:49:78:53:b9:
                    8e:11:59:2f:3a:7a:9a:ae:cf:f7:f2:25:ba:33:87:
                    e1:fd:54:fd:cf:49:6f:da:8e:61:d1:53:5f:8f:81:
                    a3:d2:6b:ae:e8:ca:b9:58:75:0b:40:d3:00:0f:51:
                    73:1f:10:08:84:7f:08:7d:b8:39:90:e7:f7:06:92:
                    46:89:ad:8f:50:e9:df:6e:fb:f0:99:4e:b9:cf:e4:
                    2a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:2E:AC:14:BA:D7:2D:D3:E2:04:56:68:68:50:05:06:9B:7A:C7:DB
            X509v3 Authority Key Identifier:
                keyid:93:20:21:29:96:95:76:CE:35:7F:AE:26:C9:C7:CF:98:A8:25:0E:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kyAhKZaVds41f64mycfPmKglDqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/UC6sFLrXLdPiBFZoaFAFBpt6x9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/kyAhKZaVds41f64mycfPmKglDqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.209.192.0/18
                  85.220.0.0/17
                  157.157.0.0/16
                  192.147.34.0/24
                  194.105.224.0/19
                  212.30.192.0/19
                  213.167.128.0/19
                IPv6:
                  2001:1a98::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:94:2b:06:bc:f3:8c:82:a3:23:8d:a0:5d:0a:f2:70:50:61:
         0d:cc:17:29:27:8c:73:7c:a4:a3:1e:ce:5b:5b:30:ae:07:fc:
         bd:48:73:0c:c6:4c:c0:a6:54:d4:d8:51:07:e0:95:4e:9c:32:
         3d:3f:2c:d5:16:2e:70:13:fc:1b:19:33:92:83:32:1c:a4:e3:
         01:b8:69:d6:c9:80:b3:e9:a0:58:97:d6:a3:d0:2b:2d:fe:98:
         c3:c8:69:e5:25:58:39:e7:be:42:cf:7e:14:47:88:c8:72:63:
         9f:ae:aa:5f:15:22:41:09:75:57:b4:f2:76:15:4a:2c:f3:e2:
         1d:11:47:d5:2d:bd:20:7a:01:2d:89:3e:8c:bd:20:d0:29:26:
         20:2c:5b:10:aa:3d:6c:11:6d:11:3d:5b:40:b7:8a:21:f2:10:
         d4:4f:b2:05:36:b9:4b:fd:a2:01:ee:38:ad:0d:e7:e1:1b:74:
         0d:5c:9d:e1:12:e6:6c:8a:2d:0e:10:26:e2:7c:de:49:81:e1:
         e8:e1:53:5b:70:d3:b6:5f:82:06:be:6b:11:72:7d:4c:8e:d7:
         dc:6d:42:97:cd:c3:8e:f1:92:8a:59:22:d9:4d:db:a9:e4:a4:
         52:37:58:b7:71:5d:a9:b1:65:2a:52:b8:e1:3f:11:f0:c0:61:
         3b:a2:15:9a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYxi8O+mw0cFgOHJx8rveF+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMjAyMTI5OTY5NTc2Y2UzNTdmYWUyNmM5YzdjZjk4YTgy
NTBlYTYwHhcNMjMxMjEzMTEzMDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDJlYWMxNGJhZDcyZGQzZTIwNDU2Njg2ODUwMDUwNjliN2FjN2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK2N4Q8lSfXP3uv254p/2M9as4QE
5i/PJDCQROZissFIPBU77rLpSCbFOhoEPVtckdSme+lAuD4qt8BbobPk4KtKcK3K
0YstGtU05ToapUC/M+z2ZrkMVgZEuoed2xDjllQBs+7YXWwB1qSKsUX8O++nci8N
JIAe16oCwCbxQ0ls0k1DjYfDe7bV76A6IYVOYOQ+dXhDg3WAMeRFPweVaUKwY5oz
ob4JSppsmg79XUl4U7mOEVkvOnqars/38iW6M4fh/VT9z0lv2o5h0VNfj4Gj0muu
6Mq5WHULQNMAD1FzHxAIhH8Ifbg5kOf3BpJGia2PUOnfbvvwmU65z+QqgQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFFAurBS61y3T4gRWaGhQBQabesfbMB8GA1UdIwQY
MBaAFJMgISmWlXbONX+uJsnHz5ioJQ6mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3lBaEtaYVZkczQxZjY0bXljZlBtS2dsRHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9kNmU3OTYtMGUxNC00NWIxLTljZjMt
NWFkNThhYmZiYjFmLzEvVUM2c0ZMclhMZFBpQkZab2FGQUZCcHQ2eDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9kNmU3OTYtMGUxNC00NWIxLTljZjMtNWFkNThhYmZiYjFm
LzEva3lBaEtaYVZkczQxZjY0bXljZlBtS2dsRHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAvBAIAATApAwQGH9HAAwQH
VdwAAwMAnZ0DBADAkyIDBAXCaeADBAXUHsADBAXVp4AwDQQCAAIwBwMFAyABGpgw
DQYJKoZIhvcNAQELBQADggEBABCUKwa884yCoyONoF0K8nBQYQ3MFyknjHN8pKMe
zltbMK4H/L1IcwzGTMCmVNTYUQfglU6cMj0/LNUWLnAT/BsZM5KDMhyk4wG4adbJ
gLPpoFiX1qPQKy3+mMPIaeUlWDnnvkLPfhRHiMhyY5+uql8VIkEJdVe08nYVSizz
4h0RR9UtvSB6AS2JPoy9INApJiAsWxCqPWwRbRE9W0C3iiHyENRPsgU2uUv9ogHu
OK0N5+EbdA1cneES5myKLQ4QJuJ83kmB4ejhU1tw07Zfgga+axFyfUyO19xtQpfN
w47xkopZItlN26nkpFI3WLdxXamxZSpSuOE/EfDAYTuiFZo=
-----END CERTIFICATE-----