Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/SXuWJyhIbJR1fI1UGsJuVRD6cDs.roa
File:                     SXuWJyhIbJR1fI1UGsJuVRD6cDs.roa (raw, json)
Hash identifier:          UdXi+7cs9tIJeq7e2pCO+z7n72hqT9Z7blS8j5LUZUM=
Subject key identifier:   49:7B:96:27:28:48:6C:94:75:7C:8D:54:1A:C2:6E:55:10:FA:70:3B
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       35871D43
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/SXuWJyhIbJR1fI1UGsJuVRD6cDs.roa
Signing time:             Tue 26 Apr 2022 20:10:51 +0000
ROA not before:           Tue 26 Apr 2022 20:10:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203622
IP address blocks:        46.32.166.0/24 maxlen: 24
                          46.32.165.0/24 maxlen: 24
                          46.32.164.0/24 maxlen: 24
                          46.32.160.0/24 maxlen: 24
                          46.32.162.0/24 maxlen: 24
                          46.32.161.0/24 maxlen: 24
                          46.32.167.0/24 maxlen: 24
                          46.32.170.0/24 maxlen: 24
                          46.32.171.0/24 maxlen: 24
                          46.32.177.0/24 maxlen: 24
                          46.32.179.0/24 maxlen: 24
                          46.32.178.0/24 maxlen: 24
                          46.32.174.0/24 maxlen: 24
                          46.32.176.0/24 maxlen: 24
                          46.32.175.0/24 maxlen: 24
                          46.32.191.0/24 maxlen: 24
                          46.32.188.0/24 maxlen: 24
                          46.32.190.0/24 maxlen: 24
                          46.32.189.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 898047299 (0x35871d43)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Apr 26 20:10:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=497b962728486c94757c8d541ac26e5510fa703b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:08:5a:e2:3c:c4:b6:19:96:8d:9e:84:3d:ed:
                    57:f2:34:63:35:e5:0b:7e:13:fb:37:76:ec:e6:bc:
                    ef:e8:c4:7c:85:bc:30:df:d7:9e:84:fd:9c:73:ab:
                    7b:d0:e8:d9:f1:59:61:e1:1e:b2:1c:85:2e:10:ae:
                    dc:55:e3:0b:cb:f6:54:24:7f:a5:8c:b5:42:e3:b1:
                    61:16:ff:cb:b8:41:46:b2:f7:db:c5:bc:d5:39:9b:
                    e1:a0:7b:1e:14:4c:d5:b2:08:79:04:e9:63:75:83:
                    cc:4a:cc:4d:cd:4b:f4:e7:df:1c:b4:ab:a5:75:f0:
                    8a:8d:90:41:d0:b1:72:e1:68:bc:6e:16:e4:40:20:
                    2e:70:f5:29:df:d7:b9:63:84:65:64:c3:55:9f:e3:
                    c9:86:3e:d2:d3:a8:81:ab:b9:b1:ab:ec:de:f3:05:
                    f0:9e:6b:f3:db:79:7c:2f:2f:ba:2a:38:d1:90:57:
                    a7:43:76:a4:36:a0:1d:fa:f9:07:53:78:70:48:32:
                    f1:a6:8c:f2:55:58:f0:88:d2:92:41:2f:93:1a:82:
                    74:a2:ee:e3:03:bc:f9:cc:2e:f6:53:8a:57:ac:eb:
                    f9:4d:5a:8a:7a:ac:60:95:56:c3:54:dc:a4:25:97:
                    5e:c0:5d:b1:f7:a0:71:3a:a2:dc:95:ef:89:f8:2b:
                    e8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:7B:96:27:28:48:6C:94:75:7C:8D:54:1A:C2:6E:55:10:FA:70:3B
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/SXuWJyhIbJR1fI1UGsJuVRD6cDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.160.0-46.32.162.255
                  46.32.164.0/22
                  46.32.170.0/23
                  46.32.174.0-46.32.179.255
                  46.32.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:4a:db:70:c9:8a:4a:3b:90:5b:51:ad:28:d9:7d:f9:1f:2f:
         0c:2d:e3:18:0f:96:99:47:f5:12:24:31:a4:48:d4:0e:ae:9d:
         e8:2b:29:5a:a7:1c:46:71:e8:61:2a:ef:8d:7a:44:45:63:29:
         6d:64:97:14:37:7d:fc:6e:e4:45:6a:cc:ed:72:9e:80:ce:26:
         ee:16:13:8e:f5:65:20:9e:aa:8e:56:12:90:95:9b:75:ec:5a:
         32:c7:85:b7:df:b9:c8:f9:b7:39:83:3b:34:71:95:97:32:af:
         4c:b0:58:4b:07:6a:26:09:ed:1d:9c:eb:20:34:92:19:7a:a5:
         7b:ef:a0:a3:30:fb:19:cf:98:ef:3a:c5:79:a3:5f:12:f0:c6:
         5a:79:b2:96:83:d0:5d:e5:f5:62:73:d3:ae:71:21:d7:be:4a:
         69:f7:f5:66:8d:ff:b2:bd:d6:b1:7c:52:85:b3:bc:76:fd:cf:
         28:77:6b:2c:05:ee:7e:4d:e7:c3:89:df:cf:54:42:b7:a8:5c:
         94:fb:50:3a:0a:70:f2:e6:89:f6:82:7b:76:96:cd:3b:e2:a2:
         57:ba:16:77:a1:f2:d5:6c:c5:79:80:39:aa:c6:ff:b4:9c:c9:
         80:a5:b6:79:6f:e9:7f:48:d0:7c:f9:7d:08:14:f4:b6:92:37:
         1d:13:92:a2
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIENYcdQzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
MzdlZTFlY2VkMTlmOGEwYTNhNjM1YmZhYTI2NDI5M2UzNDM3Nzk1MB4XDTIyMDQy
NjIwMTA1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDk3Yjk2MjcyODQ4
NmM5NDc1N2M4ZDU0MWFjMjZlNTUxMGZhNzAzYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALMIWuI8xLYZlo2ehD3tV/I0YzXlC34T+zd27Oa87+jEfIW8
MN/XnoT9nHOre9Do2fFZYeEeshyFLhCu3FXjC8v2VCR/pYy1QuOxYRb/y7hBRrL3
28W81Tmb4aB7HhRM1bIIeQTpY3WDzErMTc1L9OffHLSrpXXwio2QQdCxcuFovG4W
5EAgLnD1Kd/XuWOEZWTDVZ/jyYY+0tOogau5savs3vMF8J5r89t5fC8vuio40ZBX
p0N2pDagHfr5B1N4cEgy8aaM8lVY8IjSkkEvkxqCdKLu4wO8+cwu9lOKV6zr+U1a
inqsYJVWw1TcpCWXXsBdsfegcTqi3JXvifgr6JcCAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBRJe5YnKEhslHV8jVQawm5VEPpwOzAfBgNVHSMEGDAWgBTjfuHs7Rn4oKOm
Nb+qJkKT40N3lTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzQzN2g3TzBaLUtDanBqV19xaVpDay1ORGQ1VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjgvNmQ1ZDc1LTRkMWUtNDY5Ny1iMWQzLTM2ZTM0NGFiYzlkMy8x
L1NYdVdKeWhJYkpSMWZJMVVHc0p1VlJENmNEcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgv
NmQ1ZDc1LTRkMWUtNDY5Ny1iMWQzLTM2ZTM0NGFiYzlkMy8xLzQzN2g3TzBaLUtD
anBqV19xaVpDay1ORGQ1VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwNAQCAAEwLjAMAwQFLiCgAwQALiCiAwQCLiCkAwQB
LiCqMAwDBAEuIK4DBAIuILADBAIuILwwDQYJKoZIhvcNAQELBQADggEBAHZK23DJ
iko7kFtRrSjZffkfLwwt4xgPlplH9RIkMaRI1A6unegrKVqnHEZx6GEq7416REVj
KW1klxQ3ffxu5EVqzO1ynoDOJu4WE471ZSCeqo5WEpCVm3XsWjLHhbffucj5tzmD
OzRxlZcyr0ywWEsHaiYJ7R2c6yA0khl6pXvvoKMw+xnPmO86xXmjXxLwxlp5spaD
0F3l9WJz065xIde+Smn39WaN/7K91rF8UoWzvHb9zyh3aywF7n5N58OJ389UQreo
XJT7UDoKcPLmifaCe3aWzTviole6Fneh8tVsxXmAOarG/7ScyYCltnlv6X9I0Hz5
fQgU9LaSNx0TkqI=
-----END CERTIFICATE-----