Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/oLxXNoonOfEQvbC10gi_mjJfSK8.roa
File:                     oLxXNoonOfEQvbC10gi_mjJfSK8.roa (raw, json)
Hash identifier:          ncBB4fF4aWW19cC6e7pClDEskOEu0tUvgaQA4ar/9Lw=
Subject key identifier:   A0:BC:57:36:8A:27:39:F1:10:BD:B0:B5:D2:08:BF:9A:32:5F:48:AF
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       018558D3F0DCFED041F47793E4FF8601B72B
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/oLxXNoonOfEQvbC10gi_mjJfSK8.roa
Signing time:             Wed 28 Dec 2022 13:02:42 +0000
ROA not before:           Wed 28 Dec 2022 13:02:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203622
IP address blocks:        46.32.166.0/24 maxlen: 24
                          46.32.165.0/24 maxlen: 24
                          46.32.164.0/24 maxlen: 24
                          46.32.160.0/24 maxlen: 24
                          46.32.162.0/24 maxlen: 24
                          46.32.161.0/24 maxlen: 24
                          46.32.167.0/24 maxlen: 24
                          46.32.170.0/24 maxlen: 24
                          46.32.171.0/24 maxlen: 24
                          46.32.177.0/24 maxlen: 24
                          46.32.179.0/24 maxlen: 24
                          46.32.178.0/24 maxlen: 24
                          46.32.191.0/24 maxlen: 24
                          46.32.188.0/24 maxlen: 24
                          46.32.190.0/24 maxlen: 24
                          46.32.189.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:58:d3:f0:dc:fe:d0:41:f4:77:93:e4:ff:86:01:b7:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Dec 28 13:02:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a0bc57368a2739f110bdb0b5d208bf9a325f48af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f7:a6:73:aa:c6:f2:41:a0:d1:85:24:9f:f2:
                    50:80:4e:87:a3:d5:5d:36:fd:9b:9a:62:d6:33:50:
                    4f:dc:05:7d:41:a1:d1:e2:7f:37:1d:93:2e:3e:af:
                    9c:f8:ce:ae:da:c9:2f:14:10:0a:3c:f6:18:dd:c2:
                    a5:31:4b:44:26:59:67:f1:71:4a:f9:f9:fb:ae:ce:
                    c3:6b:0b:ec:67:2a:d6:36:60:c1:db:93:b7:c7:52:
                    9b:7a:0e:3d:f6:5b:c3:cc:7d:c3:cd:05:19:a3:0d:
                    1a:d9:61:78:72:ec:2e:df:ee:c6:9c:cd:78:5d:fe:
                    54:93:37:56:62:e4:e3:5f:3c:5e:db:5a:ca:22:22:
                    8a:b2:45:f4:1a:19:2d:c6:64:22:aa:8b:f0:ba:d8:
                    c8:cc:57:5a:11:77:6a:e6:a0:03:d2:fa:35:b2:09:
                    aa:7d:80:0b:c4:02:da:5f:ba:fc:39:c3:9f:78:d7:
                    63:38:2c:6a:3f:cc:86:b3:cb:ff:10:c6:53:3e:cc:
                    c5:74:d3:f3:f5:c6:73:56:5a:60:2f:78:89:32:92:
                    45:7f:cd:03:e6:23:2d:69:2d:fe:e7:5b:60:5f:a3:
                    2f:bc:35:64:e5:70:bc:f0:ba:fe:26:83:de:ba:ba:
                    d2:34:a2:92:d4:90:d6:a5:cb:4f:61:c6:ec:6f:fb:
                    0e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:BC:57:36:8A:27:39:F1:10:BD:B0:B5:D2:08:BF:9A:32:5F:48:AF
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/oLxXNoonOfEQvbC10gi_mjJfSK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.160.0-46.32.162.255
                  46.32.164.0/22
                  46.32.170.0/23
                  46.32.177.0-46.32.179.255
                  46.32.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:25:9a:9e:ba:f0:e5:52:fc:b2:9f:76:c8:4b:de:09:5c:31:
         ec:ac:82:22:35:d1:3a:df:df:f0:a1:9c:ad:10:ed:38:0b:31:
         be:a6:50:eb:a2:fa:6d:ba:ec:86:27:02:83:67:84:66:82:a6:
         07:bb:a5:41:cf:32:93:ea:da:da:b7:e3:8c:c0:f1:e2:8b:59:
         8e:5e:f6:36:18:5a:11:5b:23:03:6d:66:dc:ef:04:50:0f:bf:
         c1:a3:80:dd:81:45:73:56:26:33:e6:f4:b6:44:64:55:d8:fc:
         06:85:3d:bf:4c:78:c9:ce:d9:24:15:80:93:c3:f6:fa:92:9b:
         2f:28:01:bc:be:c4:b9:71:1e:75:05:36:f3:68:1c:e2:81:1f:
         2e:9e:b7:e6:29:0f:56:eb:b9:97:be:99:64:6c:17:01:5b:bc:
         aa:52:a8:ea:b3:12:ae:04:14:83:cf:8e:1b:9f:34:10:6d:67:
         b9:7a:6d:fb:a0:7c:18:29:23:cd:e9:b7:20:81:49:43:0b:89:
         0e:17:8b:59:c1:91:a9:7a:e5:a4:18:3f:04:d9:06:d6:e4:91:
         b9:c7:9d:6e:06:ca:3d:89:d7:8e:c9:6a:e9:ae:5a:61:2e:c9:
         7e:7e:18:ff:8c:f7:22:2c:9c:6e:3b:c9:60:66:c9:00:4a:86:
         fa:94:8c:94
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVY0/Dc/tBB9HeT5P+GAbcrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjIxMjI4MTMwMjQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGJjNTczNjhhMjczOWYxMTBiZGIwYjVkMjA4YmY5YTMyNWY0OGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/emc6rG8kGg0YUkn/JQgE6Ho9Vd
Nv2bmmLWM1BP3AV9QaHR4n83HZMuPq+c+M6u2skvFBAKPPYY3cKlMUtEJlln8XFK
+fn7rs7DawvsZyrWNmDB25O3x1Kbeg499lvDzH3DzQUZow0a2WF4cuwu3+7GnM14
Xf5UkzdWYuTjXzxe21rKIiKKskX0GhktxmQiqovwutjIzFdaEXdq5qAD0vo1sgmq
fYALxALaX7r8OcOfeNdjOCxqP8yGs8v/EMZTPszFdNPz9cZzVlpgL3iJMpJFf80D
5iMtaS3+51tgX6MvvDVk5XC88Lr+JoPeurrSNKKS1JDWpctPYcbsb/sOGQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFKC8VzaKJznxEL2wtdIIv5oyX0ivMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvb0x4WE5vb25PZkVRdmJDMTBnaV9takpmU0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAUuIKAD
BAAuIKIDBAIuIKQDBAEuIKowDAMEAC4gsQMEAi4gsAMEAi4gvDANBgkqhkiG9w0B
AQsFAAOCAQEACyWanrrw5VL8sp92yEveCVwx7KyCIjXROt/f8KGcrRDtOAsxvqZQ
66L6bbrshicCg2eEZoKmB7ulQc8yk+ra2rfjjMDx4otZjl72NhhaEVsjA21m3O8E
UA+/waOA3YFFc1YmM+b0tkRkVdj8BoU9v0x4yc7ZJBWAk8P2+pKbLygBvL7EuXEe
dQU282gc4oEfLp635ikPVuu5l76ZZGwXAVu8qlKo6rMSrgQUg8+OG580EG1nuXpt
+6B8GCkjzem3IIFJQwuJDheLWcGRqXrlpBg/BNkG1uSRucedbgbKPYnXjslq6a5a
YS7Jfn4Y/4z3IiycbjvJYGbJAEqG+pSMlA==
-----END CERTIFICATE-----