Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/124dd5-cab0-46ec-be67-42040df3b6af/1/sFAsECHkgMdT83KNP4L8EYNZoYU.roa
File:                     sFAsECHkgMdT83KNP4L8EYNZoYU.roa (raw, json)
Hash identifier:          G6sf8K+x4RaMGgjhOdr0HUIAcfb+QtXRSmG0DuMnCgU=
Subject key identifier:   B0:50:2C:10:21:E4:80:C7:53:F3:72:8D:3F:82:FC:11:83:59:A1:85
Certificate issuer:       /CN=9532b4f2b47bbe1934a224081cc37f170d7248d2
Certificate serial:       018AF960788CA14C362D9B9BC62ED39A41D4
Authority key identifier: 95:32:B4:F2:B4:7B:BE:19:34:A2:24:08:1C:C3:7F:17:0D:72:48:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lTK08rR7vhk0oiQIHMN_Fw1ySNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/124dd5-cab0-46ec-be67-42040df3b6af/1/sFAsECHkgMdT83KNP4L8EYNZoYU.roa
Signing time:             Wed 04 Oct 2023 06:29:23 +0000
ROA not before:           Wed 04 Oct 2023 06:29:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12355
IP address blocks:        212.37.32.0/19 maxlen: 32
                          185.166.176.0/22 maxlen: 32
                          188.136.0.0/17 maxlen: 32
                          83.216.224.0/19 maxlen: 32
                          88.208.128.0/18 maxlen: 32
                          2001:14f7::/32 maxlen: 128
                          2001:14f0::/29 maxlen: 128
                          2001:14f6::/32 maxlen: 128
                          2001:14f0::/32 maxlen: 128
                          2001:14f3::/32 maxlen: 128
                          2001:14f7::/44 maxlen: 128
                          2001:14f2::/32 maxlen: 128
                          2001:14f1::/32 maxlen: 128
                          2001:14f5::/32 maxlen: 128
                          2001:14f4::/32 maxlen: 128
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f9:60:78:8c:a1:4c:36:2d:9b:9b:c6:2e:d3:9a:41:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9532b4f2b47bbe1934a224081cc37f170d7248d2
        Validity
            Not Before: Oct  4 06:29:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b0502c1021e480c753f3728d3f82fc118359a185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:df:9d:9a:5e:f6:3f:57:ea:b4:6a:06:3b:de:
                    4f:5a:88:cc:8b:c9:bd:12:27:24:d0:db:65:0e:0d:
                    bb:0e:b9:d8:83:9b:f7:23:93:5e:73:e5:64:50:fb:
                    9b:db:20:ed:38:db:8e:c8:74:f1:fe:f5:af:28:ac:
                    f4:db:6a:a7:fc:9d:53:28:10:dc:56:3f:b4:7a:f4:
                    47:49:ae:6d:e6:1e:2f:8e:0f:25:06:3f:69:13:e9:
                    82:e4:d6:b2:eb:d3:42:ac:07:bb:3b:89:66:99:33:
                    2e:fe:16:6d:84:66:17:66:11:3a:37:03:75:60:ca:
                    0d:ca:e9:c7:c3:29:f3:3b:a0:64:43:5b:56:c5:61:
                    10:9c:52:1f:49:15:ab:c3:0b:51:59:e1:57:ce:0a:
                    13:33:f6:87:3e:07:5c:59:47:26:87:d8:8d:aa:6b:
                    e4:1a:bf:f3:b4:a1:64:ce:3f:d9:28:d8:b5:a8:fd:
                    21:ca:9a:dd:ca:d8:fc:62:03:1b:3b:6a:44:e3:37:
                    bc:9d:47:7e:51:35:5e:96:0e:fd:9f:16:41:02:5c:
                    06:21:6b:55:21:62:d9:eb:82:87:1e:92:49:38:1b:
                    05:3c:79:b9:22:a6:ef:59:c4:ce:2d:ea:bf:e1:a0:
                    08:0d:a7:d5:45:98:26:4d:79:4a:40:02:b5:a4:1f:
                    fd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:50:2C:10:21:E4:80:C7:53:F3:72:8D:3F:82:FC:11:83:59:A1:85
            X509v3 Authority Key Identifier:
                keyid:95:32:B4:F2:B4:7B:BE:19:34:A2:24:08:1C:C3:7F:17:0D:72:48:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lTK08rR7vhk0oiQIHMN_Fw1ySNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/124dd5-cab0-46ec-be67-42040df3b6af/1/sFAsECHkgMdT83KNP4L8EYNZoYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/124dd5-cab0-46ec-be67-42040df3b6af/1/lTK08rR7vhk0oiQIHMN_Fw1ySNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.216.224.0/19
                  88.208.128.0/18
                  185.166.176.0/22
                  188.136.0.0/17
                  212.37.32.0/19
                IPv6:
                  2001:14f0::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:d9:c6:51:d5:a3:73:71:e1:27:f7:45:ca:6d:a0:d1:5f:5a:
         22:2a:5a:dc:a6:fd:53:3f:35:64:e0:a0:be:de:67:db:20:5f:
         60:91:6e:67:06:59:ce:d2:22:b9:ce:c9:4d:6c:97:27:c1:82:
         1b:61:12:23:b3:b0:df:6c:bf:2d:0e:c7:9b:ca:23:a3:12:b9:
         10:c4:3a:66:66:a8:41:68:05:18:59:3d:7e:bd:27:5e:62:3a:
         13:5b:d2:79:1b:34:d4:3f:48:ed:1e:28:8d:57:ea:99:12:0c:
         7b:d8:9d:58:0d:c2:52:aa:6d:c4:cf:9d:bb:43:83:f7:04:4a:
         80:63:d2:91:09:f5:8d:4c:2e:d4:49:98:82:47:92:76:9b:c0:
         c1:7c:89:53:3e:01:d3:56:27:12:09:d7:06:95:db:23:ab:7e:
         60:74:fe:21:a6:b7:fe:77:9e:24:02:44:07:3c:e2:7b:94:90:
         e3:54:9d:4e:56:c1:ff:d4:1c:82:11:84:34:32:68:98:2e:0b:
         55:f5:1f:fc:e9:11:08:9c:8c:67:2d:b8:29:39:b8:de:86:f3:
         31:a3:88:ec:bf:41:e9:6a:ca:b0:1d:7f:e2:b4:6f:c7:4d:75:
         05:87:65:58:05:53:ba:54:4f:a4:6d:4c:8c:6d:2a:46:74:7f:
         54:e2:ff:29
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYr5YHiMoUw2LZubxi7TmkHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MzJiNGYyYjQ3YmJlMTkzNGEyMjQwODFjYzM3ZjE3MGQ3
MjQ4ZDIwHhcNMjMxMDA0MDYyOTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDUwMmMxMDIxZTQ4MGM3NTNmMzcyOGQzZjgyZmMxMTgzNTlhMTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09+dml72P1fqtGoGO95PWojMi8m9
Eick0NtlDg27DrnYg5v3I5Nec+VkUPub2yDtONuOyHTx/vWvKKz022qn/J1TKBDc
Vj+0evRHSa5t5h4vjg8lBj9pE+mC5Nay69NCrAe7O4lmmTMu/hZthGYXZhE6NwN1
YMoNyunHwynzO6BkQ1tWxWEQnFIfSRWrwwtRWeFXzgoTM/aHPgdcWUcmh9iNqmvk
Gr/ztKFkzj/ZKNi1qP0hyprdytj8YgMbO2pE4ze8nUd+UTVelg79nxZBAlwGIWtV
IWLZ64KHHpJJOBsFPHm5IqbvWcTOLeq/4aAIDafVRZgmTXlKQAK1pB/94wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFLBQLBAh5IDHU/NyjT+C/BGDWaGFMB8GA1UdIwQY
MBaAFJUytPK0e74ZNKIkCBzDfxcNckjSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFRLMDhyUjd2aGswb2lRSUhNTl9GdzF5U05JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xMjRkZDUtY2FiMC00NmVjLWJlNjct
NDIwNDBkZjNiNmFmLzEvc0ZBc0VDSGtnTWRUODNLTlA0TDhFWU5ab1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xMjRkZDUtY2FiMC00NmVjLWJlNjctNDIwNDBkZjNiNmFm
LzEvbFRLMDhyUjd2aGswb2lRSUhNTl9GdzF5U05JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFU9jgAwQG
WNCAAwQCuaawAwQHvIgAAwQF1CUgMA0EAgACMAcDBQMgARTwMA0GCSqGSIb3DQEB
CwUAA4IBAQBn2cZR1aNzceEn90XKbaDRX1oiKlrcpv1TPzVk4KC+3mfbIF9gkW5n
BlnO0iK5zslNbJcnwYIbYRIjs7DfbL8tDsebyiOjErkQxDpmZqhBaAUYWT1+vSde
YjoTW9J5GzTUP0jtHiiNV+qZEgx72J1YDcJSqm3Ez527Q4P3BEqAY9KRCfWNTC7U
SZiCR5J2m8DBfIlTPgHTVicSCdcGldsjq35gdP4hprf+d54kAkQHPOJ7lJDjVJ1O
VsH/1ByCEYQ0MmiYLgtV9R/86REInIxnLbgpObjehvMxo4jsv0HpasqwHX/itG/H
TXUFh2VYBVO6VE+kbUyMbSpGdH9U4v8p
-----END CERTIFICATE-----