Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/124dd5-cab0-46ec-be67-42040df3b6af/1/vkW0nCc3CN5i0LFUYUf5wb9T7CU.roa
File:                     vkW0nCc3CN5i0LFUYUf5wb9T7CU.roa (raw, json)
Hash identifier:          uipMRoFENgbWUpVdmla1mLg0cGH8Ao108nPmMOnVviU=
Subject key identifier:   BE:45:B4:9C:27:37:08:DE:62:D0:B1:54:61:47:F9:C1:BF:53:EC:25
Certificate issuer:       /CN=9532b4f2b47bbe1934a224081cc37f170d7248d2
Certificate serial:       01857246DEBDA8E0A6349E472CC846085019
Authority key identifier: 95:32:B4:F2:B4:7B:BE:19:34:A2:24:08:1C:C3:7F:17:0D:72:48:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lTK08rR7vhk0oiQIHMN_Fw1ySNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/124dd5-cab0-46ec-be67-42040df3b6af/1/vkW0nCc3CN5i0LFUYUf5wb9T7CU.roa
Signing time:             Mon 02 Jan 2023 11:38:45 +0000
ROA not before:           Mon 02 Jan 2023 11:38:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12355
IP address blocks:        212.37.32.0/19 maxlen: 32
                          185.166.176.0/22 maxlen: 32
                          188.136.0.0/17 maxlen: 32
                          83.216.224.0/19 maxlen: 32
                          88.208.128.0/18 maxlen: 32
                          2001:14f7::/32 maxlen: 128
                          2001:14f0::/29 maxlen: 128
                          2001:14f6::/32 maxlen: 128
                          2001:14f0::/32 maxlen: 128
                          2001:14f3::/32 maxlen: 128
                          2001:14f2::/32 maxlen: 128
                          2001:14f1::/32 maxlen: 128
                          2001:14f5::/32 maxlen: 128
                          2001:14f4::/32 maxlen: 128
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:46:de:bd:a8:e0:a6:34:9e:47:2c:c8:46:08:50:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9532b4f2b47bbe1934a224081cc37f170d7248d2
        Validity
            Not Before: Jan  2 11:38:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=be45b49c273708de62d0b1546147f9c1bf53ec25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e3:5a:34:ac:42:b6:9c:b1:f1:ae:24:38:78:
                    4c:1f:27:39:f5:18:77:9a:eb:c6:88:c9:58:7b:79:
                    c0:24:7f:a8:05:21:d5:72:7f:43:0a:11:fc:f6:0a:
                    4a:22:c2:0b:d1:00:b3:16:f7:cb:5b:05:94:3c:29:
                    ce:8e:ad:10:31:ae:f8:4b:c2:da:b9:80:9e:d9:8b:
                    d2:43:0f:3f:44:35:fd:2f:c1:85:34:98:86:e0:7f:
                    9f:84:9a:e3:d1:20:01:a9:40:ae:da:66:18:39:42:
                    e1:da:5a:ba:28:62:00:bc:53:cc:62:c6:1a:95:fe:
                    54:7b:09:2b:2f:de:db:34:1c:67:20:eb:0a:f1:e6:
                    7d:f6:c8:74:4a:7c:20:78:01:3a:ac:fb:2a:21:02:
                    8c:95:76:fb:9d:d2:38:c2:cf:a1:87:b7:29:d7:56:
                    40:7d:b5:d2:b0:15:45:19:89:e1:2c:fe:1c:1d:5a:
                    10:af:b7:71:77:9c:1d:ce:aa:b2:73:1e:97:13:55:
                    13:ac:cf:0b:63:1d:38:35:e2:87:a4:84:d9:e6:ea:
                    0b:f1:9f:9d:d0:41:48:9b:16:c2:6c:f6:c1:20:a5:
                    57:b4:9d:c0:ff:c2:a0:f3:bd:05:b4:76:8a:3b:3b:
                    95:75:b9:45:84:01:6a:0b:01:c9:ca:75:23:e4:24:
                    7e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:45:B4:9C:27:37:08:DE:62:D0:B1:54:61:47:F9:C1:BF:53:EC:25
            X509v3 Authority Key Identifier:
                keyid:95:32:B4:F2:B4:7B:BE:19:34:A2:24:08:1C:C3:7F:17:0D:72:48:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lTK08rR7vhk0oiQIHMN_Fw1ySNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/124dd5-cab0-46ec-be67-42040df3b6af/1/vkW0nCc3CN5i0LFUYUf5wb9T7CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/124dd5-cab0-46ec-be67-42040df3b6af/1/lTK08rR7vhk0oiQIHMN_Fw1ySNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.216.224.0/19
                  88.208.128.0/18
                  185.166.176.0/22
                  188.136.0.0/17
                  212.37.32.0/19
                IPv6:
                  2001:14f0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:3d:e3:e3:cd:9e:98:d0:24:6a:73:2c:e8:fa:82:32:0a:ef:
         98:15:6d:4a:c0:df:7b:51:c1:69:d9:58:9c:45:87:84:95:c5:
         93:f1:fe:77:64:8e:62:82:b5:6a:d1:7a:69:d9:b0:73:1f:01:
         96:a8:48:42:8f:31:ec:82:24:47:20:29:3a:52:62:1d:f4:15:
         e6:2d:8e:b1:29:8b:71:d8:cb:68:ca:a9:c4:bc:43:87:be:6c:
         2c:1f:d0:1d:07:1a:17:a5:77:4b:62:74:7e:2e:fa:47:1a:38:
         92:4d:05:3e:eb:47:b9:14:66:1c:33:ed:82:61:94:4e:b1:d6:
         4c:7f:eb:bf:4f:c1:00:08:4f:80:a1:f9:88:ce:b2:db:30:b0:
         d7:89:b8:f3:b9:69:e4:1a:1d:2b:67:f2:c6:d0:7d:88:5c:87:
         20:75:17:66:67:ab:0c:7d:98:ab:4b:34:e5:56:2b:50:df:64:
         8f:f5:fc:41:e2:46:d9:95:c1:c9:73:54:9d:a3:6f:21:0f:1c:
         e9:d9:30:1c:e2:bc:b5:73:9c:b9:b0:1f:95:4d:77:ba:23:ec:
         fb:09:37:ee:9e:33:d1:ee:71:c3:1d:da:c0:72:ea:12:60:66:
         d7:2d:0c:0c:9f:c2:6c:db:db:d0:80:c0:f3:0b:f9:54:37:ec:
         9b:8c:04:71
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVyRt69qOCmNJ5HLMhGCFAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MzJiNGYyYjQ3YmJlMTkzNGEyMjQwODFjYzM3ZjE3MGQ3
MjQ4ZDIwHhcNMjMwMTAyMTEzODQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQ1YjQ5YzI3MzcwOGRlNjJkMGIxNTQ2MTQ3ZjljMWJmNTNlYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjONaNKxCtpyx8a4kOHhMHyc59Rh3
muvGiMlYe3nAJH+oBSHVcn9DChH89gpKIsIL0QCzFvfLWwWUPCnOjq0QMa74S8La
uYCe2YvSQw8/RDX9L8GFNJiG4H+fhJrj0SABqUCu2mYYOULh2lq6KGIAvFPMYsYa
lf5UewkrL97bNBxnIOsK8eZ99sh0SnwgeAE6rPsqIQKMlXb7ndI4ws+hh7cp11ZA
fbXSsBVFGYnhLP4cHVoQr7dxd5wdzqqycx6XE1UTrM8LYx04NeKHpITZ5uoL8Z+d
0EFImxbCbPbBIKVXtJ3A/8Kg870FtHaKOzuVdblFhAFqCwHJynUj5CR+5QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFL5FtJwnNwjeYtCxVGFH+cG/U+wlMB8GA1UdIwQY
MBaAFJUytPK0e74ZNKIkCBzDfxcNckjSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFRLMDhyUjd2aGswb2lRSUhNTl9GdzF5U05JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xMjRkZDUtY2FiMC00NmVjLWJlNjct
NDIwNDBkZjNiNmFmLzEvdmtXMG5DYzNDTjVpMExGVVlVZjV3YjlUN0NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xMjRkZDUtY2FiMC00NmVjLWJlNjctNDIwNDBkZjNiNmFm
LzEvbFRLMDhyUjd2aGswb2lRSUhNTl9GdzF5U05JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFU9jgAwQG
WNCAAwQCuaawAwQHvIgAAwQF1CUgMA0EAgACMAcDBQMgARTwMA0GCSqGSIb3DQEB
CwUAA4IBAQBkPePjzZ6Y0CRqcyzo+oIyCu+YFW1KwN97UcFp2VicRYeElcWT8f53
ZI5igrVq0Xpp2bBzHwGWqEhCjzHsgiRHICk6UmId9BXmLY6xKYtx2MtoyqnEvEOH
vmwsH9AdBxoXpXdLYnR+LvpHGjiSTQU+60e5FGYcM+2CYZROsdZMf+u/T8EACE+A
ofmIzrLbMLDXibjzuWnkGh0rZ/LG0H2IXIcgdRdmZ6sMfZirSzTlVitQ32SP9fxB
4kbZlcHJc1Sdo28hDxzp2TAc4ry1c5y5sB+VTXe6I+z7CTfunjPR7nHDHdrAcuoS
YGbXLQwMn8Js29vQgMDzC/lUN+ybjARx
-----END CERTIFICATE-----