Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/256fab-de97-4679-a465-b96d6714a174/1/USca-y-wF4mlAsxW5ZCv-yoWDsk.roa
File:                     USca-y-wF4mlAsxW5ZCv-yoWDsk.roa (raw, json)
Hash identifier:          FowyKTzHLGgjVIt/xatHkLK/wwl595ecV/jdKixu3Qs=
Subject key identifier:   51:27:1A:FB:2F:B0:17:89:A5:02:CC:56:E5:90:AF:FB:2A:16:0E:C9
Certificate issuer:       /CN=c1e2464dd6d042309515f7e5b64ea65c089b4616
Certificate serial:       018991388310B6229D0FF0CA2F69A8874729
Authority key identifier: C1:E2:46:4D:D6:D0:42:30:95:15:F7:E5:B6:4E:A6:5C:08:9B:46:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/weJGTdbQQjCVFffltk6mXAibRhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/256fab-de97-4679-a465-b96d6714a174/1/USca-y-wF4mlAsxW5ZCv-yoWDsk.roa
Signing time:             Wed 26 Jul 2023 08:02:27 +0000
ROA not before:           Wed 26 Jul 2023 08:02:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198736
IP address blocks:        131.117.184.0/21 maxlen: 21
                          77.232.168.0/21 maxlen: 21
                          149.255.120.0/21 maxlen: 21
                          77.111.238.0/23 maxlen: 23
                          77.111.237.0/24 maxlen: 24
                          77.111.236.0/24 maxlen: 24
                          185.7.244.0/22 maxlen: 22
                          82.163.232.0/22 maxlen: 22
                          82.163.128.0/22 maxlen: 22
                          95.141.160.0/20 maxlen: 20
                          2a00:c5c0:a000::/36 maxlen: 36
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:91:38:83:10:b6:22:9d:0f:f0:ca:2f:69:a8:87:47:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1e2464dd6d042309515f7e5b64ea65c089b4616
        Validity
            Not Before: Jul 26 08:02:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=51271afb2fb01789a502cc56e590affb2a160ec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f6:95:82:9d:3f:c3:f3:6b:3c:9b:8c:32:80:
                    92:f5:d4:f6:f9:3f:ec:11:f2:68:1a:e5:36:1f:4e:
                    84:1f:54:d0:97:eb:6d:b5:d0:76:81:11:45:d1:0d:
                    5d:51:09:e2:ab:50:fd:2e:de:ea:85:6f:33:2a:c3:
                    17:4d:f6:d9:1f:5d:85:5f:21:80:a9:93:24:eb:ad:
                    32:0e:3c:77:2a:c3:72:f7:57:c6:fd:e8:f4:17:f4:
                    e6:3a:f0:63:ff:bd:c2:5b:2b:d5:fd:73:84:58:f1:
                    fd:47:68:6d:f6:3a:f7:03:46:e1:95:af:bc:37:b9:
                    5b:12:c4:bd:56:0b:6e:a3:c8:f2:1a:50:3d:55:fa:
                    bc:9f:cc:b0:5f:13:67:48:52:ea:b6:cf:52:ad:52:
                    19:fb:3c:b3:71:5b:29:58:a1:8d:e3:85:56:88:7d:
                    13:e6:03:6b:a6:6f:58:c9:82:92:ad:f4:cb:2f:0d:
                    70:10:81:97:bb:4d:5c:7c:88:9d:07:48:11:60:fa:
                    98:39:cc:61:4f:9c:00:20:43:ea:14:19:6e:6d:f1:
                    94:32:d1:3a:91:ff:a1:1a:c4:8c:63:ed:e8:36:aa:
                    e8:73:55:2b:f6:b4:d6:1f:4c:54:ea:5a:5b:11:94:
                    df:5d:b8:52:a1:71:73:f6:49:0f:f9:5e:32:e9:55:
                    c6:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:27:1A:FB:2F:B0:17:89:A5:02:CC:56:E5:90:AF:FB:2A:16:0E:C9
            X509v3 Authority Key Identifier:
                keyid:C1:E2:46:4D:D6:D0:42:30:95:15:F7:E5:B6:4E:A6:5C:08:9B:46:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/weJGTdbQQjCVFffltk6mXAibRhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/256fab-de97-4679-a465-b96d6714a174/1/USca-y-wF4mlAsxW5ZCv-yoWDsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/256fab-de97-4679-a465-b96d6714a174/1/weJGTdbQQjCVFffltk6mXAibRhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.236.0/22
                  77.232.168.0/21
                  82.163.128.0/22
                  82.163.232.0/22
                  95.141.160.0/20
                  131.117.184.0/21
                  149.255.120.0/21
                  185.7.244.0/22
                IPv6:
                  2a00:c5c0:a000::/36

    Signature Algorithm: sha256WithRSAEncryption
         4e:4d:b8:0e:d1:61:12:9a:f8:17:50:71:e0:3b:79:b3:f6:4d:
         c6:aa:59:12:80:b0:fa:88:63:9c:c3:e7:a8:5a:49:05:a8:c2:
         96:7c:05:d8:e3:fe:77:63:0d:1b:c6:2b:81:57:8d:59:d3:35:
         1c:75:c4:ec:f5:54:7d:46:87:b8:91:7a:1f:40:12:19:15:d4:
         07:3e:a2:e8:de:f0:fe:00:2e:17:e7:bf:15:95:e7:ae:ea:de:
         8c:c2:1b:d6:6e:f1:d8:fe:60:d9:55:62:f0:b3:2b:f9:ce:be:
         0a:83:1a:0f:2e:07:0d:55:1a:d5:be:b1:ac:8d:63:2a:63:19:
         b7:23:ba:6d:66:e3:2d:56:9d:00:eb:68:83:ff:ec:fa:e5:53:
         5a:65:92:80:ae:bb:fa:d2:d0:e3:69:44:09:44:09:c1:6c:96:
         0a:e4:e8:25:b6:ec:fc:69:30:33:6f:74:6e:b2:a8:5b:db:05:
         49:ce:1a:45:c9:b9:f0:5f:95:03:06:24:d6:72:8c:9e:26:7c:
         16:5b:48:5f:8d:28:4b:83:6b:33:59:d4:a4:49:0f:c4:f0:f8:
         83:ad:78:cb:f6:05:7f:dc:2d:f2:ca:e8:40:52:0c:b7:b4:56:
         68:f4:4d:cc:34:92:c9:1d:a4:e3:ca:f0:2c:b0:2b:a8:6e:f4:
         aa:cd:db:d1
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYmROIMQtiKdD/DKL2moh0cpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZTI0NjRkZDZkMDQyMzA5NTE1ZjdlNWI2NGVhNjVjMDg5
YjQ2MTYwHhcNMjMwNzI2MDgwMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTI3MWFmYjJmYjAxNzg5YTUwMmNjNTZlNTkwYWZmYjJhMTYwZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvaVgp0/w/NrPJuMMoCS9dT2+T/s
EfJoGuU2H06EH1TQl+tttdB2gRFF0Q1dUQniq1D9Lt7qhW8zKsMXTfbZH12FXyGA
qZMk660yDjx3KsNy91fG/ej0F/TmOvBj/73CWyvV/XOEWPH9R2ht9jr3A0bhla+8
N7lbEsS9Vgtuo8jyGlA9Vfq8n8ywXxNnSFLqts9SrVIZ+zyzcVspWKGN44VWiH0T
5gNrpm9YyYKSrfTLLw1wEIGXu01cfIidB0gRYPqYOcxhT5wAIEPqFBlubfGUMtE6
kf+hGsSMY+3oNqroc1Ur9rTWH0xU6lpbEZTfXbhSoXFz9kkP+V4y6VXGpQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFFEnGvsvsBeJpQLMVuWQr/sqFg7JMB8GA1UdIwQY
MBaAFMHiRk3W0EIwlRX35bZOplwIm0YWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VKR1RkYlFRakNWRmZmbHRrNm1YQWliUmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yNTZmYWItZGU5Ny00Njc5LWE0NjUt
Yjk2ZDY3MTRhMTc0LzEvVVNjYS15LXdGNG1sQXN4VzVaQ3YteW9XRHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yNTZmYWItZGU5Ny00Njc5LWE0NjUtYjk2ZDY3MTRhMTc0
LzEvd2VKR1RkYlFRakNWRmZmbHRrNm1YQWliUmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA2BAIAATAwAwQCTW/sAwQD
TeioAwQCUqOAAwQCUqPoAwQEX42gAwQDg3W4AwQDlf94AwQCuQf0MA4EAgACMAgD
BgQqAMXAoDANBgkqhkiG9w0BAQsFAAOCAQEATk24DtFhEpr4F1Bx4Dt5s/ZNxqpZ
EoCw+ohjnMPnqFpJBajClnwF2OP+d2MNG8YrgVeNWdM1HHXE7PVUfUaHuJF6H0AS
GRXUBz6i6N7w/gAuF+e/FZXnrurejMIb1m7x2P5g2VVi8LMr+c6+CoMaDy4HDVUa
1b6xrI1jKmMZtyO6bWbjLVadAOtog//s+uVTWmWSgK67+tLQ42lECUQJwWyWCuTo
Jbbs/GkwM290brKoW9sFSc4aRcm58F+VAwYk1nKMniZ8FltIX40oS4NrM1nUpEkP
xPD4g614y/YFf9wt8sroQFIMt7RWaPRNzDSSyR2k48rwLLArqG70qs3b0Q==
-----END CERTIFICATE-----