Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/ef6277-70b5-4348-a582-904a08031a9f/1/ttii8baWdy-AOFzVgP7Dv8yXIyY.roa
File:                     ttii8baWdy-AOFzVgP7Dv8yXIyY.roa (raw, json)
Hash identifier:          IF1AEWw1m8x6WJxmi0UYQYKs2JhgDd7dyRSA9EOWXpI=
Subject key identifier:   B6:D8:A2:F1:B6:96:77:2F:80:38:5C:D5:80:FE:C3:BF:CC:97:23:26
Certificate issuer:       /CN=87db71f6919b0ef98eefc9964928a87510236a03
Certificate serial:       0186C0AB3BB26DFB97F67DF7A6CB7E274284
Authority key identifier: 87:DB:71:F6:91:9B:0E:F9:8E:EF:C9:96:49:28:A8:75:10:23:6A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h9tx9pGbDvmO78mWSSiodRAjagM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/ef6277-70b5-4348-a582-904a08031a9f/1/ttii8baWdy-AOFzVgP7Dv8yXIyY.roa
Signing time:             Wed 08 Mar 2023 10:01:32 +0000
ROA not before:           Wed 08 Mar 2023 10:01:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     24951
IP address blocks:        185.154.36.0/22 maxlen: 22
                          185.154.38.0/24 maxlen: 24
                          195.144.7.0/24 maxlen: 24
                          212.71.96.0/20 maxlen: 20
                          217.71.93.0/24 maxlen: 24
                          212.71.112.0/22 maxlen: 22
                          212.71.107.0/24 maxlen: 24
                          212.71.116.0/24 maxlen: 24
                          212.71.118.0/24 maxlen: 24
                          212.71.117.0/24 maxlen: 24
                          212.71.119.0/24 maxlen: 24
                          212.71.120.0/21 maxlen: 21
                          217.20.192.0/20 maxlen: 20
                          217.71.80.0/20 maxlen: 20
                          217.71.89.0/24 maxlen: 24
                          2a00:fb00::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c0:ab:3b:b2:6d:fb:97:f6:7d:f7:a6:cb:7e:27:42:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87db71f6919b0ef98eefc9964928a87510236a03
        Validity
            Not Before: Mar  8 10:01:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b6d8a2f1b696772f80385cd580fec3bfcc972326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:22:3b:4e:58:61:d3:80:11:d1:4f:2e:e0:97:
                    15:fa:a7:33:91:62:8d:ea:17:35:ff:23:f3:87:ce:
                    2c:ac:96:11:3c:e1:48:09:bc:4a:3d:e5:d1:68:d2:
                    01:11:8e:19:cb:60:6c:c4:94:ed:ea:42:81:68:38:
                    4e:25:4b:e7:ef:e7:36:ff:8c:74:3e:22:ab:62:e7:
                    ce:e2:48:17:f3:2b:52:39:93:bd:8e:83:be:29:69:
                    b4:cc:33:cf:38:d2:f5:25:e4:0d:82:4f:e3:62:c6:
                    a0:6a:a5:4a:4a:6b:20:8a:02:df:6e:59:e1:3a:73:
                    e0:0c:21:8e:51:f3:a0:4b:5b:ad:48:30:22:b9:fb:
                    ee:74:1e:82:f6:80:05:90:bd:1d:df:bf:a7:91:d8:
                    9b:3c:b7:71:4f:00:d6:ad:5e:ae:b6:3c:a8:d9:68:
                    f4:de:06:c0:11:80:4c:81:58:31:1c:52:46:b7:a5:
                    2a:10:4c:80:6c:58:be:27:91:e2:a1:d3:b4:04:4a:
                    74:dc:be:02:bf:7c:92:79:b4:5d:64:c5:d2:36:2d:
                    29:62:3e:6c:73:f2:f8:7e:57:02:18:ae:6b:c7:9a:
                    9e:14:b2:80:6b:c5:dc:02:10:19:1b:8f:f8:de:12:
                    64:bc:30:7b:54:6c:ec:85:bc:46:30:3a:e6:d8:e4:
                    30:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:D8:A2:F1:B6:96:77:2F:80:38:5C:D5:80:FE:C3:BF:CC:97:23:26
            X509v3 Authority Key Identifier:
                keyid:87:DB:71:F6:91:9B:0E:F9:8E:EF:C9:96:49:28:A8:75:10:23:6A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9tx9pGbDvmO78mWSSiodRAjagM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ef6277-70b5-4348-a582-904a08031a9f/1/ttii8baWdy-AOFzVgP7Dv8yXIyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ef6277-70b5-4348-a582-904a08031a9f/1/h9tx9pGbDvmO78mWSSiodRAjagM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.36.0/22
                  195.144.7.0/24
                  212.71.96.0/19
                  217.20.192.0/20
                  217.71.80.0/20
                IPv6:
                  2a00:fb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:ab:23:67:63:39:19:a6:3f:a0:14:fe:71:02:75:27:9e:f6:
         21:e8:e7:84:1b:ac:a9:d6:5d:74:39:68:3c:13:1a:57:8c:6c:
         2c:da:ed:5e:14:7c:c9:f9:99:09:3d:87:1b:d1:48:a6:70:a0:
         fc:4e:5f:f6:12:6b:9e:93:bd:11:73:8a:49:c7:25:68:ac:9b:
         69:31:89:55:75:11:ce:f7:66:23:cd:87:db:f5:87:f3:ea:d1:
         e0:37:78:8d:39:b8:c9:96:94:45:9b:c0:dd:a0:36:8b:c6:16:
         fe:15:28:6b:08:9a:7e:31:86:d1:0b:e7:75:0c:ba:5e:62:eb:
         8e:da:f3:c4:0b:e0:5c:31:36:ad:c8:dd:1a:83:38:d2:45:ec:
         cc:f2:73:d2:db:49:98:4c:78:cf:65:63:49:6b:63:a6:f3:07:
         f2:0c:c7:9f:6b:b5:a6:77:ae:25:31:dc:13:ba:6f:1e:ec:c8:
         8c:ef:84:b6:e2:2c:66:87:1d:51:72:80:71:8d:a6:7a:ef:b2:
         d1:23:dc:9f:9b:7c:5c:4d:80:3a:a3:ea:4f:6b:16:51:06:88:
         c6:63:b5:22:f5:2d:b4:45:e1:21:71:fc:71:a0:9d:f8:24:b9:
         c6:8c:4d:1d:c1:41:f3:9f:5f:b4:6e:77:dd:ba:7b:25:1c:14:
         f4:d7:e6:73
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYbAqzuybfuX9n33pst+J0KEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZGI3MWY2OTE5YjBlZjk4ZWVmYzk5NjQ5MjhhODc1MTAy
MzZhMDMwHhcNMjMwMzA4MTAwMTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmQ4YTJmMWI2OTY3NzJmODAzODVjZDU4MGZlYzNiZmNjOTcyMzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyI7Tlhh04AR0U8u4JcV+qczkWKN
6hc1/yPzh84srJYRPOFICbxKPeXRaNIBEY4Zy2BsxJTt6kKBaDhOJUvn7+c2/4x0
PiKrYufO4kgX8ytSOZO9joO+KWm0zDPPONL1JeQNgk/jYsagaqVKSmsgigLfblnh
OnPgDCGOUfOgS1utSDAiufvudB6C9oAFkL0d37+nkdibPLdxTwDWrV6utjyo2Wj0
3gbAEYBMgVgxHFJGt6UqEEyAbFi+J5HiodO0BEp03L4Cv3ySebRdZMXSNi0pYj5s
c/L4flcCGK5rx5qeFLKAa8XcAhAZG4/43hJkvDB7VGzshbxGMDrm2OQw0QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFLbYovG2lncvgDhc1YD+w7/MlyMmMB8GA1UdIwQY
MBaAFIfbcfaRmw75ju/JlkkoqHUQI2oDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDl0eDlwR2JEdm1PNzhtV1NTaW9kUkFqYWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9lZjYyNzctNzBiNS00MzQ4LWE1ODIt
OTA0YTA4MDMxYTlmLzEvdHRpaThiYVdkeS1BT0Z6VmdQN0R2OHlYSXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9lZjYyNzctNzBiNS00MzQ4LWE1ODItOTA0YTA4MDMxYTlm
LzEvaDl0eDlwR2JEdm1PNzhtV1NTaW9kUkFqYWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuZokAwQA
w5AHAwQF1EdgAwQE2RTAAwQE2UdQMA0EAgACMAcDBQMqAPsAMA0GCSqGSIb3DQEB
CwUAA4IBAQAHqyNnYzkZpj+gFP5xAnUnnvYh6OeEG6yp1l10OWg8ExpXjGws2u1e
FHzJ+ZkJPYcb0UimcKD8Tl/2Emuek70Rc4pJxyVorJtpMYlVdRHO92YjzYfb9Yfz
6tHgN3iNObjJlpRFm8DdoDaLxhb+FShrCJp+MYbRC+d1DLpeYuuO2vPEC+BcMTat
yN0agzjSRezM8nPS20mYTHjPZWNJa2Om8wfyDMefa7Wmd64lMdwTum8e7MiM74S2
4ixmhx1RcoBxjaZ677LRI9yfm3xcTYA6o+pPaxZRBojGY7Ui9S20ReEhcfxxoJ34
JLnGjE0dwUHzn1+0bnfdunslHBT01+Zz
-----END CERTIFICATE-----