Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BJbI3mbvwzbkBt1W1essDXxsUbg.roa
File:                     BJbI3mbvwzbkBt1W1essDXxsUbg.roa (raw, json)
Hash identifier:          jPQ3wY7cVcuTIK9bG3UbU67Wp+LpgLg2xossnfHxPHc=
Subject key identifier:   04:96:C8:DE:66:EF:C3:36:E4:06:DD:56:D5:EB:2C:0D:7C:6C:51:B8
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018CB600751A1E7CB1284752C4E2380CFEB2
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BJbI3mbvwzbkBt1W1essDXxsUbg.roa
Signing time:             Fri 29 Dec 2023 14:35:32 +0000
ROA not before:           Fri 29 Dec 2023 14:35:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        93.190.246.0/23 maxlen: 23
                          45.129.127.0/24 maxlen: 24
                          45.128.26.0/24 maxlen: 24
                          2a06:b5c0::/29 maxlen: 29
                          2a0f:e840::/32 maxlen: 32
                          2a13:fd00::/29 maxlen: 29
                          2a07:95c0::/29 maxlen: 29
                          2a0f:2f80::/29 maxlen: 29
                          2a13:18c4::/32 maxlen: 32
                          2a06:bf40::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:b6:00:75:1a:1e:7c:b1:28:47:52:c4:e2:38:0c:fe:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Dec 29 14:35:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0496c8de66efc336e406dd56d5eb2c0d7c6c51b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:33:cc:1c:5a:19:f7:ff:c4:47:c5:1e:8b:38:
                    2d:5a:15:1f:2b:c3:07:85:d9:fe:be:1e:d6:14:7a:
                    3d:96:6c:5d:b9:fa:41:1a:8a:25:55:be:30:22:af:
                    37:53:23:e2:86:19:5b:74:20:ba:dd:04:6a:7f:d8:
                    5d:0d:6a:56:f2:46:70:c3:a3:79:cb:72:f7:87:c0:
                    cf:6c:2b:7e:e1:0e:6b:07:7a:16:ac:66:57:5c:15:
                    1d:d4:63:2e:a2:f4:d1:99:5e:e4:9f:5c:66:6f:66:
                    fb:59:a7:99:ef:eb:a5:26:2a:19:d9:7f:9d:a4:19:
                    ee:88:e0:fb:33:93:bb:6c:f4:8e:77:53:a6:db:e7:
                    87:14:7d:60:24:d4:44:b4:9f:01:dc:05:68:db:e8:
                    22:51:b3:e6:47:39:5b:ba:d3:cb:bd:9c:5e:e5:49:
                    61:34:39:97:c2:d6:dd:fd:16:e5:a3:5c:f9:ea:bf:
                    d5:63:19:84:43:73:d0:d3:19:d6:0b:c3:e1:49:b8:
                    5c:39:47:07:7b:4c:b2:7c:f1:db:f0:b1:49:19:c4:
                    09:71:47:57:a0:68:16:36:ef:53:a7:ea:2c:ce:73:
                    1e:88:d1:45:d1:f2:75:2a:8d:2d:8d:b5:e7:f9:c4:
                    ee:16:dc:6f:fc:79:11:88:3f:9c:fe:fb:da:36:62:
                    27:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:96:C8:DE:66:EF:C3:36:E4:06:DD:56:D5:EB:2C:0D:7C:6C:51:B8
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BJbI3mbvwzbkBt1W1essDXxsUbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.26.0/24
                  45.129.127.0/24
                  93.190.246.0/23
                IPv6:
                  2a06:b5c0::/29
                  2a06:bf40::/29
                  2a07:95c0::/29
                  2a0f:2f80::/29
                  2a0f:e840::/32
                  2a13:18c4::/32
                  2a13:fd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         b4:be:66:dd:cf:e1:a6:6c:b6:c8:75:0a:a4:ad:bd:7d:58:19:
         58:58:70:e3:48:74:9e:5a:dd:0b:f3:d8:ce:bb:22:25:bc:03:
         0b:fd:f3:af:47:ea:f7:ba:80:a1:7e:2e:5d:ff:6f:2b:ef:b5:
         d0:02:ce:f2:05:9f:64:25:54:ee:25:a4:55:ae:62:ff:3f:a0:
         a8:03:8d:6d:ef:61:8b:f0:65:91:61:5e:a1:55:79:25:c4:03:
         ad:56:7b:43:03:31:c0:58:af:c2:2d:94:1d:f0:2c:87:33:42:
         92:83:5b:e1:a1:d8:ec:b6:d6:03:3b:eb:ea:dc:3f:c5:c0:48:
         52:2c:aa:6d:85:48:ee:68:0e:30:d1:f7:76:82:9f:cc:23:13:
         d8:c0:b6:43:9f:2b:d9:91:20:f9:db:5b:4c:cf:1c:96:c4:45:
         6a:18:3b:0b:23:b9:9f:a5:60:2d:28:eb:2b:ca:8d:48:67:82:
         36:e1:9f:45:85:54:c6:c7:c4:ed:b7:77:75:4f:d8:ee:85:06:
         1f:60:d6:3c:f5:b0:7a:ab:1d:ec:6a:48:9c:d6:51:ef:4e:8c:
         46:29:71:a1:47:24:44:c6:d8:73:2d:15:34:4e:ba:8f:dd:26:
         0d:46:db:af:f2:6f:41:22:ec:cc:12:ac:78:ea:5f:4a:2c:26:
         e8:2b:32:f4
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYy2AHUaHnyxKEdSxOI4DP6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMxMjI5MTQzNTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDk2YzhkZTY2ZWZjMzM2ZTQwNmRkNTZkNWViMmMwZDdjNmM1MWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjPMHFoZ9//ER8UeizgtWhUfK8MH
hdn+vh7WFHo9lmxdufpBGoolVb4wIq83UyPihhlbdCC63QRqf9hdDWpW8kZww6N5
y3L3h8DPbCt+4Q5rB3oWrGZXXBUd1GMuovTRmV7kn1xmb2b7WaeZ7+ulJioZ2X+d
pBnuiOD7M5O7bPSOd1Om2+eHFH1gJNREtJ8B3AVo2+giUbPmRzlbutPLvZxe5Ulh
NDmXwtbd/Rblo1z56r/VYxmEQ3PQ0xnWC8PhSbhcOUcHe0yyfPHb8LFJGcQJcUdX
oGgWNu9Tp+osznMeiNFF0fJ1Ko0tjbXn+cTuFtxv/HkRiD+c/vvaNmIniwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFASWyN5m78M25AbdVtXrLA18bFG4MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvQkpiSTNtYnZ3emJrQnQxVzFlc3NEWHhzVWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzAYBAIAATASAwQALYAaAwQA
LYF/AwQBXb72MDcEAgACMDEDBQMqBrXAAwUDKga/QAMFAyoHlcADBQMqDy+AAwUA
Kg/oQAMFACoTGMQDBQMqE/0AMA0GCSqGSIb3DQEBCwUAA4IBAQC0vmbdz+GmbLbI
dQqkrb19WBlYWHDjSHSeWt0L89jOuyIlvAML/fOvR+r3uoChfi5d/28r77XQAs7y
BZ9kJVTuJaRVrmL/P6CoA41t72GL8GWRYV6hVXklxAOtVntDAzHAWK/CLZQd8CyH
M0KSg1vhodjsttYDO+vq3D/FwEhSLKpthUjuaA4w0fd2gp/MIxPYwLZDnyvZkSD5
21tMzxyWxEVqGDsLI7mfpWAtKOsryo1IZ4I24Z9FhVTGx8Ttt3d1T9juhQYfYNY8
9bB6qx3sakic1lHvToxGKXGhRyRExthzLRU0TrqP3SYNRtuv8m9BIuzMEqx46l9K
LCboKzL0
-----END CERTIFICATE-----