Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oRPVFJp7nl3KTjdc4b_XNExcKPY.roa
File:                     oRPVFJp7nl3KTjdc4b_XNExcKPY.roa (raw, json)
Hash identifier:          Z/lFAfeyw2DWBZAA8DlD/sfSr2W1qEE7xUp5v9+gJrE=
Subject key identifier:   A1:13:D5:14:9A:7B:9E:5D:CA:4E:37:5C:E1:BF:D7:34:4C:5C:28:F6
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018BA8B06D29C3CC3621F0255FE2B9DEAE95
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oRPVFJp7nl3KTjdc4b_XNExcKPY.roa
Signing time:             Tue 07 Nov 2023 07:30:16 +0000
ROA not before:           Tue 07 Nov 2023 07:30:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205544
IP address blocks:        2a0f:e6c6:1::/48 maxlen: 48
                          2a13:e107:7::/48 maxlen: 48
                          2a13:e101:1::/48 maxlen: 48
                          2a0f:e1c0:1::/48 maxlen: 48
                          2a13:3380:1::/48 maxlen: 48
                          2a0f:e6c7:1::/48 maxlen: 48
                          2a0f:e6c5:1::/48 maxlen: 48
                          2a13:e100:1::/48 maxlen: 48
                          2a0f:e440::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a8:b0:6d:29:c3:cc:36:21:f0:25:5f:e2:b9:de:ae:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov  7 07:30:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a113d5149a7b9e5dca4e375ce1bfd7344c5c28f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a0:77:d6:78:cc:ea:ab:27:1c:38:f6:e1:b0:
                    5a:b5:c6:af:0d:8a:55:d0:f2:79:e5:c6:12:49:24:
                    fc:37:13:24:eb:8e:82:40:45:22:d2:f5:82:c9:62:
                    ae:9d:de:92:30:a8:a6:84:22:80:60:80:43:c2:3c:
                    7b:d2:10:97:1f:dd:28:37:ef:99:bc:72:e8:6e:e5:
                    df:04:fa:fe:f4:d3:f9:c4:89:b5:0a:26:9d:bc:c5:
                    ca:e5:df:37:8e:0a:d0:94:52:44:f4:73:dd:53:29:
                    8b:f9:24:21:ba:c3:4b:54:98:31:01:35:2a:5e:60:
                    8c:46:79:3b:fa:dc:2f:c7:49:c6:17:e1:6e:d4:9c:
                    02:3a:39:54:c2:24:93:b2:84:46:05:d2:1e:16:fb:
                    5f:67:cd:1a:a5:d8:34:ec:d9:ee:58:06:86:16:b9:
                    21:1b:df:80:57:55:88:70:70:2e:a9:36:39:99:18:
                    09:b7:14:f2:15:3a:3e:35:9e:29:d3:ae:df:fc:8f:
                    3d:e1:1a:41:90:16:9e:9a:0a:05:b7:16:3b:e8:a3:
                    3a:4e:39:a3:dd:f8:f5:25:b8:c5:97:32:fd:9e:0a:
                    e9:4c:54:68:de:e2:2c:98:7c:12:e7:ef:f2:da:43:
                    56:70:f8:ae:5f:84:33:23:79:45:27:71:14:c5:b9:
                    7a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:13:D5:14:9A:7B:9E:5D:CA:4E:37:5C:E1:BF:D7:34:4C:5C:28:F6
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oRPVFJp7nl3KTjdc4b_XNExcKPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:e1c0:1::/48
                  2a0f:e440::/29
                  2a0f:e6c5:1::/48
                  2a0f:e6c6:1::/48
                  2a0f:e6c7:1::/48
                  2a13:3380:1::/48
                  2a13:e100:1::/48
                  2a13:e101:1::/48
                  2a13:e107:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:02:22:73:7e:ff:b8:f7:d7:67:1b:4d:65:92:49:a4:c8:5d:
         36:d0:05:21:00:90:b5:15:fd:87:bf:1e:7c:9d:be:de:f7:d1:
         08:16:fd:9f:d5:81:6e:8d:89:84:36:b4:7b:1c:7a:8a:bd:61:
         c1:c9:67:89:5e:6d:4a:ab:db:d2:82:ee:1b:68:08:ab:67:2c:
         b2:90:e5:80:03:ae:7f:57:5f:70:39:85:1c:1c:ce:8f:0b:0d:
         c1:fb:04:4d:45:26:79:32:30:11:a8:78:c0:5c:00:bc:d7:10:
         84:ca:a1:af:e8:cc:94:0d:73:bb:9c:66:38:7c:3f:b0:19:2d:
         a2:d5:09:3b:b8:d5:fe:b7:df:07:4e:16:a0:52:b8:0c:9f:f8:
         6c:19:a2:da:4b:c5:37:04:b7:4a:49:0c:6b:f9:36:67:4a:3c:
         ad:18:70:97:b8:70:b6:b7:43:ef:34:5c:e1:99:f5:5d:d1:a8:
         63:58:ac:e7:33:e7:94:62:d1:8f:7d:3c:b6:cc:c7:65:f0:f9:
         97:ff:bc:d7:2d:30:fd:02:c7:0f:d2:59:ed:25:76:6e:bb:a6:
         14:98:24:ae:a6:fb:3f:6a:b1:7c:e4:92:cd:4a:0c:9c:00:4b:
         ab:ec:07:ff:20:e5:5e:90:14:41:45:88:7a:d0:ff:10:f8:81:
         c7:43:28:df
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYuosG0pw8w2IfAlX+K53q6VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMxMTA3MDczMDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTEzZDUxNDlhN2I5ZTVkY2E0ZTM3NWNlMWJmZDczNDRjNWMyOGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqB31njM6qsnHDj24bBatcavDYpV
0PJ55cYSSST8NxMk646CQEUi0vWCyWKund6SMKimhCKAYIBDwjx70hCXH90oN++Z
vHLobuXfBPr+9NP5xIm1CiadvMXK5d83jgrQlFJE9HPdUymL+SQhusNLVJgxATUq
XmCMRnk7+twvx0nGF+Fu1JwCOjlUwiSTsoRGBdIeFvtfZ80apdg07NnuWAaGFrkh
G9+AV1WIcHAuqTY5mRgJtxTyFTo+NZ4p067f/I894RpBkBaemgoFtxY76KM6Tjmj
3fj1JbjFlzL9ngrpTFRo3uIsmHwS5+/y2kNWcPiuX4QzI3lFJ3EUxbl6MQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFKET1RSae55dyk43XOG/1zRMXCj2MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvb1JQVkZKcDdubDNLVGpkYzRiX1hORXhjS1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBVBAIAAjBPAwcAKg/hwAAB
AwUDKg/kQAMHACoP5sUAAQMHACoP5sYAAQMHACoP5scAAQMHACoTM4AAAQMHACoT
4QAAAQMHACoT4QEAAQMHACoT4QcABzANBgkqhkiG9w0BAQsFAAOCAQEAvQIic37/
uPfXZxtNZZJJpMhdNtAFIQCQtRX9h78efJ2+3vfRCBb9n9WBbo2JhDa0exx6ir1h
wclniV5tSqvb0oLuG2gIq2csspDlgAOuf1dfcDmFHBzOjwsNwfsETUUmeTIwEah4
wFwAvNcQhMqhr+jMlA1zu5xmOHw/sBktotUJO7jV/rffB04WoFK4DJ/4bBmi2kvF
NwS3SkkMa/k2Z0o8rRhwl7hwtrdD7zRc4Zn1XdGoY1is5zPnlGLRj308tszHZfD5
l/+81y0w/QLHD9JZ7SV2brumFJgkrqb7P2qxfOSSzUoMnABLq+wH/yDlXpAUQUWI
etD/EPiBx0Mo3w==
-----END CERTIFICATE-----