Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/7o4xFX-J1kiewfSESanbl-EUf-8.roa
File:                     7o4xFX-J1kiewfSESanbl-EUf-8.roa (raw, json)
Hash identifier:          7AyshCaiJE32PRWkvYB1dg+CgQjcpgjYkQbAxcYV6aY=
Subject key identifier:   EE:8E:31:15:7F:89:D6:48:9E:C1:F4:84:49:A9:DB:97:E1:14:7F:EF
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0188FC49D933BD2EC899CE0234D02FAC0EA7
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/7o4xFX-J1kiewfSESanbl-EUf-8.roa
Signing time:             Tue 27 Jun 2023 09:57:58 +0000
ROA not before:           Tue 27 Jun 2023 09:57:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.225.22.0/24 maxlen: 24
                          185.230.52.0/24 maxlen: 24
                          185.210.234.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          45.90.17.0/24 maxlen: 24
                          45.90.19.0/24 maxlen: 24
                          193.58.144.0/24 maxlen: 24
                          193.58.145.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          45.147.226.0/24 maxlen: 24
                          45.147.224.0/24 maxlen: 24
                          45.8.21.0/24 maxlen: 24
                          194.147.16.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:fc:49:d9:33:bd:2e:c8:99:ce:02:34:d0:2f:ac:0e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 27 09:57:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee8e31157f89d6489ec1f48449a9db97e1147fef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:63:cd:4c:e7:f7:b3:ea:75:e1:11:78:25:f7:
                    ef:8c:6c:b1:f1:c6:29:a2:58:5d:6a:5f:f4:0b:1e:
                    06:bc:1e:e7:bb:17:d3:d0:e7:9d:39:d0:41:2b:5f:
                    a8:0c:a3:2f:08:7e:aa:4d:b7:65:bb:5d:99:63:76:
                    1c:4d:f8:6c:a9:99:7a:eb:e6:96:2d:12:53:c8:ba:
                    7e:c8:03:d0:a0:6c:19:73:4c:4d:88:63:73:43:2a:
                    08:53:fc:39:12:6b:74:80:23:19:b0:67:f8:07:ac:
                    96:74:b8:b6:69:22:33:d3:f1:ff:63:f7:79:36:18:
                    5f:19:af:64:83:a2:6c:1e:0b:ec:a5:c1:71:36:fc:
                    4f:79:fd:e1:2b:0c:90:fe:80:c5:b7:9b:7a:27:e2:
                    25:42:f9:39:72:c6:63:ef:44:6b:87:7c:e9:06:c1:
                    63:9c:11:f7:ce:45:51:32:ba:52:ce:41:eb:d9:ea:
                    c2:23:3f:31:ed:6e:0e:53:d8:a7:ab:cc:ac:5a:56:
                    f7:77:33:06:a3:06:1e:dc:f5:d5:e6:18:81:94:0c:
                    a7:d0:69:37:9c:09:a0:a9:d6:d5:49:e7:96:78:4a:
                    9e:c4:e7:50:38:54:d9:07:c5:0f:74:a3:05:f2:c3:
                    24:46:12:4c:f1:8c:81:7e:a9:28:29:97:f2:14:02:
                    b0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:8E:31:15:7F:89:D6:48:9E:C1:F4:84:49:A9:DB:97:E1:14:7F:EF
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/7o4xFX-J1kiewfSESanbl-EUf-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.90.17.0/24
                  45.90.19.0/24
                  45.147.224.0/24
                  45.147.226.0/24
                  185.210.234.0/24
                  185.225.0.0/23
                  185.225.22.0/24
                  185.230.52.0/24
                  193.58.144.0/22
                  194.147.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:66:52:3c:f0:14:1e:2a:07:4e:d1:b4:11:65:f6:a0:83:c0:
         a8:a3:83:f4:58:88:58:ed:fe:32:56:2c:f5:b0:51:92:06:f7:
         d4:2d:95:83:ef:60:c0:6d:b5:5f:2f:b5:3d:ba:7f:ef:a7:ec:
         13:1e:9e:0e:0b:09:c8:73:a9:b8:68:a0:0d:3e:31:10:9c:75:
         43:f8:f6:a9:81:ec:41:e4:02:4b:79:3e:e8:b5:21:e9:ab:57:
         b0:3d:e8:e0:a2:1c:37:83:cf:41:80:84:ff:83:1b:eb:7d:d1:
         90:b6:2f:ee:20:8d:0b:9a:f4:aa:70:81:6d:92:10:73:4f:83:
         d5:11:5e:76:74:b7:fc:3b:68:c8:86:a4:e0:99:6b:b7:4b:5e:
         b0:7c:3d:bb:d8:75:a4:2d:c7:88:64:24:63:28:9e:85:63:dc:
         b2:9a:14:ee:08:2f:79:4f:2e:db:93:1e:f9:5a:2a:cc:b4:7c:
         7b:bc:79:5a:1a:1f:b2:6e:58:ee:08:37:4e:be:ec:c2:64:e7:
         7f:7f:9b:22:88:10:7b:15:9f:1b:0a:e1:f6:39:66:ae:bc:0b:
         5f:61:16:dc:17:9a:3c:d2:ad:6f:85:56:ee:d0:aa:3d:a5:33:
         b3:71:06:c5:92:92:87:96:85:2a:18:cc:fe:ce:ab:bc:71:10:
         2b:17:22:dc
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYj8SdkzvS7Imc4CNNAvrA6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwNjI3MDk1NzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZThlMzExNTdmODlkNjQ4OWVjMWY0ODQ0OWE5ZGI5N2UxMTQ3ZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWPNTOf3s+p14RF4JffvjGyx8cYp
olhdal/0Cx4GvB7nuxfT0OedOdBBK1+oDKMvCH6qTbdlu12ZY3YcTfhsqZl66+aW
LRJTyLp+yAPQoGwZc0xNiGNzQyoIU/w5Emt0gCMZsGf4B6yWdLi2aSIz0/H/Y/d5
NhhfGa9kg6JsHgvspcFxNvxPef3hKwyQ/oDFt5t6J+IlQvk5csZj70Rrh3zpBsFj
nBH3zkVRMrpSzkHr2erCIz8x7W4OU9inq8ysWlb3dzMGowYe3PXV5hiBlAyn0Gk3
nAmgqdbVSeeWeEqexOdQOFTZB8UPdKMF8sMkRhJM8YyBfqkoKZfyFAKwIwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFO6OMRV/idZInsH0hEmp25fhFH/vMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvN280eEZYLUoxa2lld2ZTRVNhbmJsLUVVZi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALQgVAwQA
LVoRAwQALVoTAwQALZPgAwQALZPiAwQAudLqAwQBueEAAwQAueEWAwQAueY0AwQC
wTqQAwQAwpMQMA0GCSqGSIb3DQEBCwUAA4IBAQADZlI88BQeKgdO0bQRZfagg8Co
o4P0WIhY7f4yViz1sFGSBvfULZWD72DAbbVfL7U9un/vp+wTHp4OCwnIc6m4aKAN
PjEQnHVD+PapgexB5AJLeT7otSHpq1ewPejgohw3g89BgIT/gxvrfdGQti/uII0L
mvSqcIFtkhBzT4PVEV52dLf8O2jIhqTgmWu3S16wfD272HWkLceIZCRjKJ6FY9yy
mhTuCC95Ty7bkx75WirMtHx7vHlaGh+ybljuCDdOvuzCZOd/f5siiBB7FZ8bCuH2
OWauvAtfYRbcF5o80q1vhVbu0Ko9pTOzcQbFkpKHloUqGMz+zqu8cRArFyLc
-----END CERTIFICATE-----