Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/c3fcd9-00c8-436b-8c01-a5fea604ad53/1/CcBmQNiG4T-rCZ2kbWdKvqZlUFc.roa
File:                     CcBmQNiG4T-rCZ2kbWdKvqZlUFc.roa (raw, json)
Hash identifier:          MWyJv0BU4+NzXKF/8ObjIBTGE9WLs3QfBK5vQsspBa4=
Subject key identifier:   09:C0:66:40:D8:86:E1:3F:AB:09:9D:A4:6D:67:4A:BE:A6:65:50:57
Certificate issuer:       /CN=73fdae1505049e446d5b0d144acc860d6c18167c
Certificate serial:       01878E994326E4F35B9ADD8DDB9B89F40557
Authority key identifier: 73:FD:AE:15:05:04:9E:44:6D:5B:0D:14:4A:CC:86:0D:6C:18:16:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_2uFQUEnkRtWw0USsyGDWwYFnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/c3fcd9-00c8-436b-8c01-a5fea604ad53/1/CcBmQNiG4T-rCZ2kbWdKvqZlUFc.roa
Signing time:             Mon 17 Apr 2023 09:43:41 +0000
ROA not before:           Mon 17 Apr 2023 09:43:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201601
IP address blocks:        176.112.144.0/22 maxlen: 22
                          176.112.152.0/24 maxlen: 24
                          176.112.148.0/22 maxlen: 22
                          176.112.153.0/24 maxlen: 24
                          176.112.156.0/22 maxlen: 22
                          176.112.154.0/24 maxlen: 24
                          185.68.208.0/24 maxlen: 24
                          176.112.155.0/24 maxlen: 24
                          185.68.209.0/24 maxlen: 24
                          185.68.208.0/22 maxlen: 22
                          185.68.210.0/24 maxlen: 24
                          185.68.211.0/24 maxlen: 24
                          94.177.25.0/24 maxlen: 24
                          2a05:1cc0::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8e:99:43:26:e4:f3:5b:9a:dd:8d:db:9b:89:f4:05:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73fdae1505049e446d5b0d144acc860d6c18167c
        Validity
            Not Before: Apr 17 09:43:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=09c06640d886e13fab099da46d674abea6655057
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ec:62:eb:d5:8b:a9:e6:59:f7:00:c8:9c:6d:
                    97:5b:53:e2:d9:66:6a:7a:d7:da:01:9d:d2:a5:7a:
                    cd:3e:ca:28:a1:86:23:74:ff:ba:d0:44:b3:e1:a8:
                    ad:87:67:3f:d1:70:44:cb:6a:8e:1f:84:fe:c1:72:
                    2b:75:4e:61:da:06:4a:55:29:46:9a:3f:37:80:1f:
                    71:bc:21:af:17:f1:42:6a:fa:2a:8a:72:56:05:e9:
                    b1:2e:a0:95:80:9a:9a:2a:d0:91:bf:d2:bc:4e:fd:
                    89:f5:b4:71:bb:b1:e1:89:59:40:2d:09:54:fd:8c:
                    02:c3:a1:51:a8:37:c5:b1:26:cb:b1:a1:25:57:46:
                    e6:a7:2a:cb:9d:c4:ad:73:97:01:cb:f0:ba:18:52:
                    65:e5:fe:6b:b3:2a:ca:01:23:a9:53:31:ec:54:76:
                    28:38:47:48:4d:41:de:a4:af:28:e4:c4:69:1d:36:
                    ce:ed:60:0d:15:b9:74:85:6f:8e:ec:cc:41:84:b3:
                    37:05:aa:94:da:c7:fd:1c:57:3f:02:61:b0:10:b1:
                    3a:2b:ae:61:6a:ce:ce:2a:09:0b:8c:31:b7:0c:79:
                    27:93:05:19:93:13:61:52:27:8c:67:73:11:c5:d5:
                    a9:ea:6d:27:89:7e:78:24:72:8b:8b:70:74:5e:92:
                    37:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C0:66:40:D8:86:E1:3F:AB:09:9D:A4:6D:67:4A:BE:A6:65:50:57
            X509v3 Authority Key Identifier:
                keyid:73:FD:AE:15:05:04:9E:44:6D:5B:0D:14:4A:CC:86:0D:6C:18:16:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_2uFQUEnkRtWw0USsyGDWwYFnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/c3fcd9-00c8-436b-8c01-a5fea604ad53/1/CcBmQNiG4T-rCZ2kbWdKvqZlUFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/c3fcd9-00c8-436b-8c01-a5fea604ad53/1/c_2uFQUEnkRtWw0USsyGDWwYFnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.25.0/24
                  176.112.144.0/20
                  185.68.208.0/22
                IPv6:
                  2a05:1cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:4d:21:6b:a7:85:e4:5f:74:ec:21:81:05:09:fb:e1:0a:2b:
         1a:0e:3d:a6:73:e5:b7:14:57:42:9f:ad:9a:98:07:98:d7:33:
         10:0d:2e:5f:98:c6:c4:03:17:c9:86:08:63:15:b2:42:9a:89:
         3d:2e:0b:f6:29:66:6a:60:0b:c9:2f:fa:2d:f2:d2:57:76:cc:
         b1:34:1b:ae:b9:c7:31:15:54:ca:b1:09:0e:fe:e8:1d:c3:9d:
         ec:59:c1:bb:a9:3c:23:c2:44:91:d7:97:1e:66:1a:f0:81:b2:
         66:93:93:fd:48:0f:54:f5:bf:f1:44:d1:36:ab:c2:c4:3b:dc:
         21:45:b6:ed:8b:e0:b3:08:99:79:07:36:bd:2b:4f:8e:d5:e0:
         22:49:54:45:93:e5:1a:55:3c:f9:c2:1d:eb:38:5f:85:92:1d:
         43:9a:be:60:53:7d:f6:2d:d5:b0:ac:61:55:6c:3e:3c:93:8a:
         52:78:e1:dc:4c:97:69:96:fa:41:3c:02:8f:29:fd:41:9c:2a:
         9d:49:ae:bc:60:f7:50:9a:a5:5d:b4:50:85:34:54:be:a2:a5:
         84:8c:47:eb:33:c3:a8:f6:b8:ba:70:4d:5d:82:43:59:67:18:
         aa:28:f7:89:5f:33:34:dd:75:51:69:c3:55:9b:aa:e6:61:e9:
         91:35:6e:6a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYeOmUMm5PNbmt2N25uJ9AVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZmRhZTE1MDUwNDllNDQ2ZDViMGQxNDRhY2M4NjBkNmMx
ODE2N2MwHhcNMjMwNDE3MDk0MzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWMwNjY0MGQ4ODZlMTNmYWIwOTlkYTQ2ZDY3NGFiZWE2NjU1MDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsexi69WLqeZZ9wDInG2XW1Pi2WZq
etfaAZ3SpXrNPsoooYYjdP+60ESz4aith2c/0XBEy2qOH4T+wXIrdU5h2gZKVSlG
mj83gB9xvCGvF/FCavoqinJWBemxLqCVgJqaKtCRv9K8Tv2J9bRxu7HhiVlALQlU
/YwCw6FRqDfFsSbLsaElV0bmpyrLncStc5cBy/C6GFJl5f5rsyrKASOpUzHsVHYo
OEdITUHepK8o5MRpHTbO7WANFbl0hW+O7MxBhLM3BaqU2sf9HFc/AmGwELE6K65h
as7OKgkLjDG3DHknkwUZkxNhUieMZ3MRxdWp6m0niX54JHKLi3B0XpI3kQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFAnAZkDYhuE/qwmdpG1nSr6mZVBXMB8GA1UdIwQY
MBaAFHP9rhUFBJ5EbVsNFErMhg1sGBZ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY18ydUZRVUVua1J0V3cwVVNzeUdEV3dZRm53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jM2ZjZDktMDBjOC00MzZiLThjMDEt
YTVmZWE2MDRhZDUzLzEvQ2NCbVFOaUc0VC1yQ1oya2JXZEt2cVpsVUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jM2ZjZDktMDBjOC00MzZiLThjMDEtYTVmZWE2MDRhZDUz
LzEvY18ydUZRVUVua1J0V3cwVVNzeUdEV3dZRm53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAXrEZAwQE
sHCQAwQCuUTQMA0EAgACMAcDBQMqBRzAMA0GCSqGSIb3DQEBCwUAA4IBAQCWTSFr
p4XkX3TsIYEFCfvhCisaDj2mc+W3FFdCn62amAeY1zMQDS5fmMbEAxfJhghjFbJC
mok9Lgv2KWZqYAvJL/ot8tJXdsyxNBuuuccxFVTKsQkO/ugdw53sWcG7qTwjwkSR
15ceZhrwgbJmk5P9SA9U9b/xRNE2q8LEO9whRbbti+CzCJl5Bza9K0+O1eAiSVRF
k+UaVTz5wh3rOF+Fkh1Dmr5gU332LdWwrGFVbD48k4pSeOHcTJdplvpBPAKPKf1B
nCqdSa68YPdQmqVdtFCFNFS+oqWEjEfrM8Oo9ri6cE1dgkNZZxiqKPeJXzM03XVR
acNVm6rmYemRNW5q
-----END CERTIFICATE-----