Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/KgFggmcrpsPxfz2cmIfklvSEdiA.roa
File:                     KgFggmcrpsPxfz2cmIfklvSEdiA.roa (raw, json)
Hash identifier:          y7Eq1mpqY4tTLmhQbaas3ZAhAN8Mh0qWC4MTTiX/aM4=
Subject key identifier:   2A:01:60:82:67:2B:A6:C3:F1:7F:3D:9C:98:87:E4:96:F4:84:76:20
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       01856CB8371E1A81D381BDF2DE92D0CB2AB9
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/KgFggmcrpsPxfz2cmIfklvSEdiA.roa
Signing time:             Sun 01 Jan 2023 09:44:50 +0000
ROA not before:           Sun 01 Jan 2023 09:44:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47537
IP address blocks:        46.28.44.0/24 maxlen: 24
                          46.28.45.0/24 maxlen: 24
                          46.28.46.0/24 maxlen: 24
                          46.28.47.0/24 maxlen: 24
                          91.208.12.0/24 maxlen: 24
                          37.143.0.0/24 maxlen: 24
                          37.143.1.0/24 maxlen: 24
                          37.143.2.0/24 maxlen: 24
                          37.143.3.0/24 maxlen: 24
                          2a02:2d00:1::/48 maxlen: 48
                          2a02:2d00:21::/48 maxlen: 48
                          2a02:2d00:20::/48 maxlen: 48
                          2a02:2d00:30::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:b8:37:1e:1a:81:d3:81:bd:f2:de:92:d0:cb:2a:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: Jan  1 09:44:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a016082672ba6c3f17f3d9c9887e496f4847620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:30:67:f9:1b:ef:93:a2:02:68:08:4c:2e:e8:
                    3d:f9:d1:3e:74:28:23:99:c9:bd:8b:95:fe:ea:5c:
                    49:13:bd:df:69:7d:bf:43:61:36:99:8d:c5:7d:bb:
                    51:1f:54:c9:cb:0d:70:86:61:b0:20:36:27:69:49:
                    d3:60:5b:43:c8:fe:30:22:fa:85:41:90:f9:72:72:
                    eb:ec:d4:be:fd:d1:fd:83:a1:d5:57:bc:46:b4:35:
                    25:c1:ef:fa:a6:5f:0e:ab:18:1e:3e:20:58:84:be:
                    e0:cc:95:d7:37:89:2a:6a:cd:d5:36:2c:63:a8:50:
                    aa:0f:bf:22:54:7a:0c:c3:0d:ef:1c:84:9d:56:80:
                    dd:34:bb:0e:99:9f:56:c1:4a:34:4a:e0:87:9c:bc:
                    c9:21:66:0d:c6:04:7f:d6:c6:3e:44:46:ed:fa:a9:
                    90:64:d6:40:f0:74:93:7f:1b:11:81:83:36:ae:d5:
                    1e:c2:96:0d:fe:f2:38:73:07:6a:32:b7:ab:6f:d8:
                    c2:41:14:13:0d:f7:db:b9:dd:9c:83:8c:64:3e:f1:
                    b8:81:06:25:1c:8c:94:79:c2:f4:43:b9:7c:60:d1:
                    d7:2c:fe:d6:89:a2:2d:08:a6:1c:41:c8:c8:c0:c5:
                    d9:62:bd:98:23:50:1e:20:fd:51:ac:1e:e6:1c:e5:
                    55:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:01:60:82:67:2B:A6:C3:F1:7F:3D:9C:98:87:E4:96:F4:84:76:20
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/KgFggmcrpsPxfz2cmIfklvSEdiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.0.0/22
                  46.28.44.0/22
                  91.208.12.0/24
                IPv6:
                  2a02:2d00:1::/48
                  2a02:2d00:20::/47
                  2a02:2d00:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:39:77:a1:53:c2:d4:4f:2e:7c:51:43:fa:b6:a1:d8:16:7a:
         83:9c:27:c3:5d:c2:1c:d2:4d:26:94:09:d9:c9:0c:3b:b5:57:
         42:6c:b7:01:79:7e:1c:ee:ce:1d:7b:e1:83:7b:13:fc:aa:5e:
         58:20:6d:90:01:97:a0:24:14:52:2b:57:4f:1d:47:bd:d7:ff:
         6a:f0:19:d1:99:73:a0:6c:47:93:7b:26:54:a9:45:fa:96:f8:
         d7:59:b5:27:a0:2b:8c:76:1d:64:f4:88:c2:3f:ff:13:4f:eb:
         4c:54:62:b3:62:d9:76:4a:02:7c:62:62:42:f9:a4:94:a0:6b:
         31:d1:93:c1:ad:9c:61:46:59:5c:cc:92:1d:50:85:75:85:c6:
         43:b7:96:23:43:de:19:02:76:17:c8:8a:70:9f:06:44:16:f6:
         23:5e:d8:22:26:06:d4:88:4d:7c:de:e1:04:1c:11:84:ff:18:
         2e:00:09:73:cf:b1:e7:66:9c:46:67:dd:26:3d:2e:61:cd:d5:
         01:f4:e4:e0:41:2a:20:fa:40:a8:b8:04:9f:1b:bf:25:66:60:
         2c:64:ee:72:8e:5a:f0:54:ea:08:e7:2b:e2:d5:68:f2:06:4a:
         2f:17:bd:35:30:c4:5f:3c:19:ab:0d:72:ec:70:32:1b:0a:45:
         47:d7:67:62
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYVsuDceGoHTgb3y3pLQyyq5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjM2M2Q0MjhiNzkxNWMxMDg4MjVmMDk3MDYwMDRiOGVh
M2Q0YjUwHhcNMjMwMTAxMDk0NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTAxNjA4MjY3MmJhNmMzZjE3ZjNkOWM5ODg3ZTQ5NmY0ODQ3NjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzBn+Rvvk6ICaAhMLug9+dE+dCgj
mcm9i5X+6lxJE73faX2/Q2E2mY3FfbtRH1TJyw1whmGwIDYnaUnTYFtDyP4wIvqF
QZD5cnLr7NS+/dH9g6HVV7xGtDUlwe/6pl8OqxgePiBYhL7gzJXXN4kqas3VNixj
qFCqD78iVHoMww3vHISdVoDdNLsOmZ9WwUo0SuCHnLzJIWYNxgR/1sY+REbt+qmQ
ZNZA8HSTfxsRgYM2rtUewpYN/vI4cwdqMrerb9jCQRQTDffbud2cg4xkPvG4gQYl
HIyUecL0Q7l8YNHXLP7WiaItCKYcQcjIwMXZYr2YI1AeIP1RrB7mHOVVlwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFCoBYIJnK6bD8X89nJiH5Jb0hHYgMB8GA1UdIwQY
MBaAFA9jY9Qot5FcEIgl8JcGAEuOo9S1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEt
MmUxYzBhZjRmYWE0LzEvS2dGZ2dtY3Jwc1B4ZnoyY21JZmtsdlNFZGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEtMmUxYzBhZjRmYWE0
LzEvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAYBAIAATASAwQCJY8AAwQC
LhwsAwQAW9AMMCEEAgACMBsDBwAqAi0AAAEDBwEqAi0AACADBwAqAi0AADAwDQYJ
KoZIhvcNAQELBQADggEBAKs5d6FTwtRPLnxRQ/q2odgWeoOcJ8NdwhzSTSaUCdnJ
DDu1V0JstwF5fhzuzh174YN7E/yqXlggbZABl6AkFFIrV08dR73X/2rwGdGZc6Bs
R5N7JlSpRfqW+NdZtSegK4x2HWT0iMI//xNP60xUYrNi2XZKAnxiYkL5pJSgazHR
k8GtnGFGWVzMkh1QhXWFxkO3liND3hkCdhfIinCfBkQW9iNe2CImBtSITXze4QQc
EYT/GC4ACXPPsedmnEZn3SY9LmHN1QH05OBBKiD6QKi4BJ8bvyVmYCxk7nKOWvBU
6gjnK+LVaPIGSi8XvTUwxF88GasNcuxwMhsKRUfXZ2I=
-----END CERTIFICATE-----