Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/mXwFpGkE2Dcj0lIQTUi9ukoBWBU.roa
File:                     mXwFpGkE2Dcj0lIQTUi9ukoBWBU.roa (raw, json)
Hash identifier:          l/CMxVluYosCocAQDFf4Sxcr7uAdwSxp80EyVY4PoU0=
Subject key identifier:   99:7C:05:A4:69:04:D8:37:23:D2:52:10:4D:48:BD:BA:4A:01:58:15
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       0185728C8B5183EF9DB1E9E883DF2B4CD6AF
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/mXwFpGkE2Dcj0lIQTUi9ukoBWBU.roa
Signing time:             Mon 02 Jan 2023 12:54:51 +0000
ROA not before:           Mon 02 Jan 2023 12:54:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35297
IP address blocks:        193.238.32.0/22 maxlen: 22
                          185.249.160.0/22 maxlen: 22
                          5.53.112.0/21 maxlen: 21
                          178.251.104.0/21 maxlen: 21
                          178.251.110.0/24 maxlen: 24
                          193.239.72.0/22 maxlen: 22
                          91.204.212.0/22 maxlen: 24
                          77.75.144.0/21 maxlen: 21
                          2a02:2000:face::/48 maxlen: 48
                          2a02:2000:4::/48 maxlen: 48
                          2a02:2000::/29 maxlen: 48
                          2a02:2000::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:8c:8b:51:83:ef:9d:b1:e9:e8:83:df:2b:4c:d6:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Jan  2 12:54:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=997c05a46904d83723d252104d48bdba4a015815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:77:4f:68:69:fa:6c:d9:60:1b:ca:b8:5c:4b:
                    18:86:8b:f4:e9:fc:41:be:97:fb:62:70:fe:ca:89:
                    46:a7:3d:1f:7f:32:16:44:9d:ac:3e:b2:bc:b3:a1:
                    5e:fd:bb:cc:83:a5:d8:7f:a7:7a:7f:6a:22:7f:b4:
                    d5:6e:b7:d7:f2:5e:53:b8:49:8f:99:80:2e:75:e2:
                    e4:47:7d:ff:1f:42:19:8d:b4:57:43:c2:40:c8:ba:
                    21:8c:20:78:5c:e6:e3:ae:32:86:79:d8:e7:02:11:
                    2f:24:25:5e:8c:d5:dc:17:b5:39:1f:2d:79:ea:6b:
                    11:6f:21:ac:b4:10:e8:0f:68:15:2d:05:2c:3c:8a:
                    74:bf:b8:40:b8:3f:a0:4f:46:5b:cf:0c:f0:61:ad:
                    44:5e:b6:ab:69:47:9b:20:ca:ce:b6:db:1a:d4:c6:
                    7c:f5:4c:33:7a:cd:db:ce:cd:2e:f5:8d:20:7c:06:
                    27:a5:c8:bc:a1:10:b6:3b:e7:bc:9a:2a:21:6b:4e:
                    a7:af:de:69:2c:a2:47:12:a4:a7:44:1e:dd:e0:8f:
                    fc:8f:ac:a0:0e:5f:a4:61:a2:70:f6:64:dd:aa:9d:
                    af:32:1b:62:a5:c0:9b:86:32:fd:ab:9d:1a:f6:c1:
                    ab:2b:06:f8:66:c1:2a:04:60:f3:72:f7:46:42:65:
                    f0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:7C:05:A4:69:04:D8:37:23:D2:52:10:4D:48:BD:BA:4A:01:58:15
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/mXwFpGkE2Dcj0lIQTUi9ukoBWBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.53.112.0/21
                  77.75.144.0/21
                  91.204.212.0/22
                  178.251.104.0/21
                  185.249.160.0/22
                  193.238.32.0/22
                  193.239.72.0/22
                IPv6:
                  2a02:2000::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:70:1f:a5:7d:ef:15:68:6d:f4:9f:13:e1:29:8a:c2:72:93:
         b8:3f:bf:ff:26:f2:84:22:4e:32:75:10:20:89:fe:a2:bc:6f:
         bb:04:cc:23:ec:d3:53:2d:4e:ca:e6:06:07:33:f7:ca:a5:34:
         30:9b:89:04:e4:36:a0:38:f7:76:3b:64:f7:f6:74:b9:d6:80:
         af:61:fb:de:ce:2a:75:c9:87:fc:c7:08:31:1a:53:1f:b7:cf:
         3f:d1:e3:ed:b3:7d:3f:c6:6b:53:44:e8:e3:2b:fb:8f:66:b6:
         8d:4b:c7:57:5c:a7:2d:80:82:ed:87:ef:5a:b3:19:3e:50:4b:
         88:e9:18:61:2d:79:4b:0e:1e:39:44:d1:b4:95:c8:67:63:a8:
         94:da:31:9c:28:cc:83:ab:3a:06:aa:b5:05:8f:8f:58:ad:1e:
         ba:59:4e:9e:0a:4c:57:64:cc:d8:a8:15:94:20:60:61:ec:e1:
         2d:c1:24:12:6d:ba:43:77:c2:03:cb:ee:3e:35:1d:21:e6:8f:
         6a:5d:3d:04:68:83:ac:07:37:ce:04:93:60:d5:f8:8f:b2:fc:
         3d:62:41:ca:da:a9:e8:4e:f4:67:43:36:a7:08:77:72:52:1e:
         ce:4e:8b:ab:1f:5e:3e:ca:6a:67:3d:ab:eb:96:b8:63:f9:c5:
         bf:0a:e1:f7
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVyjItRg++dsenog98rTNavMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjMwMTAyMTI1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTdjMDVhNDY5MDRkODM3MjNkMjUyMTA0ZDQ4YmRiYTRhMDE1ODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApndPaGn6bNlgG8q4XEsYhov06fxB
vpf7YnD+yolGpz0ffzIWRJ2sPrK8s6Fe/bvMg6XYf6d6f2oif7TVbrfX8l5TuEmP
mYAudeLkR33/H0IZjbRXQ8JAyLohjCB4XObjrjKGedjnAhEvJCVejNXcF7U5Hy15
6msRbyGstBDoD2gVLQUsPIp0v7hAuD+gT0ZbzwzwYa1EXraraUebIMrOttsa1MZ8
9Uwzes3bzs0u9Y0gfAYnpci8oRC2O+e8mioha06nr95pLKJHEqSnRB7d4I/8j6yg
Dl+kYaJw9mTdqp2vMhtipcCbhjL9q50a9sGrKwb4ZsEqBGDzcvdGQmXwSwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJl8BaRpBNg3I9JSEE1IvbpKAVgVMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvbVh3RnBHa0UyRGNqMGxJUVRVaTl1a29CV0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDBTVwAwQD
TUuQAwQCW8zUAwQDsvtoAwQCufmgAwQCwe4gAwQCwe9IMA0EAgACMAcDBQMqAiAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBWcB+lfe8VaG30nxPhKYrCcpO4P7//JvKEIk4y
dRAgif6ivG+7BMwj7NNTLU7K5gYHM/fKpTQwm4kE5DagOPd2O2T39nS51oCvYfve
zip1yYf8xwgxGlMft88/0ePts30/xmtTROjjK/uPZraNS8dXXKctgILth+9asxk+
UEuI6RhhLXlLDh45RNG0lchnY6iU2jGcKMyDqzoGqrUFj49YrR66WU6eCkxXZMzY
qBWUIGBh7OEtwSQSbbpDd8IDy+4+NR0h5o9qXT0EaIOsBzfOBJNg1fiPsvw9YkHK
2qnoTvRnQzanCHdyUh7OTourH14+ympnPavrlrhj+cW/CuH3
-----END CERTIFICATE-----