Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/5kM6kYyUBfMFu4L66c0THfbFP1I.roa
File:                     5kM6kYyUBfMFu4L66c0THfbFP1I.roa (raw, json)
Hash identifier:          XTcAZnfXJniJNT1L7q++4KRUhkPasqa6J73qIPU2ckU=
Subject key identifier:   E6:43:3A:91:8C:94:05:F3:05:BB:82:FA:E9:CD:13:1D:F6:C5:3F:52
Certificate issuer:       /CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
Certificate serial:       0182438F5AF53C3E537B96F6DEA28C8EE980
Authority key identifier: E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/5kM6kYyUBfMFu4L66c0THfbFP1I.roa
Signing time:             Thu 28 Jul 2022 06:47:24 +0000
ROA not before:           Thu 28 Jul 2022 06:47:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204548
IP address blocks:        81.28.6.0/24 maxlen: 24
                          83.229.84.0/24 maxlen: 24
                          83.229.85.0/24 maxlen: 24
                          83.229.86.0/24 maxlen: 24
                          83.229.87.0/24 maxlen: 24
                          194.36.88.0/24 maxlen: 24
                          63.250.59.0/24 maxlen: 24
                          63.250.60.0/24 maxlen: 24
                          45.83.41.0/24 maxlen: 24
                          185.237.97.0/24 maxlen: 24
                          185.237.96.0/24 maxlen: 24
                          185.237.14.0/24 maxlen: 24
                          91.202.170.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:43:8f:5a:f5:3c:3e:53:7b:96:f6:de:a2:8c:8e:e9:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
        Validity
            Not Before: Jul 28 06:47:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e6433a918c9405f305bb82fae9cd131df6c53f52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:37:8e:af:ee:fe:a7:52:c7:1c:dc:ed:89:ef:
                    77:b5:9e:34:be:6f:53:9b:ec:f2:bc:0c:a7:d2:81:
                    dc:9e:28:23:62:45:a0:52:74:8a:4a:aa:42:4f:f9:
                    70:fe:3c:ed:01:3e:13:d2:1e:ec:ca:9c:8e:9b:0c:
                    9d:2b:1d:9a:e3:60:79:fa:54:20:09:8b:36:1e:e8:
                    94:1b:8b:93:2d:80:3f:8e:5e:60:0a:34:d5:2b:29:
                    a8:89:bb:51:d7:ec:93:f5:4e:c5:e7:a0:b1:4f:ee:
                    e5:9f:2e:eb:09:ea:d4:0b:5b:02:a9:fd:5e:9f:7e:
                    8f:22:82:3e:67:2c:32:83:f6:21:7b:ea:aa:22:ec:
                    ba:7a:7b:55:d8:a1:d5:a4:54:29:38:71:cc:c7:f3:
                    1b:e9:46:06:21:5f:78:64:27:52:1d:42:1c:4d:94:
                    7b:a9:49:e3:41:55:a7:c9:37:c0:ce:47:95:7e:15:
                    41:ab:7a:39:2d:c2:6b:48:d8:a1:b6:51:96:21:48:
                    87:a5:b3:97:39:69:c4:94:a1:c1:51:ed:8e:f4:8d:
                    1d:1e:33:af:dd:fa:dd:b1:40:69:8f:4f:a1:ea:5c:
                    0f:6e:a1:e6:61:fd:2c:85:b9:77:fb:71:62:51:6f:
                    64:f1:14:18:a1:da:38:05:69:6b:40:22:48:a8:8b:
                    df:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:43:3A:91:8C:94:05:F3:05:BB:82:FA:E9:CD:13:1D:F6:C5:3F:52
            X509v3 Authority Key Identifier:
                keyid:E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/5kM6kYyUBfMFu4L66c0THfbFP1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/5b15I6_brofQeyMI3TidnPCC7W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.41.0/24
                  63.250.59.0-63.250.60.255
                  81.28.6.0/24
                  83.229.84.0/22
                  91.202.170.0/24
                  185.237.14.0/24
                  185.237.96.0/23
                  194.36.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:94:a0:7d:66:16:40:d0:fb:74:3d:af:ce:04:ef:2e:01:16:
         0e:22:ea:41:e8:a8:92:a7:ca:a6:d7:36:d2:2a:e4:24:63:77:
         8b:ef:09:7c:15:69:a3:af:8a:2f:8a:89:18:da:b7:14:f1:3e:
         9c:29:47:9c:01:63:79:8e:6b:74:8f:2e:fa:11:2c:80:3e:d5:
         d9:8e:9d:c0:20:52:65:ee:b0:6b:23:00:b7:df:6e:04:37:1b:
         81:24:82:a5:7f:e7:98:1b:cf:35:0a:a2:54:ac:ac:a7:bb:0b:
         6a:99:40:41:74:43:e7:fe:70:d3:ef:43:28:90:81:e5:ec:8c:
         66:bc:c0:26:29:5a:98:86:47:e2:d0:33:f8:ce:c9:33:5d:27:
         62:38:fa:23:19:4f:21:9c:f0:85:a7:51:a8:27:66:ca:b4:d2:
         85:0f:af:83:5e:b4:bb:4f:40:dc:e2:8a:00:26:50:49:be:9b:
         d2:6e:74:4d:2f:60:f0:cd:35:be:e6:75:c3:d5:a7:3c:0a:33:
         52:db:de:cf:15:87:bd:7e:31:bf:0d:b4:54:1d:7e:05:ca:12:
         96:87:dd:52:5d:0a:fe:9a:da:2d:e4:20:4d:12:eb:45:8d:89:
         27:8a:36:7d:b9:d1:86:cc:94:ce:47:75:98:dd:47:89:03:40:
         83:78:2b:d9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYJDj1r1PD5Te5b23qKMjumAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmQ3OTIzYWZkYmFlODdkMDdiMjMwOGRkMzg5ZDljZjA4
MmVkNmQwHhcNMjIwNzI4MDY0NzI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjQzM2E5MThjOTQwNWYzMDViYjgyZmFlOWNkMTMxZGY2YzUzZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszeOr+7+p1LHHNztie93tZ40vm9T
m+zyvAyn0oHcnigjYkWgUnSKSqpCT/lw/jztAT4T0h7sypyOmwydKx2a42B5+lQg
CYs2HuiUG4uTLYA/jl5gCjTVKymoibtR1+yT9U7F56CxT+7lny7rCerUC1sCqf1e
n36PIoI+Zywyg/Yhe+qqIuy6entV2KHVpFQpOHHMx/Mb6UYGIV94ZCdSHUIcTZR7
qUnjQVWnyTfAzkeVfhVBq3o5LcJrSNihtlGWIUiHpbOXOWnElKHBUe2O9I0dHjOv
3frdsUBpj0+h6lwPbqHmYf0shbl3+3FiUW9k8RQYodo4BWlrQCJIqIvfBwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFOZDOpGMlAXzBbuC+unNEx32xT9SMB8GA1UdIwQY
MBaAFOW9eSOv266H0HsjCN04nZzwgu1tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2Ut
MjZkMWU1NDU3OGYxLzEvNWtNNmtZeVVCZk1GdTRMNjZjMFRIZmJGUDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2UtMjZkMWU1NDU3OGYx
LzEvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQALVMpMAwD
BAA/+jsDBAA/+jwDBABRHAYDBAJT5VQDBABbyqoDBAC57Q4DBAG57WADBADCJFgw
DQYJKoZIhvcNAQELBQADggEBAHaUoH1mFkDQ+3Q9r84E7y4BFg4i6kHoqJKnyqbX
NtIq5CRjd4vvCXwVaaOvii+KiRjatxTxPpwpR5wBY3mOa3SPLvoRLIA+1dmOncAg
UmXusGsjALffbgQ3G4EkgqV/55gbzzUKolSsrKe7C2qZQEF0Q+f+cNPvQyiQgeXs
jGa8wCYpWpiGR+LQM/jOyTNdJ2I4+iMZTyGc8IWnUagnZsq00oUPr4NetLtPQNzi
igAmUEm+m9JudE0vYPDNNb7mdcPVpzwKM1Lb3s8Vh71+Mb8NtFQdfgXKEpaH3VJd
Cv6a2i3kIE0S60WNiSeKNn250YbMlM5HdZjdR4kDQIN4K9k=
-----END CERTIFICATE-----