Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/sFs_1_tDQZ2c2wPdHy0uLJAbI6k.roa
File:                     sFs_1_tDQZ2c2wPdHy0uLJAbI6k.roa (raw, json)
Hash identifier:          pO1D4nwSxQcupUUQwmqpi7mFADU2MU9pIzkzRid4oKY=
Subject key identifier:   B0:5B:3F:D7:FB:43:41:9D:9C:DB:03:DD:1F:2D:2E:2C:90:1B:23:A9
Certificate issuer:       /CN=cf58cbc4aae3f80c49b372911a8d44861cdfeecb
Certificate serial:       01856F4B8088102CA1A9B74881F0179647D8
Authority key identifier: CF:58:CB:C4:AA:E3:F8:0C:49:B3:72:91:1A:8D:44:86:1C:DF:EE:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z1jLxKrj-AxJs3KRGo1Ehhzf7ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/sFs_1_tDQZ2c2wPdHy0uLJAbI6k.roa
Signing time:             Sun 01 Jan 2023 21:44:57 +0000
ROA not before:           Sun 01 Jan 2023 21:44:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200924
IP address blocks:        185.75.164.0/22 maxlen: 22
                          185.44.132.0/22 maxlen: 22
                          5.83.176.0/20 maxlen: 20
                          46.167.24.0/21 maxlen: 21
                          185.27.212.0/22 maxlen: 22
                          185.37.248.0/22 maxlen: 22
                          185.6.120.0/22 maxlen: 22
                          31.22.24.0/21 maxlen: 21
                          2a01:7420::/32 maxlen: 32
                          2a05:5800::/29 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:4b:80:88:10:2c:a1:a9:b7:48:81:f0:17:96:47:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf58cbc4aae3f80c49b372911a8d44861cdfeecb
        Validity
            Not Before: Jan  1 21:44:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b05b3fd7fb43419d9cdb03dd1f2d2e2c901b23a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:94:85:e5:33:f1:1f:55:12:88:5b:5d:ce:69:
                    ec:a7:97:ed:bc:b6:2b:d6:06:44:4f:38:99:66:84:
                    f9:c3:64:5d:60:4b:8f:e4:df:e2:01:9c:a1:51:f5:
                    07:90:29:f8:50:68:e8:2c:0c:8d:07:df:5c:f2:3f:
                    f9:00:2a:ac:65:e9:34:5b:85:53:12:bc:e0:f9:6d:
                    e2:a0:68:a7:bf:df:29:a1:2e:cc:e9:65:f2:9c:80:
                    52:f0:87:50:c0:60:52:2b:57:c7:37:d3:88:53:57:
                    1a:4e:34:99:dd:5f:77:9f:d4:a8:d0:aa:d6:87:64:
                    f8:56:87:e3:34:f7:0e:7b:64:65:6b:1b:5b:33:9e:
                    00:48:66:c5:fc:88:be:55:d9:fe:3d:e3:90:0b:7b:
                    0d:d7:0d:43:bb:eb:80:06:29:5a:4c:3b:89:e0:ea:
                    4e:fe:2c:f5:e0:61:ca:cb:2e:09:ad:e7:46:9a:f3:
                    e2:1a:61:59:c2:e8:cf:76:3e:9e:89:0c:46:4e:f3:
                    33:57:3f:d8:93:f4:5f:96:bc:b3:b7:c5:fb:18:a5:
                    86:58:1f:05:6b:79:cf:e6:9e:14:93:7f:30:98:66:
                    e9:ab:35:a4:0f:93:e8:23:4f:ba:35:5f:b0:0a:9e:
                    f7:a3:28:42:ca:82:d3:42:4c:c4:d1:cc:14:bc:b9:
                    a2:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5B:3F:D7:FB:43:41:9D:9C:DB:03:DD:1F:2D:2E:2C:90:1B:23:A9
            X509v3 Authority Key Identifier:
                keyid:CF:58:CB:C4:AA:E3:F8:0C:49:B3:72:91:1A:8D:44:86:1C:DF:EE:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z1jLxKrj-AxJs3KRGo1Ehhzf7ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/sFs_1_tDQZ2c2wPdHy0uLJAbI6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/z1jLxKrj-AxJs3KRGo1Ehhzf7ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.176.0/20
                  31.22.24.0/21
                  46.167.24.0/21
                  185.6.120.0/22
                  185.27.212.0/22
                  185.37.248.0/22
                  185.44.132.0/22
                  185.75.164.0/22
                IPv6:
                  2a01:7420::/32
                  2a05:5800::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:d5:cd:3c:23:c7:29:90:32:a0:84:93:c6:9c:34:76:cc:5d:
         a4:f5:d7:08:04:23:f3:0b:0b:9f:7c:56:e1:c2:d1:68:6e:49:
         e4:a7:7d:fb:d7:c2:58:c2:17:f2:61:da:87:28:21:fb:a1:22:
         76:bf:cd:6f:e3:ef:91:73:4b:f2:71:15:36:80:f3:03:eb:1f:
         c3:6d:d9:06:ea:cc:43:10:11:c2:cd:3a:84:e6:93:15:b4:67:
         c6:2e:6b:9b:15:ab:ff:42:1d:7b:50:e1:b8:2f:8f:fd:51:c0:
         46:5a:e2:c9:76:33:74:20:59:03:03:c1:57:c6:64:c9:71:1a:
         ce:e4:7c:ca:db:06:b1:99:ae:54:d5:6a:12:b1:54:16:99:3c:
         a2:3c:5a:07:01:22:f4:e2:17:51:25:62:38:2f:ec:32:a5:f1:
         24:33:d4:5e:68:9b:57:a1:c7:41:30:4c:46:7c:df:da:66:00:
         e4:17:d9:a3:66:5f:79:ef:4b:ca:44:53:9a:4b:b3:54:e8:aa:
         5e:51:0e:30:3d:98:cd:8e:c0:88:8b:76:85:6d:d5:58:d3:c8:
         0d:f4:23:ff:49:77:d0:99:18:bb:10:0b:a0:29:bb:10:a7:18:
         8b:16:a1:a2:6d:42:1b:7a:ad:2e:80:3a:56:2c:a6:84:09:62:
         dd:67:48:82
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVvS4CIECyhqbdIgfAXlkfYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNThjYmM0YWFlM2Y4MGM0OWIzNzI5MTFhOGQ0NDg2MWNk
ZmVlY2IwHhcNMjMwMTAxMjE0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDViM2ZkN2ZiNDM0MTlkOWNkYjAzZGQxZjJkMmUyYzkwMWIyM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZSF5TPxH1USiFtdzmnsp5ftvLYr
1gZETziZZoT5w2RdYEuP5N/iAZyhUfUHkCn4UGjoLAyNB99c8j/5ACqsZek0W4VT
Erzg+W3ioGinv98poS7M6WXynIBS8IdQwGBSK1fHN9OIU1caTjSZ3V93n9So0KrW
h2T4VofjNPcOe2RlaxtbM54ASGbF/Ii+Vdn+PeOQC3sN1w1Du+uABilaTDuJ4OpO
/iz14GHKyy4JredGmvPiGmFZwujPdj6eiQxGTvMzVz/Yk/Rflryzt8X7GKWGWB8F
a3nP5p4Uk38wmGbpqzWkD5PoI0+6NV+wCp73oyhCyoLTQkzE0cwUvLmivwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFLBbP9f7Q0GdnNsD3R8tLiyQGyOpMB8GA1UdIwQY
MBaAFM9Yy8Sq4/gMSbNykRqNRIYc3+7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejFqTHhLcmotQXhKczNLUkdvMUVoaHpmN3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81Y2EzMjgtZjExNC00YjNmLWI4YmEt
NTBkN2Q5NGUyYjlmLzEvc0ZzXzFfdERRWjJjMndQZEh5MHVMSkFiSTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81Y2EzMjgtZjExNC00YjNmLWI4YmEtNTBkN2Q5NGUyYjlm
LzEvejFqTHhLcmotQXhKczNLUkdvMUVoaHpmN3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQEBVOwAwQD
HxYYAwQDLqcYAwQCuQZ4AwQCuRvUAwQCuSX4AwQCuSyEAwQCuUukMBQEAgACMA4D
BQAqAXQgAwUDKgVYADANBgkqhkiG9w0BAQsFAAOCAQEAGtXNPCPHKZAyoISTxpw0
dsxdpPXXCAQj8wsLn3xW4cLRaG5J5Kd9+9fCWMIX8mHahygh+6Eidr/Nb+PvkXNL
8nEVNoDzA+sfw23ZBurMQxARws06hOaTFbRnxi5rmxWr/0Ide1DhuC+P/VHARlri
yXYzdCBZAwPBV8ZkyXEazuR8ytsGsZmuVNVqErFUFpk8ojxaBwEi9OIXUSViOC/s
MqXxJDPUXmibV6HHQTBMRnzf2mYA5BfZo2Zfee9LykRTmkuzVOiqXlEOMD2YzY7A
iIt2hW3VWNPIDfQj/0l30JkYuxALoCm7EKcYixahom1CG3qtLoA6ViymhAli3WdI
gg==
-----END CERTIFICATE-----