Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/d0W9Zx1nRiMC-qfQIhV-N7u8YBc.roa
File:                     d0W9Zx1nRiMC-qfQIhV-N7u8YBc.roa (raw, json)
Hash identifier:          Td6cVcI4LFcT0y1z1QQ5I28K118WoV/Osb/HrZuqtv0=
Subject key identifier:   77:45:BD:67:1D:67:46:23:02:FA:A7:D0:22:15:7E:37:BB:BC:60:17
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       01849B23506B3D86F0E42823319CF4D35B65
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/d0W9Zx1nRiMC-qfQIhV-N7u8YBc.roa
Signing time:             Mon 21 Nov 2022 17:01:33 +0000
ROA not before:           Mon 21 Nov 2022 17:01:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202848
IP address blocks:        185.158.242.0/24 maxlen: 24
                          89.37.174.0/24 maxlen: 24
                          185.121.137.0/24 maxlen: 24
                          217.146.93.0/24 maxlen: 24
                          185.137.38.0/24 maxlen: 24
                          185.137.37.0/24 maxlen: 24
                          185.137.39.0/24 maxlen: 24
                          195.206.167.0/24 maxlen: 24
                          109.69.104.0/24 maxlen: 24
                          194.50.234.0/24 maxlen: 24
                          89.40.212.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9b:23:50:6b:3d:86:f0:e4:28:23:31:9c:f4:d3:5b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Nov 21 17:01:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7745bd671d67462302faa7d022157e37bbbc6017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:72:87:9c:82:46:bd:ed:76:e4:04:38:34:95:
                    6a:ad:95:21:ff:82:30:bd:0a:7b:0a:35:51:ef:90:
                    77:2b:10:a7:f0:a4:f7:1c:fe:b1:78:d7:2b:13:b7:
                    97:65:8a:44:b8:84:8a:2e:5e:7f:53:9c:50:77:dc:
                    7e:40:d6:26:df:e9:c2:da:f9:16:77:7e:33:2d:2f:
                    7b:32:88:d2:84:5d:34:44:f3:c5:48:6f:06:b8:aa:
                    8a:95:ce:78:5e:d7:e9:84:d4:30:eb:5d:cc:1e:fc:
                    9d:06:80:ef:dc:45:60:1f:82:86:17:07:da:2d:42:
                    95:15:ec:b6:d3:c2:24:6a:c5:e5:33:64:7b:f2:8f:
                    ff:ff:22:d0:47:bb:6e:a8:da:56:d3:6f:44:01:eb:
                    1a:b7:5f:85:01:24:5c:a3:26:20:21:e1:05:c8:99:
                    3a:67:ce:9e:dc:49:cf:38:cb:b3:5b:3b:70:1e:85:
                    4a:9a:21:40:d6:ef:4e:c3:04:d1:dd:37:7f:c4:86:
                    9e:99:68:69:a5:15:8f:1e:44:fd:9f:9c:ed:f7:64:
                    c4:ad:4b:ec:a2:e7:bf:77:cb:a9:81:ea:7d:d4:71:
                    8a:e1:a1:77:15:0f:5b:6d:85:e5:54:5f:32:22:b6:
                    22:30:a3:80:15:fc:a0:0a:6c:15:ff:3a:24:37:65:
                    a2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:45:BD:67:1D:67:46:23:02:FA:A7:D0:22:15:7E:37:BB:BC:60:17
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/d0W9Zx1nRiMC-qfQIhV-N7u8YBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.174.0/24
                  89.40.212.0/24
                  109.69.104.0/24
                  185.121.137.0/24
                  185.137.37.0-185.137.39.255
                  185.158.242.0/24
                  194.50.234.0/24
                  195.206.167.0/24
                  217.146.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:48:bf:cd:72:3f:ce:1f:05:15:43:b5:71:9f:1c:ea:fd:81:
         b4:5a:d7:9c:d0:7a:64:bf:9c:c6:dc:a1:9a:40:8d:c7:8e:a1:
         b2:0a:81:93:1e:58:84:67:51:b9:99:56:a0:17:55:5c:40:65:
         31:13:0d:36:70:09:37:0e:79:73:59:77:7b:eb:2e:06:0a:c9:
         7d:2e:d1:82:67:8d:23:d6:32:9f:c9:89:10:84:08:5c:74:b6:
         4f:a3:9f:7a:87:8c:c6:6d:d3:42:10:77:8d:2b:86:94:8d:ff:
         54:d7:98:51:44:f9:ca:8f:75:72:c9:54:29:ca:c4:89:cc:9a:
         8a:91:a9:06:7e:2d:45:50:df:f1:a5:f6:84:1d:29:df:da:5c:
         5c:63:8e:0a:6b:1a:c0:54:4b:65:b4:a8:45:c6:7a:f6:89:d9:
         18:cf:0a:29:de:c1:40:43:34:24:a3:ca:6c:de:af:43:eb:4c:
         8f:32:9f:15:e4:ca:08:c2:4d:bf:df:07:52:57:b7:d3:97:68:
         53:2f:8d:33:d3:97:db:46:f6:ea:37:8c:d3:78:9b:b5:d3:8d:
         2e:f1:2a:fa:54:bf:8d:bc:8e:50:73:25:7f:75:3b:43:bc:bd:
         c8:94:1b:91:cd:d3:31:37:b3:dd:a6:a7:a9:b4:95:ec:c9:7b:
         86:69:8c:ba
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYSbI1BrPYbw5CgjMZz001tlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjIxMTIxMTcwMTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzQ1YmQ2NzFkNjc0NjIzMDJmYWE3ZDAyMjE1N2UzN2JiYmM2MDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3KHnIJGve125AQ4NJVqrZUh/4Iw
vQp7CjVR75B3KxCn8KT3HP6xeNcrE7eXZYpEuISKLl5/U5xQd9x+QNYm3+nC2vkW
d34zLS97MojShF00RPPFSG8GuKqKlc54XtfphNQw613MHvydBoDv3EVgH4KGFwfa
LUKVFey208IkasXlM2R78o///yLQR7tuqNpW029EAesat1+FASRcoyYgIeEFyJk6
Z86e3EnPOMuzWztwHoVKmiFA1u9OwwTR3Td/xIaemWhppRWPHkT9n5zt92TErUvs
oue/d8upgep91HGK4aF3FQ9bbYXlVF8yIrYiMKOAFfygCmwV/zokN2WiqQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFHdFvWcdZ0YjAvqn0CIVfje7vGAXMB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEvZDBXOVp4MW5SaU1DLXFmUUloVi1ON3U4WUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAWSWuAwQA
WSjUAwQAbUVoAwQAuXmJMAwDBAC5iSUDBAO5iSADBAC5nvIDBADCMuoDBADDzqcD
BADZkl0wDQYJKoZIhvcNAQELBQADggEBAD9Iv81yP84fBRVDtXGfHOr9gbRa15zQ
emS/nMbcoZpAjceOobIKgZMeWIRnUbmZVqAXVVxAZTETDTZwCTcOeXNZd3vrLgYK
yX0u0YJnjSPWMp/JiRCECFx0tk+jn3qHjMZt00IQd40rhpSN/1TXmFFE+cqPdXLJ
VCnKxInMmoqRqQZ+LUVQ3/Gl9oQdKd/aXFxjjgprGsBUS2W0qEXGevaJ2RjPCine
wUBDNCSjymzer0PrTI8ynxXkygjCTb/fB1JXt9OXaFMvjTPTl9tG9uo3jNN4m7XT
jS7xKvpUv428jlBzJX91O0O8vciUG5HN0zE3s92mp6m0lezJe4ZpjLo=
-----END CERTIFICATE-----