Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/o6u20szz2qJ1SY2DNbWLUHQvTYk.roa
File:                     o6u20szz2qJ1SY2DNbWLUHQvTYk.roa (raw, json)
Hash identifier:          a0LxKDED2YmvbsZnp8IMcaed/kQZPlKUAfGYFhxTbAc=
Subject key identifier:   A3:AB:B6:D2:CC:F3:DA:A2:75:49:8D:83:35:B5:8B:50:74:2F:4D:89
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0189DA944B1682070DA85B971B5D32BECBC2
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/o6u20szz2qJ1SY2DNbWLUHQvTYk.roa
Signing time:             Wed 09 Aug 2023 13:54:58 +0000
ROA not before:           Wed 09 Aug 2023 13:54:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210489
IP address blocks:        45.135.96.0/23 maxlen: 23
                          45.135.98.0/23 maxlen: 23
                          45.136.64.0/22 maxlen: 23
                          185.222.32.0/23 maxlen: 23
                          185.222.34.0/23 maxlen: 23
                          45.141.16.0/23 maxlen: 23
                          45.152.8.0/23 maxlen: 23
                          45.141.18.0/23 maxlen: 23
                          91.244.204.0/22 maxlen: 23
                          46.161.220.0/23 maxlen: 23
                          46.161.222.0/23 maxlen: 23
                          45.141.62.0/23 maxlen: 23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:da:94:4b:16:82:07:0d:a8:5b:97:1b:5d:32:be:cb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Aug  9 13:54:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3abb6d2ccf3daa275498d8335b58b50742f4d89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:97:80:a2:37:7d:f8:bf:6b:10:12:f2:b0:2a:
                    9b:27:12:42:0e:6f:a0:a1:c8:f6:68:ee:14:18:3c:
                    d0:05:4e:b9:f7:c8:74:53:a6:8f:db:be:b4:b8:9a:
                    69:b3:cd:6b:4f:e3:c8:7e:2a:a6:7d:b7:e0:57:ce:
                    bd:75:9d:5c:6d:cc:8c:01:b5:a9:0d:38:70:c2:3b:
                    d0:80:4f:fc:45:dd:22:fa:69:a2:e4:3b:3d:92:90:
                    8f:a1:a1:7e:18:85:72:35:d8:72:5f:78:a0:d3:38:
                    90:1d:8f:b2:db:a0:b4:75:7b:4f:3b:91:0b:d3:bc:
                    28:1d:a7:92:ae:ae:82:b1:fb:ae:8a:2e:79:d5:23:
                    49:8b:e7:85:4b:42:46:a6:ea:17:38:13:c9:ed:5d:
                    f9:40:47:06:b2:7c:e4:94:46:23:ad:da:98:d5:fd:
                    0c:8f:b5:9c:d4:2f:7f:63:03:d2:7b:24:08:89:a6:
                    32:02:4f:31:d3:4b:2c:98:7f:42:0e:e0:d7:cc:64:
                    f2:be:6b:32:09:a3:7e:7c:d7:ea:9f:3d:a0:cd:e5:
                    b3:12:b9:73:36:e7:e7:43:7a:02:5b:99:4a:4e:92:
                    61:9f:f2:9f:15:48:5e:7f:79:46:f8:e1:1a:4e:bc:
                    f3:9d:2a:c5:6f:0f:b8:ad:85:25:af:80:ec:f2:cc:
                    7b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:AB:B6:D2:CC:F3:DA:A2:75:49:8D:83:35:B5:8B:50:74:2F:4D:89
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/o6u20szz2qJ1SY2DNbWLUHQvTYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.96.0/22
                  45.136.64.0/22
                  45.141.16.0/22
                  45.141.62.0/23
                  45.152.8.0/23
                  46.161.220.0/22
                  91.244.204.0/22
                  185.222.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:cc:44:35:38:b3:40:42:72:0c:a2:55:e6:7d:d7:e7:bc:97:
         77:b3:be:77:05:bf:07:16:ec:01:71:89:80:69:33:cb:da:d8:
         03:67:b5:66:e7:c9:a9:4c:be:a9:76:5a:eb:ce:13:8e:c5:0c:
         38:a7:05:69:a4:8f:7d:4a:16:93:32:78:8a:30:e0:0f:c3:34:
         0f:79:ab:b5:d6:4f:7c:71:48:8a:f4:c1:c6:72:76:0a:72:07:
         29:e4:ee:ba:26:95:1e:e6:f6:48:25:d8:c8:06:69:c0:4c:e1:
         19:06:71:fd:02:32:89:7a:94:a5:d1:77:ce:36:c0:47:1a:b1:
         df:a1:90:3d:7a:53:3f:70:87:0a:cc:ee:3d:52:c8:38:b3:13:
         44:85:36:fd:6e:a9:21:3c:3c:86:b1:09:55:b7:8a:f1:13:4f:
         ff:67:25:c8:f9:09:ea:a5:b5:30:0c:66:4c:b9:bf:a4:5e:db:
         9a:78:16:f3:68:80:69:73:ff:f8:ea:53:4f:7e:e1:d0:31:4c:
         c6:11:11:14:9f:81:ec:ab:63:ba:b7:e4:5b:29:18:ef:61:1c:
         bc:be:24:49:fa:4a:9e:b0:20:81:1c:5e:c5:fe:97:8d:c0:98:
         f9:85:77:5a:c4:85:c8:97:a7:7f:6f:6a:4d:9b:c2:53:9d:96:
         64:12:69:bb
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYnalEsWggcNqFuXG10yvsvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjMwODA5MTM1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2FiYjZkMmNjZjNkYWEyNzU0OThkODMzNWI1OGI1MDc0MmY0ZDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpeAojd9+L9rEBLysCqbJxJCDm+g
ocj2aO4UGDzQBU6598h0U6aP2760uJpps81rT+PIfiqmfbfgV869dZ1cbcyMAbWp
DThwwjvQgE/8Rd0i+mmi5Ds9kpCPoaF+GIVyNdhyX3ig0ziQHY+y26C0dXtPO5EL
07woHaeSrq6Csfuuii551SNJi+eFS0JGpuoXOBPJ7V35QEcGsnzklEYjrdqY1f0M
j7Wc1C9/YwPSeyQIiaYyAk8x00ssmH9CDuDXzGTyvmsyCaN+fNfqnz2gzeWzErlz
NufnQ3oCW5lKTpJhn/KfFUhef3lG+OEaTrzznSrFbw+4rYUlr4Ds8sx7EQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKOrttLM89qidUmNgzW1i1B0L02JMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvbzZ1MjBzenoycUoxU1kyRE5iV0xVSFF2VFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLYdgAwQC
LYhAAwQCLY0QAwQBLY0+AwQBLZgIAwQCLqHcAwQCW/TMAwQCud4gMA0GCSqGSIb3
DQEBCwUAA4IBAQCAzEQ1OLNAQnIMolXmfdfnvJd3s753Bb8HFuwBcYmAaTPL2tgD
Z7Vm58mpTL6pdlrrzhOOxQw4pwVppI99ShaTMniKMOAPwzQPeau11k98cUiK9MHG
cnYKcgcp5O66JpUe5vZIJdjIBmnATOEZBnH9AjKJepSl0XfONsBHGrHfoZA9elM/
cIcKzO49Usg4sxNEhTb9bqkhPDyGsQlVt4rxE0//ZyXI+QnqpbUwDGZMub+kXtua
eBbzaIBpc//46lNPfuHQMUzGEREUn4Hsq2O6t+RbKRjvYRy8viRJ+kqesCCBHF7F
/peNwJj5hXdaxIXIl6d/b2pNm8JTnZZkEmm7
-----END CERTIFICATE-----