Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/XUmabG0rVTv_lSX7nFC40EZtZK4.roa
File:                     XUmabG0rVTv_lSX7nFC40EZtZK4.roa (raw, json)
Hash identifier:          asN8gdSUKlFuVes3TZs6gzhmed+DeDxf5z5Jh/Ht7Bw=
Subject key identifier:   5D:49:9A:6C:6D:2B:55:3B:FF:95:25:FB:9C:50:B8:D0:46:6D:64:AE
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018463883A92CAB942AF2A8A12CBA243520B
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/XUmabG0rVTv_lSX7nFC40EZtZK4.roa
Signing time:             Thu 10 Nov 2022 21:53:03 +0000
ROA not before:           Thu 10 Nov 2022 21:53:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     399975
IP address blocks:        2a0f:140::/29 maxlen: 29
                          2a0f:e540::/29 maxlen: 29
                          2a0f:2e80::/29 maxlen: 29
                          2a0f:cc00::/29 maxlen: 29
                          2a13:1380::/29 maxlen: 29
                          2a0f:fc00::/29 maxlen: 29
                          2a0f:2f80::/29 maxlen: 29
                          2a0f:e4c0::/29 maxlen: 29
                          2a0f:2d80::/29 maxlen: 29
                          2a13:1480::/29 maxlen: 29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:63:88:3a:92:ca:b9:42:af:2a:8a:12:cb:a2:43:52:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov 10 21:53:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5d499a6c6d2b553bff9525fb9c50b8d0466d64ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:30:aa:2f:7a:bb:ca:4c:16:20:01:b9:8d:a5:
                    fd:04:a4:33:33:c8:56:01:4f:9b:71:4c:c5:6d:da:
                    b9:0f:9f:af:e4:80:a5:65:5a:30:9a:93:66:5e:bb:
                    29:dc:bb:46:e2:90:d9:a7:13:44:d7:61:83:d9:6c:
                    b0:b1:6b:14:96:40:f8:c3:0d:74:63:d7:26:b5:1e:
                    3b:a2:ee:7b:4e:be:29:6d:3c:56:b6:0b:bf:62:76:
                    b2:14:09:42:10:c8:83:b4:13:49:a5:de:d5:e5:11:
                    9d:2b:10:04:38:62:42:5c:fc:d1:76:07:ce:9b:dd:
                    9b:76:0a:4d:00:4f:8f:17:16:d5:c0:d1:95:ab:da:
                    5d:ee:df:d5:f2:e9:93:e6:1d:c8:34:84:e3:83:40:
                    84:df:de:c0:aa:c1:c8:11:ca:66:8e:96:77:f3:c3:
                    19:53:06:51:c1:08:bf:e5:28:6c:68:bb:79:3e:93:
                    56:ec:98:29:2f:21:e5:e0:62:8a:59:a8:ee:99:a4:
                    64:1f:98:41:78:4d:11:94:52:a1:b0:60:52:02:84:
                    3c:18:83:84:71:ab:75:7a:27:1b:6d:ad:96:1e:e0:
                    b5:b8:a6:2c:f3:ea:83:a5:ab:d1:d8:48:56:bc:b5:
                    e7:0f:4d:c5:0e:c4:b4:ff:50:02:ce:81:28:d2:42:
                    61:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:49:9A:6C:6D:2B:55:3B:FF:95:25:FB:9C:50:B8:D0:46:6D:64:AE
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/XUmabG0rVTv_lSX7nFC40EZtZK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:140::/29
                  2a0f:2d80::/29
                  2a0f:2e80::/29
                  2a0f:2f80::/29
                  2a0f:cc00::/29
                  2a0f:e4c0::/29
                  2a0f:e540::/29
                  2a0f:fc00::/29
                  2a13:1380::/29
                  2a13:1480::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:7c:ed:e5:53:d4:47:36:97:87:d2:20:51:2c:e6:2c:cc:22:
         b7:2e:68:33:51:b4:41:f3:9a:3d:31:f9:26:2d:28:86:03:55:
         ae:f4:d5:21:76:6f:98:19:04:17:2f:68:81:b0:0f:83:89:82:
         62:3d:96:65:94:b8:f7:ac:52:1d:eb:69:ab:fc:d2:42:86:ca:
         fb:34:4d:72:41:70:b2:f1:ab:ba:bd:5b:f4:29:5e:8a:6d:ac:
         8a:8d:97:4a:e5:3c:04:b3:fb:a1:a1:eb:c9:1d:38:4a:2a:39:
         8e:c3:db:be:9e:98:8b:ba:97:ce:3f:d9:24:f3:db:17:8c:11:
         0c:cb:7e:07:0a:5f:e8:fb:6e:f0:18:ac:d3:6d:f5:4c:7e:28:
         8e:33:f8:c0:fc:62:54:69:d9:fb:9f:a4:92:b9:12:6c:d2:83:
         70:e3:7f:ec:30:96:66:99:24:b0:5e:39:4c:56:7e:c0:a5:e0:
         d0:3d:33:ba:00:f1:22:44:e4:92:cd:b2:43:57:9a:5c:ad:0a:
         7d:4c:70:08:12:b4:4c:60:a3:60:8e:d7:cc:4c:a2:42:0c:bf:
         67:a4:49:4b:8d:08:6b:f8:45:fd:ad:19:63:6f:2c:8a:ef:ae:
         12:29:11:fe:5e:8c:91:2f:79:ea:dd:6a:6e:46:54:45:7d:75:
         2e:20:08:6d
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYRjiDqSyrlCryqKEsuiQ1ILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjIxMTEwMjE1MzAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDQ5OWE2YzZkMmI1NTNiZmY5NTI1ZmI5YzUwYjhkMDQ2NmQ2NGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjCqL3q7ykwWIAG5jaX9BKQzM8hW
AU+bcUzFbdq5D5+v5IClZVowmpNmXrsp3LtG4pDZpxNE12GD2WywsWsUlkD4ww10
Y9cmtR47ou57Tr4pbTxWtgu/YnayFAlCEMiDtBNJpd7V5RGdKxAEOGJCXPzRdgfO
m92bdgpNAE+PFxbVwNGVq9pd7t/V8umT5h3INITjg0CE397AqsHIEcpmjpZ388MZ
UwZRwQi/5ShsaLt5PpNW7JgpLyHl4GKKWajumaRkH5hBeE0RlFKhsGBSAoQ8GIOE
cat1eicbba2WHuC1uKYs8+qDpavR2EhWvLXnD03FDsS0/1ACzoEo0kJhgwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFF1JmmxtK1U7/5Ul+5xQuNBGbWSuMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWFVtYWJHMHJWVHZfbFNYN25GQzQwRVp0Wks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKg8BQAMF
AyoPLYADBQMqDy6AAwUDKg8vgAMFAyoPzAADBQMqD+TAAwUDKg/lQAMFAyoP/AAD
BQMqExOAAwUDKhMUgDANBgkqhkiG9w0BAQsFAAOCAQEAGXzt5VPURzaXh9IgUSzm
LMwity5oM1G0QfOaPTH5Ji0ohgNVrvTVIXZvmBkEFy9ogbAPg4mCYj2WZZS496xS
Hetpq/zSQobK+zRNckFwsvGrur1b9Cleim2sio2XSuU8BLP7oaHryR04Sio5jsPb
vp6Yi7qXzj/ZJPPbF4wRDMt+Bwpf6Ptu8Bis0231TH4ojjP4wPxiVGnZ+5+kkrkS
bNKDcON/7DCWZpkksF45TFZ+wKXg0D0zugDxIkTkks2yQ1eaXK0KfUxwCBK0TGCj
YI7XzEyiQgy/Z6RJS40Ia/hF/a0ZY28siu+uEikR/l6MkS956t1qbkZURX11LiAI
bQ==
-----END CERTIFICATE-----