Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/_IL0C_6DEz3jEgPnLP33_1u4M-M.roa
File:                     _IL0C_6DEz3jEgPnLP33_1u4M-M.roa (raw, json)
Hash identifier:          FGTXEj2K2GdjCX25jKmsfF8uht38YBi6IXr70arkDIU=
Subject key identifier:   FC:82:F4:0B:FE:83:13:3D:E3:12:03:E7:2C:FD:F7:FF:5B:B8:33:E3
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01856DCAE69228E632D64179ECBC54DF7931
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/_IL0C_6DEz3jEgPnLP33_1u4M-M.roa
Signing time:             Sun 01 Jan 2023 14:44:51 +0000
ROA not before:           Sun 01 Jan 2023 14:44:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        93.190.246.0/23 maxlen: 23
                          45.129.127.0/24 maxlen: 24
                          45.146.88.0/24 maxlen: 24
                          45.128.79.0/24 maxlen: 24
                          45.154.229.0/24 maxlen: 24
                          45.135.37.0/24 maxlen: 24
                          45.135.38.0/24 maxlen: 24
                          45.154.247.0/24 maxlen: 24
                          45.128.26.0/24 maxlen: 24
                          45.128.25.0/24 maxlen: 24
                          2a0f:e840::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:ca:e6:92:28:e6:32:d6:41:79:ec:bc:54:df:79:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  1 14:44:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fc82f40bfe83133de31203e72cfdf7ff5bb833e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:14:3d:77:8e:d3:c0:08:b2:ff:38:ac:d8:87:
                    06:a0:45:fa:b7:90:31:76:d7:10:8e:0b:bb:3e:eb:
                    a7:7e:b2:df:d3:17:04:05:8f:3d:aa:3f:e7:d3:9a:
                    bd:e5:5e:8e:5f:e8:c8:c1:f3:9d:be:2b:85:ac:5b:
                    9b:9f:b6:7c:a1:b3:c7:fe:79:17:6c:39:35:e5:2b:
                    51:a6:ed:74:db:c9:e5:70:72:ec:47:d3:92:2c:40:
                    9b:c9:c0:b3:4c:d4:0c:67:0e:30:3a:ea:ce:e7:93:
                    1c:7f:91:93:51:58:a7:24:bc:00:00:99:be:c4:8a:
                    e2:9b:a4:47:5a:37:0c:02:7d:c8:ca:e5:77:c9:0d:
                    41:5d:c2:91:6c:26:61:45:ce:a6:97:ab:dc:bb:f7:
                    db:1e:86:a4:7e:fc:47:a1:25:24:1c:e5:d8:2f:4c:
                    a3:10:78:fd:64:2e:45:d2:39:1c:35:f6:cd:da:45:
                    2a:1a:60:20:83:62:d8:ac:0d:56:a0:95:98:fc:4e:
                    36:05:71:8f:07:8b:9c:cc:4a:11:1c:49:af:fd:c1:
                    39:8b:33:01:b2:da:17:0a:1e:ef:39:bb:d9:2f:51:
                    58:57:2d:fd:3b:de:9a:31:79:45:d7:a8:5f:3f:60:
                    b6:fa:66:24:d7:f1:92:34:cc:27:a9:b2:83:91:f2:
                    56:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:82:F4:0B:FE:83:13:3D:E3:12:03:E7:2C:FD:F7:FF:5B:B8:33:E3
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/_IL0C_6DEz3jEgPnLP33_1u4M-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.25.0-45.128.26.255
                  45.128.79.0/24
                  45.129.127.0/24
                  45.135.37.0-45.135.38.255
                  45.146.88.0/24
                  45.154.229.0/24
                  45.154.247.0/24
                  93.190.246.0/23
                IPv6:
                  2a0f:e840::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:eb:8f:fb:a9:4a:ff:c5:cc:53:01:b4:e3:8a:09:07:0e:1f:
         f4:21:48:d5:18:ce:76:d6:3a:28:f0:f5:d4:06:d3:38:9e:87:
         ff:11:f1:f3:09:2f:8a:41:65:0d:f3:2e:a1:81:ac:5e:15:e2:
         e5:ec:44:f0:04:f8:b8:ee:c5:ad:1b:16:98:61:d0:83:ea:a4:
         33:f3:cb:14:f6:ad:cd:1f:21:8f:e7:07:37:e6:6a:b3:fa:44:
         b8:81:02:4e:ec:52:10:ea:45:50:5a:b0:d8:fd:51:0b:0e:fc:
         3e:12:6e:17:a6:43:e2:c9:a2:b5:b0:bc:fe:9b:5b:f4:4c:15:
         4b:ca:9b:bf:ac:88:5b:43:e4:e0:4e:2a:61:49:d1:01:54:1b:
         65:af:e6:73:d4:b9:6b:ea:3e:92:e4:fd:32:c7:68:64:b1:03:
         dd:6a:d7:c5:f4:54:57:9b:47:d5:5c:26:ba:bb:64:7f:03:e0:
         c5:30:66:e2:c5:43:07:31:a7:ad:e3:b3:72:98:ab:60:76:e9:
         8d:e1:5a:82:2c:da:fc:4d:ca:46:55:9d:92:9f:b9:2e:4a:e6:
         f4:09:ca:e8:59:2c:6a:67:02:2e:70:6c:ba:a5:45:b8:4d:93:
         5f:f7:c2:be:1d:4a:4e:bc:90:70:be:13:ca:d3:d8:c7:93:fb:
         95:81:82:4d
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYVtyuaSKOYy1kF57LxU33kxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMwMTAxMTQ0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzgyZjQwYmZlODMxMzNkZTMxMjAzZTcyY2ZkZjdmZjViYjgzM2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhQ9d47TwAiy/zis2IcGoEX6t5Ax
dtcQjgu7PuunfrLf0xcEBY89qj/n05q95V6OX+jIwfOdviuFrFubn7Z8obPH/nkX
bDk15StRpu1028nlcHLsR9OSLECbycCzTNQMZw4wOurO55Mcf5GTUVinJLwAAJm+
xIrim6RHWjcMAn3IyuV3yQ1BXcKRbCZhRc6ml6vcu/fbHoakfvxHoSUkHOXYL0yj
EHj9ZC5F0jkcNfbN2kUqGmAgg2LYrA1WoJWY/E42BXGPB4uczEoRHEmv/cE5izMB
stoXCh7vObvZL1FYVy39O96aMXlF16hfP2C2+mYk1/GSNMwnqbKDkfJWkwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFPyC9Av+gxM94xID5yz99/9buDPjMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvX0lMMENfNkRFejNqRWdQbkxQMzNfMXU0TS1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAMAwDBAAtgBkD
BAAtgBoDBAAtgE8DBAAtgX8wDAMEAC2HJQMEAC2HJgMEAC2SWAMEAC2a5QMEAC2a
9wMEAV2+9jANBAIAAjAHAwUAKg/oQDANBgkqhkiG9w0BAQsFAAOCAQEAP+uP+6lK
/8XMUwG044oJBw4f9CFI1RjOdtY6KPD11AbTOJ6H/xHx8wkvikFlDfMuoYGsXhXi
5exE8AT4uO7FrRsWmGHQg+qkM/PLFPatzR8hj+cHN+Zqs/pEuIECTuxSEOpFUFqw
2P1RCw78PhJuF6ZD4smitbC8/ptb9EwVS8qbv6yIW0Pk4E4qYUnRAVQbZa/mc9S5
a+o+kuT9MsdoZLED3WrXxfRUV5tH1VwmurtkfwPgxTBm4sVDBzGnreOzcpirYHbp
jeFagiza/E3KRlWdkp+5Lkrm9AnK6FksamcCLnBsuqVFuE2TX/fCvh1KTryQcL4T
ytPYx5P7lYGCTQ==
-----END CERTIFICATE-----