Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/bPCqBMQSQuzbVt3JKnUfzAx_fsI.roa
File:                     bPCqBMQSQuzbVt3JKnUfzAx_fsI.roa (raw, json)
Hash identifier:          k5ZhsJ7dY7x2cmFWHXTQQXRJ/LCxn3ePrZ5x3XEFF58=
Subject key identifier:   6C:F0:AA:04:C4:12:42:EC:DB:56:DD:C9:2A:75:1F:CC:0C:7F:7E:C2
Certificate issuer:       /CN=09e2af08cf6e12e2304fb3bdec64cfbcedaa8522
Certificate serial:       018A18E96A7010DBE003F9D6534EBD60E424
Authority key identifier: 09:E2:AF:08:CF:6E:12:E2:30:4F:B3:BD:EC:64:CF:BC:ED:AA:85:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/bPCqBMQSQuzbVt3JKnUfzAx_fsI.roa
Signing time:             Mon 21 Aug 2023 16:24:24 +0000
ROA not before:           Mon 21 Aug 2023 16:24:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25335
IP address blocks:        185.105.56.0/23 maxlen: 23
                          185.105.58.0/23 maxlen: 23
                          185.122.130.0/23 maxlen: 23
                          185.105.59.0/24 maxlen: 24
                          185.116.172.0/23 maxlen: 23
                          185.130.36.0/23 maxlen: 23
                          185.127.56.0/23 maxlen: 23
                          185.130.38.0/23 maxlen: 23
                          185.116.175.0/24 maxlen: 24
                          185.127.58.0/23 maxlen: 23
                          185.129.10.0/23 maxlen: 23
                          185.129.8.0/23 maxlen: 23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:18:e9:6a:70:10:db:e0:03:f9:d6:53:4e:bd:60:e4:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09e2af08cf6e12e2304fb3bdec64cfbcedaa8522
        Validity
            Not Before: Aug 21 16:24:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6cf0aa04c41242ecdb56ddc92a751fcc0c7f7ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:87:18:f0:66:af:dd:a4:db:63:81:87:62:18:
                    48:d6:1c:9c:c0:60:ee:8d:9c:d1:6d:2f:f3:e4:b1:
                    a1:28:a7:e2:73:1b:4b:6c:00:c7:1a:26:13:49:1c:
                    19:63:22:0e:bd:e5:ac:7b:d2:71:53:d8:8c:20:42:
                    d2:4d:98:79:5f:9d:b9:0e:c0:fb:89:1b:36:9f:60:
                    4a:27:30:ed:29:a8:24:6a:ae:24:bb:b3:06:25:65:
                    a8:13:5e:03:a2:3a:51:92:97:c1:be:d9:93:1b:2b:
                    e3:65:06:1f:fe:a1:f9:dd:51:77:da:df:0e:f9:f8:
                    4b:e3:9a:03:3c:5d:d8:17:27:9a:55:b4:55:e3:b4:
                    3d:e2:67:8e:e0:36:6a:b7:ac:f8:3e:30:38:6a:69:
                    1b:06:8a:62:e3:d4:ec:a6:24:c7:78:82:26:c7:5f:
                    85:84:c8:f6:9e:67:b5:9c:ad:7b:ba:30:a9:34:1e:
                    5b:fe:84:58:5c:24:05:55:0c:0e:87:0b:21:2b:82:
                    fc:c2:c2:2f:06:d6:ae:4f:65:af:4d:94:bd:42:9c:
                    39:4c:52:36:1c:fb:69:a5:8f:51:70:b8:58:c7:db:
                    28:4d:89:67:e8:4d:99:ab:35:a0:ab:26:a8:89:99:
                    96:4b:6b:2a:96:fe:e8:87:1f:ba:c6:55:ea:43:e6:
                    2d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:F0:AA:04:C4:12:42:EC:DB:56:DD:C9:2A:75:1F:CC:0C:7F:7E:C2
            X509v3 Authority Key Identifier:
                keyid:09:E2:AF:08:CF:6E:12:E2:30:4F:B3:BD:EC:64:CF:BC:ED:AA:85:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/bPCqBMQSQuzbVt3JKnUfzAx_fsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CeKvCM9uEuIwT7O97GTPvO2qhSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.56.0/22
                  185.116.172.0/23
                  185.116.175.0/24
                  185.122.130.0/23
                  185.127.56.0/22
                  185.129.8.0/22
                  185.130.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:99:b4:2a:56:46:02:a9:17:34:a2:3d:d3:62:88:5b:7b:81:
         db:2a:71:25:ca:0b:1c:2f:48:35:5b:31:fd:95:f8:f8:2a:ad:
         31:2a:28:63:40:98:91:de:19:a7:f1:fe:7b:06:fd:b6:98:2d:
         29:d3:aa:14:b7:c6:e3:5d:b0:a2:00:3c:c1:d7:53:6e:da:ad:
         65:a5:18:5e:40:a7:09:83:de:99:22:91:a8:ee:c2:01:39:f5:
         fc:d0:8a:c7:70:a7:ba:43:b0:5b:1c:14:e2:14:58:97:b4:62:
         38:fa:22:9c:a3:d9:04:ec:2b:d6:c3:d0:63:17:4b:17:32:1c:
         f8:16:ed:6e:83:65:bf:ce:a6:be:d9:7e:7c:e1:18:f7:fd:74:
         f4:80:40:8d:09:30:09:19:ab:6a:f4:55:42:a6:41:ef:f6:c6:
         4c:fc:18:cf:7d:fa:8d:e8:95:25:1d:af:45:f1:f4:7a:32:22:
         d5:d1:6b:c3:be:96:bd:a0:41:e7:18:53:97:c6:df:9d:80:c1:
         8f:fc:fe:08:b7:1c:09:d1:07:31:d1:24:93:a1:3d:4a:22:a2:
         ad:ad:6c:f6:53:41:a1:c9:35:92:51:98:62:77:c7:6b:47:1d:
         e6:63:d0:74:53:97:ed:83:18:63:98:a0:74:76:22:c4:61:42:
         d1:83:11:50
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYoY6WpwENvgA/nWU069YOQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZTJhZjA4Y2Y2ZTEyZTIzMDRmYjNiZGVjNjRjZmJjZWRh
YTg1MjIwHhcNMjMwODIxMTYyNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2YwYWEwNGM0MTI0MmVjZGI1NmRkYzkyYTc1MWZjYzBjN2Y3ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhocY8Gav3aTbY4GHYhhI1hycwGDu
jZzRbS/z5LGhKKficxtLbADHGiYTSRwZYyIOveWse9JxU9iMIELSTZh5X525DsD7
iRs2n2BKJzDtKagkaq4ku7MGJWWoE14DojpRkpfBvtmTGyvjZQYf/qH53VF32t8O
+fhL45oDPF3YFyeaVbRV47Q94meO4DZqt6z4PjA4amkbBopi49TspiTHeIImx1+F
hMj2nme1nK17ujCpNB5b/oRYXCQFVQwOhwshK4L8wsIvBtauT2WvTZS9Qpw5TFI2
HPtppY9RcLhYx9soTYln6E2ZqzWgqyaoiZmWS2sqlv7ohx+6xlXqQ+YtLQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGzwqgTEEkLs21bdySp1H8wMf37CMB8GA1UdIwQY
MBaAFAnirwjPbhLiME+zvexkz7ztqoUiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VLdkNNOXVFdUl3VDdPOTdHVFB2TzJxaFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8xOWQzY2QtNjYxMC00M2YwLTgzZWIt
NzBhMWFmNTFkZmJlLzEvYlBDcUJNUVNRdXpiVnQzSktuVWZ6QXhfZnNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8xOWQzY2QtNjYxMC00M2YwLTgzZWItNzBhMWFmNTFkZmJl
LzEvQ2VLdkNNOXVFdUl3VDdPOTdHVFB2TzJxaFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCuWk4AwQB
uXSsAwQAuXSvAwQBuXqCAwQCuX84AwQCuYEIAwQCuYIkMA0GCSqGSIb3DQEBCwUA
A4IBAQC3mbQqVkYCqRc0oj3TYohbe4HbKnElygscL0g1WzH9lfj4Kq0xKihjQJiR
3hmn8f57Bv22mC0p06oUt8bjXbCiADzB11Nu2q1lpRheQKcJg96ZIpGo7sIBOfX8
0IrHcKe6Q7BbHBTiFFiXtGI4+iKco9kE7CvWw9BjF0sXMhz4Fu1ug2W/zqa+2X58
4Rj3/XT0gECNCTAJGatq9FVCpkHv9sZM/BjPffqN6JUlHa9F8fR6MiLV0WvDvpa9
oEHnGFOXxt+dgMGP/P4ItxwJ0Qcx0SSToT1KIqKtrWz2U0GhyTWSUZhid8drRx3m
Y9B0U5ftgxhjmKB0diLEYULRgxFQ
-----END CERTIFICATE-----