Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/O5NoBZoddRO_rOS0HxXgSg5O_eg.roa
File:                     O5NoBZoddRO_rOS0HxXgSg5O_eg.roa (raw, json)
Hash identifier:          F0F9TZf3kxfajMBbmGPUhjXUNKylnYYQtqHSjzYD6AQ=
Subject key identifier:   3B:93:68:05:9A:1D:75:13:BF:AC:E4:B4:1F:15:E0:4A:0E:4E:FD:E8
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       0189469D27372FB811DF1F03CE04FA495C4E
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/O5NoBZoddRO_rOS0HxXgSg5O_eg.roa
Signing time:             Tue 11 Jul 2023 20:20:51 +0000
ROA not before:           Tue 11 Jul 2023 20:20:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209372
IP address blocks:        46.3.152.0/24 maxlen: 24
                          46.3.148.0/22 maxlen: 22
                          46.3.156.0/24 maxlen: 24
                          46.3.154.0/24 maxlen: 24
                          46.3.155.0/24 maxlen: 24
                          46.3.153.0/24 maxlen: 24
                          80.243.128.0/20 maxlen: 24
                          46.3.136.0/22 maxlen: 22
                          46.3.135.0/24 maxlen: 24
                          46.3.144.0/22 maxlen: 22
                          46.3.48.0/20 maxlen: 20
                          46.3.84.0/24 maxlen: 24
                          46.3.87.0/24 maxlen: 24
                          46.3.86.0/24 maxlen: 24
                          149.126.192.0/19 maxlen: 24
                          46.232.0.0/17 maxlen: 24
                          46.3.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:46:9d:27:37:2f:b8:11:df:1f:03:ce:04:fa:49:5c:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jul 11 20:20:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3b9368059a1d7513bface4b41f15e04a0e4efde8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:85:a3:2d:89:3d:0e:af:ff:fc:30:cb:88:d9:
                    44:cc:a3:91:98:17:65:f1:53:0b:2e:86:58:2e:bc:
                    68:35:88:56:dc:d9:70:67:f8:87:8c:c2:ec:67:1b:
                    83:ea:a5:f2:8d:d9:15:ef:75:05:67:c0:9c:88:4b:
                    d7:b3:a2:0b:9a:ef:11:b7:4d:c3:ed:25:ee:46:6a:
                    2d:c8:5a:c5:bc:cc:97:8f:65:f9:6b:b0:1b:8d:8c:
                    a0:94:63:b7:5e:8a:2c:21:d3:bd:a7:24:47:30:92:
                    24:99:ba:12:02:06:b8:84:2d:09:dd:2e:c9:7a:a5:
                    8c:d9:7d:f1:ba:f4:5a:77:7a:4b:b5:a5:d7:fe:17:
                    ba:5b:7a:44:78:77:12:a5:3d:d8:dc:3d:cc:83:c5:
                    09:50:56:d5:04:bf:42:48:2d:7a:11:de:cd:63:dd:
                    29:a7:ab:e1:0b:30:37:32:d8:e3:6f:3e:9c:fd:51:
                    56:20:8b:02:ff:3c:08:eb:a3:96:55:43:b2:bc:ea:
                    07:ca:c5:7d:23:67:05:0e:f2:f3:18:5d:b0:12:f1:
                    1d:8c:7a:55:99:4c:99:e0:4c:6d:3a:31:ef:07:a2:
                    d0:01:82:a1:6d:3e:4e:8f:21:47:75:af:aa:60:6b:
                    43:19:39:72:b9:88:20:13:5d:2c:b1:fd:6b:6a:9b:
                    22:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:93:68:05:9A:1D:75:13:BF:AC:E4:B4:1F:15:E0:4A:0E:4E:FD:E8
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/O5NoBZoddRO_rOS0HxXgSg5O_eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.0.0/16
                  46.232.0.0/17
                  80.243.128.0/20
                  149.126.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         41:81:b1:4e:4c:ae:88:a2:f1:74:19:f6:ab:bd:7a:c7:e7:f2:
         95:1f:61:a4:5b:a1:be:5b:d9:f9:62:05:12:83:8c:73:9a:1a:
         2b:7d:10:0c:8b:e8:62:88:e8:11:05:73:91:57:cc:59:39:d7:
         bd:0b:0b:50:8a:cf:94:f9:26:8b:f9:a8:4d:30:c2:d0:b9:e5:
         c0:95:c9:da:bf:9b:2a:3a:82:49:36:7f:ff:8f:e8:0a:31:ab:
         49:db:67:8a:c4:c1:98:63:25:08:ef:15:8c:90:b1:d3:c7:e5:
         0c:13:68:b3:e1:8f:1f:4e:f3:bc:7f:4c:32:1c:49:da:a3:e3:
         3e:bb:e0:1b:dc:d9:2c:0a:27:69:bf:df:d7:1b:1d:94:4b:ff:
         14:f7:8e:d0:9b:4b:35:5c:09:21:e4:54:2a:f1:d6:a9:a9:08:
         fc:66:75:34:58:57:39:c3:1e:91:b9:c2:55:5b:4c:41:70:6c:
         f5:a4:4b:c8:4e:78:a6:ba:a4:e4:29:a5:f5:9f:5e:17:be:1b:
         bc:cb:ef:3d:68:e9:9d:08:e4:3e:bd:da:d8:ef:68:31:6a:dd:
         e5:95:a7:65:fe:54:29:4d:08:7e:f9:7c:5a:a0:54:dd:57:cf:
         bc:86:37:24:7f:b4:7b:5f:62:5b:d6:af:d4:1c:4b:18:29:d1:
         8d:ca:56:8a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlGnSc3L7gR3x8DzgT6SVxOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjMwNzExMjAyMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjkzNjgwNTlhMWQ3NTEzYmZhY2U0YjQxZjE1ZTA0YTBlNGVmZGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYWjLYk9Dq///DDLiNlEzKORmBdl
8VMLLoZYLrxoNYhW3NlwZ/iHjMLsZxuD6qXyjdkV73UFZ8CciEvXs6ILmu8Rt03D
7SXuRmotyFrFvMyXj2X5a7AbjYyglGO3XoosIdO9pyRHMJIkmboSAga4hC0J3S7J
eqWM2X3xuvRad3pLtaXX/he6W3pEeHcSpT3Y3D3Mg8UJUFbVBL9CSC16Ed7NY90p
p6vhCzA3Mtjjbz6c/VFWIIsC/zwI66OWVUOyvOoHysV9I2cFDvLzGF2wEvEdjHpV
mUyZ4ExtOjHvB6LQAYKhbT5OjyFHda+qYGtDGTlyuYggE10ssf1rapsiVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDuTaAWaHXUTv6zktB8V4EoOTv3oMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvTzVOb0Jab2RkUk9fck9TMEh4WGdTZzVPX2VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAATAXAwMALgMDBAcu
6AADBARQ84ADBAWVfsAwDQYJKoZIhvcNAQELBQADggEBAEGBsU5Mroii8XQZ9qu9
esfn8pUfYaRbob5b2fliBRKDjHOaGit9EAyL6GKI6BEFc5FXzFk5170LC1CKz5T5
Jov5qE0wwtC55cCVydq/myo6gkk2f/+P6Aoxq0nbZ4rEwZhjJQjvFYyQsdPH5QwT
aLPhjx9O87x/TDIcSdqj4z674Bvc2SwKJ2m/39cbHZRL/xT3jtCbSzVcCSHkVCrx
1qmpCPxmdTRYVznDHpG5wlVbTEFwbPWkS8hOeKa6pOQppfWfXhe+G7zL7z1o6Z0I
5D692tjvaDFq3eWVp2X+VClNCH75fFqgVN1Xz7yGNyR/tHtfYlvWr9QcSxgp0Y3K
Voo=
-----END CERTIFICATE-----