Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/9Id8QkvfqZtg8qaPeoHP29mLNBk.roa
File:                     9Id8QkvfqZtg8qaPeoHP29mLNBk.roa (raw, json)
Hash identifier:          QPOYqVoaLWkTkBrC2Ek7OmS8nfJtf4IZFt8jANJHspc=
Subject key identifier:   F4:87:7C:42:4B:DF:A9:9B:60:F2:A6:8F:7A:81:CF:DB:D9:8B:34:19
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0181E88FBEACDAC2E56160B34C7B391B4725
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/9Id8QkvfqZtg8qaPeoHP29mLNBk.roa
Signing time:             Sun 10 Jul 2022 14:42:23 +0000
ROA not before:           Sun 10 Jul 2022 14:42:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     213250
IP address blocks:        45.89.124.0/23 maxlen: 23
                          45.89.126.0/23 maxlen: 23
                          45.13.224.0/23 maxlen: 23
                          5.182.206.0/23 maxlen: 23
                          5.182.204.0/23 maxlen: 23
                          45.131.66.0/23 maxlen: 23
                          194.15.36.0/24 maxlen: 24
                          2.56.245.0/24 maxlen: 24
                          5.252.103.0/24 maxlen: 24
                          5.252.100.0/22 maxlen: 22
                          5.252.100.0/24 maxlen: 24
                          5.252.101.0/24 maxlen: 24
                          5.252.102.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:e8:8f:be:ac:da:c2:e5:61:60:b3:4c:7b:39:1b:47:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jul 10 14:42:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f4877c424bdfa99b60f2a68f7a81cfdbd98b3419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8b:7a:75:5c:f1:9b:34:8c:01:a4:c8:17:a3:
                    7d:62:0d:3b:9e:c9:62:94:dd:1c:a6:52:6a:36:51:
                    93:35:b6:1d:12:8f:75:b0:94:73:2c:85:df:3c:41:
                    3a:2a:31:07:7a:43:12:a5:54:6f:a6:8a:83:cb:55:
                    69:8f:79:40:48:e9:82:c3:cf:e4:68:0d:da:db:3d:
                    81:6f:2d:96:63:69:31:cf:b2:de:fe:38:1b:7e:f2:
                    d2:e0:75:1d:08:7a:1b:69:6a:0e:1d:95:37:0c:db:
                    a2:00:32:fb:62:94:94:9b:ae:33:31:c4:a5:39:0c:
                    93:ff:7a:af:20:05:c0:13:f4:3c:1d:6d:bc:e7:5b:
                    66:e5:57:12:dc:95:b4:ff:57:11:f3:42:dc:d4:86:
                    09:43:84:50:df:7c:71:9e:f6:90:8a:07:a5:7d:79:
                    4f:0b:d9:f5:63:6d:20:c0:ae:cb:2b:ef:6f:6d:c8:
                    a9:b3:49:e7:70:02:4d:4b:78:57:20:78:4e:44:d5:
                    50:f6:cd:f4:ef:45:d6:b8:f0:6c:fc:e1:4a:67:35:
                    6e:28:81:cf:0e:50:e0:f8:0d:89:95:0b:a8:ff:69:
                    10:4c:e5:8a:95:ac:42:a3:19:bd:9f:7e:6e:8b:a5:
                    5a:94:43:d4:82:09:6b:52:95:2d:84:a3:88:6c:b0:
                    8a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:87:7C:42:4B:DF:A9:9B:60:F2:A6:8F:7A:81:CF:DB:D9:8B:34:19
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/9Id8QkvfqZtg8qaPeoHP29mLNBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.245.0/24
                  5.182.204.0/22
                  5.252.100.0/22
                  45.13.224.0/23
                  45.89.124.0/22
                  45.131.66.0/23
                  194.15.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ae:29:67:4d:30:ae:37:35:09:8a:71:33:e2:af:40:b9:6b:
         24:ad:8b:9c:7c:98:5a:cf:d1:0b:de:28:35:1f:11:45:ad:b3:
         e2:1f:a9:ea:40:97:52:ed:16:e9:56:76:6b:55:3a:2d:65:20:
         25:2e:11:24:2b:23:db:3f:02:ba:8d:8e:14:16:8b:c1:f3:59:
         15:b7:07:8d:54:f4:8a:bd:7c:b7:68:9f:ff:06:ea:9c:6d:1e:
         f2:67:3a:a9:4f:f5:ba:36:05:a9:a1:79:ec:99:30:8d:12:5d:
         48:98:e5:16:df:1a:52:55:d9:8a:1a:13:32:0b:44:dd:76:1b:
         b6:95:17:c7:91:8d:a9:21:40:59:37:f5:e9:94:34:7f:b3:f1:
         f1:3b:33:45:8a:92:b8:63:63:33:04:2c:ed:65:06:75:43:15:
         1f:e2:06:c9:b9:58:11:0d:15:a5:c1:0a:88:e1:1c:79:5c:71:
         87:44:ef:34:85:56:13:a1:dd:1b:37:69:9e:ea:03:c1:de:05:
         2c:7d:66:11:3e:4b:df:2f:37:ec:ff:09:a3:a4:a9:84:34:72:
         2b:d8:ae:4d:b0:a8:66:63:52:6f:02:09:43:ea:99:f0:db:9c:
         51:dc:4a:56:8b:44:07:16:4d:7b:50:b2:cc:ab:3d:60:39:c3:
         8c:a3:9a:05
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYHoj76s2sLlYWCzTHs5G0clMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjIwNzEwMTQ0MjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDg3N2M0MjRiZGZhOTliNjBmMmE2OGY3YTgxY2ZkYmQ5OGIzNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4t6dVzxmzSMAaTIF6N9Yg07nsli
lN0cplJqNlGTNbYdEo91sJRzLIXfPEE6KjEHekMSpVRvpoqDy1Vpj3lASOmCw8/k
aA3a2z2Bby2WY2kxz7Le/jgbfvLS4HUdCHobaWoOHZU3DNuiADL7YpSUm64zMcSl
OQyT/3qvIAXAE/Q8HW2851tm5VcS3JW0/1cR80Lc1IYJQ4RQ33xxnvaQigelfXlP
C9n1Y20gwK7LK+9vbcips0nncAJNS3hXIHhORNVQ9s3070XWuPBs/OFKZzVuKIHP
DlDg+A2JlQuo/2kQTOWKlaxCoxm9n35ui6ValEPUgglrUpUthKOIbLCKawIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFPSHfEJL36mbYPKmj3qBz9vZizQZMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvOUlkOFFrdmZxWnRnOHFhUGVvSFAyOW1MTkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAAjj1AwQC
BbbMAwQCBfxkAwQBLQ3gAwQCLVl8AwQBLYNCAwQAwg8kMA0GCSqGSIb3DQEBCwUA
A4IBAQAPrilnTTCuNzUJinEz4q9AuWskrYucfJhaz9EL3ig1HxFFrbPiH6nqQJdS
7RbpVnZrVTotZSAlLhEkKyPbPwK6jY4UFovB81kVtweNVPSKvXy3aJ//BuqcbR7y
ZzqpT/W6NgWpoXnsmTCNEl1ImOUW3xpSVdmKGhMyC0Tddhu2lRfHkY2pIUBZN/Xp
lDR/s/HxOzNFipK4Y2MzBCztZQZ1QxUf4gbJuVgRDRWlwQqI4Rx5XHGHRO80hVYT
od0bN2me6gPB3gUsfWYRPkvfLzfs/wmjpKmENHIr2K5NsKhmY1JvAglD6pnw25xR
3EpWi0QHFk17ULLMqz1gOcOMo5oF
-----END CERTIFICATE-----