Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/GaW9_Zb38wEvqA-GlU1ohEe6BS0.roa
File:                     GaW9_Zb38wEvqA-GlU1ohEe6BS0.roa (raw, json)
Hash identifier:          T7CHbyWb1PrknHDHb8wv/n1FpFbrZmhfue/CB+JrGNg=
Subject key identifier:   19:A5:BD:FD:96:F7:F3:01:2F:A8:0F:86:95:4D:68:84:47:BA:05:2D
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       0184428D086D2E7B2E071FF188EB6B266EC3
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/GaW9_Zb38wEvqA-GlU1ohEe6BS0.roa
Signing time:             Fri 04 Nov 2022 12:10:49 +0000
ROA not before:           Fri 04 Nov 2022 12:10:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44654
IP address blocks:        185.36.124.0/22 maxlen: 24
                          185.36.127.0/24 maxlen: 24
                          109.205.8.0/21 maxlen: 24
                          37.252.215.0/24 maxlen: 24
                          37.252.211.0/24 maxlen: 24
                          37.252.210.0/23 maxlen: 23
                          37.252.210.0/24 maxlen: 24
                          37.252.209.0/24 maxlen: 24
                          37.252.208.0/24 maxlen: 24
                          37.252.208.0/23 maxlen: 23
                          37.252.213.0/24 maxlen: 24
                          37.252.212.0/24 maxlen: 24
                          37.252.212.0/23 maxlen: 23
                          93.93.96.0/21 maxlen: 24
                          2a02:d8:8::/48 maxlen: 48
                          2a02:d8:9::/48 maxlen: 48
                          2a02:d8:a::/48 maxlen: 48
                          2a02:d8::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:42:8d:08:6d:2e:7b:2e:07:1f:f1:88:eb:6b:26:6e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Nov  4 12:10:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=19a5bdfd96f7f3012fa80f86954d688447ba052d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d4:7d:d5:03:f9:c1:a2:bb:bc:2d:a2:79:fd:
                    57:21:87:4b:5c:64:f5:d6:54:79:0f:0f:3a:48:74:
                    4a:60:ed:8b:70:f6:37:46:88:43:34:e0:ed:06:d7:
                    fc:27:f2:ad:5f:aa:b0:e6:b3:89:cc:15:63:64:39:
                    38:63:f0:68:8c:1c:8b:26:55:d2:d9:77:57:02:cd:
                    98:2a:c9:fe:0d:c8:84:84:d0:f8:ca:ef:b2:f4:fb:
                    32:c8:6d:94:65:6a:16:64:5d:b4:55:29:59:29:63:
                    44:68:e4:98:03:83:c9:d7:a6:d6:dd:e9:f2:4a:75:
                    56:b2:8b:de:7e:3c:1b:d7:85:a9:3f:7b:c8:5d:92:
                    62:cb:a5:04:12:dc:72:5b:64:38:48:cf:de:0f:e4:
                    f9:90:87:68:bb:3e:e2:83:de:fe:a1:c0:37:2d:c4:
                    aa:cb:be:67:45:08:66:0c:17:2b:75:f3:e5:fa:25:
                    b0:38:37:50:63:cb:8f:8c:3f:f6:76:89:47:f6:dc:
                    6e:60:c1:b4:4b:0d:4a:83:92:4c:75:83:05:4e:ad:
                    77:7e:60:85:74:3d:0e:99:68:e3:f1:f5:6c:83:80:
                    dd:86:d3:f2:6f:b5:38:a6:03:d6:0b:99:3e:26:a0:
                    15:fc:a1:a9:a6:70:ec:94:52:a9:63:97:db:fc:7c:
                    2d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:A5:BD:FD:96:F7:F3:01:2F:A8:0F:86:95:4D:68:84:47:BA:05:2D
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/GaW9_Zb38wEvqA-GlU1ohEe6BS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.208.0-37.252.213.255
                  37.252.215.0/24
                  93.93.96.0/21
                  109.205.8.0/21
                  185.36.124.0/22
                IPv6:
                  2a02:d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:4d:69:51:21:a3:1b:f1:e7:28:e7:4d:96:90:ae:47:c2:03:
         db:ed:97:88:4d:83:c9:6f:3f:db:d9:05:4d:fd:2f:e2:ec:7c:
         2b:eb:49:0b:80:b7:87:95:89:4a:dd:f7:b5:74:1f:e4:85:33:
         54:18:2b:38:c4:5d:3a:e4:d7:a2:63:b2:d3:c1:25:ed:c3:ec:
         39:c1:fb:6b:1d:02:17:ae:b2:84:1d:f3:10:1f:02:39:86:ef:
         c2:20:a7:25:a4:bf:61:1f:5e:49:da:f6:34:8a:79:b1:75:b3:
         e4:44:2d:58:cc:fd:04:e9:97:b5:e9:90:ed:da:c3:2d:98:59:
         dc:74:39:90:c5:49:bd:ce:74:34:d0:cf:df:98:7a:db:56:f9:
         b9:ed:0c:de:88:44:93:d7:1c:92:e2:19:97:f1:fa:7a:e7:82:
         96:2b:76:94:5d:5a:13:c0:ac:4e:65:2d:10:d3:52:7f:f0:cc:
         97:a6:56:91:79:ab:b9:6c:f4:8b:3d:72:7a:63:40:9b:63:e1:
         0b:b2:45:56:31:04:a1:18:73:5c:93:7f:6d:7f:00:25:db:73:
         9b:02:0f:af:d4:f7:bd:e4:1b:7b:28:b0:ce:4e:c8:9b:ba:08:
         b0:2d:7f:4b:a4:d3:69:8e:a5:d8:ea:43:71:61:71:72:92:f6:
         06:79:c6:8e
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYRCjQhtLnsuBx/xiOtrJm7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjIxMTA0MTIxMDQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWE1YmRmZDk2ZjdmMzAxMmZhODBmODY5NTRkNjg4NDQ3YmEwNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydR91QP5waK7vC2ief1XIYdLXGT1
1lR5Dw86SHRKYO2LcPY3RohDNODtBtf8J/KtX6qw5rOJzBVjZDk4Y/BojByLJlXS
2XdXAs2YKsn+DciEhND4yu+y9PsyyG2UZWoWZF20VSlZKWNEaOSYA4PJ16bW3eny
SnVWsovefjwb14WpP3vIXZJiy6UEEtxyW2Q4SM/eD+T5kIdouz7ig97+ocA3LcSq
y75nRQhmDBcrdfPl+iWwODdQY8uPjD/2dolH9txuYMG0Sw1Kg5JMdYMFTq13fmCF
dD0OmWjj8fVsg4DdhtPyb7U4pgPWC5k+JqAV/KGppnDslFKpY5fb/HwtnQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFBmlvf2W9/MBL6gPhpVNaIRHugUtMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvR2FXOV9aYjM4d0V2cUEtR2xVMW9oRWU2QlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmMAwDBAQl/NAD
BAEl/NQDBAAl/NcDBANdXWADBANtzQgDBAK5JHwwDQQCAAIwBwMFACoCANgwDQYJ
KoZIhvcNAQELBQADggEBACJNaVEhoxvx5yjnTZaQrkfCA9vtl4hNg8lvP9vZBU39
L+LsfCvrSQuAt4eViUrd97V0H+SFM1QYKzjEXTrk16JjstPBJe3D7DnB+2sdAheu
soQd8xAfAjmG78IgpyWkv2EfXkna9jSKebF1s+RELVjM/QTpl7XpkO3awy2YWdx0
OZDFSb3OdDTQz9+YettW+bntDN6IRJPXHJLiGZfx+nrngpYrdpRdWhPArE5lLRDT
Un/wzJemVpF5q7ls9Is9cnpjQJtj4QuyRVYxBKEYc1yTf21/ACXbc5sCD6/U973k
G3sosM5OyJu6CLAtf0uk02mOpdjqQ3FhcXKS9gZ5xo4=
-----END CERTIFICATE-----