Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/GqYpqC99eh2trAtTyMRcia00_TA.roa
File:                     GqYpqC99eh2trAtTyMRcia00_TA.roa (raw, json)
Hash identifier:          O41/grzWfTDtqjLNI7Ubzj1ettxC/1Hx3WLlQ0sCGFU=
Subject key identifier:   1A:A6:29:A8:2F:7D:7A:1D:AD:AC:0B:53:C8:C4:5C:89:AD:34:FD:30
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       0132D6FD
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/GqYpqC99eh2trAtTyMRcia00_TA.roa
Signing time:             Sat 01 Jan 2022 13:04:18 +0000
ROA not before:           Sat 01 Jan 2022 13:04:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44654
IP address blocks:        37.252.215.0/24 maxlen: 24
                          185.36.127.0/24 maxlen: 24
                          37.252.211.0/24 maxlen: 24
                          37.252.210.0/23 maxlen: 23
                          37.252.210.0/24 maxlen: 24
                          37.252.209.0/24 maxlen: 24
                          37.252.208.0/24 maxlen: 24
                          37.252.208.0/23 maxlen: 23
                          37.252.213.0/24 maxlen: 24
                          37.252.212.0/24 maxlen: 24
                          37.252.212.0/23 maxlen: 23
                          2a02:d8:8::/48 maxlen: 48
                          2a02:d8:9::/48 maxlen: 48
                          2a02:d8:a::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20109053 (0x132d6fd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Jan  1 13:04:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1aa629a82f7d7a1dadac0b53c8c45c89ad34fd30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d5:c3:5f:2f:13:25:56:17:6a:c5:b7:66:d3:
                    9e:af:51:f2:7e:ee:e5:47:d2:51:28:2f:eb:c8:98:
                    38:e2:cc:66:53:4a:db:a5:61:3e:0b:b2:c3:6c:83:
                    98:ba:3f:6a:c5:23:24:52:07:da:19:18:04:3f:a3:
                    ff:42:30:72:fa:24:b0:f3:20:60:cc:75:d4:c9:79:
                    3d:58:9a:f0:95:b8:33:cf:6c:25:d9:2e:0f:c2:73:
                    eb:87:f9:5a:56:ee:c0:b3:49:f8:6f:6f:c6:3c:83:
                    d7:84:56:56:ab:3a:72:88:55:67:f9:f3:6f:68:1a:
                    92:45:cd:c0:3b:f1:70:b4:8d:ea:cb:61:57:14:51:
                    5d:5f:2e:98:52:0f:df:31:9a:b0:3a:28:74:70:2e:
                    ed:d6:cb:4e:78:ed:66:eb:97:99:bb:7a:a3:4f:9a:
                    e6:ba:ec:6a:e1:af:99:12:68:56:d2:84:7f:0a:f4:
                    f3:5b:3d:59:6f:36:55:f4:65:9d:27:8d:e8:5d:d9:
                    fe:4d:21:25:e3:bb:0c:10:78:ae:a6:49:33:47:44:
                    92:35:b7:2b:cb:fc:48:5d:be:f1:6e:4c:63:1a:90:
                    38:cd:53:e8:ae:a0:c0:7a:3b:c8:fb:6a:0b:c9:19:
                    ca:99:f9:8c:14:e4:87:b6:55:69:65:4d:42:0e:4a:
                    de:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A6:29:A8:2F:7D:7A:1D:AD:AC:0B:53:C8:C4:5C:89:AD:34:FD:30
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/GqYpqC99eh2trAtTyMRcia00_TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.208.0-37.252.213.255
                  37.252.215.0/24
                  185.36.127.0/24
                IPv6:
                  2a02:d8:8::-2a02:d8:a:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         79:cf:8e:3c:8a:91:f8:cf:e9:a4:83:9d:63:62:4d:ea:51:33:
         e8:55:60:f6:4b:4f:44:af:b8:fe:24:85:53:e6:9b:33:e9:f6:
         7c:d6:b6:63:bb:f6:74:c4:c5:b2:c3:43:85:7b:e1:b7:c9:b4:
         ab:ee:96:78:3b:fd:88:1a:49:9a:8a:57:02:93:d0:6f:2a:e8:
         2a:7f:4f:08:a0:28:e9:52:7a:c9:1e:f4:97:7b:80:19:b3:46:
         54:1b:a6:d4:2a:44:ba:c7:9b:52:4b:e4:8b:ef:46:12:b3:c7:
         b0:d5:f2:cd:c7:e3:52:35:ab:22:87:5f:58:ac:6f:a4:a5:e6:
         4d:48:5e:f1:1b:f5:c6:8a:3a:ab:9b:df:f2:eb:6f:56:92:ce:
         5f:10:6c:42:35:5a:d1:f0:f2:ab:a7:11:d8:40:0f:8b:8b:2b:
         3c:98:c5:39:a1:b1:6a:e1:c9:b4:d2:6b:f2:f6:d1:d4:ff:3d:
         a3:6d:fd:ee:35:b0:17:65:0e:97:82:3d:cc:d3:23:68:c3:a9:
         71:d0:ba:4a:ac:34:22:7f:81:ef:bb:64:95:3a:e1:20:9d:63:
         73:eb:71:73:2e:31:e1:7b:bd:e5:be:cf:97:29:c3:2e:20:34:
         3c:f9:05:a0:c7:50:25:6f:4b:18:98:d3:f0:dc:35:87:49:96:
         9a:37:56:30
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEATLW/TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
NDU2YzE0Y2Q4NzI0ZjlhOTA5NjI3Yjk0ZTAwNmNmNjlkMTIzMDdiMB4XDTIyMDEw
MTEzMDQxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWFhNjI5YTgyZjdk
N2ExZGFkYWMwYjUzYzhjNDVjODlhZDM0ZmQzMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN7Vw18vEyVWF2rFt2bTnq9R8n7u5UfSUSgv68iYOOLMZlNK
26VhPguyw2yDmLo/asUjJFIH2hkYBD+j/0IwcvoksPMgYMx11Ml5PVia8JW4M89s
JdkuD8Jz64f5WlbuwLNJ+G9vxjyD14RWVqs6cohVZ/nzb2gakkXNwDvxcLSN6sth
VxRRXV8umFIP3zGasDoodHAu7dbLTnjtZuuXmbt6o0+a5rrsauGvmRJoVtKEfwr0
81s9WW82VfRlnSeN6F3Z/k0hJeO7DBB4rqZJM0dEkjW3K8v8SF2+8W5MYxqQOM1T
6K6gwHo7yPtqC8kZypn5jBTkh7ZVaWVNQg5K3rECAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBQapimoL316Ha2sC1PIxFyJrTT9MDAfBgNVHSMEGDAWgBREVsFM2HJPmpCW
J7lOAGz2nRIwezAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1JGYkJUTmh5VDVxUWxpZTVUZ0JzOXAwU01Icy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzUvNWVjZmMyLWRhNzAtNDMzMy04Zjk2LTViODc4MjVjMDdlZS8x
L0dxWXBxQzk5ZWgydHJBdFR5TVJjaWEwMF9UQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUv
NWVjZmMyLWRhNzAtNDMzMy04Zjk2LTViODc4MjVjMDdlZS8xL1JGYkJUTmh5VDVx
UWxpZTVUZ0JzOXAwU01Icy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wIAQCAAEwGjAMAwQEJfzQAwQBJfzUAwQAJfzXAwQA
uSR/MBoEAgACMBQwEgMHAyoCANgACAMHACoCANgACjANBgkqhkiG9w0BAQsFAAOC
AQEAec+OPIqR+M/ppIOdY2JN6lEz6FVg9ktPRK+4/iSFU+abM+n2fNa2Y7v2dMTF
ssNDhXvht8m0q+6WeDv9iBpJmopXApPQbyroKn9PCKAo6VJ6yR70l3uAGbNGVBum
1CpEusebUkvki+9GErPHsNXyzcfjUjWrIodfWKxvpKXmTUhe8Rv1xoo6q5vf8utv
VpLOXxBsQjVa0fDyq6cR2EAPi4srPJjFOaGxauHJtNJr8vbR1P89o2397jWwF2UO
l4I9zNMjaMOpcdC6Sqw0In+B77tklTrhIJ1jc+txcy4x4Xu95b7PlynDLiA0PPkF
oMdQJW9LGJjT8Nw1h0mWmjdWMA==
-----END CERTIFICATE-----