Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/530625-4e46-4563-ae2c-cd49264eaf0b/1/WHgVpaotsiKTFbaocl9-2z4sFx4.roa
File:                     WHgVpaotsiKTFbaocl9-2z4sFx4.roa (raw, json)
Hash identifier:          HxN+CU1uCtd2Enx1Lt+JK9ni7RGS3XGV7eMygzWxKlc=
Subject key identifier:   58:78:15:A5:AA:2D:B2:22:93:15:B6:A8:72:5F:7E:DB:3E:2C:17:1E
Certificate issuer:       /CN=a333114cbfc6bf668371c5687ee98a442fd8ea36
Certificate serial:       01821FCC0F2EBE768D17430A76688710BA53
Authority key identifier: A3:33:11:4C:BF:C6:BF:66:83:71:C5:68:7E:E9:8A:44:2F:D8:EA:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ozMRTL_Gv2aDccVofumKRC_Y6jY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/530625-4e46-4563-ae2c-cd49264eaf0b/1/WHgVpaotsiKTFbaocl9-2z4sFx4.roa
Signing time:             Thu 21 Jul 2022 08:07:23 +0000
ROA not before:           Thu 21 Jul 2022 08:07:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35228
IP address blocks:        93.97.12.0/22 maxlen: 24
                          87.194.202.0/24 maxlen: 24
                          87.194.216.0/23 maxlen: 24
                          93.97.44.0/22 maxlen: 24
                          87.194.0.0/16 maxlen: 24
                          93.97.48.0/22 maxlen: 24
                          93.97.60.0/22 maxlen: 24
                          93.97.176.0/22 maxlen: 24
                          93.97.180.0/22 maxlen: 24
                          93.97.212.0/22 maxlen: 24
                          93.97.0.0/22 maxlen: 24
                          93.97.216.0/22 maxlen: 24
                          93.97.0.0/16 maxlen: 24
                          93.97.8.0/22 maxlen: 24
                          87.194.102.0/23 maxlen: 24
                          87.194.100.0/23 maxlen: 24
                          87.194.118.0/24 maxlen: 24
                          87.194.116.0/24 maxlen: 24
                          87.194.117.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:1f:cc:0f:2e:be:76:8d:17:43:0a:76:68:87:10:ba:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a333114cbfc6bf668371c5687ee98a442fd8ea36
        Validity
            Not Before: Jul 21 08:07:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=587815a5aa2db2229315b6a8725f7edb3e2c171e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ce:d6:77:de:15:ce:0c:65:d9:39:b9:bb:e1:
                    7a:d0:df:ad:60:1b:06:a1:2a:9c:f7:2c:0a:ac:3f:
                    f4:2c:a4:10:48:4c:09:c7:dd:ae:e1:4f:91:b6:da:
                    c7:3b:e7:2e:fa:03:0a:40:ad:5b:46:e8:7e:5d:40:
                    4c:94:7f:42:e5:45:1a:8d:d8:67:12:e5:a5:c3:5a:
                    77:47:c5:01:c7:e6:6e:13:ca:af:1e:68:02:82:33:
                    9f:65:a6:de:09:8d:20:27:c3:dd:75:11:6b:1f:71:
                    ad:b2:47:72:23:8f:d6:ef:56:7d:ae:2c:1a:82:0f:
                    30:83:0a:fd:5b:51:11:3f:4b:9b:ef:9a:ee:21:4e:
                    e5:af:29:e0:92:c3:0a:4c:3c:9c:1b:52:c4:11:d0:
                    13:64:fd:d5:a7:b4:be:c3:47:86:f9:37:f7:bb:53:
                    e1:3a:3f:57:46:b0:53:7b:d6:de:13:99:7f:88:c5:
                    3e:cf:49:c7:94:9f:ee:48:ce:41:f5:d5:5a:af:fd:
                    1c:64:ea:fc:78:0d:d1:41:57:76:25:13:0e:21:a1:
                    6c:a5:a3:5e:99:7d:a4:bb:bb:f3:2d:f9:be:e6:2a:
                    b6:e3:bc:15:d2:ea:53:57:68:7c:8d:60:4b:e3:53:
                    d1:36:f9:18:10:40:54:41:5e:a7:69:02:17:7d:61:
                    41:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:78:15:A5:AA:2D:B2:22:93:15:B6:A8:72:5F:7E:DB:3E:2C:17:1E
            X509v3 Authority Key Identifier:
                keyid:A3:33:11:4C:BF:C6:BF:66:83:71:C5:68:7E:E9:8A:44:2F:D8:EA:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ozMRTL_Gv2aDccVofumKRC_Y6jY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/530625-4e46-4563-ae2c-cd49264eaf0b/1/WHgVpaotsiKTFbaocl9-2z4sFx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/530625-4e46-4563-ae2c-cd49264eaf0b/1/ozMRTL_Gv2aDccVofumKRC_Y6jY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.194.0.0/16
                  93.97.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         02:8d:a3:85:e3:0a:b8:b8:8f:cc:b5:81:52:6c:56:69:4b:7c:
         99:30:e7:4a:d9:63:f3:08:98:05:ea:c7:25:3e:a9:90:fb:7f:
         24:74:38:97:27:42:a5:a9:9e:ee:ef:41:b3:ee:a7:d2:0e:c7:
         59:98:19:78:ab:46:2b:ba:05:b6:04:0c:13:23:24:29:f3:d9:
         a0:7e:e1:1c:95:a1:29:18:7f:8f:2b:3c:eb:96:17:3a:cc:25:
         91:31:c1:6d:92:00:6c:09:67:7b:d3:4f:98:b2:6d:b0:eb:25:
         d0:94:2a:5a:6b:4f:85:24:4e:35:b5:0d:7d:2d:05:03:6d:bc:
         c2:56:98:e3:a7:e7:f7:20:6a:5d:51:50:9d:31:69:9a:de:bb:
         bf:36:3d:93:6c:2d:9a:03:25:fd:7c:5d:f8:50:89:22:da:7d:
         13:a7:17:da:8a:94:07:59:f7:32:44:60:d2:b2:34:c6:e3:69:
         29:5a:2c:7f:6b:80:df:ae:89:3d:3b:b0:85:52:58:20:57:6b:
         b4:dd:b9:19:c6:19:2f:a4:f0:6a:b2:42:a7:90:66:58:c8:45:
         ad:ce:ca:e4:f7:e2:9b:90:1a:58:b1:99:a4:d0:2b:2d:77:b5:
         d2:5f:50:d6:bc:a4:a8:4a:4e:fd:d3:60:65:f1:63:43:10:c8:
         1a:cd:d6:b8
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYIfzA8uvnaNF0MKdmiHELpTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMzMxMTRjYmZjNmJmNjY4MzcxYzU2ODdlZTk4YTQ0MmZk
OGVhMzYwHhcNMjIwNzIxMDgwNzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODc4MTVhNWFhMmRiMjIyOTMxNWI2YTg3MjVmN2VkYjNlMmMxNzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgs7Wd94Vzgxl2Tm5u+F60N+tYBsG
oSqc9ywKrD/0LKQQSEwJx92u4U+RttrHO+cu+gMKQK1bRuh+XUBMlH9C5UUajdhn
EuWlw1p3R8UBx+ZuE8qvHmgCgjOfZabeCY0gJ8PddRFrH3GtskdyI4/W71Z9riwa
gg8wgwr9W1ERP0ub75ruIU7lryngksMKTDycG1LEEdATZP3Vp7S+w0eG+Tf3u1Ph
Oj9XRrBTe9beE5l/iMU+z0nHlJ/uSM5B9dVar/0cZOr8eA3RQVd2JRMOIaFspaNe
mX2ku7vzLfm+5iq247wV0upTV2h8jWBL41PRNvkYEEBUQV6naQIXfWFBbQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFFh4FaWqLbIikxW2qHJffts+LBceMB8GA1UdIwQY
MBaAFKMzEUy/xr9mg3HFaH7pikQv2Oo2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3pNUlRMX0d2MmFEY2NWb2Z1bUtSQ19ZNmpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC81MzA2MjUtNGU0Ni00NTYzLWFlMmMt
Y2Q0OTI2NGVhZjBiLzEvV0hnVnBhb3RzaUtURmJhb2NsOS0yejRzRng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC81MzA2MjUtNGU0Ni00NTYzLWFlMmMtY2Q0OTI2NGVhZjBi
LzEvb3pNUlRMX0d2MmFEY2NWb2Z1bUtSQ19ZNmpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAV8IDAwBd
YTANBgkqhkiG9w0BAQsFAAOCAQEAAo2jheMKuLiPzLWBUmxWaUt8mTDnStlj8wiY
BerHJT6pkPt/JHQ4lydCpame7u9Bs+6n0g7HWZgZeKtGK7oFtgQMEyMkKfPZoH7h
HJWhKRh/jys865YXOswlkTHBbZIAbAlne9NPmLJtsOsl0JQqWmtPhSRONbUNfS0F
A228wlaY46fn9yBqXVFQnTFpmt67vzY9k2wtmgMl/Xxd+FCJItp9E6cX2oqUB1n3
MkRg0rI0xuNpKVosf2uA366JPTuwhVJYIFdrtN25GcYZL6TwarJCp5BmWMhFrc7K
5Pfim5AaWLGZpNArLXe10l9Q1rykqEpO/dNgZfFjQxDIGs3WuA==
-----END CERTIFICATE-----