Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/IYzAnROZuMuLXWhcgayhaMjqAsE.roa
File:                     IYzAnROZuMuLXWhcgayhaMjqAsE.roa (raw, json)
Hash identifier:          ZFaMfqWNEwCegWgXX3C2MPsmW98pXFk+G/34swN9ZIQ=
Subject key identifier:   21:8C:C0:9D:13:99:B8:CB:8B:5D:68:5C:81:AC:A1:68:C8:EA:02:C1
Certificate issuer:       /CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Certificate serial:       D18385
Authority key identifier: 94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/IYzAnROZuMuLXWhcgayhaMjqAsE.roa
Signing time:             Wed 09 Feb 2022 16:28:26 +0000
ROA not before:           Wed 09 Feb 2022 16:28:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204957
IP address blocks:        195.211.98.0/23 maxlen: 23
                          195.211.96.0/23 maxlen: 23
                          82.117.252.0/23 maxlen: 23
                          45.90.56.0/22 maxlen: 22
                          195.123.232.0/22 maxlen: 22
                          195.123.236.0/22 maxlen: 22
                          195.123.240.0/22 maxlen: 22
                          195.123.244.0/22 maxlen: 22
                          62.233.57.0/24 maxlen: 24
                          2a05:9400::/32 maxlen: 32
                          2a05:9403::/32 maxlen: 32
                          2a05:9405::/32 maxlen: 32
                          2a05:9406::/32 maxlen: 32
                          2a05:9402::/32 maxlen: 32
                          2a05:9401::/32 maxlen: 32
                          2a05:9404::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13730693 (0xd18385)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94d98e8fec680775a157266e0c6b78b141a34f5e
        Validity
            Not Before: Feb  9 16:28:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=218cc09d1399b8cb8b5d685c81aca168c8ea02c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b8:9b:f7:f6:34:0d:39:83:b3:b0:d0:4d:e5:
                    bd:0c:d6:a3:cb:bb:df:da:c6:23:ca:01:b6:95:ca:
                    c7:91:89:b7:04:3a:56:16:e3:8d:02:bc:22:8d:c5:
                    fc:05:f3:5a:50:9c:2a:9b:c7:f3:55:9a:30:01:35:
                    21:9a:38:d5:c1:1d:b0:f4:74:a2:ee:5a:18:97:08:
                    25:2d:fb:af:1e:eb:b9:1a:53:ed:03:11:6a:67:42:
                    14:4c:5b:0f:8c:f7:86:d5:ae:4e:ec:65:a0:82:a8:
                    46:6f:c3:2d:58:39:e8:19:8a:8d:62:68:7e:2b:a6:
                    91:93:6b:6d:df:66:a1:4d:27:6c:ac:9e:20:af:a2:
                    ed:ed:5d:0d:d3:11:f3:85:0c:93:b6:97:1e:6b:a5:
                    be:e4:6a:0f:24:cc:0d:a9:d0:85:28:bf:98:83:fa:
                    a7:e8:82:5e:3a:e9:4f:1b:74:c0:3c:92:4c:f8:3f:
                    0e:6c:ca:7e:0c:30:be:58:c7:2b:12:48:4d:63:de:
                    90:ac:ec:29:72:f3:73:55:20:a1:d2:f4:1a:cd:69:
                    1a:c4:ef:c7:8c:d7:06:22:4d:e6:b9:b1:3e:0c:30:
                    68:43:c6:f3:d9:71:5a:a1:de:be:06:e3:a7:7c:01:
                    ef:cc:5e:ec:93:da:cf:fc:64:bf:5f:45:b3:60:cc:
                    db:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:8C:C0:9D:13:99:B8:CB:8B:5D:68:5C:81:AC:A1:68:C8:EA:02:C1
            X509v3 Authority Key Identifier:
                keyid:94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/IYzAnROZuMuLXWhcgayhaMjqAsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.56.0/22
                  62.233.57.0/24
                  82.117.252.0/23
                  195.123.232.0-195.123.247.255
                  195.211.96.0/22
                IPv6:
                  2a05:9400::-2a05:9406:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5e:23:f6:ae:a1:0f:79:df:31:f9:8d:3b:f1:62:d9:8b:08:9d:
         94:20:3d:70:80:2b:54:88:4f:75:4b:60:b2:20:53:18:eb:ce:
         5b:40:65:c0:8b:ae:0a:49:72:14:18:ce:99:1f:b9:a0:6a:cc:
         f5:bf:7b:ae:20:72:8c:b9:16:d6:86:28:58:a1:8a:63:0a:dc:
         12:50:de:48:9c:69:f8:b7:9f:de:e0:58:39:c2:ec:97:bc:d0:
         a8:bb:bf:24:c3:08:ae:76:e1:46:43:58:01:43:c5:97:ff:ef:
         39:02:7a:ef:dc:0d:8f:d1:65:3f:81:4e:4e:eb:f5:de:ab:d8:
         7f:55:f5:54:31:03:47:de:7c:78:f8:09:74:35:93:1b:7e:d0:
         4b:ad:51:40:19:e7:75:de:2d:f8:5a:38:7e:17:2a:b6:c9:eb:
         ab:14:9c:ab:88:56:f3:e6:73:f8:13:e1:f0:c3:78:d4:06:c8:
         a4:20:00:e2:da:6c:ed:dc:8c:c1:3b:24:c4:b0:e6:b6:a0:00:
         26:5b:a6:39:d6:93:93:f1:36:cd:0f:cc:a9:35:fa:dd:5d:1a:
         75:5c:9b:a2:ef:41:26:28:a8:1e:a3:85:fd:39:e4:45:f1:51:
         38:8c:e3:a0:b4:53:c2:d8:3a:21:14:a7:6e:f7:62:ac:6e:7d:
         a9:1e:dd:cb
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIEANGDhTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NGQ5OGU4ZmVjNjgwNzc1YTE1NzI2NmUwYzZiNzhiMTQxYTM0ZjVlMB4XDTIyMDIw
OTE2MjgyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjE4Y2MwOWQxMzk5
YjhjYjhiNWQ2ODVjODFhY2ExNjhjOGVhMDJjMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANm4m/f2NA05g7Ow0E3lvQzWo8u739rGI8oBtpXKx5GJtwQ6
VhbjjQK8Io3F/AXzWlCcKpvH81WaMAE1IZo41cEdsPR0ou5aGJcIJS37rx7ruRpT
7QMRamdCFExbD4z3htWuTuxloIKoRm/DLVg56BmKjWJofiumkZNrbd9moU0nbKye
IK+i7e1dDdMR84UMk7aXHmulvuRqDyTMDanQhSi/mIP6p+iCXjrpTxt0wDySTPg/
DmzKfgwwvljHKxJITWPekKzsKXLzc1UgodL0Gs1pGsTvx4zXBiJN5rmxPgwwaEPG
89lxWqHevgbjp3wB78xe7JPaz/xkv19Fs2DM22ECAwEAAaOCAkAwggI8MB0GA1Ud
DgQWBBQhjMCdE5m4y4tdaFyBrKFoyOoCwTAfBgNVHSMEGDAWgBSU2Y6P7GgHdaFX
Jm4Ma3ixQaNPXjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xObU9qLXhvQjNXaFZ5WnVER3Q0c1VHalQxNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzIvN2FlM2M3LTY3ZTQtNDRkZS1iMTM5LTg3ZDE3ZGY3NGM3ZS8x
L0lZekFuUk9adU11TFhXaGNnYXloYU1qcUFzRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIv
N2FlM2M3LTY3ZTQtNDRkZS1iMTM5LTg3ZDE3ZGY3NGM3ZS8xL2xObU9qLXhvQjNX
aFZ5WnVER3Q0c1VHalQxNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBW
BggrBgEFBQcBBwEB/wRHMEUwLAQCAAEwJgMEAi1aOAMEAD7pOQMEAVJ1/DAMAwQD
w3voAwQDw3vwAwQCw9NgMBUEAgACMA8wDQMEAioFlAMFACoFlAYwDQYJKoZIhvcN
AQELBQADggEBAF4j9q6hD3nfMfmNO/Fi2YsInZQgPXCAK1SIT3VLYLIgUxjrzltA
ZcCLrgpJchQYzpkfuaBqzPW/e64gcoy5FtaGKFihimMK3BJQ3kicafi3n97gWDnC
7Je80Ki7vyTDCK524UZDWAFDxZf/7zkCeu/cDY/RZT+BTk7r9d6r2H9V9VQxA0fe
fHj4CXQ1kxt+0EutUUAZ53XeLfhaOH4XKrbJ66sUnKuIVvPmc/gT4fDDeNQGyKQg
AOLabO3cjME7JMSw5ragACZbpjnWk5PxNs0PzKk1+t1dGnVcm6LvQSYoqB6jhf05
5EXxUTiM46C0U8LYOiEUp273Yqxufake3cs=
-----END CERTIFICATE-----