Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/ffa457-34c8-48c2-9ebc-92b207f641b1/1/xrSBRLunwUujZmMWRaR1jV1Olg8.roa
File:                     xrSBRLunwUujZmMWRaR1jV1Olg8.roa (raw, json)
Hash identifier:          sngnSnyucaYWTIS7XfHw00F73LgZYpQpDc2bgqw1pLY=
Subject key identifier:   C6:B4:81:44:BB:A7:C1:4B:A3:66:63:16:45:A4:75:8D:5D:4E:96:0F
Certificate issuer:       /CN=daf0a39cfadf910f6b132ad228e606561887a06c
Certificate serial:       1B7210E0
Authority key identifier: DA:F0:A3:9C:FA:DF:91:0F:6B:13:2A:D2:28:E6:06:56:18:87:A0:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2vCjnPrfkQ9rEyrSKOYGVhiHoGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/ffa457-34c8-48c2-9ebc-92b207f641b1/1/xrSBRLunwUujZmMWRaR1jV1Olg8.roa
Signing time:             Sat 01 Jan 2022 07:01:55 +0000
ROA not before:           Sat 01 Jan 2022 07:01:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29413
IP address blocks:        185.91.48.0/22 maxlen: 24
                          213.149.80.0/20 maxlen: 24
                          31.187.80.0/22 maxlen: 24
                          213.178.16.0/20 maxlen: 24
                          31.187.88.0/22 maxlen: 24
                          217.72.208.0/20 maxlen: 24
                          185.31.60.0/22 maxlen: 24
                          46.31.216.0/21 maxlen: 24
                          88.133.224.0/21 maxlen: 24
                          91.217.176.0/24 maxlen: 24
                          37.156.80.0/20 maxlen: 24
                          88.133.160.0/20 maxlen: 24
                          2a02:2488::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 460460256 (0x1b7210e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daf0a39cfadf910f6b132ad228e606561887a06c
        Validity
            Not Before: Jan  1 07:01:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c6b48144bba7c14ba366631645a4758d5d4e960f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:09:19:59:d0:57:e1:17:2b:a6:7b:45:76:f2:
                    57:f5:b6:db:91:4d:5a:d0:ec:da:07:b1:6d:02:23:
                    14:56:f9:29:41:e7:78:21:66:a0:8d:57:ef:b1:55:
                    7a:d8:fe:3f:32:76:e7:15:af:18:e6:4a:7f:3e:4f:
                    32:d4:46:b4:67:ba:d5:93:61:39:ec:12:d2:d0:65:
                    e1:f8:db:cf:c2:b4:d5:9b:e4:9f:37:eb:4c:5e:8c:
                    a1:ff:96:de:65:aa:53:27:65:cb:c2:46:d3:aa:9d:
                    83:c8:54:1d:05:8b:ef:5d:28:67:37:9d:a3:ee:31:
                    05:82:27:05:b3:6b:de:27:2d:8f:e8:bb:8f:17:a2:
                    01:84:8f:8d:33:67:d1:82:22:20:96:1c:3b:3f:c1:
                    25:c6:1d:dd:bc:9f:51:17:91:04:fd:91:44:75:a0:
                    26:da:25:fd:26:a2:9c:ad:7c:d6:df:61:e7:62:b7:
                    d1:41:f1:91:d5:d0:6a:a9:2d:42:8e:7f:3a:f1:82:
                    3e:c7:cd:41:0d:54:49:31:6d:30:86:c0:b7:a8:02:
                    b8:64:3e:3f:d2:26:61:47:af:b6:67:86:ae:e9:cc:
                    78:27:4e:76:e5:49:8b:a3:2b:6b:d9:f9:bf:c8:6a:
                    2e:75:dc:24:23:69:1f:df:11:01:4b:5d:b4:5a:01:
                    26:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B4:81:44:BB:A7:C1:4B:A3:66:63:16:45:A4:75:8D:5D:4E:96:0F
            X509v3 Authority Key Identifier:
                keyid:DA:F0:A3:9C:FA:DF:91:0F:6B:13:2A:D2:28:E6:06:56:18:87:A0:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vCjnPrfkQ9rEyrSKOYGVhiHoGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/ffa457-34c8-48c2-9ebc-92b207f641b1/1/xrSBRLunwUujZmMWRaR1jV1Olg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/ffa457-34c8-48c2-9ebc-92b207f641b1/1/2vCjnPrfkQ9rEyrSKOYGVhiHoGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.187.80.0/22
                  31.187.88.0/22
                  37.156.80.0/20
                  46.31.216.0/21
                  88.133.160.0/20
                  88.133.224.0/21
                  91.217.176.0/24
                  185.31.60.0/22
                  185.91.48.0/22
                  213.149.80.0/20
                  213.178.16.0/20
                  217.72.208.0/20
                IPv6:
                  2a02:2488::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:ac:d7:97:d1:cd:cc:75:0e:dd:e0:88:06:90:d4:fc:0b:95:
         50:14:dd:e9:a4:14:30:a1:e7:84:bc:21:05:07:62:5c:f8:d4:
         1e:66:74:f0:b8:e0:7d:3a:5e:ea:6d:09:b9:e8:9a:8f:0f:fd:
         91:ee:3d:9a:e2:42:dd:b9:3b:61:3e:d4:f6:6b:a1:f9:e8:50:
         52:b8:59:5d:9c:71:81:84:b6:32:b5:1d:e6:e8:cc:6b:8e:91:
         8d:99:82:19:d4:a3:72:59:f8:14:da:b8:ca:ef:11:f3:ee:76:
         08:9f:d7:62:3a:a0:bc:4b:44:20:ef:10:c4:b2:18:e4:eb:d8:
         a7:e9:5e:4e:c6:d5:2b:6c:f6:33:42:ff:d8:c6:0e:7c:7d:f1:
         10:3c:c4:82:67:cd:13:b4:cb:de:30:52:80:d0:5d:79:ca:d3:
         5f:cb:69:84:45:d9:d3:f8:a1:b3:29:11:e2:7d:f0:38:43:ca:
         b1:dc:11:4d:57:4f:b0:89:c1:6b:13:0c:08:86:1f:d6:97:bf:
         cc:9e:33:61:ae:b2:33:e6:55:f5:3b:42:7f:a4:11:67:0b:1e:
         2f:dd:23:b2:b9:64:9c:a6:c2:bc:27:7a:a5:04:94:ef:74:2b:
         95:e0:f6:57:04:c8:3b:a9:83:56:58:0d:d3:62:c3:a3:b3:9c:
         75:e6:c4:bd
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIEG3IQ4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YWYwYTM5Y2ZhZGY5MTBmNmIxMzJhZDIyOGU2MDY1NjE4ODdhMDZjMB4XDTIyMDEw
MTA3MDE1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzZiNDgxNDRiYmE3
YzE0YmEzNjY2MzE2NDVhNDc1OGQ1ZDRlOTYwZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL4JGVnQV+EXK6Z7RXbyV/W225FNWtDs2gexbQIjFFb5KUHn
eCFmoI1X77FVetj+PzJ25xWvGOZKfz5PMtRGtGe61ZNhOewS0tBl4fjbz8K01Zvk
nzfrTF6Mof+W3mWqUydly8JG06qdg8hUHQWL710oZzedo+4xBYInBbNr3ictj+i7
jxeiAYSPjTNn0YIiIJYcOz/BJcYd3byfUReRBP2RRHWgJtol/SainK181t9h52K3
0UHxkdXQaqktQo5/OvGCPsfNQQ1USTFtMIbAt6gCuGQ+P9ImYUevtmeGrunMeCdO
duVJi6Mra9n5v8hqLnXcJCNpH98RAUtdtFoBJrcCAwEAAaOCAlowggJWMB0GA1Ud
DgQWBBTGtIFEu6fBS6NmYxZFpHWNXU6WDzAfBgNVHSMEGDAWgBTa8KOc+t+RD2sT
KtIo5gZWGIegbDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJ2Q2puUHJma1E5ckV5clNLT1lHVmhpSG9Hdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzcvZmZhNDU3LTM0YzgtNDhjMi05ZWJjLTkyYjIwN2Y2NDFiMS8x
L3hyU0JSTHVud1V1alptTVdSYVIxalYxT2xnOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzcv
ZmZhNDU3LTM0YzgtNDhjMi05ZWJjLTkyYjIwN2Y2NDFiMS8xLzJ2Q2puUHJma1E5
ckV5clNLT1lHVmhpSG9Hdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBw
BggrBgEFBQcBBwEB/wRhMF8wTgQCAAEwSAMEAh+7UAMEAh+7WAMEBCWcUAMEAy4f
2AMEBFiFoAMEA1iF4AMEAFvZsAMEArkfPAMEArlbMAMEBNWVUAMEBNWyEAMEBNlI
0DANBAIAAjAHAwUAKgIkiDANBgkqhkiG9w0BAQsFAAOCAQEAgKzXl9HNzHUO3eCI
BpDU/AuVUBTd6aQUMKHnhLwhBQdiXPjUHmZ08LjgfTpe6m0Jueiajw/9ke49muJC
3bk7YT7U9muh+ehQUrhZXZxxgYS2MrUd5ujMa46RjZmCGdSjcln4FNq4yu8R8+52
CJ/XYjqgvEtEIO8QxLIY5OvYp+leTsbVK2z2M0L/2MYOfH3xEDzEgmfNE7TL3jBS
gNBdecrTX8tphEXZ0/ihsykR4n3wOEPKsdwRTVdPsInBaxMMCIYf1pe/zJ4zYa6y
M+ZV9TtCf6QRZwseL90jsrlknKbCvCd6pQSU73QrleD2VwTIO6mDVlgN02LDo7Oc
debEvQ==
-----END CERTIFICATE-----