Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/aqRcv8xWL2A2Mzn3bUd8Prp1bgc.roa
File:                     aqRcv8xWL2A2Mzn3bUd8Prp1bgc.roa (raw, json)
Hash identifier:          e2wdbCm/fnA6s+N6V6W/qP6Cp16or3y8MQtijiTHF9s=
Subject key identifier:   6A:A4:5C:BF:CC:56:2F:60:36:33:39:F7:6D:47:7C:3E:BA:75:6E:07
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       0184C7C61E5A4A26DD497C1B4BEA23AFDAA2
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/aqRcv8xWL2A2Mzn3bUd8Prp1bgc.roa
Signing time:             Wed 30 Nov 2022 09:02:40 +0000
ROA not before:           Wed 30 Nov 2022 09:02:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     54994
IP address blocks:        163.171.166.0/24 maxlen: 24
                          163.171.177.0/24 maxlen: 24
                          163.171.182.0/24 maxlen: 24
                          163.171.188.0/24 maxlen: 24
                          148.253.231.0/24 maxlen: 24
                          148.253.232.0/24 maxlen: 24
                          148.253.233.0/24 maxlen: 24
                          148.253.237.0/24 maxlen: 24
                          148.253.234.0/24 maxlen: 24
                          148.253.235.0/24 maxlen: 24
                          148.253.34.0/24 maxlen: 24
                          163.171.222.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c7:c6:1e:5a:4a:26:dd:49:7c:1b:4b:ea:23:af:da:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Nov 30 09:02:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6aa45cbfcc562f60363339f76d477c3eba756e07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:13:32:9d:c9:bb:99:b7:4d:43:bc:83:81:35:
                    fd:7e:f0:51:64:8e:9e:50:58:b5:e3:6a:67:1d:61:
                    a9:3f:88:e3:de:4a:04:03:ae:bc:3e:bd:7c:83:33:
                    88:91:54:50:19:f7:f9:a1:f8:19:47:7b:7a:04:d3:
                    01:73:50:40:66:dc:8b:2f:e0:f5:bb:5c:ec:8f:17:
                    04:1c:63:b8:ba:80:b2:4a:b6:8e:3b:03:b8:7e:b1:
                    77:07:39:77:c8:f8:7b:ad:9f:00:64:28:09:ea:55:
                    0b:4b:db:0f:5a:95:84:5f:b3:c5:94:93:e5:70:88:
                    20:a5:20:94:02:a9:9c:27:de:6f:e3:f4:35:f0:8c:
                    9a:06:e0:ff:6a:b2:3d:72:5e:19:12:2e:97:20:b1:
                    f1:ca:1c:c7:c3:d5:f6:33:07:e8:05:0d:a5:5e:1f:
                    dc:e9:58:0e:9d:e5:e6:99:e6:85:fc:88:0d:3f:a6:
                    5c:b7:6c:3b:64:4e:1d:c4:1b:d6:b8:02:5d:99:5d:
                    b1:07:39:c7:db:cb:b3:40:33:4f:ee:d1:ce:06:bd:
                    03:64:b9:7f:5f:f6:36:8d:4f:93:15:94:15:d1:ce:
                    c1:b8:5f:08:8f:75:c6:73:16:c6:60:f1:8e:df:3e:
                    92:fd:1b:af:e9:52:5d:1c:42:6e:f4:ac:73:44:b2:
                    cb:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A4:5C:BF:CC:56:2F:60:36:33:39:F7:6D:47:7C:3E:BA:75:6E:07
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/aqRcv8xWL2A2Mzn3bUd8Prp1bgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.253.34.0/24
                  148.253.231.0-148.253.235.255
                  148.253.237.0/24
                  163.171.166.0/24
                  163.171.177.0/24
                  163.171.182.0/24
                  163.171.188.0/24
                  163.171.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:35:32:76:c5:75:00:8c:dc:0d:a9:9d:4f:dc:35:44:0a:5b:
         f0:44:56:ab:1d:77:7c:33:86:a1:30:14:78:1e:e8:66:08:70:
         f1:7d:25:e8:77:38:a0:a2:45:68:b8:09:a2:37:84:2f:69:77:
         39:44:57:cc:2f:8b:61:5a:dd:6a:30:36:81:d6:64:a2:8a:8c:
         dd:cd:f3:33:76:53:d6:0b:c1:65:9e:c6:6b:ee:1a:13:e0:29:
         d1:cb:17:4a:8e:a9:f4:2d:82:9e:e2:40:b6:47:0d:c1:7d:61:
         65:41:f4:91:b1:55:ed:a9:0d:7d:ca:15:44:b4:b7:03:c5:b6:
         63:ed:8b:56:72:25:e4:83:af:71:4a:5b:58:cd:d9:a1:29:22:
         0a:46:a3:4b:fd:f3:f9:6f:9a:07:c0:ab:72:f4:5a:01:b2:2c:
         41:c4:62:1c:07:3d:93:ac:90:c3:df:77:2d:45:8f:02:d7:39:
         b0:f6:60:82:b8:fe:af:f5:ae:6d:fc:14:e3:29:dd:ec:ca:bc:
         4f:31:03:e7:88:05:32:a0:94:02:d5:61:7b:4a:9b:2e:f9:1f:
         45:fd:85:b1:07:9e:8b:4c:66:b8:e6:b6:6c:be:c6:85:7c:4a:
         3f:ea:1b:ba:95:b6:61:19:8a:7f:c9:81:10:05:d1:18:6b:7c:
         10:d3:73:07
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYTHxh5aSibdSXwbS+ojr9qiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjIxMTMwMDkwMjQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE0NWNiZmNjNTYyZjYwMzYzMzM5Zjc2ZDQ3N2MzZWJhNzU2ZTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBMyncm7mbdNQ7yDgTX9fvBRZI6e
UFi142pnHWGpP4jj3koEA668Pr18gzOIkVRQGff5ofgZR3t6BNMBc1BAZtyLL+D1
u1zsjxcEHGO4uoCySraOOwO4frF3Bzl3yPh7rZ8AZCgJ6lULS9sPWpWEX7PFlJPl
cIggpSCUAqmcJ95v4/Q18IyaBuD/arI9cl4ZEi6XILHxyhzHw9X2MwfoBQ2lXh/c
6VgOneXmmeaF/IgNP6Zct2w7ZE4dxBvWuAJdmV2xBznH28uzQDNP7tHOBr0DZLl/
X/Y2jU+TFZQV0c7BuF8Ij3XGcxbGYPGO3z6S/Ruv6VJdHEJu9KxzRLLL7wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGqkXL/MVi9gNjM5921HfD66dW4HMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvYXFSY3Y4eFdMMkEyTXpuM2JVZDhQcnAxYmdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAlP0iMAwD
BACU/ecDBAKU/egDBACU/e0DBACjq6YDBACjq7EDBACjq7YDBACjq7wDBACjq94w
DQYJKoZIhvcNAQELBQADggEBADU1MnbFdQCM3A2pnU/cNUQKW/BEVqsdd3wzhqEw
FHge6GYIcPF9Jeh3OKCiRWi4CaI3hC9pdzlEV8wvi2Fa3WowNoHWZKKKjN3N8zN2
U9YLwWWexmvuGhPgKdHLF0qOqfQtgp7iQLZHDcF9YWVB9JGxVe2pDX3KFUS0twPF
tmPti1ZyJeSDr3FKW1jN2aEpIgpGo0v98/lvmgfAq3L0WgGyLEHEYhwHPZOskMPf
dy1FjwLXObD2YIK4/q/1rm38FOMp3ezKvE8xA+eIBTKglALVYXtKmy75H0X9hbEH
notMZrjmtmy+xoV8Sj/qG7qVtmEZin/JgRAF0RhrfBDTcwc=
-----END CERTIFICATE-----