Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/Ogsfae2hdxWof9_SX40ki2RUC40.roa
File:                     Ogsfae2hdxWof9_SX40ki2RUC40.roa (raw, json)
Hash identifier:          mdNGU3/h0MKxSF4r0EoG1qv6Y1LracjEv/UPLvplRWc=
Subject key identifier:   3A:0B:1F:69:ED:A1:77:15:A8:7F:DF:D2:5F:8D:24:8B:64:54:0B:8D
Certificate issuer:       /CN=a86580e18ad6ff8dc942be883c16de8b731f9605
Certificate serial:       0184752447998021C6DB11A3C32AAF404DE7
Authority key identifier: A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/Ogsfae2hdxWof9_SX40ki2RUC40.roa
Signing time:             Mon 14 Nov 2022 07:57:02 +0000
ROA not before:           Mon 14 Nov 2022 07:57:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39686
IP address blocks:        144.178.192.0/19 maxlen: 24
                          144.178.224.0/20 maxlen: 24
                          185.184.204.0/22 maxlen: 24
                          144.178.96.0/21 maxlen: 24
                          45.11.164.0/22 maxlen: 24
                          144.178.120.0/21 maxlen: 24
                          93.95.248.0/21 maxlen: 24
                          144.178.240.0/21 maxlen: 24
                          89.20.160.0/19 maxlen: 24
                          144.178.64.0/19 maxlen: 24
                          2a01:9bc0::/29 maxlen: 48
                          2a02:fe8::/32 maxlen: 48
                          2a02:fe9::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:75:24:47:99:80:21:c6:db:11:a3:c3:2a:af:40:4d:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a86580e18ad6ff8dc942be883c16de8b731f9605
        Validity
            Not Before: Nov 14 07:57:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3a0b1f69eda17715a87fdfd25f8d248b64540b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:e4:25:b2:79:40:f4:fc:da:18:c2:38:65:1f:
                    5c:cc:79:22:03:86:2d:2b:c4:c0:04:25:fb:d2:33:
                    fb:d5:9a:6f:09:a1:82:dc:a1:56:53:1c:1f:56:cf:
                    6a:a4:d4:3e:4f:06:7f:02:f9:03:e6:46:b0:07:42:
                    00:53:8a:94:26:cd:a9:3a:47:ea:65:5c:be:a3:96:
                    15:eb:8b:ef:57:17:47:02:c8:e8:78:cd:1e:27:b4:
                    43:39:01:a7:5a:30:99:d3:4e:7b:4a:18:fa:c4:e4:
                    0e:06:27:5c:9d:56:21:3f:fd:79:8d:9c:5e:03:e2:
                    71:ac:e8:13:40:ea:f0:97:0e:b4:de:0e:8c:e5:6b:
                    40:67:70:dd:12:8f:2e:01:73:87:86:81:8a:96:03:
                    1d:52:f1:57:00:9b:9d:f3:79:58:97:bb:40:d6:b3:
                    5c:f2:15:f4:09:bf:5c:42:d4:58:bd:60:7e:1e:98:
                    18:ee:4f:88:89:28:50:1b:94:0c:0b:6f:fc:99:15:
                    c1:11:0e:79:19:50:5d:67:65:9f:c6:7e:10:d8:60:
                    3f:b5:6b:27:0b:6e:d2:ee:fe:af:01:6e:2d:fd:6a:
                    54:1b:3e:25:19:00:d6:e6:bb:e7:5b:aa:55:98:cf:
                    62:77:51:ce:2c:ff:5d:8d:67:fd:62:a3:f0:dd:50:
                    1c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:0B:1F:69:ED:A1:77:15:A8:7F:DF:D2:5F:8D:24:8B:64:54:0B:8D
            X509v3 Authority Key Identifier:
                keyid:A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/Ogsfae2hdxWof9_SX40ki2RUC40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.164.0/22
                  89.20.160.0/19
                  93.95.248.0/21
                  144.178.64.0-144.178.103.255
                  144.178.120.0/21
                  144.178.192.0-144.178.247.255
                  185.184.204.0/22
                IPv6:
                  2a01:9bc0::/29
                  2a02:fe8::/31

    Signature Algorithm: sha256WithRSAEncryption
         2f:ac:96:11:2a:50:bc:06:32:29:f9:c9:d0:3c:4f:57:f1:d4:
         d1:0b:6e:c5:89:a9:48:35:28:3d:54:33:4b:ce:e5:08:19:14:
         d5:ab:f6:d6:3c:c8:40:a4:38:10:da:6d:ef:71:39:73:0f:52:
         fd:95:f2:6f:ed:d6:f4:54:a7:73:3d:e0:5d:3e:98:76:17:14:
         72:de:e0:19:97:36:79:49:51:94:73:48:f3:96:64:86:8f:18:
         43:6e:3b:d2:39:97:ad:89:22:6a:81:a5:79:94:9e:45:cc:a6:
         ea:45:d2:bb:6f:31:61:87:03:21:24:9d:fc:1e:1d:63:86:e6:
         52:c3:5c:5a:37:cc:14:15:01:27:21:d4:a5:b3:01:88:21:fe:
         60:0c:89:42:8b:27:e6:10:2d:0a:8c:9e:8f:d5:32:46:7a:c9:
         76:8e:60:53:b3:4a:8e:5c:f5:08:26:f2:18:a8:cb:f6:5c:be:
         7e:fe:a5:b7:06:32:78:17:25:85:60:e2:25:d8:f5:56:6c:16:
         fb:73:53:38:e6:83:ba:f0:a7:81:6d:26:47:92:ff:3b:17:06:
         8f:13:b0:2f:c7:11:66:d2:a9:b6:5c:0b:68:aa:17:20:d9:55:
         b0:ac:1d:27:c1:1a:c9:93:0c:be:32:9b:b5:7a:a5:8d:0f:23:
         82:99:dc:ef
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYR1JEeZgCHG2xGjwyqvQE3nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjU4MGUxOGFkNmZmOGRjOTQyYmU4ODNjMTZkZThiNzMx
Zjk2MDUwHhcNMjIxMTE0MDc1NzAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTBiMWY2OWVkYTE3NzE1YTg3ZmRmZDI1ZjhkMjQ4YjY0NTQwYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5OQlsnlA9PzaGMI4ZR9czHkiA4Yt
K8TABCX70jP71ZpvCaGC3KFWUxwfVs9qpNQ+TwZ/AvkD5kawB0IAU4qUJs2pOkfq
ZVy+o5YV64vvVxdHAsjoeM0eJ7RDOQGnWjCZ0057Shj6xOQOBidcnVYhP/15jZxe
A+JxrOgTQOrwlw603g6M5WtAZ3DdEo8uAXOHhoGKlgMdUvFXAJud83lYl7tA1rNc
8hX0Cb9cQtRYvWB+HpgY7k+IiShQG5QMC2/8mRXBEQ55GVBdZ2Wfxn4Q2GA/tWsn
C27S7v6vAW4t/WpUGz4lGQDW5rvnW6pVmM9id1HOLP9djWf9YqPw3VAcbwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFDoLH2ntoXcVqH/f0l+NJItkVAuNMB8GA1UdIwQY
MBaAFKhlgOGK1v+NyUK+iDwW3otzH5YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEt
MjM2ZTkyZmM2YTU5LzEvT2dzZmFlMmhkeFdvZjlfU1g0MGtpMlJVQzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEtMjM2ZTkyZmM2YTU5
LzEvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBABAIAATA6AwQCLQukAwQF
WRSgAwQDXV/4MAwDBAaQskADBAOQsmADBAOQsngwDAMEBpCywAMEA5Cy8AMEArm4
zDAUBAIAAjAOAwUDKgGbwAMFASoCD+gwDQYJKoZIhvcNAQELBQADggEBAC+slhEq
ULwGMin5ydA8T1fx1NELbsWJqUg1KD1UM0vO5QgZFNWr9tY8yECkOBDabe9xOXMP
Uv2V8m/t1vRUp3M94F0+mHYXFHLe4BmXNnlJUZRzSPOWZIaPGENuO9I5l62JImqB
pXmUnkXMpupF0rtvMWGHAyEknfweHWOG5lLDXFo3zBQVASch1KWzAYgh/mAMiUKL
J+YQLQqMno/VMkZ6yXaOYFOzSo5c9Qgm8hioy/Zcvn7+pbcGMngXJYVg4iXY9VZs
FvtzUzjmg7rwp4FtJkeS/zsXBo8TsC/HEWbSqbZcC2iqFyDZVbCsHSfBGsmTDL4y
m7V6pY0PI4KZ3O8=
-----END CERTIFICATE-----