Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/RlT1np4L7xS7eE5kVNJWyklq1oo.roa
File:                     RlT1np4L7xS7eE5kVNJWyklq1oo.roa (raw, json)
Hash identifier:          ixiVPOa+7ZiUhIjMoWEfm1GQLYEN6M3XiBVwYpsN5z0=
Subject key identifier:   46:54:F5:9E:9E:0B:EF:14:BB:78:4E:64:54:D2:56:CA:49:6A:D6:8A
Certificate issuer:       /CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
Certificate serial:       0181EE8C21B81FB78CA13FFA2491BF612419
Authority key identifier: 8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/RlT1np4L7xS7eE5kVNJWyklq1oo.roa
Signing time:             Mon 11 Jul 2022 18:36:09 +0000
ROA not before:           Mon 11 Jul 2022 18:36:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15436
IP address blocks:        193.109.125.0/24 maxlen: 24
                          193.109.121.0/24 maxlen: 24
                          81.88.96.0/21 maxlen: 24
                          193.109.117.0/24 maxlen: 24
                          193.201.1.0/24 maxlen: 24
                          193.201.0.0/24 maxlen: 24
                          193.201.4.0/24 maxlen: 24
                          193.201.2.0/24 maxlen: 24
                          193.201.3.0/24 maxlen: 24
                          193.201.7.0/24 maxlen: 24
                          193.201.6.0/24 maxlen: 24
                          193.201.5.0/24 maxlen: 24
                          2a02:c18::/32 maxlen: 48
                          2a02:c18::/48 maxlen: 48
                          2a02:c18:6::/48 maxlen: 48
                          2a02:c18:1::/48 maxlen: 48
                          2a02:c18:7::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:ee:8c:21:b8:1f:b7:8c:a1:3f:fa:24:91:bf:61:24:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
        Validity
            Not Before: Jul 11 18:36:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4654f59e9e0bef14bb784e6454d256ca496ad68a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:84:18:65:e1:ab:73:31:f8:ce:0d:14:27:c1:
                    c1:29:96:f8:29:18:98:c7:75:85:c8:59:3b:c7:f9:
                    84:81:98:f5:77:f2:b0:83:08:7a:c1:12:88:b3:1d:
                    54:a3:fb:0a:e8:8d:65:25:29:04:ae:2e:28:69:25:
                    63:30:86:20:4f:eb:1d:92:bd:1f:94:1f:44:f8:e6:
                    7a:15:e8:e2:e2:99:3b:95:20:c8:e7:db:65:ff:cf:
                    36:1d:c2:58:7a:6b:05:88:2c:bc:0d:01:bb:dc:f4:
                    30:d9:d2:d9:14:6a:54:3f:b4:a4:97:54:6d:58:89:
                    3a:bd:5f:74:30:b1:b1:f9:1a:c5:2f:0e:fc:7f:12:
                    e6:3b:0e:a4:f8:fd:f7:01:8a:2d:35:9a:13:78:c2:
                    1d:64:b6:e4:31:c7:4b:7a:05:82:dc:fc:f1:14:10:
                    40:15:8e:ac:25:23:84:e2:f2:97:dd:ae:23:bd:54:
                    12:b0:1d:68:9f:d9:26:87:bc:af:f2:aa:43:81:bc:
                    aa:c0:a8:91:d8:1e:10:76:6b:d6:01:b8:d5:20:54:
                    3b:ef:39:63:2c:64:fc:cd:06:e1:2c:b3:01:17:e1:
                    35:7d:78:30:75:58:bb:0d:ab:0a:e5:3c:a7:62:5a:
                    1a:f0:0b:89:48:33:37:86:da:ad:b1:5b:b7:3e:7d:
                    88:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:54:F5:9E:9E:0B:EF:14:BB:78:4E:64:54:D2:56:CA:49:6A:D6:8A
            X509v3 Authority Key Identifier:
                keyid:8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/RlT1np4L7xS7eE5kVNJWyklq1oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/iib0dtYIYlrR_gblK5dKn2bwFBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.96.0/21
                  193.109.117.0/24
                  193.109.121.0/24
                  193.109.125.0/24
                  193.201.0.0/21
                IPv6:
                  2a02:c18::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:da:30:96:34:10:99:e4:8c:05:f4:2c:a0:88:67:d4:37:e2:
         1e:2a:ec:7b:ef:ac:7e:9a:fa:a5:b8:69:59:00:5b:7f:6f:96:
         ca:28:54:97:f3:0a:9e:95:83:1c:24:c4:fe:a0:c1:f4:d3:51:
         ac:33:53:4a:9b:1f:ef:15:80:a4:da:96:3d:d3:c2:ca:b4:4d:
         98:b3:89:66:96:e6:5b:33:28:4e:b3:ac:99:56:9b:23:34:7f:
         5b:9c:74:c3:05:9c:50:c2:c3:4d:9c:71:32:32:24:43:b9:a8:
         3e:b6:62:95:89:b0:93:d9:c0:01:06:f5:37:35:ca:af:be:b3:
         c4:23:11:3a:7e:21:3b:33:cb:57:0c:66:d1:40:94:8c:50:27:
         70:ea:62:ab:50:25:96:bd:ea:97:30:12:f9:90:fe:5c:72:c4:
         86:6f:a5:70:79:bb:bf:71:0b:be:9a:5c:4e:06:ac:54:15:af:
         f7:03:44:a9:6b:32:17:a9:66:c1:f6:78:3f:77:76:41:00:23:
         60:b7:cf:ea:5b:d1:31:11:1d:e7:68:69:4b:6d:49:05:a4:d2:
         19:ab:9e:6b:c7:2c:10:1c:82:c4:e2:6b:d2:49:a7:e6:7e:66:
         5f:38:bd:d6:0c:7f:2e:20:0e:60:df:00:26:2f:8b:40:0e:cd:
         e7:5a:d0:28
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYHujCG4H7eMoT/6JJG/YSQZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMjZmNDc2ZDYwODYyNWFkMWZlMDZlNTJiOTc0YTlmNjZm
MDE0MWEwHhcNMjIwNzExMTgzNjA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjU0ZjU5ZTllMGJlZjE0YmI3ODRlNjQ1NGQyNTZjYTQ5NmFkNjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oQYZeGrczH4zg0UJ8HBKZb4KRiY
x3WFyFk7x/mEgZj1d/Kwgwh6wRKIsx1Uo/sK6I1lJSkEri4oaSVjMIYgT+sdkr0f
lB9E+OZ6Feji4pk7lSDI59tl/882HcJYemsFiCy8DQG73PQw2dLZFGpUP7Skl1Rt
WIk6vV90MLGx+RrFLw78fxLmOw6k+P33AYotNZoTeMIdZLbkMcdLegWC3PzxFBBA
FY6sJSOE4vKX3a4jvVQSsB1on9kmh7yv8qpDgbyqwKiR2B4QdmvWAbjVIFQ77zlj
LGT8zQbhLLMBF+E1fXgwdVi7DasK5TynYloa8AuJSDM3htqtsVu3Pn2IbQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFEZU9Z6eC+8Uu3hOZFTSVspJataKMB8GA1UdIwQY
MBaAFIom9HbWCGJa0f4G5SuXSp9m8BQaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2It
ZDg0NmQxMDZiNWY3LzEvUmxUMW5wNEw3eFM3ZUU1a1ZOSld5a2xxMW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2ItZDg0NmQxMDZiNWY3
LzEvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDUVhgAwQA
wW11AwQAwW15AwQAwW19AwQDwckAMA0EAgACMAcDBQAqAgwYMA0GCSqGSIb3DQEB
CwUAA4IBAQBh2jCWNBCZ5IwF9CygiGfUN+IeKux776x+mvqluGlZAFt/b5bKKFSX
8wqelYMcJMT+oMH001GsM1NKmx/vFYCk2pY908LKtE2Ys4lmluZbMyhOs6yZVpsj
NH9bnHTDBZxQwsNNnHEyMiRDuag+tmKVibCT2cABBvU3NcqvvrPEIxE6fiE7M8tX
DGbRQJSMUCdw6mKrUCWWveqXMBL5kP5ccsSGb6Vwebu/cQu+mlxOBqxUFa/3A0Sp
azIXqWbB9ng/d3ZBACNgt8/qW9ExER3naGlLbUkFpNIZq55rxywQHILE4mvSSafm
fmZfOL3WDH8uIA5g3wAmL4tADs3nWtAo
-----END CERTIFICATE-----