Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/16b7f4-fa15-47a6-9fc5-254bcbcec037/1/YJcTSfam0SdM62tpHCvJzcEvYVM.roa
File:                     YJcTSfam0SdM62tpHCvJzcEvYVM.roa (raw, json)
Hash identifier:          r/QXaWABy3pkA69+8tUb8ybCl5ko72o3wDpfCrE9Qdc=
Subject key identifier:   60:97:13:49:F6:A6:D1:27:4C:EB:6B:69:1C:2B:C9:CD:C1:2F:61:53
Certificate issuer:       /CN=759d6afb8ddf8f8c0dd660790edcba1f3b370c63
Certificate serial:       01855854AAF587AB204E571D8B402D456224
Authority key identifier: 75:9D:6A:FB:8D:DF:8F:8C:0D:D6:60:79:0E:DC:BA:1F:3B:37:0C:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dZ1q-43fj4wN1mB5Dty6Hzs3DGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/16b7f4-fa15-47a6-9fc5-254bcbcec037/1/YJcTSfam0SdM62tpHCvJzcEvYVM.roa
Signing time:             Wed 28 Dec 2022 10:43:41 +0000
ROA not before:           Wed 28 Dec 2022 10:43:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60631
IP address blocks:        185.8.172.0/24 maxlen: 24
                          185.8.174.0/24 maxlen: 24
                          185.8.173.0/24 maxlen: 24
                          185.8.175.0/24 maxlen: 24
                          130.185.75.0/24 maxlen: 24
                          130.185.74.0/24 maxlen: 24
                          130.185.76.0/24 maxlen: 24
                          130.185.78.0/23 maxlen: 23
                          130.185.78.0/24 maxlen: 24
                          130.185.77.0/24 maxlen: 24
                          130.185.73.0/24 maxlen: 24
                          130.185.72.0/24 maxlen: 24
                          130.185.79.0/24 maxlen: 24
                          185.208.174.0/24 maxlen: 24
                          185.208.175.0/24 maxlen: 24
                          2a03:2dc0::/36 maxlen: 36
                          2a03:2dc0:1000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:58:54:aa:f5:87:ab:20:4e:57:1d:8b:40:2d:45:62:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=759d6afb8ddf8f8c0dd660790edcba1f3b370c63
        Validity
            Not Before: Dec 28 10:43:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=60971349f6a6d1274ceb6b691c2bc9cdc12f6153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b1:48:31:69:66:f9:d9:da:ed:33:6a:82:e1:
                    a1:a0:73:a3:82:86:e0:8e:1d:4c:cb:86:3d:76:42:
                    21:74:7e:61:e0:af:c9:ef:45:ea:2e:5f:61:46:bd:
                    e8:01:bf:c5:8f:7f:63:c2:5b:b4:6e:75:43:74:ad:
                    dc:f6:ef:ee:29:a0:0a:34:4a:b4:e1:52:ba:53:05:
                    57:01:83:74:d3:83:db:e7:c3:c6:4f:b7:58:4c:74:
                    71:12:d4:34:fd:c4:63:32:95:56:af:be:41:55:47:
                    32:03:a8:ef:86:fd:f8:ac:e5:2c:45:d0:bf:fa:c6:
                    e2:f7:76:6a:c6:11:7e:b8:2e:00:d0:fc:4b:71:28:
                    a9:00:0c:7f:83:b2:ee:91:b4:dc:02:ff:53:a7:cb:
                    2a:91:2e:3a:7b:1b:bb:9f:5d:1d:5c:43:55:75:0f:
                    85:f1:a5:fb:20:de:91:2d:8d:e6:5d:62:2b:f4:29:
                    56:fb:8c:de:58:22:c0:b6:a9:a3:ff:3e:e2:e6:b8:
                    14:1e:dc:9f:24:03:e4:28:d8:18:28:7f:1f:0f:74:
                    9e:c9:94:88:18:4e:93:29:7c:3d:10:8b:14:7b:3b:
                    1c:03:a1:e8:5f:af:2b:09:7b:0a:55:7e:20:d9:30:
                    bf:12:c5:ab:2b:c8:af:36:c2:2d:dd:24:fb:0a:6f:
                    74:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:97:13:49:F6:A6:D1:27:4C:EB:6B:69:1C:2B:C9:CD:C1:2F:61:53
            X509v3 Authority Key Identifier:
                keyid:75:9D:6A:FB:8D:DF:8F:8C:0D:D6:60:79:0E:DC:BA:1F:3B:37:0C:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dZ1q-43fj4wN1mB5Dty6Hzs3DGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/16b7f4-fa15-47a6-9fc5-254bcbcec037/1/YJcTSfam0SdM62tpHCvJzcEvYVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/16b7f4-fa15-47a6-9fc5-254bcbcec037/1/dZ1q-43fj4wN1mB5Dty6Hzs3DGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.72.0/21
                  185.8.172.0/22
                  185.208.174.0/23
                IPv6:
                  2a03:2dc0::/35

    Signature Algorithm: sha256WithRSAEncryption
         06:cb:2a:66:19:1c:d0:4a:88:7a:f4:15:05:66:8e:f7:ba:f2:
         93:e5:56:6a:36:45:3f:8c:08:0e:0a:ae:1a:42:0c:e0:5d:1b:
         4e:89:9e:7d:5e:a2:dc:a0:46:92:6f:ff:6a:72:bb:ec:95:87:
         77:b2:5c:a5:ec:d9:08:f6:15:d5:14:15:f0:0a:a3:ee:f8:4c:
         27:f4:b0:98:2d:2a:b8:dc:5c:c6:8c:2f:28:65:42:62:6c:61:
         65:7c:49:e3:bc:e3:27:1c:6d:c0:b6:7c:a7:71:ca:00:9b:ba:
         08:1a:92:a4:f1:91:eb:b2:f7:83:15:45:eb:6a:ba:ea:a7:8d:
         87:d7:fa:f8:7f:a5:b1:d7:36:40:f6:43:db:c3:aa:94:ca:0e:
         57:76:aa:f4:48:64:8e:3d:45:fd:01:02:29:93:ac:9a:8e:c5:
         1d:ec:78:64:5e:99:d5:73:43:40:60:5a:b0:1a:65:f7:e1:08:
         97:2c:36:8b:09:b4:00:bc:b6:24:1d:d2:e9:97:44:db:86:59:
         60:a9:1f:30:66:b8:1b:26:45:5f:6e:c4:f4:36:fe:0a:56:84:
         c0:0b:72:7b:fd:5a:30:5c:08:7a:4a:65:71:7f:ef:6c:5b:3b:
         fd:0e:8d:27:04:c2:f8:12:88:2d:65:aa:04:dd:a2:e8:74:38:
         35:d6:23:d9
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVYVKr1h6sgTlcdi0AtRWIkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1OWQ2YWZiOGRkZjhmOGMwZGQ2NjA3OTBlZGNiYTFmM2Iz
NzBjNjMwHhcNMjIxMjI4MTA0MzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk3MTM0OWY2YTZkMTI3NGNlYjZiNjkxYzJiYzljZGMxMmY2MTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLFIMWlm+dna7TNqguGhoHOjgobg
jh1My4Y9dkIhdH5h4K/J70XqLl9hRr3oAb/Fj39jwlu0bnVDdK3c9u/uKaAKNEq0
4VK6UwVXAYN004Pb58PGT7dYTHRxEtQ0/cRjMpVWr75BVUcyA6jvhv34rOUsRdC/
+sbi93ZqxhF+uC4A0PxLcSipAAx/g7LukbTcAv9Tp8sqkS46exu7n10dXENVdQ+F
8aX7IN6RLY3mXWIr9ClW+4zeWCLAtqmj/z7i5rgUHtyfJAPkKNgYKH8fD3SeyZSI
GE6TKXw9EIsUezscA6HoX68rCXsKVX4g2TC/EsWrK8ivNsIt3ST7Cm90BQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFGCXE0n2ptEnTOtraRwryc3BL2FTMB8GA1UdIwQY
MBaAFHWdavuN34+MDdZgeQ7cuh87NwxjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFoxcS00M2ZqNHdOMW1CNUR0eTZIenMzREdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xNmI3ZjQtZmExNS00N2E2LTlmYzUt
MjU0YmNiY2VjMDM3LzEvWUpjVFNmYW0wU2RNNjJ0cEhDdkp6Y0V2WVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xNmI3ZjQtZmExNS00N2E2LTlmYzUtMjU0YmNiY2VjMDM3
LzEvZFoxcS00M2ZqNHdOMW1CNUR0eTZIenMzREdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQDgrlIAwQC
uQisAwQBudCuMA4EAgACMAgDBgUqAy3AADANBgkqhkiG9w0BAQsFAAOCAQEABssq
Zhkc0EqIevQVBWaO97ryk+VWajZFP4wIDgquGkIM4F0bTomefV6i3KBGkm//anK7
7JWHd7JcpezZCPYV1RQV8Aqj7vhMJ/SwmC0quNxcxowvKGVCYmxhZXxJ47zjJxxt
wLZ8p3HKAJu6CBqSpPGR67L3gxVF62q66qeNh9f6+H+lsdc2QPZD28OqlMoOV3aq
9Ehkjj1F/QECKZOsmo7FHex4ZF6Z1XNDQGBasBpl9+EIlyw2iwm0ALy2JB3S6ZdE
24ZZYKkfMGa4GyZFX27E9Db+ClaEwAtye/1aMFwIekplcX/vbFs7/Q6NJwTC+BKI
LWWqBN2i6HQ4NdYj2Q==
-----END CERTIFICATE-----