Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/1CP-TDNo5Ib76ieDmYmJ0brmJ5w.roa
File:                     1CP-TDNo5Ib76ieDmYmJ0brmJ5w.roa (raw, json)
Hash identifier:          oNEFW5ghv4IRvF1ATCUzTzoh0cEq11sBcmOHOBP5oDU=
Subject key identifier:   D4:23:FE:4C:33:68:E4:86:FB:EA:27:83:99:89:89:D1:BA:E6:27:9C
Certificate issuer:       /CN=2ac943517f5e3b747e7530320789a03444b43912
Certificate serial:       018335893D068665A8C9FD51C8A14FEAD549
Authority key identifier: 2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/1CP-TDNo5Ib76ieDmYmJ0brmJ5w.roa
Signing time:             Tue 13 Sep 2022 06:28:49 +0000
ROA not before:           Tue 13 Sep 2022 06:28:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49033
IP address blocks:        185.232.160.0/22 maxlen: 24
                          185.171.48.0/22 maxlen: 24
                          185.116.144.0/22 maxlen: 24
                          185.238.108.0/22 maxlen: 24
                          185.91.92.0/22 maxlen: 24
                          185.166.91.0/24 maxlen: 24
                          185.166.89.0/24 maxlen: 24
                          185.166.90.0/23 maxlen: 24
                          185.166.90.0/24 maxlen: 24
                          185.166.88.0/24 maxlen: 24
                          185.166.88.0/22 maxlen: 22
                          94.46.218.0/23 maxlen: 23
                          94.46.216.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:35:89:3d:06:86:65:a8:c9:fd:51:c8:a1:4f:ea:d5:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac943517f5e3b747e7530320789a03444b43912
        Validity
            Not Before: Sep 13 06:28:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d423fe4c3368e486fbea2783998989d1bae6279c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:48:60:46:93:a4:a1:22:c5:98:df:76:9a:ec:
                    1a:ce:d3:f1:95:3b:fa:5a:9f:38:ab:c7:7c:ef:59:
                    e7:ae:bf:a2:09:ef:f8:96:3c:c7:bd:21:e7:b1:4b:
                    1f:9c:39:bb:20:00:5f:4d:8f:01:7b:74:6e:f7:47:
                    75:6d:cb:88:6d:3b:94:fa:ff:36:5e:e3:c5:b0:5f:
                    58:57:a4:04:22:5b:6d:54:9a:2a:42:19:38:78:f9:
                    ef:fa:74:36:19:6c:a4:57:6b:55:6d:a8:2e:72:42:
                    23:99:f0:bb:85:de:d1:4c:6d:91:6d:27:b0:76:bf:
                    76:7b:9b:d4:08:79:92:f8:29:22:28:8e:3b:07:55:
                    fc:32:ba:3d:c6:56:26:74:0e:ec:6d:c3:67:ae:26:
                    9d:3a:6a:18:fd:64:6f:39:b2:4f:6a:f8:5f:3a:79:
                    50:4c:d1:fe:94:f2:10:69:8e:87:b8:c2:35:6c:dd:
                    b7:28:e5:64:46:c9:4f:30:f9:2c:5e:24:ea:c3:02:
                    12:55:2c:e7:62:6e:7a:21:21:b9:eb:08:73:5c:0e:
                    18:59:c4:29:e9:e0:1d:6e:ce:1e:5a:03:1b:1d:a6:
                    02:1d:e7:02:0d:af:71:19:26:85:c5:ab:59:90:a3:
                    c8:98:9e:51:a9:7e:10:10:22:e6:1e:02:e9:5c:51:
                    c7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:23:FE:4C:33:68:E4:86:FB:EA:27:83:99:89:89:D1:BA:E6:27:9C
            X509v3 Authority Key Identifier:
                keyid:2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/1CP-TDNo5Ib76ieDmYmJ0brmJ5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.46.216.0/22
                  185.91.92.0/22
                  185.116.144.0/22
                  185.166.88.0/22
                  185.171.48.0/22
                  185.232.160.0/22
                  185.238.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:25:52:b4:16:31:d8:9d:33:4f:85:d8:2d:33:59:ac:c5:f6:
         57:0e:56:d4:22:be:53:44:11:bc:ef:83:60:52:28:56:14:5d:
         e8:d3:7f:27:03:86:9e:3b:e5:a6:ff:24:ef:0a:73:04:c5:a4:
         23:25:66:2a:8d:9a:0a:58:84:21:24:89:41:47:56:1a:2a:a0:
         e0:a0:49:72:67:24:32:48:b5:87:3c:a8:8c:17:f8:a4:50:2a:
         01:0f:20:bd:da:88:81:56:f9:a3:13:fe:4b:74:67:b4:37:c4:
         4f:03:b5:fe:aa:8e:16:d6:19:af:35:97:2a:61:b6:63:19:c1:
         fe:f5:43:f1:3e:f2:04:59:37:71:03:44:51:13:a0:87:a2:f4:
         e0:29:f8:c4:f4:f3:83:48:42:28:fa:a1:91:14:37:b8:f4:0b:
         f4:26:07:58:52:87:72:f6:95:b5:c4:11:62:1f:10:e5:04:28:
         cd:9e:dd:55:2e:70:ac:71:8b:a2:0a:2c:18:91:12:60:68:26:
         ba:dc:d2:5e:07:18:cf:97:77:d9:7e:96:5c:f0:2e:eb:38:bf:
         0e:de:de:d1:cf:b1:e9:a9:63:fe:a0:18:a4:11:14:f1:16:d9:
         b3:79:de:76:79:56:7a:94:bc:2e:0c:95:03:c4:29:3c:2c:97:
         00:a5:d1:0a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYM1iT0GhmWoyf1RyKFP6tVJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzk0MzUxN2Y1ZTNiNzQ3ZTc1MzAzMjA3ODlhMDM0NDRi
NDM5MTIwHhcNMjIwOTEzMDYyODQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDIzZmU0YzMzNjhlNDg2ZmJlYTI3ODM5OTg5ODlkMWJhZTYyNzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0hgRpOkoSLFmN92muwaztPxlTv6
Wp84q8d871nnrr+iCe/4ljzHvSHnsUsfnDm7IABfTY8Be3Ru90d1bcuIbTuU+v82
XuPFsF9YV6QEIlttVJoqQhk4ePnv+nQ2GWykV2tVbaguckIjmfC7hd7RTG2RbSew
dr92e5vUCHmS+CkiKI47B1X8Mro9xlYmdA7sbcNnriadOmoY/WRvObJPavhfOnlQ
TNH+lPIQaY6HuMI1bN23KOVkRslPMPksXiTqwwISVSznYm56ISG56whzXA4YWcQp
6eAdbs4eWgMbHaYCHecCDa9xGSaFxatZkKPImJ5RqX4QECLmHgLpXFHHrwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNQj/kwzaOSG++ong5mJidG65iecMB8GA1UdIwQY
MBaAFCrJQ1F/Xjt0fnUwMgeJoDREtDkSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NsRFVYOWVPM1ItZFRBeUI0bWdORVMwT1JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xOTUxMWQtNTM3ZS00MjQxLWEwZDgt
MmQ5MWNmZDdhYWY0LzEvMUNQLVRETm81SWI3NmllRG1ZbUowYnJtSjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xOTUxMWQtNTM3ZS00MjQxLWEwZDgtMmQ5MWNmZDdhYWY0
LzEvS3NsRFVYOWVPM1ItZFRBeUI0bWdORVMwT1JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCXi7YAwQC
uVtcAwQCuXSQAwQCuaZYAwQCuaswAwQCueigAwQCue5sMA0GCSqGSIb3DQEBCwUA
A4IBAQBbJVK0FjHYnTNPhdgtM1msxfZXDlbUIr5TRBG874NgUihWFF3o038nA4ae
O+Wm/yTvCnMExaQjJWYqjZoKWIQhJIlBR1YaKqDgoElyZyQySLWHPKiMF/ikUCoB
DyC92oiBVvmjE/5LdGe0N8RPA7X+qo4W1hmvNZcqYbZjGcH+9UPxPvIEWTdxA0RR
E6CHovTgKfjE9PODSEIo+qGRFDe49Av0JgdYUody9pW1xBFiHxDlBCjNnt1VLnCs
cYuiCiwYkRJgaCa63NJeBxjPl3fZfpZc8C7rOL8O3t7Rz7HpqWP+oBikERTxFtmz
ed52eVZ6lLwuDJUDxCk8LJcApdEK
-----END CERTIFICATE-----