Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1tfak9T4t657E6uiZnOfGpEU2YQ.roa
File:                     1tfak9T4t657E6uiZnOfGpEU2YQ.roa (raw, json)
Hash identifier:          WeqAeYbsjBO2mG0DtzesE1nsAfwI2AxjmN3Rpe2mBGo=
Subject key identifier:   D6:D7:DA:93:D4:F8:B7:AE:7B:13:AB:A2:66:73:9F:1A:91:14:D9:84
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184F66ABAD1A86F34705885EF65B985FF62
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1tfak9T4t657E6uiZnOfGpEU2YQ.roa
Signing time:             Fri 09 Dec 2022 10:25:00 +0000
ROA not before:           Fri 09 Dec 2022 10:25:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        193.124.226.0/24 maxlen: 24
                          193.124.224.0/23 maxlen: 23
                          194.87.126.0/24 maxlen: 24
                          212.192.208.0/23 maxlen: 23
                          193.124.49.0/24 maxlen: 24
                          194.87.41.0/24 maxlen: 24
                          195.133.22.0/24 maxlen: 24
                          194.135.46.0/24 maxlen: 24
                          212.192.16.0/21 maxlen: 24
                          194.87.61.0/24 maxlen: 24
                          194.87.192.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:f6:6a:ba:d1:a8:6f:34:70:58:85:ef:65:b9:85:ff:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec  9 10:25:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d6d7da93d4f8b7ae7b13aba266739f1a9114d984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b4:58:e5:74:ff:00:3c:8c:76:9e:66:68:8d:
                    b2:69:10:e6:37:32:e7:45:4c:e8:6c:9b:f1:75:ef:
                    d8:84:43:82:24:c8:da:5c:a6:0f:ea:fb:19:08:39:
                    95:77:48:63:56:d8:32:ec:9b:04:44:d2:14:5c:3f:
                    9c:d1:d2:6f:e8:19:57:d3:c4:03:cc:c2:aa:72:00:
                    6a:00:16:05:ae:15:62:4d:6b:5d:88:13:36:09:c9:
                    fa:ca:4d:b6:4d:2c:61:a3:40:06:4c:fb:e9:67:6f:
                    f1:85:ca:12:18:64:3b:64:7d:9d:f7:bb:9d:cf:60:
                    b4:d9:a4:29:b2:e9:b0:ab:79:41:31:03:c3:6f:fb:
                    f6:c6:65:e4:b1:a2:fa:9b:24:4e:fa:f8:3f:50:bd:
                    71:07:8a:2d:a7:97:12:97:68:1c:d8:0f:1f:79:44:
                    30:16:1b:6d:fa:1e:a4:4e:ba:86:9e:42:0b:08:da:
                    0e:28:ef:a5:a2:fe:03:67:35:8e:c8:ad:50:46:fc:
                    e0:04:fd:e4:8f:d3:d5:ab:6a:fd:28:87:7d:93:9c:
                    b5:52:46:10:2d:7e:a5:fa:e9:d3:f7:5f:52:c2:67:
                    e7:30:8b:01:df:dc:c0:90:0a:24:46:30:b1:44:e0:
                    c7:08:f1:a3:cf:dd:e6:23:1c:38:ee:28:63:10:cf:
                    a2:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D7:DA:93:D4:F8:B7:AE:7B:13:AB:A2:66:73:9F:1A:91:14:D9:84
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1tfak9T4t657E6uiZnOfGpEU2YQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.49.0/24
                  193.124.224.0-193.124.226.255
                  194.87.41.0/24
                  194.87.61.0/24
                  194.87.126.0/24
                  194.87.192.0/22
                  194.135.46.0/24
                  195.133.22.0/24
                  212.192.16.0/21
                  212.192.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:a2:3c:ba:1e:4f:25:63:28:94:07:6c:49:2b:47:5b:06:6e:
         6c:5a:f4:df:8a:17:04:74:5d:17:3f:41:61:9d:0d:fd:09:ef:
         b5:df:ae:d4:4f:66:93:8a:7a:c4:bf:c0:cc:1f:7e:10:d8:06:
         23:3b:31:24:1f:ec:bd:3a:cb:a0:21:24:d2:09:5f:a6:a5:5b:
         18:a4:40:81:79:67:e7:5f:d0:11:25:d9:46:25:bf:f0:b3:fd:
         8d:d2:91:cc:a4:9d:f0:0d:90:ed:6f:7a:16:c8:db:d9:ae:82:
         e1:1a:38:bc:41:54:43:e7:e4:8f:03:df:9e:ae:d6:fc:49:6e:
         21:2c:4f:06:04:25:80:f6:77:0e:ad:aa:8a:ed:57:73:a6:f4:
         08:72:4f:a5:72:13:5a:02:0d:4c:06:ec:00:4a:51:8d:75:68:
         de:86:64:02:04:fd:ef:7c:de:93:ef:8b:6c:b5:81:aa:6a:95:
         3d:2b:40:3a:a2:80:e8:d1:70:aa:58:1f:70:ff:ed:1e:b3:2e:
         78:3c:7a:17:22:6e:95:f2:68:f3:22:de:c2:05:fe:f1:ea:2f:
         73:66:0b:92:78:cf:7b:86:be:e7:0c:a3:1c:9a:c9:48:05:10:
         6d:9e:53:fb:ab:44:04:cb:41:41:42:f0:19:0c:bc:0d:11:33:
         fb:a8:f2:37
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYT2arrRqG80cFiF72W5hf9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjA5MTAyNTAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQ3ZGE5M2Q0ZjhiN2FlN2IxM2FiYTI2NjczOWYxYTkxMTRkOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibRY5XT/ADyMdp5maI2yaRDmNzLn
RUzobJvxde/YhEOCJMjaXKYP6vsZCDmVd0hjVtgy7JsERNIUXD+c0dJv6BlX08QD
zMKqcgBqABYFrhViTWtdiBM2Ccn6yk22TSxho0AGTPvpZ2/xhcoSGGQ7ZH2d97ud
z2C02aQpsumwq3lBMQPDb/v2xmXksaL6myRO+vg/UL1xB4otp5cSl2gc2A8feUQw
Fhtt+h6kTrqGnkILCNoOKO+lov4DZzWOyK1QRvzgBP3kj9PVq2r9KId9k5y1UkYQ
LX6l+unT919SwmfnMIsB39zAkAokRjCxRODHCPGjz93mIxw47ihjEM+iaQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNbX2pPU+LeuexOromZznxqRFNmEMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMXRmYWs5VDR0NjU3RTZ1aVpuT2ZHcEVVMllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAwXwxMAwD
BAXBfOADBADBfOIDBADCVykDBADCVz0DBADCV34DBALCV8ADBADChy4DBADDhRYD
BAPUwBADBAHUwNAwDQYJKoZIhvcNAQELBQADggEBADuiPLoeTyVjKJQHbEkrR1sG
bmxa9N+KFwR0XRc/QWGdDf0J77XfrtRPZpOKesS/wMwffhDYBiM7MSQf7L06y6Ah
JNIJX6alWxikQIF5Z+df0BEl2UYlv/Cz/Y3SkcyknfANkO1vehbI29muguEaOLxB
VEPn5I8D356u1vxJbiEsTwYEJYD2dw6tqortV3Om9AhyT6VyE1oCDUwG7ABKUY11
aN6GZAIE/e983pPvi2y1gapqlT0rQDqigOjRcKpYH3D/7R6zLng8ehcibpXyaPMi
3sIF/vHqL3NmC5J4z3uGvucMoxyayUgFEG2eU/urRATLQUFC8BkMvA0RM/uo8jc=
-----END CERTIFICATE-----