Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ag2Tp0VdpJuUm4TOzWryh-ne7ic.roa
File:                     Ag2Tp0VdpJuUm4TOzWryh-ne7ic.roa (raw, json)
Hash identifier:          cEqbDw2HKs1IVToORFNdNNK5atI+wk0J98TCZpO3Z1w=
Subject key identifier:   02:0D:93:A7:45:5D:A4:9B:94:9B:84:CE:CD:6A:F2:87:E9:DE:EE:27
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018475C0E7C72726D2CAB0DC7DF7BCF27668
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ag2Tp0VdpJuUm4TOzWryh-ne7ic.roa
Signing time:             Mon 14 Nov 2022 10:48:07 +0000
ROA not before:           Mon 14 Nov 2022 10:48:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        62.76.231.0/24 maxlen: 24
                          194.135.18.0/24 maxlen: 24
                          194.87.26.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          195.133.12.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          192.124.172.0/24 maxlen: 24
                          192.124.178.0/24 maxlen: 24
                          212.193.3.0/24 maxlen: 24
                          193.124.205.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:75:c0:e7:c7:27:26:d2:ca:b0:dc:7d:f7:bc:f2:76:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 14 10:48:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=020d93a7455da49b949b84cecd6af287e9deee27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f2:4d:95:87:03:36:50:a1:00:cd:14:3a:24:
                    8d:f6:ee:9d:42:dd:15:42:d8:f1:d6:e8:a2:61:db:
                    05:b7:2e:e5:92:12:0d:2d:42:97:df:2d:32:7e:25:
                    c1:60:3a:87:7c:5e:7d:d0:25:f2:c5:90:bf:67:f8:
                    aa:04:c7:80:dd:d1:84:d5:5b:73:47:b8:ae:36:e6:
                    79:71:ee:52:3a:7a:b8:6a:b3:fb:92:13:34:fb:93:
                    9c:dc:7b:bd:7b:45:21:e2:39:29:00:fd:f0:61:40:
                    61:15:d9:94:fe:95:e8:2a:9e:49:d7:1b:9c:fd:80:
                    0a:69:32:5b:49:38:ee:a2:2d:ec:19:96:5e:20:bf:
                    52:5f:49:c8:07:0e:e4:37:5a:06:8a:49:c5:15:7a:
                    c5:68:47:00:c1:06:a6:82:79:e0:d1:02:33:3e:2b:
                    15:10:e2:3c:22:a6:5a:09:20:de:40:d2:ae:db:d5:
                    53:03:ed:7a:6b:38:c2:cf:f8:d2:4f:f5:27:87:28:
                    99:4e:87:99:f9:33:5d:0f:7c:b0:0a:a9:a6:22:00:
                    66:55:16:d7:11:ca:5c:9e:cd:ae:0d:0f:f4:80:52:
                    88:e8:05:98:c6:be:c9:5b:72:80:14:16:0d:e9:fb:
                    a1:ae:34:6b:f6:3d:48:ae:04:8e:e1:ee:cc:f4:8a:
                    ee:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:0D:93:A7:45:5D:A4:9B:94:9B:84:CE:CD:6A:F2:87:E9:DE:EE:27
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ag2Tp0VdpJuUm4TOzWryh-ne7ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.231.0/24
                  192.124.172.0/24
                  192.124.178.0/24
                  193.124.205.0/24
                  194.87.26.0/24
                  194.135.18.0/24
                  195.133.12.0/24
                  195.133.15.0/24
                  212.192.208.0/24
                  212.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:67:25:04:8e:3d:38:bf:f7:b4:41:43:90:a3:e2:2e:36:f0:
         4c:d1:01:46:1d:5e:ed:fc:e6:44:a3:3a:f2:f0:9f:37:b8:b0:
         fb:4d:ca:3c:a2:00:54:bf:7f:94:bb:77:2f:6c:46:02:28:2d:
         2f:f2:04:e6:76:1c:38:53:e3:ea:e8:2b:18:47:42:92:8a:59:
         d5:91:5e:e7:d6:09:fe:ad:28:59:d6:0a:65:13:d2:de:93:03:
         eb:63:6a:51:6d:35:ff:15:eb:22:14:96:f7:f7:4b:4a:f8:d8:
         8d:07:70:d9:d5:97:f5:ee:0b:3f:bf:0e:6c:78:31:d1:e5:62:
         c0:d9:d9:30:30:6b:ee:ce:96:ce:83:9c:6c:e3:d3:d4:ab:dc:
         ef:b7:52:a2:94:49:84:5e:41:ce:79:4f:ed:ce:90:86:6c:d2:
         20:da:0b:fa:f4:f6:a8:9d:45:ce:b8:4f:4c:86:e8:ef:0c:a7:
         10:f5:64:9b:f6:34:2f:8f:0c:fa:d9:87:81:de:4b:6f:12:c5:
         0b:6c:99:42:e6:5d:08:df:16:5a:d4:2e:eb:88:1f:47:51:a3:
         88:14:87:41:92:5f:00:14:e9:8f:44:55:59:11:30:65:d0:2d:
         75:89:0f:fb:e1:8c:87:c5:79:e0:d4:cc:75:32:16:4d:23:d0:
         5d:ca:0e:fc
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYR1wOfHJybSyrDcffe88nZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTE0MTA0ODA3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjBkOTNhNzQ1NWRhNDliOTQ5Yjg0Y2VjZDZhZjI4N2U5ZGVlZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/JNlYcDNlChAM0UOiSN9u6dQt0V
Qtjx1uiiYdsFty7lkhINLUKX3y0yfiXBYDqHfF590CXyxZC/Z/iqBMeA3dGE1Vtz
R7iuNuZ5ce5SOnq4arP7khM0+5Oc3Hu9e0Uh4jkpAP3wYUBhFdmU/pXoKp5J1xuc
/YAKaTJbSTjuoi3sGZZeIL9SX0nIBw7kN1oGiknFFXrFaEcAwQamgnng0QIzPisV
EOI8IqZaCSDeQNKu29VTA+16azjCz/jST/UnhyiZToeZ+TNdD3ywCqmmIgBmVRbX
Ecpcns2uDQ/0gFKI6AWYxr7JW3KAFBYN6fuhrjRr9j1IrgSO4e7M9IrukwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFAINk6dFXaSblJuEzs1q8ofp3u4nMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQWcyVHAwVmRwSnVVbTRUT3pXcnloLW5lN2ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAPkznAwQA
wHysAwQAwHyyAwQAwXzNAwQAwlcaAwQAwocSAwQAw4UMAwQAw4UPAwQA1MDQAwQA
1MEDMA0GCSqGSIb3DQEBCwUAA4IBAQBCZyUEjj04v/e0QUOQo+IuNvBM0QFGHV7t
/OZEozry8J83uLD7Tco8ogBUv3+Uu3cvbEYCKC0v8gTmdhw4U+Pq6CsYR0KSilnV
kV7n1gn+rShZ1gplE9LekwPrY2pRbTX/FesiFJb390tK+NiNB3DZ1Zf17gs/vw5s
eDHR5WLA2dkwMGvuzpbOg5xs49PUq9zvt1KilEmEXkHOeU/tzpCGbNIg2gv69Pao
nUXOuE9MhujvDKcQ9WSb9jQvjwz62YeB3ktvEsULbJlC5l0I3xZa1C7riB9HUaOI
FIdBkl8AFOmPRFVZETBl0C11iQ/74YyHxXng1Mx1MhZNI9Bdyg78
-----END CERTIFICATE-----