Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PQ-P-DEFswaVcDeVxH5vIzcZats.roa
File:                     PQ-P-DEFswaVcDeVxH5vIzcZats.roa (raw, json)
Hash identifier:          yjX5MWgs6/BmG8ykWYx2CtBIscNL76+FXr1b9imwcLY=
Subject key identifier:   3D:0F:8F:F8:31:05:B3:06:95:70:37:95:C4:7E:6F:23:37:19:6A:DB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0183F57A8AC5C39797D7C4B80A2986D507C3
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PQ-P-DEFswaVcDeVxH5vIzcZats.roa
Signing time:             Thu 20 Oct 2022 12:59:52 +0000
ROA not before:           Thu 20 Oct 2022 12:59:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50225
IP address blocks:        194.87.202.0/24 maxlen: 24
                          194.87.123.0/24 maxlen: 24
                          212.192.210.0/24 maxlen: 24
                          193.124.45.0/24 maxlen: 24
                          193.124.46.0/24 maxlen: 24
                          212.192.6.0/24 maxlen: 24
                          194.58.43.0/24 maxlen: 24
                          194.87.176.0/24 maxlen: 24
                          194.87.191.0/24 maxlen: 24
                          212.193.6.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:f5:7a:8a:c5:c3:97:97:d7:c4:b8:0a:29:86:d5:07:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 20 12:59:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3d0f8ff83105b30695703795c47e6f2337196adb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5d:10:8c:3b:ce:c1:78:14:ce:10:cc:f6:15:
                    c5:22:4d:f7:d2:12:aa:44:fd:52:f9:6e:90:e8:04:
                    cb:d8:9a:31:ac:99:86:1d:59:09:a4:ae:54:80:a0:
                    0f:d7:a4:d0:eb:c0:8e:b6:c2:8a:dd:09:05:dc:4b:
                    f0:34:9e:ec:7f:35:ae:c1:40:82:5e:6b:71:a8:bf:
                    d1:5e:60:e8:eb:6c:bb:5d:af:c3:a3:f6:f5:22:7e:
                    84:69:d4:62:10:85:90:c4:5c:1d:c9:16:97:e9:b6:
                    ca:6a:02:cd:57:8d:69:4b:45:2f:86:c6:a2:93:18:
                    78:5d:81:57:8d:16:27:c1:7c:72:6f:24:87:30:1b:
                    9e:14:eb:4a:03:41:db:57:3f:69:95:23:aa:d4:10:
                    3f:df:b2:27:2a:ab:85:47:ad:d0:68:97:04:f9:5d:
                    dd:9d:73:35:57:77:77:df:56:1b:79:db:4e:b1:0b:
                    1f:52:ac:46:76:e5:b4:44:d9:56:ad:e4:b5:b8:f8:
                    d7:ad:c4:6b:e7:72:79:f3:8f:9b:c6:3c:e5:0a:9e:
                    9c:ae:b1:b1:3f:d2:ed:bb:9d:c4:b2:f8:49:a1:19:
                    e3:89:61:fd:6a:a6:cc:f1:01:11:14:fa:7d:41:56:
                    9d:de:75:b5:6f:bc:b2:a3:8e:ed:b0:2b:b3:a2:fb:
                    b3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:0F:8F:F8:31:05:B3:06:95:70:37:95:C4:7E:6F:23:37:19:6A:DB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PQ-P-DEFswaVcDeVxH5vIzcZats.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.45.0-193.124.46.255
                  194.58.43.0/24
                  194.87.123.0/24
                  194.87.176.0/24
                  194.87.191.0/24
                  194.87.202.0/24
                  212.192.6.0/24
                  212.192.210.0/24
                  212.193.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:6d:f8:88:af:f2:78:32:21:eb:71:54:d8:92:c6:c8:1f:40:
         86:9c:87:ff:ba:03:66:41:90:34:89:40:7a:09:c1:dc:8d:ff:
         74:e0:fb:12:ab:76:c1:01:73:41:1f:61:1d:3f:9b:2c:4e:68:
         a8:a1:96:53:ce:c2:ac:1a:76:b5:8e:2d:db:93:74:d0:5f:d6:
         c1:bb:0a:32:af:75:4b:78:a6:17:47:ee:2d:c3:ad:75:fa:d2:
         5f:90:cb:5d:06:a7:9e:f7:da:95:7c:b7:36:ec:0c:4f:0d:24:
         be:d1:3c:d4:86:09:da:15:a0:5f:9a:77:c6:bd:eb:b2:73:29:
         7d:41:09:b6:fa:d2:51:66:00:b6:45:a9:70:e1:40:0a:2c:b2:
         10:ff:88:e3:3f:cc:8b:bd:d8:ef:29:3b:50:f0:39:0b:c6:9c:
         f3:50:8a:b5:1b:26:27:5b:c1:ea:94:4a:a5:ca:88:b5:f8:6b:
         6f:04:f7:90:51:fa:48:3a:74:bf:6d:89:43:d5:66:af:4f:69:
         3b:f0:62:db:58:d6:50:62:17:e7:54:eb:e4:a2:3e:2d:25:fd:
         5b:0d:af:bd:46:ac:77:56:4f:a6:00:e3:d6:f0:94:e2:9b:56:
         16:4d:3e:bf:83:99:2e:e2:35:62:7e:db:7f:2a:fd:23:9e:63:
         ca:16:f8:80
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYP1eorFw5eX18S4CimG1QfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDIwMTI1OTUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDBmOGZmODMxMDViMzA2OTU3MDM3OTVjNDdlNmYyMzM3MTk2YWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql0QjDvOwXgUzhDM9hXFIk330hKq
RP1S+W6Q6ATL2JoxrJmGHVkJpK5UgKAP16TQ68COtsKK3QkF3EvwNJ7sfzWuwUCC
XmtxqL/RXmDo62y7Xa/Do/b1In6EadRiEIWQxFwdyRaX6bbKagLNV41pS0Uvhsai
kxh4XYFXjRYnwXxybySHMBueFOtKA0HbVz9plSOq1BA/37InKquFR63QaJcE+V3d
nXM1V3d331YbedtOsQsfUqxGduW0RNlWreS1uPjXrcRr53J584+bxjzlCp6crrGx
P9Ltu53EsvhJoRnjiWH9aqbM8QERFPp9QVad3nW1b7yyo47tsCuzovuzeQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFD0Pj/gxBbMGlXA3lcR+byM3GWrbMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUFEtUC1ERUZzd2FWY0RlVnhINXZJemNaYXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBADBfC0D
BADBfC4DBADCOisDBADCV3sDBADCV7ADBADCV78DBADCV8oDBADUwAYDBADUwNID
BADUwQYwDQYJKoZIhvcNAQELBQADggEBAGVt+Iiv8ngyIetxVNiSxsgfQIach/+6
A2ZBkDSJQHoJwdyN/3Tg+xKrdsEBc0EfYR0/myxOaKihllPOwqwadrWOLduTdNBf
1sG7CjKvdUt4phdH7i3DrXX60l+Qy10Gp5732pV8tzbsDE8NJL7RPNSGCdoVoF+a
d8a967JzKX1BCbb60lFmALZFqXDhQAosshD/iOM/zIu92O8pO1DwOQvGnPNQirUb
JidbweqUSqXKiLX4a28E95BR+kg6dL9tiUPVZq9PaTvwYttY1lBiF+dU6+SiPi0l
/VsNr71GrHdWT6YA49bwlOKbVhZNPr+DmS7iNWJ+238q/SOeY8oW+IA=
-----END CERTIFICATE-----