Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VWHMMZqgtl57qAs9DkYIKydnuig.roa
File:                     VWHMMZqgtl57qAs9DkYIKydnuig.roa (raw, json)
Hash identifier:          aoYj4JICYKuj5WMvCHmXAR0LuID8YKFvjm7UXIUdbxI=
Subject key identifier:   55:61:CC:31:9A:A0:B6:5E:7B:A8:0B:3D:0E:46:08:2B:27:67:BA:28
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184F673E3C46F2857EFEF97D53ABAC4C762
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VWHMMZqgtl57qAs9DkYIKydnuig.roa
Signing time:             Fri 09 Dec 2022 10:35:00 +0000
ROA not before:           Fri 09 Dec 2022 10:35:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        193.124.226.0/24 maxlen: 24
                          193.124.224.0/23 maxlen: 23
                          194.87.126.0/24 maxlen: 24
                          212.192.208.0/23 maxlen: 24
                          193.124.49.0/24 maxlen: 24
                          194.87.41.0/24 maxlen: 24
                          195.133.22.0/24 maxlen: 24
                          194.135.46.0/24 maxlen: 24
                          212.192.16.0/21 maxlen: 24
                          194.87.61.0/24 maxlen: 24
                          194.87.192.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:f6:73:e3:c4:6f:28:57:ef:ef:97:d5:3a:ba:c4:c7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec  9 10:35:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5561cc319aa0b65e7ba80b3d0e46082b2767ba28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:60:1a:21:22:d8:a4:70:0c:51:2c:23:5c:13:
                    79:7b:16:9f:84:12:5b:ad:16:c2:09:85:41:4f:46:
                    d7:3d:f3:7b:ed:93:31:70:44:31:b7:c9:3b:54:7c:
                    ec:91:0a:61:18:9c:8a:b4:d8:ea:fe:7a:23:9d:55:
                    f0:8c:34:5a:23:e2:61:f5:27:9d:ef:23:51:b5:e6:
                    32:3e:aa:dd:0a:53:a9:f3:84:83:ad:fe:0f:58:0a:
                    54:51:f9:9b:3b:8e:ba:66:98:f0:42:1f:dd:e8:4e:
                    4c:06:e6:dc:46:6a:4f:f9:2a:80:d6:0f:5d:97:74:
                    28:db:4f:6f:c7:59:2a:ce:4d:6f:01:f1:d5:5a:21:
                    ba:4e:c4:2b:26:ca:65:9d:3e:7f:23:8c:42:6c:2b:
                    45:7b:9d:01:ac:ce:ad:ce:68:f1:76:41:2f:c7:53:
                    f3:64:40:86:52:8c:0f:18:e0:a8:c2:e3:c4:b4:9c:
                    5c:c1:f4:2b:0e:9b:39:e0:c3:17:d7:37:54:c5:74:
                    1a:bd:da:4b:26:80:81:84:85:7a:b7:32:95:3f:dc:
                    f7:8c:4f:6b:02:f0:ee:a2:9a:f8:a5:c2:e4:d6:b7:
                    ae:aa:9b:3e:87:a2:c0:09:ac:db:94:14:19:80:c7:
                    00:4e:6a:7e:0b:1a:bc:e1:33:f0:19:33:46:1f:20:
                    b2:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:61:CC:31:9A:A0:B6:5E:7B:A8:0B:3D:0E:46:08:2B:27:67:BA:28
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VWHMMZqgtl57qAs9DkYIKydnuig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.49.0/24
                  193.124.224.0-193.124.226.255
                  194.87.41.0/24
                  194.87.61.0/24
                  194.87.126.0/24
                  194.87.192.0/22
                  194.135.46.0/24
                  195.133.22.0/24
                  212.192.16.0/21
                  212.192.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:f5:55:f8:e3:a6:4f:d3:9e:b9:18:9e:3f:b5:e7:9f:22:06:
         cc:b3:7d:06:f7:9d:98:1f:f1:26:e5:36:ea:4a:9e:e6:7c:98:
         4b:dd:7c:70:4c:f1:46:c9:78:cc:71:01:dc:e6:47:07:29:61:
         24:b1:58:de:01:5e:a0:ff:63:da:d3:39:bc:b6:fc:78:cc:9f:
         12:d2:f9:76:71:f8:8f:0f:29:fc:a5:a6:d8:bc:f4:2c:0c:ad:
         8f:b3:8b:49:8d:4f:7a:b2:a7:30:bd:b8:80:7d:b0:5d:7c:d4:
         76:7c:9f:4d:63:33:33:6b:11:c4:2d:b5:6c:8e:09:0d:22:07:
         2a:f5:e4:6d:14:65:ca:85:cb:b3:9b:0a:51:f2:5b:8a:dc:ea:
         ed:fe:be:1b:82:72:44:3a:db:0f:25:47:d8:cb:b6:b5:84:c1:
         b2:1f:3e:29:3c:d3:f6:5a:34:f4:97:56:33:32:54:f5:48:9b:
         74:74:95:3a:1b:72:c4:ed:6e:3d:4f:15:25:a1:c0:1f:a6:92:
         11:83:97:71:f3:73:d7:1d:f6:ce:19:e7:c3:b7:fa:31:f0:2b:
         f2:49:3c:e5:14:9a:f5:f2:b7:89:30:fd:21:f2:1e:b7:a3:1b:
         fe:fd:0f:6c:2e:fc:ff:ba:c1:73:ff:d5:18:51:26:10:43:55:
         49:97:48:49
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYT2c+PEbyhX7++X1Tq6xMdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjA5MTAzNTAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTYxY2MzMTlhYTBiNjVlN2JhODBiM2QwZTQ2MDgyYjI3NjdiYTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGAaISLYpHAMUSwjXBN5exafhBJb
rRbCCYVBT0bXPfN77ZMxcEQxt8k7VHzskQphGJyKtNjq/nojnVXwjDRaI+Jh9Sed
7yNRteYyPqrdClOp84SDrf4PWApUUfmbO466ZpjwQh/d6E5MBubcRmpP+SqA1g9d
l3Qo209vx1kqzk1vAfHVWiG6TsQrJsplnT5/I4xCbCtFe50BrM6tzmjxdkEvx1Pz
ZECGUowPGOCowuPEtJxcwfQrDps54MMX1zdUxXQavdpLJoCBhIV6tzKVP9z3jE9r
AvDuopr4pcLk1reuqps+h6LACazblBQZgMcATmp+Cxq84TPwGTNGHyCyMwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFFVhzDGaoLZee6gLPQ5GCCsnZ7ooMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVldITU1acWd0bDU3cUFzOURrWUlLeWRudWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAwXwxMAwD
BAXBfOADBADBfOIDBADCVykDBADCVz0DBADCV34DBALCV8ADBADChy4DBADDhRYD
BAPUwBADBAHUwNAwDQYJKoZIhvcNAQELBQADggEBAEn1Vfjjpk/TnrkYnj+1558i
BsyzfQb3nZgf8SblNupKnuZ8mEvdfHBM8UbJeMxxAdzmRwcpYSSxWN4BXqD/Y9rT
Oby2/HjMnxLS+XZx+I8PKfylpti89CwMrY+zi0mNT3qypzC9uIB9sF181HZ8n01j
MzNrEcQttWyOCQ0iByr15G0UZcqFy7ObClHyW4rc6u3+vhuCckQ62w8lR9jLtrWE
wbIfPik80/ZaNPSXVjMyVPVIm3R0lTobcsTtbj1PFSWhwB+mkhGDl3Hzc9cd9s4Z
58O3+jHwK/JJPOUUmvXyt4kw/SHyHrejG/79D2wu/P+6wXP/1RhRJhBDVUmXSEk=
-----END CERTIFICATE-----