Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XkgeNU7T4vtkcnrxKLGD9Jf8Do0.roa
File:                     XkgeNU7T4vtkcnrxKLGD9Jf8Do0.roa (raw, json)
Hash identifier:          5yaiBMNo7O9SPTFDkD1OkXrD0CxejGqL+xRAxfhQkzY=
Subject key identifier:   5E:48:1E:35:4E:D3:E2:FB:64:72:7A:F1:28:B1:83:F4:97:FC:0E:8D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184F66C90C8927D40AA837AE0B8ACB05705
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XkgeNU7T4vtkcnrxKLGD9Jf8Do0.roa
Signing time:             Fri 09 Dec 2022 10:27:00 +0000
ROA not before:           Fri 09 Dec 2022 10:27:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     17447
IP address blocks:        193.124.4.0/24 maxlen: 24
                          194.87.207.0/24 maxlen: 24
                          195.133.73.0/24 maxlen: 24
                          193.124.125.0/24 maxlen: 24
                          195.133.195.0/24 maxlen: 24
                          193.124.47.0/24 maxlen: 24
                          194.87.37.0/24 maxlen: 24
                          194.87.162.0/24 maxlen: 24
                          195.58.63.0/24 maxlen: 24
                          193.124.201.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:f6:6c:90:c8:92:7d:40:aa:83:7a:e0:b8:ac:b0:57:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Dec  9 10:27:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5e481e354ed3e2fb64727af128b183f497fc0e8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:80:89:63:1e:03:ff:ff:d6:64:7e:c1:c5:96:
                    9e:5e:9f:d7:2c:93:b7:db:69:8a:bc:79:7c:83:32:
                    50:38:a4:3e:f1:43:17:dc:26:9c:b5:5d:96:b9:6c:
                    7b:e4:44:77:35:8f:bf:32:a7:ce:fe:29:29:cb:64:
                    60:41:f9:76:19:be:19:6b:b7:ea:f7:fe:7e:ee:49:
                    88:b0:c0:b7:7d:ed:8a:05:e5:95:d0:f1:75:43:cf:
                    4f:21:a4:84:ca:c7:e7:2b:de:5b:35:95:3e:d3:68:
                    c8:63:06:45:d4:46:a0:8c:c9:67:0f:ed:7f:a7:8c:
                    c5:10:cf:01:0c:47:93:3d:56:c6:de:d6:d1:f9:5a:
                    25:68:15:0f:b5:d1:0a:92:47:9e:e7:5c:69:b4:07:
                    97:71:6c:12:c9:a1:41:64:c6:54:75:08:f2:ea:16:
                    e9:19:47:3c:a8:71:cb:7a:9c:36:ec:b4:3e:2b:72:
                    1f:02:19:59:7c:02:85:2c:de:f2:a2:16:b3:96:f4:
                    bc:1d:9d:73:bd:8e:06:21:db:fb:37:ba:d2:62:55:
                    ab:3e:8a:96:5f:f6:d9:c2:07:0a:17:20:4d:36:da:
                    cd:ca:43:62:fe:f8:00:63:37:91:db:17:fb:b3:13:
                    16:5c:f9:bc:17:5a:0e:2d:24:5a:2a:6c:a1:a6:d8:
                    60:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:48:1E:35:4E:D3:E2:FB:64:72:7A:F1:28:B1:83:F4:97:FC:0E:8D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XkgeNU7T4vtkcnrxKLGD9Jf8Do0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.4.0/24
                  193.124.47.0/24
                  193.124.125.0/24
                  193.124.201.0/24
                  194.87.37.0/24
                  194.87.162.0/24
                  194.87.207.0/24
                  195.58.63.0/24
                  195.133.73.0/24
                  195.133.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:8e:ca:fa:6b:50:76:1a:f4:c0:29:99:fa:83:6a:58:6a:5e:
         bf:be:27:c4:d0:69:4b:d2:a0:1e:83:a5:5a:c0:e2:77:fb:53:
         fb:d4:b5:7e:9d:2d:0c:a3:49:f4:14:fc:ce:65:31:3e:f8:6d:
         8b:41:63:04:b5:52:a1:ee:76:9a:47:64:c8:19:2b:cf:2e:f3:
         3e:22:36:e5:de:ce:e7:82:a5:5b:14:e0:5d:ef:9c:4a:1b:2f:
         82:18:73:83:5f:04:5d:85:8f:70:3a:ce:c3:0d:d5:d3:51:5e:
         99:b8:1e:f9:8e:b8:93:89:bc:ed:1c:81:6b:a3:2f:4f:89:97:
         32:46:ae:07:0d:14:ac:ac:5b:52:62:06:f1:63:6c:fd:63:f5:
         54:04:f6:e3:28:18:be:52:33:38:16:0f:2d:81:7c:08:86:06:
         32:d8:4e:bd:b5:88:8a:16:9b:28:29:49:98:3a:61:dc:87:73:
         e3:48:1d:f0:76:94:ca:43:c0:57:c4:26:cc:b1:8b:eb:eb:9d:
         2c:dd:f7:86:59:58:67:15:99:c3:5a:f6:28:f0:fc:bf:94:a7:
         97:c3:92:b8:b6:5b:58:e4:c0:a1:93:8a:d3:a8:97:92:d5:4a:
         4b:0f:f1:ec:34:a9:67:86:cb:89:c6:68:7a:0f:04:13:55:34:
         9d:64:50:e5
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYT2bJDIkn1AqoN64LissFcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMjA5MTAyNzAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTQ4MWUzNTRlZDNlMmZiNjQ3MjdhZjEyOGIxODNmNDk3ZmMwZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4CJYx4D///WZH7BxZaeXp/XLJO3
22mKvHl8gzJQOKQ+8UMX3CactV2WuWx75ER3NY+/MqfO/ikpy2RgQfl2Gb4Za7fq
9/5+7kmIsMC3fe2KBeWV0PF1Q89PIaSEysfnK95bNZU+02jIYwZF1EagjMlnD+1/
p4zFEM8BDEeTPVbG3tbR+VolaBUPtdEKkkee51xptAeXcWwSyaFBZMZUdQjy6hbp
GUc8qHHLepw27LQ+K3IfAhlZfAKFLN7yohazlvS8HZ1zvY4GIdv7N7rSYlWrPoqW
X/bZwgcKFyBNNtrNykNi/vgAYzeR2xf7sxMWXPm8F1oOLSRaKmyhpthg7wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFF5IHjVO0+L7ZHJ68Sixg/SX/A6NMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWGtnZU5VN1Q0dnRrY25yeEtMR0Q5SmY4RG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwXwEAwQA
wXwvAwQAwXx9AwQAwXzJAwQAwlclAwQAwleiAwQAwlfPAwQAwzo/AwQAw4VJAwQA
w4XDMA0GCSqGSIb3DQEBCwUAA4IBAQAHjsr6a1B2GvTAKZn6g2pYal6/vifE0GlL
0qAeg6VawOJ3+1P71LV+nS0Mo0n0FPzOZTE++G2LQWMEtVKh7naaR2TIGSvPLvM+
Ijbl3s7ngqVbFOBd75xKGy+CGHODXwRdhY9wOs7DDdXTUV6ZuB75jriTibztHIFr
oy9PiZcyRq4HDRSsrFtSYgbxY2z9Y/VUBPbjKBi+UjM4Fg8tgXwIhgYy2E69tYiK
FpsoKUmYOmHch3PjSB3wdpTKQ8BXxCbMsYvr650s3feGWVhnFZnDWvYo8Py/lKeX
w5K4tltY5MChk4rTqJeS1UpLD/HsNKlnhsuJxmh6DwQTVTSdZFDl
-----END CERTIFICATE-----