Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Z8AwOKOIZC-CeI9MnnNLO0CvYXc.roa
File:                     Z8AwOKOIZC-CeI9MnnNLO0CvYXc.roa (raw, json)
Hash identifier:          RvJhVpmuURP6paaR8jcSDDAHiOFwZlMn+B+l97Yv1qM=
Subject key identifier:   67:C0:30:38:A3:88:64:2F:82:78:8F:4C:9E:73:4B:3B:40:AF:61:77
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0182B684D8FBD0517086202DF06B0FB2DE65
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Z8AwOKOIZC-CeI9MnnNLO0CvYXc.roa
Signing time:             Fri 19 Aug 2022 14:32:15 +0000
ROA not before:           Fri 19 Aug 2022 14:32:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     399471
IP address blocks:        212.193.29.0/24 maxlen: 24
                          194.87.35.0/24 maxlen: 24
                          194.87.32.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          212.192.216.0/22 maxlen: 24
                          212.192.11.0/24 maxlen: 24
                          194.85.250.0/24 maxlen: 24
                          194.85.248.0/24 maxlen: 24
                          195.133.39.0/24 maxlen: 24
                          212.192.244.0/22 maxlen: 24
                          193.124.203.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:b6:84:d8:fb:d0:51:70:86:20:2d:f0:6b:0f:b2:de:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 19 14:32:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=67c03038a388642f82788f4c9e734b3b40af6177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:31:2d:d6:80:35:af:38:4d:01:67:26:8b:a8:
                    96:17:67:c2:75:e5:88:b3:7e:10:18:db:a2:95:f7:
                    83:16:4c:9e:93:17:f3:6c:73:9f:8f:bc:ff:4a:c6:
                    fd:57:5e:ca:cf:e7:97:50:2d:27:5e:17:da:7a:52:
                    58:72:30:32:f6:f9:8b:2e:1d:11:c3:67:67:da:52:
                    e6:3e:68:f4:01:ba:e1:99:e6:b2:fd:67:bb:04:c9:
                    bf:f1:4d:0f:eb:e9:86:05:52:1d:4a:15:8f:02:7f:
                    48:44:5a:54:79:ad:10:c8:5c:1b:ab:d3:c3:8c:63:
                    83:e8:dd:42:25:5a:cb:90:17:b0:42:80:cb:07:cf:
                    0b:69:b3:39:56:d4:96:f1:ad:5d:58:a7:4b:21:80:
                    5b:f7:43:44:44:76:20:ba:d7:db:6b:16:f2:b0:84:
                    fb:27:9d:3e:57:54:0b:4c:46:3f:ef:ec:d1:2a:1e:
                    11:fd:50:9b:e3:57:94:3d:ea:cd:43:92:ac:46:5e:
                    ae:cb:56:9e:66:3d:b7:4d:c2:f4:82:51:4d:a9:0f:
                    07:bf:89:6c:ad:7a:c9:54:13:43:60:ba:0b:e7:92:
                    18:b4:95:12:9a:a8:b4:f1:e0:ad:6f:92:88:7b:98:
                    d3:7a:67:58:28:68:63:b1:09:51:0b:c0:6d:f4:8a:
                    4a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C0:30:38:A3:88:64:2F:82:78:8F:4C:9E:73:4B:3B:40:AF:61:77
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Z8AwOKOIZC-CeI9MnnNLO0CvYXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.203.0/24
                  194.85.248.0/24
                  194.85.250.0/24
                  194.87.32.0/24
                  194.87.35.0/24
                  195.133.15.0/24
                  195.133.39.0/24
                  212.192.11.0/24
                  212.192.216.0/22
                  212.192.244.0/22
                  212.193.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:7e:46:54:9f:3f:17:80:bb:d8:b9:1d:80:f0:9c:0a:37:f2:
         10:21:66:0d:02:37:aa:d6:91:98:2c:16:53:23:b7:5d:84:4b:
         8e:3b:d3:2c:31:58:9f:29:b3:9f:3e:49:20:03:be:67:32:08:
         61:fc:57:b7:61:ab:bb:78:e4:0d:f4:48:a8:8a:c0:6c:3a:4e:
         0b:f5:01:19:a7:aa:89:62:b4:04:17:53:89:2f:c6:5e:e5:9a:
         be:1a:cf:77:59:81:b8:51:cd:8a:9a:05:4b:f5:6f:c7:95:87:
         c2:01:75:f6:a6:83:51:08:09:7c:09:9c:73:79:db:93:c2:bb:
         1d:17:cf:27:b0:02:42:50:b5:2f:a8:5b:41:52:4d:af:ef:b0:
         40:5d:35:7c:74:9d:75:2f:d3:12:87:f8:fc:4e:18:7d:db:60:
         63:41:95:0c:5d:82:d1:73:0d:8f:ba:09:15:66:ba:d5:8d:8f:
         ed:67:79:96:a4:92:5e:cf:00:1a:d1:f1:5f:39:55:62:a4:7c:
         3c:53:60:20:1d:0a:1a:ef:6c:2b:21:d8:37:85:f0:e7:99:c4:
         2c:83:36:78:37:98:30:dc:21:e2:55:c9:a8:b3:8b:70:68:da:
         67:e0:00:a1:1a:6d:6f:62:e6:82:af:f7:45:12:51:a3:ed:37:
         78:8e:95:15
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYK2hNj70FFwhiAt8GsPst5lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIwODE5MTQzMjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2MwMzAzOGEzODg2NDJmODI3ODhmNGM5ZTczNGIzYjQwYWY2MTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTEt1oA1rzhNAWcmi6iWF2fCdeWI
s34QGNuilfeDFkyekxfzbHOfj7z/Ssb9V17Kz+eXUC0nXhfaelJYcjAy9vmLLh0R
w2dn2lLmPmj0Abrhmeay/We7BMm/8U0P6+mGBVIdShWPAn9IRFpUea0QyFwbq9PD
jGOD6N1CJVrLkBewQoDLB88LabM5VtSW8a1dWKdLIYBb90NERHYgutfbaxbysIT7
J50+V1QLTEY/7+zRKh4R/VCb41eUPerNQ5KsRl6uy1aeZj23TcL0glFNqQ8Hv4ls
rXrJVBNDYLoL55IYtJUSmqi08eCtb5KIe5jTemdYKGhjsQlRC8Bt9IpKhwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFGfAMDijiGQvgniPTJ5zSztAr2F3MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWjhBd09LT0laQy1DZUk5TW5uTkxPMEN2WVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAwXzLAwQA
wlX4AwQAwlX6AwQAwlcgAwQAwlcjAwQAw4UPAwQAw4UnAwQA1MALAwQC1MDYAwQC
1MD0AwQA1MEdMA0GCSqGSIb3DQEBCwUAA4IBAQANfkZUnz8XgLvYuR2A8JwKN/IQ
IWYNAjeq1pGYLBZTI7ddhEuOO9MsMVifKbOfPkkgA75nMghh/Fe3Yau7eOQN9Eio
isBsOk4L9QEZp6qJYrQEF1OJL8Ze5Zq+Gs93WYG4Uc2KmgVL9W/HlYfCAXX2poNR
CAl8CZxzeduTwrsdF88nsAJCULUvqFtBUk2v77BAXTV8dJ11L9MSh/j8Thh922Bj
QZUMXYLRcw2PugkVZrrVjY/tZ3mWpJJezwAa0fFfOVVipHw8U2AgHQoa72wrIdg3
hfDnmcQsgzZ4N5gw3CHiVcmos4twaNpn4AChGm1vYuaCr/dFElGj7Td4jpUV
-----END CERTIFICATE-----