Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/__RvodR9ZFIGaZykb1jSDbaPAvI.roa
File:                     __RvodR9ZFIGaZykb1jSDbaPAvI.roa (raw, json)
Hash identifier:          m5mxmhnEBZjCUQzuWzfgGpoxO6TUi0OLHv3WRWClpCw=
Subject key identifier:   FF:F4:6F:A1:D4:7D:64:52:06:69:9C:A4:6F:58:D2:0D:B6:8F:02:F2
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0183CB1CF78D404B49D43021C8E7D9E2C686
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/__RvodR9ZFIGaZykb1jSDbaPAvI.roa
Signing time:             Wed 12 Oct 2022 07:33:36 +0000
ROA not before:           Wed 12 Oct 2022 07:33:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        194.87.200.0/24 maxlen: 24
                          62.76.231.0/24 maxlen: 24
                          194.87.22.0/24 maxlen: 24
                          194.135.18.0/24 maxlen: 24
                          194.87.26.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24
                          195.133.12.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          192.124.172.0/24 maxlen: 24
                          212.193.3.0/24 maxlen: 24
                          193.124.205.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:cb:1c:f7:8d:40:4b:49:d4:30:21:c8:e7:d9:e2:c6:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 12 07:33:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fff46fa1d47d645206699ca46f58d20db68f02f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:87:1a:0c:25:dd:65:b2:2c:8e:7b:f1:17:ee:
                    15:40:e4:34:66:b1:27:9b:e3:d9:ef:e4:b5:49:8e:
                    d8:3b:2e:79:fa:e6:b5:e5:ee:d2:4c:02:00:cf:94:
                    40:98:ca:dc:ab:4d:44:81:13:59:07:5e:fa:69:6d:
                    97:be:f4:09:57:d2:98:c0:01:e0:d4:6c:1d:1a:df:
                    7e:a1:77:3d:ba:1d:a7:33:1c:ec:fc:6b:d6:24:19:
                    cb:34:53:af:f5:77:93:22:d7:5d:19:d9:1c:92:14:
                    35:9c:5f:ba:04:48:13:25:57:cc:c5:07:65:a2:db:
                    5b:a4:67:bb:ea:74:11:a6:74:01:9e:65:88:fa:f6:
                    b0:1d:23:b6:80:52:dd:b7:7c:7f:44:80:b8:d5:af:
                    e5:43:19:e1:cc:07:71:07:b4:b7:6b:31:12:17:c7:
                    72:5b:36:20:46:be:30:41:a0:fe:70:cb:57:5c:74:
                    fb:b4:36:8b:c3:7d:c0:fe:90:5e:1f:62:2d:45:a0:
                    a9:f0:40:6d:a9:f9:0e:40:36:52:3a:52:dd:10:05:
                    96:3b:00:65:3c:bb:64:25:97:fd:7c:c6:66:4c:fb:
                    e6:bf:1e:49:8e:2c:54:69:37:f8:1b:67:ad:3e:a0:
                    76:6d:9a:77:cc:d9:fe:6c:c7:54:d5:ee:b1:c0:9a:
                    f8:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F4:6F:A1:D4:7D:64:52:06:69:9C:A4:6F:58:D2:0D:B6:8F:02:F2
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/__RvodR9ZFIGaZykb1jSDbaPAvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.231.0/24
                  192.124.172.0/24
                  193.124.205.0/24
                  194.87.22.0/24
                  194.87.26.0/24
                  194.87.200.0/24
                  194.135.18.0/24
                  195.133.12.0/24
                  195.133.15.0/24
                  212.192.208.0/24
                  212.193.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:6f:aa:b9:b7:1d:8b:d0:63:8e:d4:47:26:fb:d3:e8:1d:3b:
         a1:da:e4:58:df:18:c3:45:90:d8:1b:4d:28:25:21:dc:20:fe:
         1e:aa:d1:6b:d5:22:ee:74:71:81:e2:bc:b4:df:22:10:a7:26:
         7d:a7:55:61:81:2d:18:10:71:42:39:9e:ff:65:74:14:1c:1c:
         dc:0b:fc:47:40:10:dc:f8:27:ec:a0:94:89:30:43:d9:3f:90:
         62:26:d0:b3:33:b1:a9:62:a7:23:5b:63:44:31:cf:52:48:a7:
         2c:dc:42:99:87:dd:82:47:c4:b3:8d:03:7b:b2:5e:e4:49:a7:
         ac:fe:7f:55:4c:3a:25:49:c6:ea:0a:8f:44:89:80:3e:3f:30:
         1e:20:92:29:c6:db:23:5e:f3:2e:ae:bd:1a:49:d3:31:09:90:
         0c:ce:ba:b5:27:29:ed:41:60:75:1a:f2:5f:a0:13:bf:a3:f7:
         06:24:2b:0a:32:72:25:66:0d:e4:86:28:13:c1:bc:87:4a:ee:
         09:fe:37:70:18:f4:c8:57:9d:06:01:4f:5c:0c:83:5b:8b:6b:
         ed:38:c7:2d:68:73:dc:d8:7b:7f:d2:74:c6:25:92:f0:46:e8:
         df:ac:ae:b3:f7:f3:16:5a:f4:6b:2d:8b:0d:5f:dc:06:72:b1:
         e9:a7:68:c0
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYPLHPeNQEtJ1DAhyOfZ4saGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDEyMDczMzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmY0NmZhMWQ0N2Q2NDUyMDY2OTljYTQ2ZjU4ZDIwZGI2OGYwMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4caDCXdZbIsjnvxF+4VQOQ0ZrEn
m+PZ7+S1SY7YOy55+ua15e7STAIAz5RAmMrcq01EgRNZB176aW2XvvQJV9KYwAHg
1GwdGt9+oXc9uh2nMxzs/GvWJBnLNFOv9XeTItddGdkckhQ1nF+6BEgTJVfMxQdl
ottbpGe76nQRpnQBnmWI+vawHSO2gFLdt3x/RIC41a/lQxnhzAdxB7S3azESF8dy
WzYgRr4wQaD+cMtXXHT7tDaLw33A/pBeH2ItRaCp8EBtqfkOQDZSOlLdEAWWOwBl
PLtkJZf9fMZmTPvmvx5JjixUaTf4G2etPqB2bZp3zNn+bMdU1e6xwJr4FQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFP/0b6HUfWRSBmmcpG9Y0g22jwLyMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvX19Sdm9kUjlaRklHYVp5a2IxalNEYmFQQXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAPkznAwQA
wHysAwQAwXzNAwQAwlcWAwQAwlcaAwQAwlfIAwQAwocSAwQAw4UMAwQAw4UPAwQA
1MDQAwQA1MEDMA0GCSqGSIb3DQEBCwUAA4IBAQB2b6q5tx2L0GOO1Ecm+9PoHTuh
2uRY3xjDRZDYG00oJSHcIP4eqtFr1SLudHGB4ry03yIQpyZ9p1VhgS0YEHFCOZ7/
ZXQUHBzcC/xHQBDc+CfsoJSJMEPZP5BiJtCzM7GpYqcjW2NEMc9SSKcs3EKZh92C
R8SzjQN7sl7kSaes/n9VTDolScbqCo9EiYA+PzAeIJIpxtsjXvMurr0aSdMxCZAM
zrq1JyntQWB1GvJfoBO/o/cGJCsKMnIlZg3khigTwbyHSu4J/jdwGPTIV50GAU9c
DINbi2vtOMctaHPc2Ht/0nTGJZLwRujfrK6z9/MWWvRrLYsNX9wGcrHpp2jA
-----END CERTIFICATE-----