Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/drL58Xg91YPlxWZ6YFdO1MjWiB4.roa
File:                     drL58Xg91YPlxWZ6YFdO1MjWiB4.roa (raw, json)
Hash identifier:          XJaty9ni+OacshmaXXTx8AEeWWA2uNBKQLf8h5w8pDM=
Subject key identifier:   76:B2:F9:F1:78:3D:D5:83:E5:C5:66:7A:60:57:4E:D4:C8:D6:88:1E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0183D55B096311933978529042BA5FA325CF
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/drL58Xg91YPlxWZ6YFdO1MjWiB4.roa
Signing time:             Fri 14 Oct 2022 07:17:36 +0000
ROA not before:           Fri 14 Oct 2022 07:17:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        193.124.226.0/24 maxlen: 24
                          193.124.224.0/23 maxlen: 23
                          193.124.49.0/24 maxlen: 24
                          194.87.41.0/24 maxlen: 24
                          195.133.22.0/24 maxlen: 24
                          194.135.46.0/24 maxlen: 24
                          212.192.16.0/21 maxlen: 24
                          194.87.61.0/24 maxlen: 24
                          195.58.56.0/21 maxlen: 24
                          194.87.192.0/22 maxlen: 22
                          212.193.8.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:d5:5b:09:63:11:93:39:78:52:90:42:ba:5f:a3:25:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 14 07:17:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=76b2f9f1783dd583e5c5667a60574ed4c8d6881e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:da:20:ac:78:4b:dc:05:f3:20:e5:14:72:57:
                    48:9b:bc:68:4c:8c:43:59:35:77:7b:0a:cd:7f:1e:
                    5a:86:a5:88:e3:df:24:97:8a:b0:95:16:0f:00:ea:
                    ec:a3:80:9b:cb:cd:ba:0a:43:a1:0e:d3:6e:52:d8:
                    b7:96:58:af:3f:fd:d3:49:83:c8:0b:ec:97:ca:34:
                    4c:f3:d0:19:87:40:e7:46:1b:7a:13:60:9c:4a:60:
                    8a:d1:67:cd:c4:d0:03:68:6d:49:35:81:b5:b4:b6:
                    dc:f5:c2:6f:5e:61:8b:27:ce:ae:9b:60:71:e0:08:
                    33:b7:60:30:d8:54:dd:52:57:de:8a:62:f8:fe:93:
                    83:e6:4f:9c:6a:08:4e:97:f5:f6:9c:d4:3d:1d:bd:
                    10:c3:8d:14:b0:9f:4d:e6:d1:b2:ca:a6:1e:1a:83:
                    27:20:bd:f6:57:cf:a0:54:5b:75:b4:5c:01:38:69:
                    5d:a5:8f:2b:dc:3c:58:ea:d7:b7:15:96:d2:72:05:
                    b3:7b:7e:e6:04:2e:06:9e:30:5e:fa:41:86:6a:14:
                    ac:f2:1f:4c:fd:42:85:98:16:db:66:43:d7:39:45:
                    7c:99:79:59:c1:af:26:87:51:3b:87:d8:6e:de:73:
                    bb:14:71:e7:26:43:01:b1:40:6d:ec:ec:05:71:c6:
                    0f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:B2:F9:F1:78:3D:D5:83:E5:C5:66:7A:60:57:4E:D4:C8:D6:88:1E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/drL58Xg91YPlxWZ6YFdO1MjWiB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.49.0/24
                  193.124.224.0-193.124.226.255
                  194.87.41.0/24
                  194.87.61.0/24
                  194.87.192.0/22
                  194.135.46.0/24
                  195.58.56.0/21
                  195.133.22.0/24
                  212.192.16.0/21
                  212.193.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:9f:85:2f:bf:db:03:81:df:d4:04:a9:74:22:45:31:22:3b:
         3a:7e:09:3b:20:40:e6:26:f7:4d:e3:44:45:60:d3:6f:41:4c:
         cc:8f:3d:c9:2d:41:5f:e0:9e:a7:4c:61:cb:1b:3a:7a:43:a6:
         2f:b2:d3:fc:d7:60:0e:2b:62:a1:b3:1b:4f:9f:83:e6:31:a9:
         21:d0:39:b4:b5:4f:60:e8:02:0b:31:42:1c:07:63:59:b6:42:
         60:da:a4:f8:c0:37:ec:19:cb:94:1c:64:c7:34:b5:da:f5:cb:
         ee:d9:e5:d6:b0:81:ef:e8:e7:51:8c:37:ab:10:f2:d9:ef:72:
         3e:a6:33:4e:f8:4a:97:d0:bc:f1:4f:62:9d:e8:d8:de:ae:df:
         37:83:82:d8:b4:10:c4:09:8f:ac:33:06:19:da:c3:86:60:0a:
         c8:e8:3c:87:a2:da:f1:66:ae:bc:63:08:ea:d4:ae:6c:81:01:
         52:e5:29:95:73:bb:b8:28:9a:45:81:bc:35:41:2a:6e:02:51:
         ed:53:46:3e:ac:87:95:c2:80:e3:6c:b4:37:ba:09:b7:17:ad:
         d4:90:a4:c9:42:c1:4e:31:d7:8d:8e:b5:ba:6c:6a:8d:74:36:
         18:25:a6:69:19:ed:e2:14:d1:0d:d2:66:c7:45:1d:17:ce:c1:
         ec:8b:6d:12
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYPVWwljEZM5eFKQQrpfoyXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMDE0MDcxNzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmIyZjlmMTc4M2RkNTgzZTVjNTY2N2E2MDU3NGVkNGM4ZDY4ODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9ogrHhL3AXzIOUUcldIm7xoTIxD
WTV3ewrNfx5ahqWI498kl4qwlRYPAOrso4Cby826CkOhDtNuUti3llivP/3TSYPI
C+yXyjRM89AZh0DnRht6E2CcSmCK0WfNxNADaG1JNYG1tLbc9cJvXmGLJ86um2Bx
4Agzt2Aw2FTdUlfeimL4/pOD5k+caghOl/X2nNQ9Hb0Qw40UsJ9N5tGyyqYeGoMn
IL32V8+gVFt1tFwBOGldpY8r3DxY6te3FZbScgWze37mBC4GnjBe+kGGahSs8h9M
/UKFmBbbZkPXOUV8mXlZwa8mh1E7h9hu3nO7FHHnJkMBsUBt7OwFccYPNwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFHay+fF4PdWD5cVmemBXTtTI1ogeMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZHJMNThYZzkxWVBseFdaNllGZE8xTWpXaUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAwXwxMAwD
BAXBfOADBADBfOIDBADCVykDBADCVz0DBALCV8ADBADChy4DBAPDOjgDBADDhRYD
BAPUwBADBALUwQgwDQYJKoZIhvcNAQELBQADggEBABefhS+/2wOB39QEqXQiRTEi
Ozp+CTsgQOYm903jREVg029BTMyPPcktQV/gnqdMYcsbOnpDpi+y0/zXYA4rYqGz
G0+fg+YxqSHQObS1T2DoAgsxQhwHY1m2QmDapPjAN+wZy5QcZMc0tdr1y+7Z5daw
ge/o51GMN6sQ8tnvcj6mM074SpfQvPFPYp3o2N6u3zeDgti0EMQJj6wzBhnaw4Zg
CsjoPIei2vFmrrxjCOrUrmyBAVLlKZVzu7gomkWBvDVBKm4CUe1TRj6sh5XCgONs
tDe6CbcXrdSQpMlCwU4x142Otbpsao10NhglpmkZ7eIU0Q3SZsdFHRfOweyLbRI=
-----END CERTIFICATE-----