Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gh20YpZYCKzolxYW0ckwOT3d1xU.roa
File:                     gh20YpZYCKzolxYW0ckwOT3d1xU.roa (raw, json)
Hash identifier:          sBM3nmVojIKSpVuNVq0GAM14KhOB32nPQNTG0GyBQAg=
Subject key identifier:   82:1D:B4:62:96:58:08:AC:E8:97:16:16:D1:C9:30:39:3D:DD:D7:15
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0184993EBCA1609B4760FC086035B005DDFA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gh20YpZYCKzolxYW0ckwOT3d1xU.roa
Signing time:             Mon 21 Nov 2022 08:12:16 +0000
ROA not before:           Mon 21 Nov 2022 08:12:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     399471
IP address blocks:        212.193.29.0/24 maxlen: 24
                          194.87.227.0/24 maxlen: 24
                          194.87.35.0/24 maxlen: 24
                          194.87.32.0/24 maxlen: 24
                          212.192.216.0/22 maxlen: 24
                          194.87.149.0/24 maxlen: 24
                          194.87.161.0/24 maxlen: 24
                          194.85.250.0/24 maxlen: 24
                          194.85.248.0/24 maxlen: 24
                          195.133.39.0/24 maxlen: 24
                          212.192.244.0/22 maxlen: 24
                          212.193.8.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:99:3e:bc:a1:60:9b:47:60:fc:08:60:35:b0:05:dd:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 21 08:12:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=821db462965808ace8971616d1c930393dddd715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9f:2d:f4:a8:76:cb:40:75:b6:ae:74:ca:44:
                    1a:c3:09:61:22:88:d4:b9:aa:4e:de:45:b3:76:f5:
                    e3:d8:d8:72:ad:cc:c9:52:e1:4c:d1:a3:7d:b9:8e:
                    67:c9:2a:e7:25:67:ba:6e:b6:95:43:b5:cb:dc:ff:
                    4d:b8:e7:37:53:a8:7e:5a:8c:56:ef:f6:65:55:92:
                    91:fb:56:6c:16:14:a5:1c:c6:f2:61:4a:c2:74:d0:
                    59:d9:60:5d:ab:98:94:44:d2:de:b9:84:f5:de:48:
                    a8:2b:0f:c7:fa:5b:e6:fc:6b:f2:51:e5:8e:7d:ba:
                    1b:f7:02:02:59:a2:2f:ad:c5:05:44:4a:45:79:dd:
                    1a:0a:96:a7:d9:7f:64:25:99:cd:bc:c0:69:37:a3:
                    02:49:43:89:e4:07:28:f7:66:09:cf:fe:a2:34:ec:
                    61:be:06:33:5f:8b:f9:1f:6e:db:4f:7c:56:15:11:
                    20:f5:bd:c0:90:00:ad:fe:66:61:6b:de:22:cb:87:
                    71:8f:73:cc:d5:0e:b1:db:7f:3f:da:b8:df:a3:ff:
                    c0:dd:b8:ca:df:ac:78:1d:da:78:b0:4a:b8:1f:a9:
                    15:72:19:3c:85:3e:47:b4:cb:b1:f8:d2:c3:0f:59:
                    06:8c:be:61:3f:49:a7:99:e4:9c:9a:44:df:53:e5:
                    5a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1D:B4:62:96:58:08:AC:E8:97:16:16:D1:C9:30:39:3D:DD:D7:15
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gh20YpZYCKzolxYW0ckwOT3d1xU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.248.0/24
                  194.85.250.0/24
                  194.87.32.0/24
                  194.87.35.0/24
                  194.87.149.0/24
                  194.87.161.0/24
                  194.87.227.0/24
                  195.133.39.0/24
                  212.192.216.0/22
                  212.192.244.0/22
                  212.193.8.0/23
                  212.193.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:3b:d5:a8:94:4d:b1:d0:e2:8c:22:a3:c7:98:e8:a6:00:bc:
         41:78:2a:2f:75:c4:99:b9:01:b7:99:a3:0a:fc:9f:bc:bd:24:
         28:07:45:30:11:93:b3:94:8a:a6:62:f8:aa:75:d8:ce:c5:2b:
         ae:ae:67:77:f7:fc:8a:43:c4:05:e1:96:b2:02:c2:b4:b8:01:
         fb:d8:47:05:d7:66:2f:0b:d8:d8:8f:39:3c:5e:ca:5a:9a:19:
         1e:87:6e:41:02:0a:2f:a5:be:bb:ca:2e:40:53:5a:60:05:3d:
         ed:b3:67:74:27:fd:a8:16:87:4f:bb:5f:00:5e:36:8d:b4:eb:
         39:6e:95:bd:eb:5b:4d:2f:d4:56:e1:80:c3:17:82:6e:5b:e1:
         cd:fe:e9:87:ba:d5:f0:75:1e:47:5b:2f:62:fc:bb:79:f2:2c:
         15:fc:2f:3a:16:39:c1:2f:87:b6:67:2f:e4:cd:1e:81:15:1f:
         81:28:53:93:9f:39:e0:be:ea:d5:89:bf:f9:3f:b9:36:a8:f9:
         64:7d:b0:b1:6d:5b:06:f9:57:22:44:62:c1:b9:04:aa:4c:5d:
         70:64:f5:7b:4b:24:77:2a:27:4f:8e:63:02:98:e7:62:4b:29:
         d4:ce:23:33:e8:c9:4f:b0:10:77:8a:73:7f:01:fd:2c:cc:83:
         78:23:6d:a5
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYSZPryhYJtHYPwIYDWwBd36MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIxMTIxMDgxMjE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjFkYjQ2Mjk2NTgwOGFjZTg5NzE2MTZkMWM5MzAzOTNkZGRkNzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1p8t9Kh2y0B1tq50ykQawwlhIojU
uapO3kWzdvXj2NhyrczJUuFM0aN9uY5nySrnJWe6braVQ7XL3P9NuOc3U6h+WoxW
7/ZlVZKR+1ZsFhSlHMbyYUrCdNBZ2WBdq5iURNLeuYT13kioKw/H+lvm/GvyUeWO
fbob9wICWaIvrcUFREpFed0aCpan2X9kJZnNvMBpN6MCSUOJ5Aco92YJz/6iNOxh
vgYzX4v5H27bT3xWFREg9b3AkACt/mZha94iy4dxj3PM1Q6x238/2rjfo//A3bjK
36x4Hdp4sEq4H6kVchk8hT5HtMux+NLDD1kGjL5hP0mnmeScmkTfU+Va+QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFIIdtGKWWAis6JcWFtHJMDk93dcVMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZ2gyMFlwWllDS3pvbHhZVzBja3dPVDNkMXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAwlX4AwQA
wlX6AwQAwlcgAwQAwlcjAwQAwleVAwQAwlehAwQAwlfjAwQAw4UnAwQC1MDYAwQC
1MD0AwQB1MEIAwQA1MEdMA0GCSqGSIb3DQEBCwUAA4IBAQBFO9WolE2x0OKMIqPH
mOimALxBeCovdcSZuQG3maMK/J+8vSQoB0UwEZOzlIqmYviqddjOxSuurmd39/yK
Q8QF4ZayAsK0uAH72EcF12YvC9jYjzk8Xspamhkeh25BAgovpb67yi5AU1pgBT3t
s2d0J/2oFodPu18AXjaNtOs5bpW961tNL9RW4YDDF4JuW+HN/umHutXwdR5HWy9i
/Lt58iwV/C86FjnBL4e2Zy/kzR6BFR+BKFOTnzngvurVib/5P7k2qPlkfbCxbVsG
+VciRGLBuQSqTF1wZPV7SyR3KidPjmMCmOdiSynUziMz6MlPsBB3inN/Af0szIN4
I22l
-----END CERTIFICATE-----