Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GqLAPn9h4BDshH7L02TZ5C_OceA.roa
File:                     GqLAPn9h4BDshH7L02TZ5C_OceA.roa (raw, json)
Hash identifier:          8cmCvpesj+lWqaN8UCz0HWuZjIlXm/mLEbu6xTbB/Xk=
Subject key identifier:   1A:A2:C0:3E:7F:61:E0:10:EC:84:7E:CB:D3:64:D9:E4:2F:CE:71:E0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1C5D8152
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GqLAPn9h4BDshH7L02TZ5C_OceA.roa
Signing time:             Sat 01 Jan 2022 01:02:25 +0000
ROA not before:           Sat 01 Jan 2022 01:02:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34368
IP address blocks:        91.92.240.0/24 maxlen: 24
                          91.92.246.0/24 maxlen: 24
                          91.92.244.0/24 maxlen: 24
                          91.92.245.0/24 maxlen: 24
                          91.92.241.0/24 maxlen: 24
                          91.92.248.0/24 maxlen: 24
                          91.92.247.0/24 maxlen: 24
                          91.92.251.0/24 maxlen: 24
                          91.92.249.0/24 maxlen: 24
                          85.217.192.0/24 maxlen: 24
                          85.217.196.0/23 maxlen: 23
                          85.217.194.0/24 maxlen: 24
                          85.217.198.0/24 maxlen: 24
                          85.217.195.0/24 maxlen: 24
                          85.217.193.0/24 maxlen: 24
                          85.217.199.0/24 maxlen: 24
                          85.217.200.0/22 maxlen: 22
                          85.217.204.0/22 maxlen: 22
                          2a00:1728:18::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 475890002 (0x1c5d8152)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 01:02:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1aa2c03e7f61e010ec847ecbd364d9e42fce71e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7b:f3:32:e7:82:d1:d1:27:a3:f6:e5:f8:dc:
                    5c:8d:54:f5:c9:74:d7:c3:61:ad:bb:15:f8:e1:7c:
                    86:5b:e2:60:fa:c2:7e:35:31:c6:7c:d6:5e:df:b4:
                    2a:9c:04:70:7e:7b:87:a5:98:88:91:b8:40:f4:6a:
                    61:75:18:6f:ff:39:ed:f2:35:e5:d4:94:f4:b2:d7:
                    67:2c:cf:77:85:6e:3b:63:d4:5b:10:d9:ef:b1:96:
                    29:ba:29:38:0b:a5:32:78:a7:8c:99:ae:83:fa:a4:
                    52:20:a3:f9:b7:67:c4:69:0e:ea:ad:9d:f7:74:4a:
                    31:46:0c:14:1f:19:4b:3f:29:a0:62:df:d8:64:5c:
                    8d:57:c1:4c:f3:86:c5:f5:e2:41:3f:75:b4:74:4a:
                    13:b3:82:e2:2d:9d:97:c2:16:bf:87:93:fe:a2:d9:
                    9b:b4:93:33:54:27:af:ef:c7:b1:63:31:99:7a:f0:
                    f6:41:01:ef:24:4f:13:56:d8:29:dd:f1:a2:f7:7c:
                    83:fb:f8:0c:38:e6:79:b1:d2:ff:a4:94:97:b3:34:
                    07:20:6d:ae:99:e5:33:8f:3d:47:3e:fd:b6:c1:73:
                    66:06:33:a2:81:0b:6f:cb:fa:75:c2:06:27:07:0e:
                    0b:f7:52:0c:2a:60:c5:65:34:b1:13:a9:6a:1a:13:
                    d4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A2:C0:3E:7F:61:E0:10:EC:84:7E:CB:D3:64:D9:E4:2F:CE:71:E0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GqLAPn9h4BDshH7L02TZ5C_OceA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.217.192.0/20
                  91.92.240.0/23
                  91.92.244.0-91.92.249.255
                  91.92.251.0/24
                IPv6:
                  2a00:1728:18::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:e0:d5:96:47:e3:ec:98:8f:6b:2b:6b:51:cc:f0:f9:d5:20:
         e3:1b:e6:23:2f:eb:15:5a:4b:17:8d:2b:3b:5b:af:ac:d2:8c:
         3b:d8:ce:ab:e7:0b:c3:4e:89:14:37:0f:3d:27:ca:53:00:f0:
         1f:6c:c0:2e:5f:fd:1d:d7:fa:78:bf:2c:bb:f2:72:4a:61:b0:
         10:31:34:73:70:27:8f:85:90:d8:25:bb:dd:26:f4:10:36:2c:
         60:91:32:11:57:ec:0f:18:74:ab:92:10:2a:d8:b7:03:8d:43:
         7c:40:ce:b7:d6:c5:13:68:1d:ed:59:56:24:25:f2:2a:59:30:
         16:a6:e0:4f:e2:08:b8:68:c1:61:c2:3c:80:85:e2:de:a1:60:
         e8:d9:60:ec:f4:e5:62:4f:1c:9c:f7:d6:ae:7d:8d:a7:0b:80:
         28:31:25:ec:03:95:21:13:07:04:0b:49:8a:04:70:99:b2:13:
         78:8a:91:e1:89:45:e9:f6:39:05:ae:7a:21:73:41:f1:4f:08:
         7c:98:f3:b9:7c:e4:cb:0a:cb:f2:19:32:87:ee:99:4e:5e:f4:
         94:06:38:b8:5a:3a:a2:63:d2:e5:17:af:9d:4d:47:de:9d:a9:
         d8:c5:27:4b:0f:21:e4:6f:c6:ff:3f:e2:c7:b2:11:c3:b2:1e:
         ef:b6:06:4d
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIEHF2BUjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEw
MTAxMDIyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWFhMmMwM2U3ZjYx
ZTAxMGVjODQ3ZWNiZDM2NGQ5ZTQyZmNlNzFlMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM978zLngtHRJ6P25fjcXI1U9cl018NhrbsV+OF8hlviYPrC
fjUxxnzWXt+0KpwEcH57h6WYiJG4QPRqYXUYb/857fI15dSU9LLXZyzPd4VuO2PU
WxDZ77GWKbopOAulMninjJmug/qkUiCj+bdnxGkO6q2d93RKMUYMFB8ZSz8poGLf
2GRcjVfBTPOGxfXiQT91tHRKE7OC4i2dl8IWv4eT/qLZm7STM1Qnr+/HsWMxmXrw
9kEB7yRPE1bYKd3xovd8g/v4DDjmebHS/6SUl7M0ByBtrpnlM489Rz79tsFzZgYz
ooELb8v6dcIGJwcOC/dSDCpgxWU0sROpahoT1FkCAwEAAaOCAjQwggIwMB0GA1Ud
DgQWBBQaosA+f2HgEOyEfsvTZNnkL85x4DAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L0dxTEFQbjloNEJEc2hIN0wwMlRaNUNfT2NlQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBK
BggrBgEFBQcBBwEB/wQ7MDkwJgQCAAEwIAMEBFXZwAMEAVtc8DAMAwQCW1z0AwQB
W1z4AwQAW1z7MA8EAgACMAkDBwAqABcoABgwDQYJKoZIhvcNAQELBQADggEBAG/g
1ZZH4+yYj2sra1HM8PnVIOMb5iMv6xVaSxeNKztbr6zSjDvYzqvnC8NOiRQ3Dz0n
ylMA8B9swC5f/R3X+ni/LLvyckphsBAxNHNwJ4+FkNglu90m9BA2LGCRMhFX7A8Y
dKuSECrYtwONQ3xAzrfWxRNoHe1ZViQl8ipZMBam4E/iCLhowWHCPICF4t6hYOjZ
YOz05WJPHJz31q59jacLgCgxJewDlSETBwQLSYoEcJmyE3iKkeGJRen2OQWueiFz
QfFPCHyY87l85MsKy/IZMofumU5e9JQGOLhaOqJj0uUXr51NR96dqdjFJ0sPIeRv
xv8/4seyEcOyHu+2Bk0=
-----END CERTIFICATE-----