Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/SwlLeIv0mYf58BvftLxot8xGS6U.roa
File:                     SwlLeIv0mYf58BvftLxot8xGS6U.roa (raw, json)
Hash identifier:          C+YSvVYm5CD4vVAPgQ7oukVNBf795XyJp5qbb+QHltQ=
Subject key identifier:   4B:09:4B:78:8B:F4:99:87:F9:F0:1B:DF:B4:BC:68:B7:CC:46:4B:A5
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       10A5E83F
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/SwlLeIv0mYf58BvftLxot8xGS6U.roa
Signing time:             Sat 01 Jan 2022 13:00:38 +0000
ROA not before:           Sat 01 Jan 2022 13:00:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61400
IP address blocks:        62.76.112.0/22 maxlen: 32
                          185.111.219.0/24 maxlen: 24
                          185.111.218.0/24 maxlen: 24
                          185.111.216.0/23 maxlen: 23
                          91.107.84.0/24 maxlen: 24
                          91.107.86.0/23 maxlen: 23
                          185.126.92.0/22 maxlen: 22
                          185.62.103.0/24 maxlen: 24
                          89.248.236.0/24 maxlen: 24
                          185.40.28.0/22 maxlen: 22
                          91.227.34.0/23 maxlen: 23
                          2a03:220::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 279308351 (0x10a5e83f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  1 13:00:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4b094b788bf49987f9f01bdfb4bc68b7cc464ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8b:d2:31:80:ab:29:40:3d:68:23:e3:02:54:
                    79:3b:5a:60:4a:f0:69:3e:bb:50:d6:cb:c9:93:6b:
                    38:d0:1f:8c:0d:ac:99:c9:b7:a6:93:41:bf:48:99:
                    63:be:60:a7:cb:a8:de:b4:b2:8c:7c:8b:ac:32:8d:
                    ec:b2:21:40:11:0e:ed:1d:d1:09:b2:d1:58:50:86:
                    42:3d:2b:8d:24:bd:27:65:3f:95:11:f2:17:ac:29:
                    2b:d5:90:77:85:8e:d5:0e:dd:8b:6e:61:bf:c5:88:
                    ab:8b:05:17:ac:06:b5:73:f3:49:45:be:ac:1b:a9:
                    a8:bf:de:a0:cd:da:ec:53:5c:b1:69:af:03:83:7f:
                    e8:a8:73:7b:86:07:c7:f8:e4:df:de:0d:11:3e:2c:
                    d1:83:1f:ad:44:4c:98:52:b8:f9:de:1c:f7:d9:ed:
                    3c:71:24:89:5e:29:25:ba:ba:72:e3:8b:20:63:c5:
                    06:06:4a:e5:72:89:38:58:89:6a:04:04:a1:fb:a2:
                    a3:33:24:aa:d5:66:51:5f:1c:ad:bc:f0:58:b1:0d:
                    21:d2:18:53:9d:49:fb:71:7c:00:02:ea:7b:4f:be:
                    86:a9:34:8e:e6:82:a5:56:80:2c:89:47:7a:0d:3e:
                    68:55:da:a2:c2:59:b1:31:e5:ba:e4:58:8d:31:72:
                    ee:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:09:4B:78:8B:F4:99:87:F9:F0:1B:DF:B4:BC:68:B7:CC:46:4B:A5
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/SwlLeIv0mYf58BvftLxot8xGS6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.112.0/22
                  89.248.236.0/24
                  91.107.84.0/24
                  91.107.86.0/23
                  91.227.34.0/23
                  185.40.28.0/22
                  185.62.103.0/24
                  185.111.216.0/22
                  185.126.92.0/22
                IPv6:
                  2a03:220::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:1a:68:bb:36:92:89:d4:6c:83:68:f5:50:70:82:3e:fc:a9:
         79:bd:8f:45:1a:e3:a5:13:de:e0:87:05:78:6e:db:da:79:8e:
         25:5e:62:c6:00:f1:10:07:f9:bb:88:52:32:17:9e:e3:e7:c7:
         19:fe:32:91:48:1b:1b:28:61:be:ea:30:09:29:8a:e8:72:b4:
         d9:24:80:18:d9:8f:e4:a3:a1:16:6d:50:7f:6d:79:a1:e0:87:
         9f:aa:42:c8:bf:16:05:ce:b2:1a:0a:d0:bd:a5:52:9b:fc:9d:
         68:6e:09:38:8b:15:52:8a:f9:87:a7:09:ac:27:db:ac:0c:33:
         f0:c1:ba:88:0c:85:fd:f0:8a:d6:e5:15:be:17:46:72:d3:cb:
         85:9c:21:70:4a:59:de:d9:c2:75:f4:37:fd:7a:c6:2f:25:9c:
         c5:9c:04:21:c4:8a:28:cf:84:2c:c8:0f:21:4e:8c:94:34:84:
         68:a1:b2:ca:36:62:54:23:15:dc:0d:4e:3a:7d:94:5e:93:56:
         f0:4c:a3:6f:6b:64:bb:8f:f7:a7:dd:df:8b:c6:65:9e:68:d5:
         48:95:e1:ce:49:28:e3:3b:dc:87:39:fd:a3:1f:ad:73:67:d5:
         cd:52:08:43:7a:44:ae:8e:42:e6:65:40:bd:93:ab:40:97:ee:
         65:c5:53:c6
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIEEKXoPzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZGE0MzJhNGVjM2IwYWM0Y2E0ZTRlY2VjMGU5ZjRkNDZiNDk3YWYwMB4XDTIyMDEw
MTEzMDAzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGIwOTRiNzg4YmY0
OTk4N2Y5ZjAxYmRmYjRiYzY4YjdjYzQ2NGJhNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALiL0jGAqylAPWgj4wJUeTtaYErwaT67UNbLyZNrONAfjA2s
mcm3ppNBv0iZY75gp8uo3rSyjHyLrDKN7LIhQBEO7R3RCbLRWFCGQj0rjSS9J2U/
lRHyF6wpK9WQd4WO1Q7di25hv8WIq4sFF6wGtXPzSUW+rBupqL/eoM3a7FNcsWmv
A4N/6Khze4YHx/jk394NET4s0YMfrURMmFK4+d4c99ntPHEkiV4pJbq6cuOLIGPF
BgZK5XKJOFiJagQEofuiozMkqtVmUV8crbzwWLENIdIYU51J+3F8AALqe0++hqk0
juaCpVaALIlHeg0+aFXaosJZsTHluuRYjTFy7i0CAwEAAaOCAkgwggJEMB0GA1Ud
DgQWBBRLCUt4i/SZh/nwG9+0vGi3zEZLpTAfBgNVHSMEGDAWgBRdpDKk7DsKxMpO
Ts7A6fTUa0l68DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hhUXlwT3c3Q3NUS1RrN093T24wMUd0SmV2QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOWU4NDdmLTQxNDYtNDU2Ni04YzNlLTFiYTU0M2VlYWVkNy8x
L1N3bExlSXYwbVlmNThCdmZ0THhvdDh4R1M2VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OWU4NDdmLTQxNDYtNDU2Ni04YzNlLTFiYTU0M2VlYWVkNy8xL1hhUXlwT3c3Q3NU
S1RrN093T24wMUd0SmV2QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBe
BggrBgEFBQcBBwEB/wRPME0wPAQCAAEwNgMEAj5McAMEAFn47AMEAFtrVAMEAVtr
VgMEAVvjIgMEArkoHAMEALk+ZwMEArlv2AMEArl+XDANBAIAAjAHAwUAKgMCIDAN
BgkqhkiG9w0BAQsFAAOCAQEAaBpouzaSidRsg2j1UHCCPvypeb2PRRrjpRPe4IcF
eG7b2nmOJV5ixgDxEAf5u4hSMhee4+fHGf4ykUgbGyhhvuowCSmK6HK02SSAGNmP
5KOhFm1Qf215oeCHn6pCyL8WBc6yGgrQvaVSm/ydaG4JOIsVUor5h6cJrCfbrAwz
8MG6iAyF/fCK1uUVvhdGctPLhZwhcEpZ3tnCdfQ3/XrGLyWcxZwEIcSKKM+ELMgP
IU6MlDSEaKGyyjZiVCMV3A1OOn2UXpNW8Eyjb2tku4/3p93fi8ZlnmjVSJXhzkko
4zvchzn9ox+tc2fVzVIIQ3pEro5C5mVAvZOrQJfuZcVTxg==
-----END CERTIFICATE-----