Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/QQMIW_XzxvQn8uulVRPRaNfwxMY.roa
File:                     QQMIW_XzxvQn8uulVRPRaNfwxMY.roa (raw, json)
Hash identifier:          VRp7yKpgsHAlg3nE+B8E2DE8bd9ricD5Id3nfGJjIkQ=
Subject key identifier:   41:03:08:5B:F5:F3:C6:F4:27:F2:EB:A5:55:13:D1:68:D7:F0:C4:C6
Certificate issuer:       /CN=4aafe45b30fa7f594925dd395ba14cefb673e2c0
Certificate serial:       0185A26BB16258A6221C5B334CB544A81A3C
Authority key identifier: 4A:AF:E4:5B:30:FA:7F:59:49:25:DD:39:5B:A1:4C:EF:B6:73:E2:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sq_kWzD6f1lJJd05W6FM77Zz4sA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/QQMIW_XzxvQn8uulVRPRaNfwxMY.roa
Signing time:             Wed 11 Jan 2023 20:00:44 +0000
ROA not before:           Wed 11 Jan 2023 20:00:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35032
IP address blocks:        109.124.224.0/21 maxlen: 21
                          109.124.232.0/21 maxlen: 21
                          109.124.240.0/21 maxlen: 21
                          109.124.252.0/23 maxlen: 23
                          109.124.248.0/22 maxlen: 22
                          109.124.254.0/23 maxlen: 23
                          85.236.160.0/20 maxlen: 20
                          185.224.8.0/22 maxlen: 22
                          85.236.176.0/20 maxlen: 20
                          109.124.192.0/19 maxlen: 19
                          2a13:73c7::/32 maxlen: 32
                          2a13:73c0:c000::/34 maxlen: 34
                          2a13:73c0:8000::/34 maxlen: 34
                          2a13:73c0:4000::/34 maxlen: 34
                          2a13:73c0::/34 maxlen: 34
                          2a13:73c4::/31 maxlen: 31
                          2a13:73c6::/32 maxlen: 32
                          2a13:73c1:c000::/34 maxlen: 34
                          2a13:73c1:8000::/34 maxlen: 34
                          2a13:73c1:4000::/34 maxlen: 34
                          2a13:73c1::/34 maxlen: 34
                          2a13:73c2::/31 maxlen: 31
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a2:6b:b1:62:58:a6:22:1c:5b:33:4c:b5:44:a8:1a:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aafe45b30fa7f594925dd395ba14cefb673e2c0
        Validity
            Not Before: Jan 11 20:00:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4103085bf5f3c6f427f2eba55513d168d7f0c4c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4e:1e:4f:82:92:8f:b7:dd:1c:a6:be:84:7a:
                    d4:73:53:55:4a:81:4e:51:ed:83:7b:ac:bb:c6:e8:
                    2f:c9:8f:21:4e:9f:96:48:aa:c3:ee:cf:68:8f:29:
                    48:4f:ce:3c:61:53:1b:e5:c1:ab:32:8b:79:d4:03:
                    53:5e:ec:df:5c:e3:34:3e:8b:95:9f:08:fb:d9:c6:
                    df:ad:7b:98:38:2b:96:f6:1b:b2:bd:05:b2:a9:c5:
                    01:f5:ce:2b:47:d1:67:2d:87:ad:34:bb:9c:88:5c:
                    46:ec:fc:d5:76:e1:67:94:61:4f:ac:7b:2f:62:75:
                    dc:d1:37:50:7d:3a:0c:42:01:a0:08:6c:f9:af:57:
                    6f:3e:ce:da:b8:a7:b8:55:ab:c2:97:50:34:e8:61:
                    48:4d:ce:65:40:12:ae:a7:be:d1:f8:6c:57:b6:b5:
                    cb:72:34:ec:e0:f5:2d:ff:e9:8e:18:04:0a:bd:cd:
                    11:8a:89:f3:51:fb:44:61:64:f4:ea:3d:08:80:b0:
                    92:49:79:18:b9:cf:b6:f5:3b:03:fa:27:de:98:0f:
                    59:42:8a:8b:5b:83:e9:74:52:90:51:19:88:dd:05:
                    1d:99:b7:05:7b:d6:5c:88:ac:de:8e:c9:6b:06:9b:
                    23:38:65:97:0d:35:bc:03:45:6c:6d:a1:87:c3:21:
                    dd:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:03:08:5B:F5:F3:C6:F4:27:F2:EB:A5:55:13:D1:68:D7:F0:C4:C6
            X509v3 Authority Key Identifier:
                keyid:4A:AF:E4:5B:30:FA:7F:59:49:25:DD:39:5B:A1:4C:EF:B6:73:E2:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sq_kWzD6f1lJJd05W6FM77Zz4sA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/QQMIW_XzxvQn8uulVRPRaNfwxMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ae09fb-f536-47a1-9787-f1f603f91971/1/Sq_kWzD6f1lJJd05W6FM77Zz4sA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.236.160.0/19
                  109.124.192.0/18
                  185.224.8.0/22
                IPv6:
                  2a13:73c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:36:bc:96:55:62:ad:78:58:73:d3:3d:1e:e3:7e:29:86:04:
         8e:06:1c:7e:a7:d9:0f:cb:f1:b9:e1:54:22:79:c4:b0:45:37:
         ba:34:fc:bb:d9:9a:ec:35:c6:f3:69:1c:60:22:9f:a6:ef:b4:
         e9:5f:10:d5:5a:98:e0:3d:94:d5:2e:0b:97:26:e5:28:07:c9:
         13:23:a3:96:e0:0c:a5:e3:01:5e:31:20:f3:38:c3:e4:15:3b:
         22:f4:7f:19:71:26:25:bc:3f:39:32:ef:ea:ee:93:bf:90:9b:
         60:8b:cf:f7:ca:dd:96:41:5e:be:c2:72:6f:9f:bd:a7:e1:34:
         8e:db:41:5f:40:86:c6:e4:d0:51:b0:72:08:ca:2b:d7:ca:8a:
         88:b9:27:aa:c4:fd:32:a7:05:58:ae:fe:c5:d9:af:ac:b8:14:
         af:3a:48:69:5b:71:f3:45:7e:6f:a1:40:53:28:62:27:ff:d2:
         cd:4b:3c:2a:3f:16:4d:e1:81:e4:63:1c:61:d2:b5:b3:ab:4a:
         17:a5:c8:77:88:ae:08:f1:80:c1:06:b8:ee:93:13:38:f5:5a:
         77:cd:7b:43:db:37:02:0b:76:3a:88:6f:65:55:c6:4d:bb:39:
         d9:ec:2c:47:fc:53:fc:9e:62:9d:44:4a:9c:89:0e:cb:42:64:
         a3:85:02:24
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYWia7FiWKYiHFszTLVEqBo8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYWZlNDViMzBmYTdmNTk0OTI1ZGQzOTViYTE0Y2VmYjY3
M2UyYzAwHhcNMjMwMTExMjAwMDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTAzMDg1YmY1ZjNjNmY0MjdmMmViYTU1NTEzZDE2OGQ3ZjBjNGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE4eT4KSj7fdHKa+hHrUc1NVSoFO
Ue2De6y7xugvyY8hTp+WSKrD7s9ojylIT848YVMb5cGrMot51ANTXuzfXOM0PouV
nwj72cbfrXuYOCuW9huyvQWyqcUB9c4rR9FnLYetNLuciFxG7PzVduFnlGFPrHsv
YnXc0TdQfToMQgGgCGz5r1dvPs7auKe4VavCl1A06GFITc5lQBKup77R+GxXtrXL
cjTs4PUt/+mOGAQKvc0RionzUftEYWT06j0IgLCSSXkYuc+29TsD+ifemA9ZQoqL
W4PpdFKQURmI3QUdmbcFe9ZciKzejslrBpsjOGWXDTW8A0VsbaGHwyHdjQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFEEDCFv188b0J/LrpVUT0WjX8MTGMB8GA1UdIwQY
MBaAFEqv5Fsw+n9ZSSXdOVuhTO+2c+LAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Ffa1d6RDZmMWxKSmQwNVc2Rk03N1p6NHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZTA5ZmItZjUzNi00N2ExLTk3ODct
ZjFmNjAzZjkxOTcxLzEvUVFNSVdfWHp4dlFuOHV1bFZSUFJhTmZ3eE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZTA5ZmItZjUzNi00N2ExLTk3ODctZjFmNjAzZjkxOTcx
LzEvU3Ffa1d6RDZmMWxKSmQwNVc2Rk03N1p6NHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQFVeygAwQG
bXzAAwQCueAIMA0EAgACMAcDBQMqE3PAMA0GCSqGSIb3DQEBCwUAA4IBAQB8NryW
VWKteFhz0z0e434phgSOBhx+p9kPy/G54VQiecSwRTe6NPy72ZrsNcbzaRxgIp+m
77TpXxDVWpjgPZTVLguXJuUoB8kTI6OW4Ayl4wFeMSDzOMPkFTsi9H8ZcSYlvD85
Mu/q7pO/kJtgi8/3yt2WQV6+wnJvn72n4TSO20FfQIbG5NBRsHIIyivXyoqIuSeq
xP0ypwVYrv7F2a+suBSvOkhpW3HzRX5voUBTKGIn/9LNSzwqPxZN4YHkYxxh0rWz
q0oXpch3iK4I8YDBBrjukxM49Vp3zXtD2zcCC3Y6iG9lVcZNuznZ7CxH/FP8nmKd
REqciQ7LQmSjhQIk
-----END CERTIFICATE-----