Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/xhcrEoQMZ1K92LJdyaouw9ZtcwY.roa
File:                     xhcrEoQMZ1K92LJdyaouw9ZtcwY.roa (raw, json)
Hash identifier:          hZq0q/2/uQHGSIcKGNRckDnadbHoY8ADefbHhYcpYKc=
Subject key identifier:   C6:17:2B:12:84:0C:67:52:BD:D8:B2:5D:C9:AA:2E:C3:D6:6D:73:06
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       01846FCAA9A013E48F22819CDDDD0F1EAAA7
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/xhcrEoQMZ1K92LJdyaouw9ZtcwY.roa
Signing time:             Sun 13 Nov 2022 07:01:03 +0000
ROA not before:           Sun 13 Nov 2022 07:01:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57235
IP address blocks:        81.31.224.0/22 maxlen: 24
                          81.31.233.0/24 maxlen: 24
                          81.31.228.0/23 maxlen: 24
                          81.31.230.0/24 maxlen: 24
                          81.31.234.0/23 maxlen: 24
                          81.31.234.0/24 maxlen: 24
                          81.31.235.0/24 maxlen: 24
                          81.31.236.0/24 maxlen: 24
                          81.31.236.0/22 maxlen: 24
                          81.31.238.0/24 maxlen: 24
                          81.31.240.0/23 maxlen: 24
                          81.31.248.0/22 maxlen: 24
                          81.31.250.0/24 maxlen: 24
                          81.31.251.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:6f:ca:a9:a0:13:e4:8f:22:81:9c:dd:dd:0f:1e:aa:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Nov 13 07:01:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c6172b12840c6752bdd8b25dc9aa2ec3d66d7306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:90:40:22:38:16:d3:98:7e:49:14:4e:55:bf:
                    c9:e6:7e:5c:a6:48:06:ec:c0:f6:eb:13:fd:64:47:
                    f7:76:a2:fe:2b:0f:59:1b:45:0c:38:ab:d4:9c:d2:
                    9c:52:9d:d3:d4:28:bb:33:d9:0e:c6:76:75:35:a9:
                    c3:87:06:07:24:04:45:d6:ba:3b:cd:a4:46:55:79:
                    3c:2e:b6:33:bb:71:cf:df:db:64:2e:b9:52:d3:db:
                    5e:66:24:17:1d:9a:50:d5:70:9d:fa:c5:1f:16:6e:
                    75:27:88:a1:77:b2:ec:6c:6d:00:84:ef:12:0c:89:
                    b4:ad:7d:90:9d:bc:42:ab:74:86:7e:78:59:8f:89:
                    9a:c0:60:9d:37:5f:8d:f9:02:e8:61:98:fb:b4:d8:
                    5e:9b:b3:17:d9:b7:be:c0:39:dc:96:30:c1:ff:bd:
                    3c:44:25:46:a6:7f:66:51:24:b0:e2:05:94:ff:7f:
                    c9:4c:b4:c1:f9:32:79:a0:3d:94:53:2a:32:1b:1c:
                    fd:de:32:e0:b6:62:7b:ac:2f:70:f9:cc:02:df:11:
                    d7:28:66:ea:9a:d2:a5:68:bb:6f:8d:00:cd:5a:38:
                    9b:01:87:c2:4e:cf:e9:17:3f:e6:1f:19:46:68:63:
                    d4:63:2a:2e:dd:ce:bd:46:db:a9:42:16:c9:ed:ef:
                    5b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:17:2B:12:84:0C:67:52:BD:D8:B2:5D:C9:AA:2E:C3:D6:6D:73:06
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/xhcrEoQMZ1K92LJdyaouw9ZtcwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.224.0-81.31.230.255
                  81.31.233.0-81.31.241.255
                  81.31.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:06:f7:5e:11:4d:3b:1b:1e:26:24:89:a8:2f:29:58:ef:d3:
         b7:45:dd:c6:61:85:23:49:d2:e7:1d:a1:49:91:a7:04:8c:48:
         46:dd:c9:6c:7e:ef:2f:9d:eb:5a:dd:bc:00:a3:fd:ef:94:34:
         cf:5d:7a:f4:7b:f8:09:c7:2c:49:ad:af:67:08:5c:00:05:ca:
         0b:13:c3:f4:0c:4f:13:f1:01:8e:83:27:64:aa:20:15:59:fa:
         26:93:a4:8c:6a:db:0f:3a:2a:f9:8f:90:3e:fb:9b:d9:ae:29:
         dd:34:c8:8c:fb:9a:7a:67:ee:d6:fd:e1:f8:2c:19:df:f4:48:
         ee:a4:e4:f8:a8:36:ca:6a:29:0c:e6:58:71:79:bd:e3:1c:7c:
         8c:fd:4d:6d:9c:c3:db:42:66:07:78:78:4b:0e:60:07:ce:26:
         07:3c:d7:43:cc:be:59:af:e6:9e:da:69:d1:13:27:31:89:b1:
         52:c8:7c:f3:fd:17:32:a6:df:22:34:5c:94:3c:60:63:ec:91:
         9c:dc:f2:9a:29:11:f0:9a:e8:d0:06:77:c3:4a:78:dc:73:30:
         7a:5b:06:db:1d:7b:ee:db:77:0c:b6:fa:7b:03:7e:c7:5f:f0:
         32:c2:bb:a6:0b:8d:42:c2:dd:85:1b:f3:5d:93:6c:3a:0c:cb:
         95:c8:95:e1
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYRvyqmgE+SPIoGc3d0PHqqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjIxMTEzMDcwMTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE3MmIxMjg0MGM2NzUyYmRkOGIyNWRjOWFhMmVjM2Q2NmQ3MzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspBAIjgW05h+SRROVb/J5n5cpkgG
7MD26xP9ZEf3dqL+Kw9ZG0UMOKvUnNKcUp3T1Ci7M9kOxnZ1NanDhwYHJARF1ro7
zaRGVXk8LrYzu3HP39tkLrlS09teZiQXHZpQ1XCd+sUfFm51J4ihd7LsbG0AhO8S
DIm0rX2QnbxCq3SGfnhZj4mawGCdN1+N+QLoYZj7tNhem7MX2be+wDncljDB/708
RCVGpn9mUSSw4gWU/3/JTLTB+TJ5oD2UUyoyGxz93jLgtmJ7rC9w+cwC3xHXKGbq
mtKlaLtvjQDNWjibAYfCTs/pFz/mHxlGaGPUYyou3c69RtupQhbJ7e9bxQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFMYXKxKEDGdSvdiyXcmqLsPWbXMGMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEveGhjckVvUU1aMUs5MkxKZHlhb3V3OVp0Y3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAVRH+AD
BABRH+YwDAMEAFEf6QMEAVEf8AMEAlEf+DANBgkqhkiG9w0BAQsFAAOCAQEAigb3
XhFNOxseJiSJqC8pWO/Tt0XdxmGFI0nS5x2hSZGnBIxIRt3JbH7vL53rWt28AKP9
75Q0z1169Hv4CccsSa2vZwhcAAXKCxPD9AxPE/EBjoMnZKogFVn6JpOkjGrbDzoq
+Y+QPvub2a4p3TTIjPuaemfu1v3h+CwZ3/RI7qTk+Kg2ymopDOZYcXm94xx8jP1N
bZzD20JmB3h4Sw5gB84mBzzXQ8y+Wa/mntpp0RMnMYmxUsh88/0XMqbfIjRclDxg
Y+yRnNzymikR8Jro0AZ3w0p43HMwelsG2x177tt3DLb6ewN+x1/wMsK7pguNQsLd
hRvzXZNsOgzLlciV4Q==
-----END CERTIFICATE-----