Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/VwUYoZDBWtLNXqKAceaaVNJjV9U.roa
File:                     VwUYoZDBWtLNXqKAceaaVNJjV9U.roa (raw, json)
Hash identifier:          Vw0UEUlrQomX7Z1XZlzS4Hbwa6Wf6hgK2epUwcITeTo=
Subject key identifier:   57:05:18:A1:90:C1:5A:D2:CD:5E:A2:80:71:E6:9A:54:D2:63:57:D5
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       01852A7837BC292CEA6336C128984F97FB33
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/VwUYoZDBWtLNXqKAceaaVNJjV9U.roa
Signing time:             Mon 19 Dec 2022 12:59:59 +0000
ROA not before:           Mon 19 Dec 2022 12:59:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2a:78:37:bc:29:2c:ea:63:36:c1:28:98:4f:97:fb:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Dec 19 12:59:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=570518a190c15ad2cd5ea28071e69a54d26357d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:35:ff:b8:4a:9d:de:c4:8f:6b:20:d1:5e:35:
                    cb:b4:17:fb:d1:23:e9:81:51:27:3b:cc:42:f1:46:
                    31:9f:f1:9b:89:4a:b1:ae:0d:50:f3:02:d1:da:4d:
                    ee:b7:37:02:e5:db:f8:6b:85:15:40:31:27:8e:39:
                    a9:5b:ea:6d:a0:1e:73:19:fb:18:4b:f2:ab:18:81:
                    25:a8:8a:2b:17:eb:b8:69:83:53:36:98:7f:14:71:
                    66:a0:52:58:90:f1:88:49:b6:11:5f:93:64:6c:e1:
                    e9:18:8f:11:5f:17:00:8e:7c:48:0e:75:c8:37:55:
                    82:d6:af:8a:6a:dd:22:74:89:79:53:7e:a5:2a:c1:
                    bb:12:80:23:f9:3d:f5:74:df:16:2d:3d:02:e5:15:
                    4d:c5:8f:f2:f3:45:a0:0c:13:bd:6f:29:3a:49:ed:
                    fe:c2:08:aa:98:04:f3:9c:da:3a:83:d2:bb:31:c4:
                    99:e5:63:0d:10:81:33:d1:9d:26:da:ff:8c:6f:ee:
                    6f:31:49:f1:4b:14:bf:bb:1b:81:9c:b7:37:cc:d2:
                    5d:e6:e5:de:d2:fe:99:22:d8:b1:00:8b:a4:72:3d:
                    ed:6e:45:d1:2f:ae:57:be:18:d0:21:05:21:48:91:
                    96:b7:71:5d:0b:4e:e3:1a:6c:70:82:c9:83:47:94:
                    05:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:05:18:A1:90:C1:5A:D2:CD:5E:A2:80:71:E6:9A:54:D2:63:57:D5
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/VwUYoZDBWtLNXqKAceaaVNJjV9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.180.255
                  104.247.182.0/24
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:6c:40:da:d5:48:ba:86:5e:62:1b:a7:25:40:6d:92:58:a3:
         c1:a7:42:55:e9:7d:fa:fe:96:05:fa:12:0f:fb:52:e1:8b:c7:
         aa:db:b6:7b:53:01:64:ae:a6:89:4e:25:61:55:32:a5:59:38:
         2f:3f:39:9a:03:aa:4d:db:1a:11:da:26:aa:ce:28:c7:44:da:
         1d:59:54:d3:d7:a9:22:4d:f8:82:56:c0:72:f0:a0:9f:e1:1f:
         b7:f8:27:07:29:fa:1e:37:83:a0:ac:6d:41:e2:a6:e1:42:4a:
         61:24:de:3d:2a:25:08:d8:28:f8:59:dc:df:5e:fa:af:aa:e7:
         c0:6a:89:c6:b0:36:91:8b:d0:7f:5b:76:d7:38:b4:25:a8:4e:
         fb:37:b6:76:36:70:fc:bd:48:1e:4b:62:2e:4f:ef:f3:43:99:
         c3:00:33:13:bf:c3:8e:55:c8:eb:31:ca:3d:ef:4a:6c:f0:34:
         f7:31:ed:ef:ff:16:93:04:44:96:b9:65:de:da:c7:28:16:12:
         d2:9a:62:1d:ee:d8:67:68:72:2a:76:ad:71:da:01:1b:bb:b5:
         ae:64:96:39:34:90:d5:39:b3:a7:77:b2:75:39:e2:13:5d:6c:
         da:e6:ef:8b:3d:00:84:38:c4:7f:97:5d:bb:e1:2d:8a:25:54:
         85:53:f7:82
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYUqeDe8KSzqYzbBKJhPl/szMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjIxMjE5MTI1OTU5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzA1MThhMTkwYzE1YWQyY2Q1ZWEyODA3MWU2OWE1NGQyNjM1N2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jX/uEqd3sSPayDRXjXLtBf70SPp
gVEnO8xC8UYxn/GbiUqxrg1Q8wLR2k3utzcC5dv4a4UVQDEnjjmpW+ptoB5zGfsY
S/KrGIElqIorF+u4aYNTNph/FHFmoFJYkPGISbYRX5NkbOHpGI8RXxcAjnxIDnXI
N1WC1q+Kat0idIl5U36lKsG7EoAj+T31dN8WLT0C5RVNxY/y80WgDBO9byk6Se3+
wgiqmATznNo6g9K7McSZ5WMNEIEz0Z0m2v+Mb+5vMUnxSxS/uxuBnLc3zNJd5uXe
0v6ZItixAIukcj3tbkXRL65XvhjQIQUhSJGWt3FdC07jGmxwgsmDR5QFsQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFFcFGKGQwVrSzV6igHHmmlTSY1fVMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvVndVWW9aREJXdExOWHFLQWNlYWFWTkpqVjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgMAwDBAFo96oD
BABo97QDBABo97YDBAK5SYADBAC5idcwDwQCAAIwCQMHACoDpaAAATANBgkqhkiG
9w0BAQsFAAOCAQEAX2xA2tVIuoZeYhunJUBtklijwadCVel9+v6WBfoSD/tS4YvH
qtu2e1MBZK6miU4lYVUypVk4Lz85mgOqTdsaEdomqs4ox0TaHVlU09epIk34glbA
cvCgn+Eft/gnByn6HjeDoKxtQeKm4UJKYSTePSolCNgo+Fnc3176r6rnwGqJxrA2
kYvQf1t21zi0JahO+ze2djZw/L1IHktiLk/v80OZwwAzE7/DjlXI6zHKPe9KbPA0
9zHt7/8WkwRElrll3trHKBYS0ppiHe7YZ2hyKnatcdoBG7u1rmSWOTSQ1Tmzp3ey
dTniE11s2ubviz0AhDjEf5ddu+EtiiVUhVP3gg==
-----END CERTIFICATE-----