Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/QwiJuw3bko9KLC4kk2k1Rd1EmMw.roa
File:                     QwiJuw3bko9KLC4kk2k1Rd1EmMw.roa (raw, json)
Hash identifier:          7ypUSClmiJm+079kMQj0jQUmB9f4enXfkTQ+T/9QEXI=
Subject key identifier:   43:08:89:BB:0D:DB:92:8F:4A:2C:2E:24:93:69:35:45:DD:44:98:CC
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       04454E01
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/QwiJuw3bko9KLC4kk2k1Rd1EmMw.roa
Signing time:             Tue 22 Feb 2022 16:25:42 +0000
ROA not before:           Tue 22 Feb 2022 16:25:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        212.30.44.0/24 maxlen: 24
                          212.30.41.0/24 maxlen: 24
                          212.30.40.0/24 maxlen: 24
                          212.30.43.0/24 maxlen: 24
                          212.30.42.0/24 maxlen: 24
                          212.30.47.0/24 maxlen: 24
                          212.30.45.0/24 maxlen: 24
                          212.30.46.0/24 maxlen: 24
                          45.94.53.0/24 maxlen: 24
                          45.94.52.0/24 maxlen: 24
                          212.30.58.0/24 maxlen: 24
                          45.94.55.0/24 maxlen: 24
                          45.94.54.0/24 maxlen: 24
                          212.30.57.0/24 maxlen: 24
                          212.30.56.0/24 maxlen: 24
                          212.30.62.0/24 maxlen: 24
                          212.30.61.0/24 maxlen: 24
                          212.30.59.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 71650817 (0x4454e01)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Feb 22 16:25:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=430889bb0ddb928f4a2c2e2493693545dd4498cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ca:a2:85:c1:95:19:8e:01:14:d5:bd:60:86:
                    df:21:e8:1c:c9:6e:34:1b:72:f5:aa:75:d5:d1:69:
                    51:fe:84:e6:bf:89:ed:b4:f6:38:7f:29:ef:80:6b:
                    09:ac:f1:2d:c2:08:ca:07:9c:4a:a0:ca:a2:08:3d:
                    40:c2:dc:06:5e:ec:69:83:cf:74:92:60:1c:87:59:
                    0f:61:9d:55:02:3b:55:83:ad:61:8d:45:11:62:7b:
                    e5:fa:5d:d6:98:d5:32:5c:b8:41:5a:64:5e:35:e5:
                    bf:a9:3e:38:20:18:cc:f5:70:ba:3d:59:0f:41:8f:
                    ea:d0:ce:56:d2:ae:56:c1:70:3b:f3:d0:a5:e3:68:
                    99:e2:ce:a0:b2:3a:28:4f:64:eb:ee:7f:2c:8c:0f:
                    bc:5c:5f:ea:b9:2f:62:84:ce:3c:90:62:d8:04:2a:
                    be:75:75:ed:54:68:90:c0:8c:62:5b:09:cb:c8:bd:
                    0f:40:47:73:0d:01:48:d4:0e:0f:57:15:4a:ba:ca:
                    29:a4:10:c4:21:06:f4:6c:a1:d2:15:9b:f4:be:f4:
                    b8:50:01:f8:e4:c0:66:9b:9e:59:a4:24:ed:9d:8a:
                    5d:c1:c4:53:92:b7:d8:17:b4:3a:77:b3:67:f5:0e:
                    82:2f:b7:c2:13:d7:2d:4d:77:e1:1e:5d:18:c9:35:
                    09:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:08:89:BB:0D:DB:92:8F:4A:2C:2E:24:93:69:35:45:DD:44:98:CC
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/QwiJuw3bko9KLC4kk2k1Rd1EmMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.52.0/22
                  212.30.40.0/21
                  212.30.56.0/22
                  212.30.61.0-212.30.62.255

    Signature Algorithm: sha256WithRSAEncryption
         06:a1:4f:e4:bc:7c:bb:23:80:c3:bd:9f:15:8c:f7:ec:a7:be:
         34:e7:32:c6:10:0d:28:4e:b9:14:2e:7e:c2:b1:b7:57:29:8e:
         99:b4:97:5c:b1:cd:b3:1f:8f:b0:d0:d0:49:7b:76:f9:70:55:
         b7:ff:da:41:03:69:41:c4:e6:57:7d:1a:aa:cb:69:b4:0b:de:
         46:3d:62:f2:6e:7d:c3:f3:5d:71:17:4b:d5:dd:71:c1:b1:83:
         20:3d:61:1b:7f:46:06:8e:71:af:84:33:96:74:f6:36:af:0c:
         9d:89:93:21:92:14:d9:e6:83:5a:83:8f:69:ce:39:a0:26:3f:
         a1:5f:0d:62:bd:a9:d1:7d:96:69:15:b0:c3:df:1c:f3:73:4a:
         fe:0d:d4:1d:5c:9e:98:4a:8f:27:e4:b9:37:a9:84:bd:77:62:
         c2:7e:6d:db:23:e7:8d:59:c4:c1:c6:36:a4:3a:b8:3b:2e:87:
         59:35:3b:18:2d:8a:19:2f:52:d3:fa:fc:ee:65:b5:69:51:cd:
         17:c7:d9:6f:49:38:55:12:a5:7d:0a:34:a1:8f:0e:01:b9:70:
         a9:09:0f:0c:a8:14:c0:26:d8:cb:08:e4:1a:d7:f1:7e:61:cc:
         f7:b5:38:a9:06:9e:b7:d3:7f:f4:74:3a:3a:af:b4:eb:71:e7:
         15:e2:5c:fd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIEBEVOATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
NDU1ZDdmZWU0YTQ5OWVjYWYxMWQyZDNkYThlMzg5ZGUzMjM0MTJmMB4XDTIyMDIy
MjE2MjU0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDMwODg5YmIwZGRi
OTI4ZjRhMmMyZTI0OTM2OTM1NDVkZDQ0OThjYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM7KooXBlRmOARTVvWCG3yHoHMluNBty9ap11dFpUf6E5r+J
7bT2OH8p74BrCazxLcIIygecSqDKogg9QMLcBl7saYPPdJJgHIdZD2GdVQI7VYOt
YY1FEWJ75fpd1pjVMly4QVpkXjXlv6k+OCAYzPVwuj1ZD0GP6tDOVtKuVsFwO/PQ
peNomeLOoLI6KE9k6+5/LIwPvFxf6rkvYoTOPJBi2AQqvnV17VRokMCMYlsJy8i9
D0BHcw0BSNQOD1cVSrrKKaQQxCEG9Gyh0hWb9L70uFAB+OTAZpueWaQk7Z2KXcHE
U5K32Be0OnezZ/UOgi+3whPXLU134R5dGMk1CUcCAwEAAaOCAiMwggIfMB0GA1Ud
DgQWBBRDCIm7DduSj0osLiSTaTVF3USYzDAfBgNVHSMEGDAWgBQkVdf+5KSZ7K8R
0tPajjid4yNBLzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0pGWFhfdVNrbWV5dkVkTFQybzQ0bmVNalFTOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGMvM2ZmYjc2LTk5MzEtNDk0Mi05ZGExLTFlMDQ2NTUxM2I2My8x
L1F3aUp1dzNia285S0xDNGtrMmsxUmQxRW1Ndy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMv
M2ZmYjc2LTk5MzEtNDk0Mi05ZGExLTFlMDQ2NTUxM2I2My8xL0pGWFhfdVNrbWV5
dkVkTFQybzQ0bmVNalFTOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA5
BggrBgEFBQcBBwEB/wQqMCgwJgQCAAEwIAMEAi1eNAMEA9QeKAMEAtQeODAMAwQA
1B49AwQA1B4+MA0GCSqGSIb3DQEBCwUAA4IBAQAGoU/kvHy7I4DDvZ8VjPfsp740
5zLGEA0oTrkULn7CsbdXKY6ZtJdcsc2zH4+w0NBJe3b5cFW3/9pBA2lBxOZXfRqq
y2m0C95GPWLybn3D811xF0vV3XHBsYMgPWEbf0YGjnGvhDOWdPY2rwydiZMhkhTZ
5oNag49pzjmgJj+hXw1ivanRfZZpFbDD3xzzc0r+DdQdXJ6YSo8n5Lk3qYS9d2LC
fm3bI+eNWcTBxjakOrg7LodZNTsYLYoZL1LT+vzuZbVpUc0Xx9lvSThVEqV9CjSh
jw4BuXCpCQ8MqBTAJtjLCOQa1/F+Ycz3tTipBp6303/0dDo6r7TrcecV4lz9
-----END CERTIFICATE-----