Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qb-xzGubFCKVN8Vke6-uueC_91A.roa
File:                     qb-xzGubFCKVN8Vke6-uueC_91A.roa (raw, json)
Hash identifier:          wT96yKt9bpFCEGexeekZsU9wN3CamzJTQjezAUHaygg=
Subject key identifier:   A9:BF:B1:CC:6B:9B:14:22:95:37:C5:64:7B:AF:AE:B9:E0:BF:F7:50
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       049BE6A0
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qb-xzGubFCKVN8Vke6-uueC_91A.roa
Signing time:             Thu 03 Feb 2022 17:32:40 +0000
ROA not before:           Thu 03 Feb 2022 17:32:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51659
IP address blocks:        193.233.84.0/22 maxlen: 22
                          193.233.92.0/22 maxlen: 22
                          193.233.17.0/24 maxlen: 24
                          193.233.16.0/24 maxlen: 24
                          193.233.22.0/24 maxlen: 24
                          193.233.23.0/24 maxlen: 24
                          193.233.21.0/24 maxlen: 24
                          193.233.19.0/24 maxlen: 24
                          193.233.20.0/24 maxlen: 24
                          193.233.240.0/22 maxlen: 22
                          193.233.18.0/24 maxlen: 24
                          193.233.252.0/22 maxlen: 22
                          193.233.48.0/23 maxlen: 23
                          193.233.61.0/24 maxlen: 24
                          193.233.192.0/22 maxlen: 22
                          193.233.224.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 77325984 (0x49be6a0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb  3 17:32:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a9bfb1cc6b9b14229537c5647bafaeb9e0bff750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:75:81:79:b3:82:09:b6:64:3c:bb:1b:0d:97:
                    cc:c2:f4:9d:2f:18:18:e2:43:66:b0:df:97:06:d3:
                    f0:94:5c:95:b4:2c:7f:f2:d1:34:9e:2f:d3:ee:2d:
                    56:da:31:3b:72:4f:6e:76:2c:4b:66:e4:71:ac:50:
                    39:4f:dd:82:19:6b:ed:13:25:8b:1b:9f:6f:93:07:
                    2d:c3:39:32:d9:cc:d6:7d:70:a2:a2:f6:52:d2:f4:
                    77:8a:a7:ce:3e:c1:3c:81:eb:13:19:b7:45:21:f7:
                    67:94:da:a7:97:cf:4c:72:36:4c:c1:39:30:29:63:
                    ed:ca:b6:25:cf:df:a7:05:2e:84:cd:a6:6a:1b:fc:
                    86:52:35:15:c1:1d:9c:a7:81:cc:15:b6:5e:b4:ae:
                    5f:00:e0:b5:c8:1b:f3:6f:03:e9:0e:9b:8a:29:12:
                    b7:6f:f7:14:4c:85:4f:24:32:c5:1b:ca:81:37:2a:
                    2c:da:5f:d6:36:f8:e6:6d:60:1a:e0:42:7b:a9:1d:
                    f7:0f:a4:e6:00:f8:8c:ae:03:2b:bc:e2:1b:3b:ae:
                    51:72:83:06:ce:b8:10:43:d3:0e:84:a3:8a:84:ca:
                    2e:cd:12:dd:7e:83:c0:64:fe:e3:ba:f4:05:e2:bb:
                    3f:8a:a8:ca:da:f7:fa:3d:d2:21:43:7c:e8:16:68:
                    31:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:BF:B1:CC:6B:9B:14:22:95:37:C5:64:7B:AF:AE:B9:E0:BF:F7:50
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/qb-xzGubFCKVN8Vke6-uueC_91A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.16.0/21
                  193.233.48.0/23
                  193.233.61.0/24
                  193.233.84.0/22
                  193.233.92.0/22
                  193.233.192.0/22
                  193.233.224.0/22
                  193.233.240.0/22
                  193.233.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:26:9b:d6:ab:89:ec:65:b4:fd:c0:16:b3:f3:27:1c:b7:68:
         40:92:c2:7e:3a:4c:72:fe:f9:76:d1:20:80:d2:d8:19:2d:1f:
         33:f1:16:41:ea:1f:67:87:d3:41:43:e1:c4:8a:34:2e:b6:b9:
         87:54:70:4c:cd:67:ea:0e:77:9d:92:7d:6f:8c:76:72:30:d1:
         54:1f:3b:31:1c:a6:44:c3:c4:9c:4e:40:d0:53:b5:ed:f4:08:
         08:ce:a1:d3:37:ac:d6:1e:d7:8d:87:61:b8:e1:05:fa:5e:9b:
         df:4a:b9:39:70:a9:06:5f:c3:da:95:c5:d2:05:b1:b5:d7:36:
         6d:cd:b2:f2:ab:07:37:9b:7d:5f:4e:33:d3:e2:1f:c3:e9:e6:
         85:b2:cd:09:d3:51:3f:f2:6a:39:dd:76:5a:8d:05:1f:8e:2c:
         84:73:d7:49:51:2d:2e:5e:d2:42:87:cc:3a:b1:22:13:c2:4e:
         78:a8:64:36:bf:6c:e9:e2:44:fd:1c:51:ee:66:01:70:e5:3a:
         59:4c:c1:18:4b:9b:55:ac:b5:96:c4:fe:58:80:ee:be:a8:3c:
         f3:15:d6:33:4a:ff:44:b1:41:77:0a:ce:34:d5:27:a7:57:d7:
         f4:a8:e1:b1:12:90:5a:60:69:51:ef:61:69:c6:32:7b:d6:93:
         27:2a:ce:4e
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEBJvmoDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NmQ2NDhiZGJhOTY1NDYxYjFlOGMxMWI5ZGQ0MzZjNjEzODI4NzNjMB4XDTIyMDIw
MzE3MzI0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTliZmIxY2M2Yjli
MTQyMjk1MzdjNTY0N2JhZmFlYjllMGJmZjc1MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMh1gXmzggm2ZDy7Gw2XzML0nS8YGOJDZrDflwbT8JRclbQs
f/LRNJ4v0+4tVtoxO3JPbnYsS2bkcaxQOU/dghlr7RMlixufb5MHLcM5MtnM1n1w
oqL2UtL0d4qnzj7BPIHrExm3RSH3Z5Tap5fPTHI2TME5MClj7cq2Jc/fpwUuhM2m
ahv8hlI1FcEdnKeBzBW2XrSuXwDgtcgb828D6Q6biikSt2/3FEyFTyQyxRvKgTcq
LNpf1jb45m1gGuBCe6kd9w+k5gD4jK4DK7ziGzuuUXKDBs64EEPTDoSjioTKLs0S
3X6DwGT+47r0BeK7P4qoytr3+j3SIUN86BZoMUkCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBSpv7HMa5sUIpU3xWR7r6654L/3UDAfBgNVHSMEGDAWgBSG1ki9upZUYbHo
wRud1DbGE4KHPDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2h0Wkl2YnFXVkdHeDZNRWJuZFEyeGhPQ2h6dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGMvYWM1OGVhLWM0NTktNDhjYS1iODJiLTRkZWM0ZGFmZWU0OS8x
L3FiLXh6R3ViRkNLVk44VmtlNi11dWVDXzkxQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMv
YWM1OGVhLWM0NTktNDhjYS1iODJiLTRkZWM0ZGFmZWU0OS8xL2h0Wkl2YnFXVkdH
eDZNRWJuZFEyeGhPQ2h6dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEA8HpEAMEAcHpMAMEAMHpPQMEAsHp
VAMEAsHpXAMEAsHpwAMEAsHp4AMEAsHp8AMEAsHp/DANBgkqhkiG9w0BAQsFAAOC
AQEAOyab1quJ7GW0/cAWs/MnHLdoQJLCfjpMcv75dtEggNLYGS0fM/EWQeofZ4fT
QUPhxIo0Lra5h1RwTM1n6g53nZJ9b4x2cjDRVB87MRymRMPEnE5A0FO17fQICM6h
0zes1h7XjYdhuOEF+l6b30q5OXCpBl/D2pXF0gWxtdc2bc2y8qsHN5t9X04z0+If
w+nmhbLNCdNRP/JqOd12Wo0FH44shHPXSVEtLl7SQofMOrEiE8JOeKhkNr9s6eJE
/RxR7mYBcOU6WUzBGEubVay1lsT+WIDuvqg88xXWM0r/RLFBdwrONNUnp1fX9Kjh
sRKQWmBpUe9hacYye9aTJyrOTg==
-----END CERTIFICATE-----