Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/TzoKO7ZOE9ihAuzkYMVrTTCuMXU.roa
File:                     TzoKO7ZOE9ihAuzkYMVrTTCuMXU.roa (raw, json)
Hash identifier:          Ruu5+HeZHcKZe+Tz7K3OwX0dsesJH7Z7EV9D4DDSP2Y=
Subject key identifier:   4F:3A:0A:3B:B6:4E:13:D8:A1:02:EC:E4:60:C5:6B:4D:30:AE:31:75
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       43525398
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/TzoKO7ZOE9ihAuzkYMVrTTCuMXU.roa
Signing time:             Sat 01 Jan 2022 08:00:20 +0000
ROA not before:           Sat 01 Jan 2022 08:00:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62874
IP address blocks:        2a03:f87:daa4::/48 maxlen: 48
                          2a03:f87:daac::/48 maxlen: 48
                          2a03:f87:caac::/48 maxlen: 48
                          2a03:f87:daa1::/48 maxlen: 48
                          2a03:f87:daa3::/48 maxlen: 48
                          2a03:f87:daab::/48 maxlen: 48
                          2a03:f87:caab::/48 maxlen: 48
                          2a03:f87:daad::/48 maxlen: 48
                          2a03:f87:caad::/48 maxlen: 48
                          2a03:f87:daa2::/48 maxlen: 48
                          2a03:f87:caaa::/48 maxlen: 48
                          2a03:f87:daaa::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1129468824 (0x43525398)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 08:00:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4f3a0a3bb64e13d8a102ece460c56b4d30ae3175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fd:92:36:90:21:b6:97:48:ad:ea:4e:ca:5a:
                    66:5e:bb:14:d8:17:f6:05:d4:c5:af:82:21:81:cf:
                    c8:f8:5d:89:4e:7f:60:1e:6c:9e:b0:ee:95:62:83:
                    93:e4:eb:2f:27:26:4e:d2:79:b0:7e:0f:30:90:11:
                    23:fb:91:5d:6d:e1:de:b3:ce:46:1c:75:c4:12:ba:
                    d0:d3:9e:d0:25:b7:e6:50:05:e5:ca:f0:18:01:91:
                    df:af:7f:3f:a6:11:9a:5a:a6:6d:3f:85:63:de:0e:
                    57:01:10:05:3c:fe:23:93:e9:e4:2c:ca:6a:f2:0d:
                    55:83:85:f2:cf:6c:23:82:4c:cd:0e:1d:f4:72:76:
                    4b:3c:09:13:34:da:e9:fb:79:d3:62:de:72:d6:f3:
                    aa:ff:14:68:d6:2b:5e:72:32:f9:b1:22:ab:09:40:
                    e7:b9:d2:71:2d:ea:0b:db:52:8c:14:ff:8c:da:4f:
                    2a:d9:b2:6c:7d:8a:fe:23:09:ca:2e:77:3a:7a:0d:
                    df:cd:f2:2d:b3:71:b4:85:65:e0:ad:5a:cb:53:f6:
                    7f:c3:35:57:fd:2e:35:74:3c:6c:bc:fe:46:88:71:
                    c5:8a:36:b6:56:7d:73:42:5b:d6:31:f7:e1:b9:32:
                    3f:be:ab:f0:f2:da:6f:b7:6f:c1:ac:5b:38:0e:62:
                    69:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:3A:0A:3B:B6:4E:13:D8:A1:02:EC:E4:60:C5:6B:4D:30:AE:31:75
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/TzoKO7ZOE9ihAuzkYMVrTTCuMXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f87:caaa::-2a03:f87:caad:ffff:ffff:ffff:ffff:ffff
                  2a03:f87:daa1::-2a03:f87:daa4:ffff:ffff:ffff:ffff:ffff
                  2a03:f87:daaa::-2a03:f87:daad:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         31:82:ee:bf:cb:3e:7d:09:c4:e8:3e:45:e9:a7:a1:02:29:43:
         78:82:fe:7d:d9:0d:e4:45:cd:21:ec:40:45:23:0a:b2:83:10:
         ce:e4:53:a1:79:18:92:f8:ae:91:26:6c:3b:7e:4f:31:74:b6:
         d5:0d:c3:ae:e1:25:18:5b:5a:c4:4d:34:ab:c5:e7:d0:17:b1:
         da:f5:20:bd:4d:80:08:c9:1e:61:74:43:a1:ea:fa:c1:b5:d0:
         76:cc:de:30:4f:89:56:8a:48:c7:f0:16:2b:4d:fa:d7:f6:1a:
         93:ec:51:81:68:36:15:d9:fd:d9:8e:94:c0:8f:eb:54:ee:4b:
         53:71:05:5c:a1:2f:c6:62:53:c4:80:6c:67:66:b3:04:23:1a:
         da:e4:e2:ff:fc:8b:c0:9c:ea:68:7f:62:21:8a:50:89:87:30:
         a5:19:03:02:17:bd:3c:64:b0:44:a2:f1:46:55:5a:a1:35:cb:
         58:df:d8:b9:4e:5c:be:d0:cb:9a:c3:dc:ca:79:02:77:6e:43:
         1c:27:e0:81:a9:ca:cf:8b:76:5a:10:30:4b:0c:47:19:2f:27:
         27:5a:4e:07:75:d6:26:45:36:37:ef:6d:96:94:71:38:a5:32:
         b7:2c:32:b0:24:e5:02:0f:27:42:c1:f5:d9:bc:78:e0:66:1b:
         54:d4:bd:6e
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEQ1JTmDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MjE3YjQ3MmM4NDFjMWQ2ODU1MGEyNGYxOTM2ZDI5Y2M2YzI4ZjZhMB4XDTIyMDEw
MTA4MDAyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGYzYTBhM2JiNjRl
MTNkOGExMDJlY2U0NjBjNTZiNGQzMGFlMzE3NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKP9kjaQIbaXSK3qTspaZl67FNgX9gXUxa+CIYHPyPhdiU5/
YB5snrDulWKDk+TrLycmTtJ5sH4PMJARI/uRXW3h3rPORhx1xBK60NOe0CW35lAF
5crwGAGR369/P6YRmlqmbT+FY94OVwEQBTz+I5Pp5CzKavINVYOF8s9sI4JMzQ4d
9HJ2SzwJEzTa6ft502Lectbzqv8UaNYrXnIy+bEiqwlA57nScS3qC9tSjBT/jNpP
KtmybH2K/iMJyi53OnoN383yLbNxtIVl4K1ay1P2f8M1V/0uNXQ8bLz+RohxxYo2
tlZ9c0Jb1jH34bkyP76r8PLab7dvwaxbOA5iaSkCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBRPOgo7tk4T2KEC7ORgxWtNMK4xdTAfBgNVHSMEGDAWgBTSF7RyyEHB1oVQ
ok8ZNtKcxsKPajAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBoZTBjc2hCd2RhRlVLSlBHVGJTbk1iQ2oyby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTAvMjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8x
L1R6b0tPN1pPRTlpaEF1emtZTVZyVFRDdU1YVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAv
MjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8xLzBoZTBjc2hCd2Rh
RlVLSlBHVGJTbk1iQ2oyby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAIwPDASAwcBKgMPh8qqAwcBKgMPh8qsMBID
BwAqAw+H2qEDBwAqAw+H2qQwEgMHASoDD4faqgMHASoDD4farDANBgkqhkiG9w0B
AQsFAAOCAQEAMYLuv8s+fQnE6D5F6aehAilDeIL+fdkN5EXNIexARSMKsoMQzuRT
oXkYkviukSZsO35PMXS21Q3DruElGFtaxE00q8Xn0Bex2vUgvU2ACMkeYXRDoer6
wbXQdszeME+JVopIx/AWK0361/Yak+xRgWg2Fdn92Y6UwI/rVO5LU3EFXKEvxmJT
xIBsZ2azBCMa2uTi//yLwJzqaH9iIYpQiYcwpRkDAhe9PGSwRKLxRlVaoTXLWN/Y
uU5cvtDLmsPcynkCd25DHCfgganKz4t2WhAwSwxHGS8nJ1pOB3XWJkU2N+9tlpRx
OKUytywysCTlAg8nQsH12bx44GYbVNS9bg==
-----END CERTIFICATE-----