Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/6de7a0-4073-4272-bf44-07a1d65548ba/1/Mh5AxRA8C2km5VZQ-dFIFuePF8E.roa
File:                     Mh5AxRA8C2km5VZQ-dFIFuePF8E.roa (raw, json)
Hash identifier:          OKAlQccLbDqLt15wIniR4saE3U40flluaJHJb/9oalc=
Subject key identifier:   32:1E:40:C5:10:3C:0B:69:26:E5:56:50:F9:D1:48:16:E7:8F:17:C1
Certificate issuer:       /CN=74aebc154a56c83025cbd8641a9ac315cb551c06
Certificate serial:       08D2A5A4
Authority key identifier: 74:AE:BC:15:4A:56:C8:30:25:CB:D8:64:1A:9A:C3:15:CB:55:1C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dK68FUpWyDAly9hkGprDFctVHAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/6de7a0-4073-4272-bf44-07a1d65548ba/1/Mh5AxRA8C2km5VZQ-dFIFuePF8E.roa
Signing time:             Fri 13 May 2022 14:45:42 +0000
ROA not before:           Fri 13 May 2022 14:45:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9009
IP address blocks:        45.15.21.0/24 maxlen: 24
                          194.53.136.0/24 maxlen: 24
                          194.53.137.0/24 maxlen: 24
                          194.53.138.0/24 maxlen: 24
                          194.53.139.0/24 maxlen: 24
                          2a0e:1d80:12::/48 maxlen: 48
                          2a0e:1d80:10::/48 maxlen: 48
                          2a0e:1d80:6::/48 maxlen: 48
                          2a0e:1d80:11::/48 maxlen: 48
                          2a0e:1d80:14::/48 maxlen: 48
                          2a0e:1d80:15::/48 maxlen: 48
                          2a0e:1d80:8::/48 maxlen: 48
                          2a0e:1d80:13::/48 maxlen: 48
                          2a0e:1d80:9::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 148022692 (0x8d2a5a4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74aebc154a56c83025cbd8641a9ac315cb551c06
        Validity
            Not Before: May 13 14:45:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=321e40c5103c0b6926e55650f9d14816e78f17c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8c:b6:62:2f:c3:07:94:a1:7c:d0:70:c3:77:
                    c0:a3:78:7a:c7:de:45:bc:9d:3e:65:f4:73:73:4d:
                    26:de:4d:4b:de:ed:51:aa:5a:42:27:b6:4e:1b:26:
                    3b:e5:72:eb:4d:36:22:82:75:33:d1:c4:67:36:c9:
                    1a:ab:be:a9:69:1c:0a:9b:87:1a:3a:cc:6f:bc:d0:
                    3b:d2:62:56:75:d3:fd:fd:34:5f:d7:b1:a1:12:8e:
                    96:7f:66:24:6b:5d:4c:4c:0d:3b:ea:27:cf:5f:05:
                    75:28:2e:c5:47:0a:b5:3b:f4:a0:af:b1:89:01:02:
                    57:85:94:2f:39:9d:c5:93:19:e8:60:30:d8:8d:dd:
                    82:e8:07:16:d9:2f:38:7e:d8:d4:f2:59:85:3a:ca:
                    47:6a:a2:5b:68:a8:8e:1c:ff:3e:ed:55:e3:36:b1:
                    95:01:fd:fc:4c:8b:17:36:0f:64:44:d0:d0:8e:6b:
                    b6:6c:74:91:65:d7:97:a6:f4:30:f0:ab:c0:6a:64:
                    f1:97:34:f0:ca:e2:89:37:62:3f:51:e3:89:8f:f4:
                    cd:40:0b:f7:7a:7e:4a:a3:9f:d1:00:54:09:36:fc:
                    a6:ab:b2:a9:c4:ed:a2:50:45:8d:83:f4:fd:17:9c:
                    00:9b:04:83:c8:46:41:e0:3d:bc:fa:dc:d4:e1:5c:
                    77:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1E:40:C5:10:3C:0B:69:26:E5:56:50:F9:D1:48:16:E7:8F:17:C1
            X509v3 Authority Key Identifier:
                keyid:74:AE:BC:15:4A:56:C8:30:25:CB:D8:64:1A:9A:C3:15:CB:55:1C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dK68FUpWyDAly9hkGprDFctVHAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/6de7a0-4073-4272-bf44-07a1d65548ba/1/Mh5AxRA8C2km5VZQ-dFIFuePF8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/6de7a0-4073-4272-bf44-07a1d65548ba/1/dK68FUpWyDAly9hkGprDFctVHAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.21.0/24
                  194.53.136.0/22
                IPv6:
                  2a0e:1d80:6::/48
                  2a0e:1d80:8::/47
                  2a0e:1d80:10::-2a0e:1d80:15:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         c4:54:74:49:82:4f:63:85:ed:7c:8c:c4:f5:a5:73:8e:8c:3f:
         65:0d:c9:82:23:d4:74:5e:0d:10:77:e4:77:0b:21:52:af:cf:
         68:18:5a:47:08:17:39:a8:77:33:8d:51:df:2f:19:f0:db:dc:
         7f:06:0d:77:8a:c4:22:46:f5:6d:c2:f8:9a:be:4a:e3:dd:29:
         33:9a:e0:60:bd:0a:99:26:20:f0:c2:b8:0f:86:1a:5b:50:fc:
         68:7b:c2:52:53:5a:4b:62:fe:c6:fe:39:1a:c7:1a:aa:87:2b:
         c9:c2:bc:4d:e9:5d:74:f0:1b:7e:ee:21:f4:b2:a9:97:13:d8:
         0b:f5:41:5a:1d:be:a9:c3:c5:de:14:09:0f:d1:05:fe:c2:ed:
         5c:d5:e9:09:59:76:23:9d:56:02:d7:38:60:d2:50:46:d1:3c:
         36:ca:71:6a:bc:38:a8:cd:61:f2:41:1b:5a:92:d6:34:4a:b9:
         85:3d:df:b1:c6:15:15:49:33:36:af:47:b2:fd:f8:5d:12:ec:
         74:99:46:83:9a:62:28:a2:88:52:5e:15:2a:02:e3:ff:20:2c:
         fb:a1:34:44:3d:cc:63:dd:4f:3a:f5:2e:c1:69:4c:13:8d:49:
         63:eb:73:b9:ee:c1:56:75:52:0c:7b:de:59:4f:ba:d3:0f:f5:
         e2:f4:39:87
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIECNKlpDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
NGFlYmMxNTRhNTZjODMwMjVjYmQ4NjQxYTlhYzMxNWNiNTUxYzA2MB4XDTIyMDUx
MzE0NDU0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzIxZTQwYzUxMDNj
MGI2OTI2ZTU1NjUwZjlkMTQ4MTZlNzhmMTdjMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ6MtmIvwweUoXzQcMN3wKN4esfeRbydPmX0c3NNJt5NS97t
UapaQie2ThsmO+Vy6002IoJ1M9HEZzbJGqu+qWkcCpuHGjrMb7zQO9JiVnXT/f00
X9exoRKOln9mJGtdTEwNO+onz18FdSguxUcKtTv0oK+xiQECV4WULzmdxZMZ6GAw
2I3dgugHFtkvOH7Y1PJZhTrKR2qiW2iojhz/Pu1V4zaxlQH9/EyLFzYPZETQ0I5r
tmx0kWXXl6b0MPCrwGpk8Zc08MriiTdiP1HjiY/0zUAL93p+SqOf0QBUCTb8pquy
qcTtolBFjYP0/RecAJsEg8hGQeA9vPrc1OFcd0UCAwEAAaOCAj0wggI5MB0GA1Ud
DgQWBBQyHkDFEDwLaSblVlD50UgW548XwTAfBgNVHSMEGDAWgBR0rrwVSlbIMCXL
2GQamsMVy1UcBjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2RLNjhGVXBXeURBbHk5aGtHcHJERmN0VkhBWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTMvNmRlN2EwLTQwNzMtNDI3Mi1iZjQ0LTA3YTFkNjU1NDhiYS8x
L01oNUF4UkE4QzJrbTVWWlEtZEZJRnVlUEY4RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMv
NmRlN2EwLTQwNzMtNDI3Mi1iZjQ0LTA3YTFkNjU1NDhiYS8xL2RLNjhGVXBXeURB
bHk5aGtHcHJERmN0VkhBWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBT
BggrBgEFBQcBBwEB/wREMEIwEgQCAAEwDAMEAC0PFQMEAsI1iDAsBAIAAjAmAwcA
Kg4dgAAGAwcBKg4dgAAIMBIDBwQqDh2AABADBwEqDh2AABQwDQYJKoZIhvcNAQEL
BQADggEBAMRUdEmCT2OF7XyMxPWlc46MP2UNyYIj1HReDRB35HcLIVKvz2gYWkcI
FzmodzONUd8vGfDb3H8GDXeKxCJG9W3C+Jq+SuPdKTOa4GC9CpkmIPDCuA+GGltQ
/Gh7wlJTWkti/sb+ORrHGqqHK8nCvE3pXXTwG37uIfSyqZcT2Av1QVodvqnDxd4U
CQ/RBf7C7VzV6QlZdiOdVgLXOGDSUEbRPDbKcWq8OKjNYfJBG1qS1jRKuYU937HG
FRVJMzavR7L9+F0S7HSZRoOaYiiiiFJeFSoC4/8gLPuhNEQ9zGPdTzr1LsFpTBON
SWPrc7nuwVZ1Ugx73llPutMP9eL0OYc=
-----END CERTIFICATE-----