Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/LwqFdCjSNC2P-v9yb1YejLidhB8.roa
File:                     LwqFdCjSNC2P-v9yb1YejLidhB8.roa (raw, json)
Hash identifier:          mGKWiN0t8j6KBdhjLi506OFgP15sKGWNJEYZZOncdPk=
Subject key identifier:   2F:0A:85:74:28:D2:34:2D:8F:FA:FF:72:6F:56:1E:8C:B8:9D:84:1F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       016D7899
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/LwqFdCjSNC2P-v9yb1YejLidhB8.roa
Signing time:             Sun 03 Jul 2022 11:22:25 +0000
ROA not before:           Sun 03 Jul 2022 11:22:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        163.5.125.0/24 maxlen: 24
                          163.5.130.0/24 maxlen: 24
                          163.5.131.0/24 maxlen: 24
                          163.5.132.0/24 maxlen: 24
                          163.5.127.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.129.0/24 maxlen: 24
                          163.5.133.0/24 maxlen: 24
                          163.5.137.0/24 maxlen: 24
                          163.5.138.0/24 maxlen: 24
                          163.5.139.0/24 maxlen: 24
                          163.5.134.0/24 maxlen: 24
                          163.5.135.0/24 maxlen: 24
                          163.5.136.0/24 maxlen: 24
                          163.5.140.0/24 maxlen: 24
                          163.5.144.0/24 maxlen: 24
                          163.5.145.0/24 maxlen: 24
                          163.5.141.0/24 maxlen: 24
                          163.5.142.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          185.253.54.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 23951513 (0x16d7899)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul  3 11:22:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2f0a857428d2342d8ffaff726f561e8cb89d841f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8b:70:d1:85:90:ba:48:44:23:3d:da:8c:11:
                    44:e3:a9:74:51:5c:34:a0:3c:09:a5:ff:3d:10:00:
                    48:a0:60:85:15:f2:17:86:a2:83:47:93:03:81:5c:
                    7b:90:c5:e1:7d:f0:8b:45:c2:8e:42:53:47:dc:ee:
                    ee:ae:2a:88:6b:8b:20:77:62:b7:11:1c:a1:81:76:
                    d1:8f:be:51:14:e7:2c:aa:50:68:32:e3:8d:9a:87:
                    19:f5:f8:96:6d:09:72:1c:3f:1b:32:b9:bb:e9:e0:
                    62:a0:9e:a5:98:be:e5:de:2c:1b:62:f7:6d:8c:ab:
                    72:a1:02:78:64:80:bb:bc:2f:fd:cc:5f:96:1c:d0:
                    19:4d:b8:79:a5:1c:d9:9d:8f:7c:e6:56:7e:c2:8b:
                    67:79:2f:77:ef:49:25:0f:f4:c2:34:be:36:a1:84:
                    9c:26:9b:8e:ce:30:9b:3c:07:4f:91:7c:30:af:6b:
                    c7:b4:3b:c1:82:4d:06:40:1b:b8:cf:7a:05:3d:74:
                    c8:b9:92:e6:7d:b1:4d:6c:1a:db:72:76:9e:09:73:
                    88:33:62:61:7b:7b:1f:ec:94:8e:f4:d1:e4:b3:84:
                    20:ec:9d:a2:94:7f:ca:c2:e3:b6:6f:a5:2e:10:38:
                    ab:25:15:26:df:d1:c6:f8:62:ef:16:3a:7d:1a:86:
                    0a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:0A:85:74:28:D2:34:2D:8F:FA:FF:72:6F:56:1E:8C:B8:9D:84:1F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/LwqFdCjSNC2P-v9yb1YejLidhB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.125.0/24
                  163.5.127.0-163.5.145.255
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:61:32:42:0a:cf:a5:af:d3:e6:24:31:98:22:c0:0f:f7:99:
         cd:31:d4:03:b8:9c:9f:17:e0:2d:9e:f3:64:7f:bd:05:9d:91:
         de:53:c9:42:ec:b2:d0:73:a3:44:35:37:76:17:06:a9:fc:7b:
         68:78:4b:9c:a2:0f:4a:19:52:9c:bb:52:c3:d8:09:e4:af:08:
         b4:97:78:51:3b:44:c2:53:f5:4e:a2:a7:ef:9b:69:19:5b:a1:
         f2:ae:26:b3:d5:b5:b2:a2:02:5d:f2:b6:8c:cf:d6:6b:db:8a:
         14:84:9d:4c:32:43:4a:42:d3:4d:c2:c2:a7:dd:b3:7b:5f:43:
         d6:0c:f6:a9:47:1c:a3:69:6a:c1:73:7c:68:bb:37:fe:87:c2:
         fd:e4:62:16:73:27:a9:14:c1:78:95:a5:84:ca:71:39:be:67:
         68:84:c0:af:b8:82:a0:db:73:ea:fe:9c:d9:97:cb:3b:a3:04:
         5a:cb:97:81:02:31:af:a6:17:3a:4f:05:73:33:1b:72:26:6d:
         6f:ef:63:cd:08:02:27:d7:ad:4f:c7:0f:e9:e5:34:27:5c:2b:
         e5:d9:95:c7:dc:da:14:b9:04:ed:27:b0:3b:9b:b0:1e:77:69:
         7e:d7:94:d5:ec:5e:02:16:d1:ce:bd:c2:29:c9:c8:38:bf:cf:
         26:54:cc:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIEAW14mTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
Y2U4NTFiNmRkNWQzNjRlZTE5ZTBiMzgyMDFiM2U4ZGYyNjI0YmNiMB4XDTIyMDcw
MzExMjIyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmYwYTg1NzQyOGQy
MzQyZDhmZmFmZjcyNmY1NjFlOGNiODlkODQxZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIaLcNGFkLpIRCM92owRROOpdFFcNKA8CaX/PRAASKBghRXy
F4aig0eTA4Fce5DF4X3wi0XCjkJTR9zu7q4qiGuLIHditxEcoYF20Y++URTnLKpQ
aDLjjZqHGfX4lm0Jchw/GzK5u+ngYqCepZi+5d4sG2L3bYyrcqECeGSAu7wv/cxf
lhzQGU24eaUc2Z2PfOZWfsKLZ3kvd+9JJQ/0wjS+NqGEnCabjs4wmzwHT5F8MK9r
x7Q7wYJNBkAbuM96BT10yLmS5n2xTWwa23J2nglziDNiYXt7H+yUjvTR5LOEIOyd
opR/ysLjtm+lLhA4qyUVJt/Rxvhi7xY6fRqGClkCAwEAAaOCAh0wggIZMB0GA1Ud
DgQWBBQvCoV0KNI0LY/6/3JvVh6MuJ2EHzAfBgNVHSMEGDAWgBQM6FG23V02TuGe
CzggGz6N8mJLyzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RPaFJ0dDFkTms3aG5nczRJQnMtamZKaVM4cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTMvZDAyZGZiLTk2NzMtNDlhOC05NzFjLTlmZTk0MTA4ZmYwMS8x
L0x3cUZkQ2pTTkMyUC12OXliMVllakxpZGhCOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTMv
ZDAyZGZiLTk2NzMtNDlhOC05NzFjLTlmZTk0MTA4ZmYwMS8xL0RPaFJ0dDFkTms3
aG5nczRJQnMtamZKaVM4cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAz
BggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGgMEAKMFfTAMAwQAowV/AwQBowWQAwQA
uf02MA0GCSqGSIb3DQEBCwUAA4IBAQCNYTJCCs+lr9PmJDGYIsAP95nNMdQDuJyf
F+AtnvNkf70FnZHeU8lC7LLQc6NENTd2Fwap/HtoeEucog9KGVKcu1LD2Ankrwi0
l3hRO0TCU/VOoqfvm2kZW6Hyriaz1bWyogJd8raMz9Zr24oUhJ1MMkNKQtNNwsKn
3bN7X0PWDPapRxyjaWrBc3xouzf+h8L95GIWcyepFMF4laWEynE5vmdohMCvuIKg
23Pq/pzZl8s7owRay5eBAjGvphc6TwVzMxtyJm1v72PNCAIn161Pxw/p5TQnXCvl
2ZXH3NoUuQTtJ7A7m7Aed2l+15TV7F4CFtHOvcIpycg4v88mVMzq
-----END CERTIFICATE-----