Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ZcFV8xPrD25QyncJUH7KI23zm24.roa
File:                     ZcFV8xPrD25QyncJUH7KI23zm24.roa (raw, json)
Hash identifier:          sWiphcb4wbYTKvOxMfZAWiG8f+kqCTXqyuKKFd/goCU=
Subject key identifier:   65:C1:55:F3:13:EB:0F:6E:50:CA:77:09:50:7E:CA:23:6D:F3:9B:6E
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0183C7FCCC26794E6920237940EB345344BF
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ZcFV8xPrD25QyncJUH7KI23zm24.roa
Signing time:             Tue 11 Oct 2022 16:59:36 +0000
ROA not before:           Tue 11 Oct 2022 16:59:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        163.5.71.0/24 maxlen: 24
                          163.5.111.0/24 maxlen: 24
                          163.5.110.0/24 maxlen: 24
                          163.5.232.0/24 maxlen: 24
                          163.5.231.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.126.0/24 maxlen: 24
                          163.5.234.0/24 maxlen: 24
                          163.5.253.0/24 maxlen: 24
                          163.5.250.0/24 maxlen: 24
                          163.5.165.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c7:fc:cc:26:79:4e:69:20:23:79:40:eb:34:53:44:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Oct 11 16:59:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=65c155f313eb0f6e50ca7709507eca236df39b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:21:7b:2f:77:75:d8:f0:1d:74:49:ca:fc:1d:
                    3f:37:e8:e4:ce:0e:b4:9a:18:94:57:ae:d4:62:b9:
                    15:f6:72:d9:21:b6:bc:a1:33:1b:78:80:eb:e4:b8:
                    58:5a:3e:fc:7b:f7:16:4b:67:8f:fe:00:74:d1:46:
                    f8:9d:6d:f0:f1:0e:6d:ac:fc:b7:9e:b3:aa:9e:db:
                    30:bb:5f:c2:ab:35:c6:05:95:22:87:ca:77:b2:a0:
                    09:9c:9b:8b:d2:46:00:e0:a5:bb:82:da:26:1b:0a:
                    20:ee:c9:8d:f6:39:76:c8:a4:6b:ac:71:91:e1:d2:
                    13:8e:05:5f:f5:35:9d:85:3b:c4:e0:c7:3a:0c:34:
                    25:2f:7a:b4:ae:f5:30:3e:d9:95:a7:24:78:a3:14:
                    bb:f4:db:29:b2:64:68:9a:79:d3:d7:d0:97:cd:00:
                    cb:04:94:96:0c:07:35:c4:78:9d:8d:b6:ba:d9:60:
                    6c:2e:ab:d5:13:2c:76:23:3c:4c:45:0e:bd:be:0b:
                    5a:92:ad:36:b6:a3:16:5c:e7:0f:14:fd:9a:e4:51:
                    93:de:25:7c:a1:4a:96:38:d8:04:f7:9e:82:9d:3b:
                    7e:b5:3e:06:99:2a:2f:78:84:b5:43:5d:54:f2:70:
                    10:ad:81:92:aa:77:94:17:12:50:24:3f:12:90:31:
                    49:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C1:55:F3:13:EB:0F:6E:50:CA:77:09:50:7E:CA:23:6D:F3:9B:6E
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/ZcFV8xPrD25QyncJUH7KI23zm24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.71.0/24
                  163.5.110.0/23
                  163.5.126.0/24
                  163.5.128.0/24
                  163.5.165.0/24
                  163.5.231.0-163.5.232.255
                  163.5.234.0/24
                  163.5.250.0/24
                  163.5.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:29:61:bd:cf:ff:78:dd:4b:c9:19:11:0c:2c:f4:61:80:d2:
         af:56:64:39:b4:6f:c9:c2:cd:df:b5:73:a0:2c:54:0a:8b:0f:
         bf:76:3d:2a:4b:e8:0a:b3:6b:30:82:99:bf:1e:d0:d1:71:bb:
         9c:d3:c9:9f:83:0e:d3:06:d2:a7:48:9c:f0:cc:92:d9:d9:f2:
         20:84:91:f4:df:52:00:d2:e7:5a:a4:36:03:2a:ac:ba:e8:3f:
         ef:f6:08:51:a4:9d:37:6e:37:f9:02:9d:d5:a6:fb:0f:f9:e0:
         c9:0d:99:a0:e3:19:b9:9d:da:b6:26:e9:c8:91:9a:83:b0:2d:
         26:74:97:94:20:3b:c5:48:e7:11:46:94:5c:43:6f:97:17:9b:
         26:16:88:40:b9:2b:0a:ea:99:af:26:20:df:47:c7:0e:d6:cc:
         26:37:6e:7e:59:a3:4c:b6:61:71:11:4e:6b:07:40:30:df:b1:
         15:05:01:b4:14:0b:51:22:a4:91:08:66:04:66:90:79:a5:43:
         b0:2a:c1:f6:4c:1a:78:e0:6a:2c:aa:ae:f5:38:c6:4b:75:4e:
         ee:df:5f:2f:1b:29:50:92:87:c0:cf:5b:6e:7c:d4:4b:a5:23:
         b3:bc:08:17:d4:0c:a6:10:99:07:e6:37:8c:c8:10:2f:3a:a5:
         fa:88:74:0d
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYPH/MwmeU5pICN5QOs0U0S/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMDExMTY1OTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWMxNTVmMzEzZWIwZjZlNTBjYTc3MDk1MDdlY2EyMzZkZjM5YjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyF7L3d12PAddEnK/B0/N+jkzg60
mhiUV67UYrkV9nLZIba8oTMbeIDr5LhYWj78e/cWS2eP/gB00Ub4nW3w8Q5trPy3
nrOqntswu1/CqzXGBZUih8p3sqAJnJuL0kYA4KW7gtomGwog7smN9jl2yKRrrHGR
4dITjgVf9TWdhTvE4Mc6DDQlL3q0rvUwPtmVpyR4oxS79NspsmRomnnT19CXzQDL
BJSWDAc1xHidjba62WBsLqvVEyx2IzxMRQ69vgtakq02tqMWXOcPFP2a5FGT3iV8
oUqWONgE956CnTt+tT4GmSoveIS1Q11U8nAQrYGSqneUFxJQJD8SkDFJFQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGXBVfMT6w9uUMp3CVB+yiNt85tuMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWmNGVjh4UHJEMjVReW5jSlVIN0tJMjN6bTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAowVHAwQB
owVuAwQAowV+AwQAowWAAwQAowWlMAwDBACjBecDBACjBegDBACjBeoDBACjBfoD
BACjBf0wDQYJKoZIhvcNAQELBQADggEBABspYb3P/3jdS8kZEQws9GGA0q9WZDm0
b8nCzd+1c6AsVAqLD792PSpL6AqzazCCmb8e0NFxu5zTyZ+DDtMG0qdInPDMktnZ
8iCEkfTfUgDS51qkNgMqrLroP+/2CFGknTduN/kCndWm+w/54MkNmaDjGbmd2rYm
6ciRmoOwLSZ0l5QgO8VI5xFGlFxDb5cXmyYWiEC5Kwrqma8mIN9Hxw7WzCY3bn5Z
o0y2YXERTmsHQDDfsRUFAbQUC1EipJEIZgRmkHmlQ7AqwfZMGnjgaiyqrvU4xkt1
Tu7fXy8bKVCSh8DPW2581EulI7O8CBfUDKYQmQfmN4zIEC86pfqIdA0=
-----END CERTIFICATE-----