Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/rOihJdjL8bKtqfWaOc32dCmk_jc.roa
File:                     rOihJdjL8bKtqfWaOc32dCmk_jc.roa (raw, json)
Hash identifier:          lRtDnS1CYHjS/w6ldYpisFl/Mir/oMga6DT7GPO7ZZ4=
Subject key identifier:   AC:E8:A1:25:D8:CB:F1:B2:AD:A9:F5:9A:39:CD:F6:74:29:A4:FE:37
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0184754BAB62078F6616EDDF6143D04D4B03
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/rOihJdjL8bKtqfWaOc32dCmk_jc.roa
Signing time:             Mon 14 Nov 2022 08:40:04 +0000
ROA not before:           Mon 14 Nov 2022 08:40:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     396356
IP address blocks:        163.5.70.0/24 maxlen: 24
                          163.5.74.0/24 maxlen: 24
                          163.5.76.0/24 maxlen: 24
                          163.5.72.0/24 maxlen: 24
                          163.5.78.0/24 maxlen: 24
                          163.5.75.0/24 maxlen: 24
                          163.5.77.0/24 maxlen: 24
                          163.5.98.0/24 maxlen: 24
                          163.5.96.0/24 maxlen: 24
                          163.5.92.0/24 maxlen: 24
                          163.5.93.0/24 maxlen: 24
                          163.5.243.0/24 maxlen: 24
                          163.5.245.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:75:4b:ab:62:07:8f:66:16:ed:df:61:43:d0:4d:4b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Nov 14 08:40:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ace8a125d8cbf1b2ada9f59a39cdf67429a4fe37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d3:84:ec:f7:b4:ea:e4:be:98:76:3b:84:a5:
                    e4:e9:c9:e2:b8:b8:c8:a0:e4:92:08:51:23:fb:cd:
                    e2:66:82:06:b0:e1:db:45:d7:ca:53:2a:01:45:d0:
                    cc:dd:dd:7f:41:55:5a:5b:58:f7:51:98:88:96:d3:
                    a3:9c:c4:47:6d:cb:dc:d4:c0:5f:52:22:a2:c6:c9:
                    55:cb:4a:ab:6a:ad:17:b8:37:56:c4:92:3e:b8:72:
                    8d:ea:b1:09:42:6a:89:5c:f8:e9:ab:18:a1:d8:dd:
                    52:38:5c:b7:16:6a:e9:9e:e6:79:75:ee:45:a4:98:
                    7e:30:4d:89:21:b0:2d:f5:d9:3b:1a:70:4a:69:48:
                    bb:13:45:2d:ea:64:0c:dd:d1:41:0f:89:80:0d:d8:
                    ea:5f:13:33:a7:3c:cd:ed:dd:10:27:9e:60:7a:48:
                    21:da:76:a7:e9:03:7b:57:bf:72:b9:b7:64:70:6b:
                    91:cf:bd:28:6f:85:15:7b:57:bb:5d:ec:19:b0:a4:
                    2e:c9:37:f7:02:49:af:9e:0c:ec:a5:d3:bc:ad:9c:
                    c3:7d:37:0f:25:fc:9a:b0:f1:29:f8:86:bc:a0:e3:
                    34:93:1c:db:f3:18:78:82:5f:ae:b9:3b:4a:d6:b0:
                    9b:ba:ba:8e:cb:33:56:ef:1c:b3:20:56:cb:29:bc:
                    b2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:E8:A1:25:D8:CB:F1:B2:AD:A9:F5:9A:39:CD:F6:74:29:A4:FE:37
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/rOihJdjL8bKtqfWaOc32dCmk_jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.70.0/24
                  163.5.72.0/24
                  163.5.74.0-163.5.78.255
                  163.5.92.0/23
                  163.5.96.0/24
                  163.5.98.0/24
                  163.5.243.0/24
                  163.5.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:33:c1:bc:54:6c:8e:c9:3d:ad:89:b4:4e:f6:b6:8a:47:61:
         da:74:47:7e:9c:46:44:e1:61:1d:ec:10:5d:a6:1e:29:8b:3a:
         7b:c6:8b:3e:ff:63:62:d8:dc:6a:c0:e7:b9:66:e1:ce:59:26:
         de:18:cb:90:0f:51:22:31:28:a3:c5:36:6f:56:01:ed:36:58:
         74:7f:99:4e:44:f1:3f:a0:43:c6:5a:b0:11:bb:cd:45:74:7f:
         44:38:a8:23:c4:9d:63:f2:21:ea:f0:a5:60:cb:b7:2a:d1:64:
         b6:40:24:36:9e:24:48:6f:c8:72:a4:09:a4:e4:1d:5b:43:57:
         0a:ec:90:c2:9e:f0:66:e5:e8:78:1e:9d:be:35:74:ab:43:d4:
         6a:4b:75:fb:20:f1:46:c6:df:84:96:ba:b7:f4:78:02:8d:34:
         1b:3d:9a:0f:bc:ef:17:44:fb:77:5f:c3:14:0a:fe:c1:3e:bf:
         7c:e5:af:5f:32:f6:6c:c6:81:a5:10:10:c4:2c:99:4a:92:f4:
         06:bf:c6:6f:dc:5e:f2:f5:91:5b:81:a4:a1:0a:9c:9b:f0:44:
         72:e2:68:a2:a3:45:d7:e5:49:0e:e9:30:8c:65:ae:68:ec:98:
         a1:37:c1:69:0d:53:14:89:ce:d3:2b:26:8b:91:3c:fd:f3:7f:
         f3:04:5b:ca
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYR1S6tiB49mFu3fYUPQTUsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMTE0MDg0MDA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2U4YTEyNWQ4Y2JmMWIyYWRhOWY1OWEzOWNkZjY3NDI5YTRmZTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9OE7Pe06uS+mHY7hKXk6cniuLjI
oOSSCFEj+83iZoIGsOHbRdfKUyoBRdDM3d1/QVVaW1j3UZiIltOjnMRHbcvc1MBf
UiKixslVy0qraq0XuDdWxJI+uHKN6rEJQmqJXPjpqxih2N1SOFy3FmrpnuZ5de5F
pJh+ME2JIbAt9dk7GnBKaUi7E0Ut6mQM3dFBD4mADdjqXxMzpzzN7d0QJ55gekgh
2nan6QN7V79yubdkcGuRz70ob4UVe1e7XewZsKQuyTf3AkmvngzspdO8rZzDfTcP
JfyasPEp+Ia8oOM0kxzb8xh4gl+uuTtK1rCburqOyzNW7xyzIFbLKbyyoQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKzooSXYy/Gyran1mjnN9nQppP43MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvck9paEpkakw4Ykt0cWZXYU9jMzJkQ21rX2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAowVGAwQA
owVIMAwDBAGjBUoDBACjBU4DBAGjBVwDBACjBWADBACjBWIDBACjBfMDBACjBfUw
DQYJKoZIhvcNAQELBQADggEBAKkzwbxUbI7JPa2JtE72topHYdp0R36cRkThYR3s
EF2mHimLOnvGiz7/Y2LY3GrA57lm4c5ZJt4Yy5APUSIxKKPFNm9WAe02WHR/mU5E
8T+gQ8ZasBG7zUV0f0Q4qCPEnWPyIerwpWDLtyrRZLZAJDaeJEhvyHKkCaTkHVtD
VwrskMKe8Gbl6Hgenb41dKtD1GpLdfsg8UbG34SWurf0eAKNNBs9mg+87xdE+3df
wxQK/sE+v3zlr18y9mzGgaUQEMQsmUqS9Aa/xm/cXvL1kVuBpKEKnJvwRHLiaKKj
RdflSQ7pMIxlrmjsmKE3wWkNUxSJztMrJouRPP3zf/MEW8o=
-----END CERTIFICATE-----