Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/EFCIBiIfI64-_0CwWMrSo04RHPo.roa
File:                     EFCIBiIfI64-_0CwWMrSo04RHPo.roa (raw, json)
Hash identifier:          uwH/zf8GNM2evcfOOQQ8sfkNSjJk3HkPgA0u/3mUZLQ=
Subject key identifier:   10:50:88:06:22:1F:23:AE:3E:FF:40:B0:58:CA:D2:A3:4E:11:1C:FA
Certificate issuer:       /CN=2236b2b8afa6036d2c8e8317736faaa72d80c4f2
Certificate serial:       018220E7DF82BFF25BC68724816B7C558D8B
Authority key identifier: 22:36:B2:B8:AF:A6:03:6D:2C:8E:83:17:73:6F:AA:A7:2D:80:C4:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IjayuK-mA20sjoMXc2-qpy2AxPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/EFCIBiIfI64-_0CwWMrSo04RHPo.roa
Signing time:             Thu 21 Jul 2022 13:17:23 +0000
ROA not before:           Thu 21 Jul 2022 13:17:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29067
IP address blocks:        193.29.220.0/24 maxlen: 24
                          185.159.140.0/24 maxlen: 24
                          195.47.253.0/24 maxlen: 24
                          109.70.104.0/22 maxlen: 24
                          109.70.111.0/24 maxlen: 24
                          109.70.108.0/24 maxlen: 24
                          109.70.109.0/24 maxlen: 24
                          2001:4130:50f1::/48 maxlen: 48
                          2001:4130::/32 maxlen: 48
                          2001:67c:258::/48 maxlen: 48
                          2001:4130:20::/48 maxlen: 48
                          2001:4130:ce::/48 maxlen: 48
                          2001:4130:cd::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:20:e7:df:82:bf:f2:5b:c6:87:24:81:6b:7c:55:8d:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2236b2b8afa6036d2c8e8317736faaa72d80c4f2
        Validity
            Not Before: Jul 21 13:17:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=10508806221f23ae3eff40b058cad2a34e111cfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:83:ae:3f:f0:2e:36:cc:e7:93:c0:13:e4:d7:
                    f4:7c:ad:16:08:3d:47:90:56:7a:b0:1b:d1:45:dd:
                    03:6f:b4:f2:7c:61:d5:81:8e:5d:39:de:2d:34:e0:
                    f2:77:6f:54:06:50:32:84:d0:ca:3e:69:ca:fd:db:
                    32:2c:17:b1:81:25:6d:19:b0:bc:d5:24:b6:80:16:
                    da:7e:6b:db:1f:47:cf:42:dc:2c:0d:db:52:47:a1:
                    37:36:64:08:0d:f0:92:ab:60:91:db:f4:4c:9a:41:
                    80:41:81:79:7b:50:d7:6f:02:ec:cd:e4:7e:0c:f9:
                    78:94:c3:47:78:73:01:13:6c:45:b4:a2:c3:86:3d:
                    5b:84:8a:8c:51:5e:dc:8d:54:80:06:48:fd:fa:71:
                    d4:db:bf:d2:9c:92:a2:3a:7a:ca:cb:62:ac:de:fa:
                    75:0a:1c:c3:ba:a1:74:8b:8a:87:2d:e5:06:ca:7f:
                    a8:bc:3c:7e:11:ce:18:d9:20:3d:da:05:cb:ae:6a:
                    ed:a7:34:19:35:a8:1b:d2:ae:ed:14:07:e7:8a:76:
                    27:b3:77:03:50:75:c2:ea:a5:51:5f:14:70:03:3a:
                    c5:ce:80:32:64:b7:c6:bb:67:a9:f1:ed:e8:14:5f:
                    6f:44:10:28:c0:3b:a8:c4:a2:55:ae:84:11:69:f3:
                    88:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:50:88:06:22:1F:23:AE:3E:FF:40:B0:58:CA:D2:A3:4E:11:1C:FA
            X509v3 Authority Key Identifier:
                keyid:22:36:B2:B8:AF:A6:03:6D:2C:8E:83:17:73:6F:AA:A7:2D:80:C4:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IjayuK-mA20sjoMXc2-qpy2AxPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/EFCIBiIfI64-_0CwWMrSo04RHPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/IjayuK-mA20sjoMXc2-qpy2AxPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.104.0-109.70.109.255
                  109.70.111.0/24
                  185.159.140.0/24
                  193.29.220.0/24
                  195.47.253.0/24
                IPv6:
                  2001:67c:258::/48
                  2001:4130::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:e6:03:ac:aa:12:84:e7:5a:f5:c0:48:04:6f:9c:69:7d:b8:
         c4:0f:94:ff:7c:7b:69:ca:87:a6:38:9e:42:d2:6a:3a:c4:dd:
         2b:9d:d4:e6:10:28:72:7b:42:ef:7f:02:0d:e3:ad:9e:d5:83:
         a6:d9:1d:11:7c:6e:31:3d:e0:42:e5:53:cc:08:ff:e2:4b:9d:
         cd:b4:94:ff:28:ec:ad:59:7b:4a:66:3d:b8:a3:26:1e:c6:85:
         e0:3b:46:a9:7b:30:b6:37:48:ed:bc:36:43:75:1a:da:15:74:
         57:21:23:76:ac:84:84:c3:be:64:f9:b6:b6:45:5f:7a:16:5d:
         dd:9b:18:41:3e:c6:ac:ae:2c:83:e4:b9:c6:82:9e:1d:ae:f6:
         c2:e1:aa:51:a4:3d:c9:66:bf:6b:03:27:40:67:d0:b4:94:79:
         23:94:02:c6:2f:d1:4c:ce:f9:c2:35:be:a3:04:4f:a4:54:2b:
         ca:ec:6e:81:7e:5e:3f:be:09:ee:6e:7f:f6:a9:0b:32:53:67:
         b6:fd:5f:3c:07:e3:ab:02:fa:a7:d1:7a:d0:5b:d2:0e:4b:a4:
         4d:9d:29:d6:c4:a9:76:91:28:aa:4b:6a:5c:90:ac:d3:45:b7:
         dc:a2:cf:1f:ec:d9:c5:c0:c7:85:fc:fa:7f:be:2c:26:a5:db:
         06:e2:a6:0f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYIg59+Cv/JbxockgWt8VY2LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzZiMmI4YWZhNjAzNmQyYzhlODMxNzczNmZhYWE3MmQ4
MGM0ZjIwHhcNMjIwNzIxMTMxNzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDUwODgwNjIyMWYyM2FlM2VmZjQwYjA1OGNhZDJhMzRlMTExY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYOuP/AuNsznk8AT5Nf0fK0WCD1H
kFZ6sBvRRd0Db7TyfGHVgY5dOd4tNODyd29UBlAyhNDKPmnK/dsyLBexgSVtGbC8
1SS2gBbafmvbH0fPQtwsDdtSR6E3NmQIDfCSq2CR2/RMmkGAQYF5e1DXbwLszeR+
DPl4lMNHeHMBE2xFtKLDhj1bhIqMUV7cjVSABkj9+nHU27/SnJKiOnrKy2Ks3vp1
ChzDuqF0i4qHLeUGyn+ovDx+Ec4Y2SA92gXLrmrtpzQZNagb0q7tFAfninYns3cD
UHXC6qVRXxRwAzrFzoAyZLfGu2ep8e3oFF9vRBAowDuoxKJVroQRafOIOQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFBBQiAYiHyOuPv9AsFjK0qNOERz6MB8GA1UdIwQY
MBaAFCI2srivpgNtLI6DF3NvqqctgMTyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpheXVLLW1BMjBzam9NWGMyLXFweTJBeFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82Zjg5NWItNzk3Ny00NDVkLWI3MmMt
OGI1ZWY0MWQ4YzI1LzEvRUZDSUJpSWZJNjQtXzBDd1dNclNvMDRSSFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82Zjg5NWItNzk3Ny00NDVkLWI3MmMtOGI1ZWY0MWQ4YzI1
LzEvSWpheXVLLW1BMjBzam9NWGMyLXFweTJBeFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAsBAIAATAmMAwDBANtRmgD
BAFtRmwDBABtRm8DBAC5n4wDBADBHdwDBADDL/0wFgQCAAIwEAMHACABBnwCWAMF
ACABQTAwDQYJKoZIhvcNAQELBQADggEBAHbmA6yqEoTnWvXASARvnGl9uMQPlP98
e2nKh6Y4nkLSajrE3Sud1OYQKHJ7Qu9/Ag3jrZ7Vg6bZHRF8bjE94ELlU8wI/+JL
nc20lP8o7K1Ze0pmPbijJh7GheA7Rql7MLY3SO28NkN1GtoVdFchI3ashITDvmT5
trZFX3oWXd2bGEE+xqyuLIPkucaCnh2u9sLhqlGkPclmv2sDJ0Bn0LSUeSOUAsYv
0UzO+cI1vqMET6RUK8rsboF+Xj++Ce5uf/apCzJTZ7b9XzwH46sC+qfRetBb0g5L
pE2dKdbEqXaRKKpLalyQrNNFt9yizx/s2cXAx4X8+n++LCal2wbipg8=
-----END CERTIFICATE-----