Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/yHeP2UU8HT0dEPtqet6aByn-tgQ.roa
File:                     yHeP2UU8HT0dEPtqet6aByn-tgQ.roa (raw, json)
Hash identifier:          O9ZKNbUpdUbOtHOW2/7tGDARLbCL5rqYqnhxHpT0+Jg=
Subject key identifier:   C8:77:8F:D9:45:3C:1D:3D:1D:10:FB:6A:7A:DE:9A:07:29:FE:B6:04
Certificate issuer:       /CN=2236b2b8afa6036d2c8e8317736faaa72d80c4f2
Certificate serial:       0183C1725CB4F48A6CC36046050B30E15049
Authority key identifier: 22:36:B2:B8:AF:A6:03:6D:2C:8E:83:17:73:6F:AA:A7:2D:80:C4:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IjayuK-mA20sjoMXc2-qpy2AxPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/yHeP2UU8HT0dEPtqet6aByn-tgQ.roa
Signing time:             Mon 10 Oct 2022 10:30:41 +0000
ROA not before:           Mon 10 Oct 2022 10:30:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29067
IP address blocks:        193.29.220.0/24 maxlen: 24
                          185.159.140.0/24 maxlen: 24
                          195.47.253.0/24 maxlen: 24
                          109.70.104.0/22 maxlen: 24
                          109.70.111.0/24 maxlen: 24
                          109.70.108.0/24 maxlen: 24
                          109.70.109.0/24 maxlen: 24
                          2001:4130:50f1::/48 maxlen: 48
                          2001:4130::/32 maxlen: 48
                          2001:67c:258::/48 maxlen: 48
                          2001:4130:20::/48 maxlen: 48
                          2001:4130:b0::/48 maxlen: 48
                          2001:4130:ce::/48 maxlen: 48
                          2001:4130:cd::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c1:72:5c:b4:f4:8a:6c:c3:60:46:05:0b:30:e1:50:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2236b2b8afa6036d2c8e8317736faaa72d80c4f2
        Validity
            Not Before: Oct 10 10:30:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c8778fd9453c1d3d1d10fb6a7ade9a0729feb604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:57:1e:bf:c9:ad:57:8a:17:4c:67:60:47:76:
                    e4:f6:94:0c:88:4a:0e:2f:fa:50:2e:fe:e4:c3:d7:
                    cb:d5:1d:de:ec:b8:2d:ca:ec:2a:00:43:db:c1:a6:
                    67:7a:1b:6d:11:47:02:80:e8:95:2a:c4:7d:03:58:
                    50:fc:25:b9:88:13:65:f4:8a:0d:fb:aa:50:59:da:
                    2f:93:55:d2:60:16:91:ad:39:cf:68:d1:9f:b9:90:
                    5e:61:8f:86:c8:5e:9b:b2:32:60:53:56:e8:48:0d:
                    63:71:56:93:ca:16:80:2e:57:56:a9:c5:cd:ae:da:
                    9f:0d:11:77:f8:b0:9f:5c:eb:ad:8f:69:07:58:ad:
                    cc:b3:fb:03:8e:c6:de:ff:b9:da:dc:f5:d9:90:5c:
                    a2:c2:62:e4:15:2e:cc:8e:16:42:31:6a:a6:1b:20:
                    fe:ef:8e:e6:bb:bf:b1:4a:f1:1e:c8:de:85:49:04:
                    7c:49:6b:1c:62:db:89:7a:5c:fd:e8:30:49:9d:14:
                    bb:83:89:a2:8e:8a:77:3d:0d:ff:e4:12:cb:44:64:
                    5e:7b:1d:9c:b7:45:57:a8:92:8f:d2:08:3f:8f:4c:
                    e8:71:75:c2:e2:fc:af:95:c7:73:09:53:0d:e6:23:
                    ac:45:63:9f:6c:ea:88:ad:af:1d:04:63:0f:4d:72:
                    75:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:77:8F:D9:45:3C:1D:3D:1D:10:FB:6A:7A:DE:9A:07:29:FE:B6:04
            X509v3 Authority Key Identifier:
                keyid:22:36:B2:B8:AF:A6:03:6D:2C:8E:83:17:73:6F:AA:A7:2D:80:C4:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IjayuK-mA20sjoMXc2-qpy2AxPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/yHeP2UU8HT0dEPtqet6aByn-tgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/6f895b-7977-445d-b72c-8b5ef41d8c25/1/IjayuK-mA20sjoMXc2-qpy2AxPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.104.0-109.70.109.255
                  109.70.111.0/24
                  185.159.140.0/24
                  193.29.220.0/24
                  195.47.253.0/24
                IPv6:
                  2001:67c:258::/48
                  2001:4130::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:75:ca:b7:75:55:8a:a0:e7:6b:74:0c:64:5b:bf:22:63:86:
         5a:6c:67:48:84:99:20:87:1e:4a:e9:80:36:28:ce:d0:a4:11:
         a1:12:6a:df:df:d0:2b:e8:3a:d4:0e:da:33:cd:8e:1f:e2:87:
         b4:fd:41:3f:24:68:48:43:27:c3:24:c8:fa:70:09:9d:d6:8f:
         27:77:28:fb:6e:4a:e6:f9:50:1b:b6:ee:44:9f:2d:21:2c:90:
         e9:d9:a8:71:13:4e:26:e4:0b:88:3c:35:7c:c1:ac:eb:e6:08:
         d7:91:a6:4c:a6:42:3b:e4:7d:43:2e:1e:f0:f0:f2:1f:95:c7:
         8d:c3:1d:d0:20:4e:96:77:4d:6c:55:fa:b4:ab:b6:fd:d9:ca:
         70:3c:5d:5a:6f:91:98:82:70:b2:09:4e:d5:90:59:1d:40:c0:
         03:ee:65:73:c8:75:02:08:3e:af:4b:d6:a1:cd:5e:90:29:9a:
         d6:6f:b7:43:bb:a3:69:ad:2e:d0:75:e3:74:a5:df:a7:b4:62:
         93:b7:65:dc:00:58:8b:36:ea:02:dd:e1:92:aa:57:3b:87:23:
         46:be:e3:64:02:3a:6f:fe:9c:23:85:d9:9c:33:46:cd:a7:e5:
         d4:f8:8b:dd:15:c3:59:68:2b:5e:d5:c6:47:7c:56:89:e7:07:
         a1:3d:23:42
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYPBcly09Ipsw2BGBQsw4VBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzZiMmI4YWZhNjAzNmQyYzhlODMxNzczNmZhYWE3MmQ4
MGM0ZjIwHhcNMjIxMDEwMTAzMDQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODc3OGZkOTQ1M2MxZDNkMWQxMGZiNmE3YWRlOWEwNzI5ZmViNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFcev8mtV4oXTGdgR3bk9pQMiEoO
L/pQLv7kw9fL1R3e7LgtyuwqAEPbwaZnehttEUcCgOiVKsR9A1hQ/CW5iBNl9IoN
+6pQWdovk1XSYBaRrTnPaNGfuZBeYY+GyF6bsjJgU1boSA1jcVaTyhaALldWqcXN
rtqfDRF3+LCfXOutj2kHWK3Ms/sDjsbe/7na3PXZkFyiwmLkFS7MjhZCMWqmGyD+
747mu7+xSvEeyN6FSQR8SWscYtuJelz96DBJnRS7g4mijop3PQ3/5BLLRGReex2c
t0VXqJKP0gg/j0zocXXC4vyvlcdzCVMN5iOsRWOfbOqIra8dBGMPTXJ17QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFMh3j9lFPB09HRD7anremgcp/rYEMB8GA1UdIwQY
MBaAFCI2srivpgNtLI6DF3NvqqctgMTyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpheXVLLW1BMjBzam9NWGMyLXFweTJBeFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82Zjg5NWItNzk3Ny00NDVkLWI3MmMt
OGI1ZWY0MWQ4YzI1LzEveUhlUDJVVThIVDBkRVB0cWV0NmFCeW4tdGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82Zjg5NWItNzk3Ny00NDVkLWI3MmMtOGI1ZWY0MWQ4YzI1
LzEvSWpheXVLLW1BMjBzam9NWGMyLXFweTJBeFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAsBAIAATAmMAwDBANtRmgD
BAFtRmwDBABtRm8DBAC5n4wDBADBHdwDBADDL/0wFgQCAAIwEAMHACABBnwCWAMF
ACABQTAwDQYJKoZIhvcNAQELBQADggEBAFl1yrd1VYqg52t0DGRbvyJjhlpsZ0iE
mSCHHkrpgDYoztCkEaESat/f0CvoOtQO2jPNjh/ih7T9QT8kaEhDJ8MkyPpwCZ3W
jyd3KPtuSub5UBu27kSfLSEskOnZqHETTibkC4g8NXzBrOvmCNeRpkymQjvkfUMu
HvDw8h+Vx43DHdAgTpZ3TWxV+rSrtv3ZynA8XVpvkZiCcLIJTtWQWR1AwAPuZXPI
dQIIPq9L1qHNXpApmtZvt0O7o2mtLtB143Sl36e0YpO3ZdwAWIs26gLd4ZKqVzuH
I0a+42QCOm/+nCOF2ZwzRs2n5dT4i90Vw1loK17Vxkd8VonnB6E9I0I=
-----END CERTIFICATE-----