Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/hHf2AjX-n-GH4snp-i_uo_Ry5Sg.roa
File:                     hHf2AjX-n-GH4snp-i_uo_Ry5Sg.roa (raw, json)
Hash identifier:          pOsL+SBTtVuBXY4nZ4omkFPP4tNJGbcQBBwvVfaTuqE=
Subject key identifier:   84:77:F6:02:35:FE:9F:E1:87:E2:C9:E9:FA:2F:EE:A3:F4:72:E5:28
Certificate issuer:       /CN=217b491dccb5632216d80b48f8d6286b1effd8d7
Certificate serial:       0367032E
Authority key identifier: 21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/hHf2AjX-n-GH4snp-i_uo_Ry5Sg.roa
Signing time:             Thu 21 Apr 2022 05:26:13 +0000
ROA not before:           Thu 21 Apr 2022 05:26:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59625
IP address blocks:        185.240.16.0/24 maxlen: 24
                          185.240.17.0/24 maxlen: 24
                          185.240.18.0/24 maxlen: 24
                          185.240.19.0/24 maxlen: 24
                          185.84.69.0/24 maxlen: 24
                          185.84.68.0/24 maxlen: 24
                          185.84.70.0/24 maxlen: 24
                          185.84.71.0/24 maxlen: 24
                          185.244.177.0/24 maxlen: 24
                          185.244.176.0/24 maxlen: 24
                          2a03:7020:1::/48 maxlen: 48
                          2a03:7020:10::/48 maxlen: 48
                          2a03:7020:8::/48 maxlen: 48
                          2a03:7020:1300::/40 maxlen: 40
                          2a03:7020:800::/40 maxlen: 40
                          2a03:7020::/40 maxlen: 40
                          2a03:7020::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57082670 (0x367032e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b491dccb5632216d80b48f8d6286b1effd8d7
        Validity
            Not Before: Apr 21 05:26:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8477f60235fe9fe187e2c9e9fa2feea3f472e528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:8a:b7:ed:32:ab:b3:97:02:d0:d5:5a:e7:5e:
                    6b:d6:f4:12:a9:05:ea:b1:34:78:1f:4b:0c:16:65:
                    52:33:0f:aa:43:4f:2a:7d:18:b6:cd:73:5c:3d:a2:
                    7c:87:b1:49:ec:07:cc:72:8e:28:cc:9e:53:3b:8f:
                    f8:1c:fc:b4:1a:fa:9a:bd:ed:2f:0c:6f:ff:97:e3:
                    18:20:00:ef:a6:16:fa:e6:33:08:06:2a:a5:2a:d3:
                    18:90:b7:15:8a:47:ee:ce:6d:e2:d3:61:8c:c7:89:
                    1c:82:e2:0c:b7:4a:a8:93:ec:61:d8:5b:6d:b8:f4:
                    b5:5f:9c:fe:b0:96:3e:fb:40:45:33:70:82:41:df:
                    53:6e:33:47:69:c1:db:4e:24:8a:dc:28:6a:67:43:
                    0c:2a:e7:83:27:46:98:f3:6d:77:a3:2a:ab:b2:c7:
                    51:7f:52:35:40:14:bf:74:00:6e:37:71:67:3b:99:
                    50:54:8d:28:f8:1e:6f:34:ef:39:54:f5:fc:21:9e:
                    49:ee:2e:f1:c0:51:03:09:84:44:d1:9b:35:64:d5:
                    cc:fc:3c:db:52:57:9b:60:79:7a:f7:de:17:7c:1b:
                    b6:73:77:12:a9:ce:77:d6:49:0d:93:ae:23:ab:67:
                    56:24:ed:2e:f3:fe:f1:37:08:9e:df:1a:aa:a3:72:
                    75:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:77:F6:02:35:FE:9F:E1:87:E2:C9:E9:FA:2F:EE:A3:F4:72:E5:28
            X509v3 Authority Key Identifier:
                keyid:21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/hHf2AjX-n-GH4snp-i_uo_Ry5Sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.68.0/22
                  185.240.16.0/22
                  185.244.176.0/23
                IPv6:
                  2a03:7020::/40
                  2a03:7020:800::/40
                  2a03:7020:1300::/40

    Signature Algorithm: sha256WithRSAEncryption
         2b:cb:48:4b:91:42:29:24:e4:f1:04:4a:25:7c:a2:d5:e0:80:
         b0:ba:3d:d5:af:ef:57:82:da:2b:0d:d6:8e:88:77:20:7e:1f:
         25:ba:fe:c6:df:16:fb:46:bf:0c:77:a6:37:50:44:fd:c6:9a:
         6b:1f:d9:f5:b0:e5:2d:e4:6b:37:b6:42:64:d9:38:43:55:23:
         63:b4:cd:b5:74:59:d0:26:23:ca:a9:4d:1f:89:cd:9a:f7:b2:
         98:28:8e:25:13:db:64:48:0e:bc:0e:38:df:11:b8:02:7a:37:
         e0:e5:5e:7c:b9:f4:42:dc:18:8b:05:df:02:4f:af:33:9d:3f:
         8b:cb:4b:bc:70:94:5d:a6:55:ab:dc:e8:16:03:d2:19:d9:65:
         e8:96:56:23:fe:be:5a:31:ae:20:dc:6f:1a:d4:96:85:97:14:
         9a:de:23:7e:9a:fb:45:59:4b:13:b7:9e:4b:2a:6b:9d:bf:06:
         36:42:08:cd:82:29:f8:38:78:1c:e2:83:52:22:ca:36:ae:8e:
         41:57:f8:70:7d:f1:98:89:0a:2f:4c:c1:7a:47:b3:a4:7d:c3:
         42:f0:9b:93:9e:ad:cb:4a:4e:02:9b:48:b5:99:3a:a3:98:47:
         31:af:fb:1e:eb:f0:ec:79:8d:0a:c4:9d:43:6c:8a:5c:4d:32:
         3c:c9:70:9e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgIEA2cDLjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MTdiNDkxZGNjYjU2MzIyMTZkODBiNDhmOGQ2Mjg2YjFlZmZkOGQ3MB4XDTIyMDQy
MTA1MjYxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODQ3N2Y2MDIzNWZl
OWZlMTg3ZTJjOWU5ZmEyZmVlYTNmNDcyZTUyODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPKKt+0yq7OXAtDVWudea9b0EqkF6rE0eB9LDBZlUjMPqkNP
Kn0Yts1zXD2ifIexSewHzHKOKMyeUzuP+Bz8tBr6mr3tLwxv/5fjGCAA76YW+uYz
CAYqpSrTGJC3FYpH7s5t4tNhjMeJHILiDLdKqJPsYdhbbbj0tV+c/rCWPvtARTNw
gkHfU24zR2nB204kitwoamdDDCrngydGmPNtd6Mqq7LHUX9SNUAUv3QAbjdxZzuZ
UFSNKPgebzTvOVT1/CGeSe4u8cBRAwmERNGbNWTVzPw821JXm2B5evfeF3wbtnN3
EqnOd9ZJDZOuI6tnViTtLvP+8TcInt8aqqNydW8CAwEAAaOCAjUwggIxMB0GA1Ud
DgQWBBSEd/YCNf6f4Yfiyen6L+6j9HLlKDAfBgNVHSMEGDAWgBQhe0kdzLVjIhbY
C0j41ihrHv/Y1zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lYdEpIY3kxWXlJVzJBdEktTllvYXg3XzJOYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTcvZTlmMjljLTkyMzEtNDUwZC1hZGIwLTZkZTA1YTMxNjIzOS8x
L2hIZjJBalgtbi1HSDRzbnAtaV91b19SeTVTZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcv
ZTlmMjljLTkyMzEtNDUwZC1hZGIwLTZkZTA1YTMxNjIzOS8xL0lYdEpIY3kxWXlJ
VzJBdEktTllvYXg3XzJOYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBL
BggrBgEFBQcBBwEB/wQ8MDowGAQCAAEwEgMEArlURAMEArnwEAMEAbn0sDAeBAIA
AjAYAwYAKgNwIAADBgAqA3AgCAMGACoDcCATMA0GCSqGSIb3DQEBCwUAA4IBAQAr
y0hLkUIpJOTxBEolfKLV4ICwuj3Vr+9XgtorDdaOiHcgfh8luv7G3xb7Rr8Md6Y3
UET9xpprH9n1sOUt5Gs3tkJk2ThDVSNjtM21dFnQJiPKqU0fic2a97KYKI4lE9tk
SA68DjjfEbgCejfg5V58ufRC3BiLBd8CT68znT+Ly0u8cJRdplWr3OgWA9IZ2WXo
llYj/r5aMa4g3G8a1JaFlxSa3iN+mvtFWUsTt55LKmudvwY2QgjNgin4OHgc4oNS
Iso2ro5BV/hwffGYiQovTMF6R7OkfcNC8JuTnq3LSk4Cm0i1mTqjmEcxr/se6/Ds
eY0KxJ1DbIpcTTI8yXCe
-----END CERTIFICATE-----