Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9KVl3tnaRIoYrkFkxec4l5J3vDs.roa
File:                     9KVl3tnaRIoYrkFkxec4l5J3vDs.roa (raw, json)
Hash identifier:          lYt5ZC+xfUF+jIYggKM8TGgK+aMvdtiHgKESy9G5u+I=
Subject key identifier:   F4:A5:65:DE:D9:DA:44:8A:18:AE:41:64:C5:E7:38:97:92:77:BC:3B
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018433A08ACACFE955B69D30251EB5A53767
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9KVl3tnaRIoYrkFkxec4l5J3vDs.roa
Signing time:             Tue 01 Nov 2022 14:37:50 +0000
ROA not before:           Tue 01 Nov 2022 14:37:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49870
IP address blocks:        45.140.222.0/23 maxlen: 23
                          45.81.21.0/24 maxlen: 24
                          2.56.167.0/24 maxlen: 24
                          45.81.22.0/23 maxlen: 23
                          89.190.159.0/24 maxlen: 24
                          89.190.156.0/24 maxlen: 24
                          185.242.226.0/24 maxlen: 24
                          194.50.16.0/23 maxlen: 24
                          212.107.12.0/24 maxlen: 24
                          77.83.240.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:33:a0:8a:ca:cf:e9:55:b6:9d:30:25:1e:b5:a5:37:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Nov  1 14:37:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f4a565ded9da448a18ae4164c5e738979277bc3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:17:e6:8b:1c:50:8e:e9:de:fc:59:2f:5d:55:
                    3b:0e:dc:0d:f7:bb:7e:3c:96:d8:36:79:2e:56:a6:
                    40:72:e4:2b:cb:86:b6:32:c2:2a:90:1f:84:b0:30:
                    4b:94:e0:60:24:41:6f:37:63:8b:44:4a:cc:0f:60:
                    3e:a7:d7:18:80:63:27:80:77:0e:53:18:92:e2:e9:
                    e5:55:cd:64:e8:9d:cf:86:6d:d8:a1:7e:b0:13:c0:
                    5a:5b:aa:27:ca:dd:3e:41:fa:c8:82:fe:eb:e8:0a:
                    3c:31:42:c4:1c:ae:26:28:e8:a2:3c:cf:3a:88:e7:
                    60:f4:70:ff:99:7f:a0:26:7d:b6:6a:fd:5b:02:9e:
                    45:cd:0b:eb:c1:b1:5f:69:61:60:37:48:3b:1c:94:
                    ea:77:69:3b:0c:0d:0e:37:59:f2:d4:b6:92:93:9f:
                    ec:7e:ac:fb:85:74:dc:be:f3:70:43:62:63:12:b9:
                    02:36:28:9e:25:1c:7c:5f:8f:0f:2c:83:47:c8:99:
                    e1:2a:b3:75:40:59:f9:09:6a:a0:6b:98:da:8b:2e:
                    df:6c:94:04:24:14:cb:3a:cf:4b:c9:57:6b:db:26:
                    14:c5:d5:fc:b2:f6:f8:ff:eb:5e:5a:5b:2f:16:ee:
                    db:71:11:72:92:50:3a:00:57:33:69:a2:4b:8c:78:
                    1b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:A5:65:DE:D9:DA:44:8A:18:AE:41:64:C5:E7:38:97:92:77:BC:3B
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9KVl3tnaRIoYrkFkxec4l5J3vDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.167.0/24
                  45.81.21.0-45.81.23.255
                  45.140.222.0/23
                  77.83.240.0/24
                  89.190.156.0/24
                  89.190.159.0/24
                  185.242.226.0/24
                  194.50.16.0/23
                  212.107.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:37:b1:12:b3:0c:39:fa:37:b9:41:a0:e5:f4:e3:b9:3c:3a:
         a8:af:6f:d5:76:29:40:14:f1:7b:90:65:40:45:5c:e1:66:df:
         6e:85:9b:7d:7d:d9:1e:e1:23:05:29:7a:b5:3a:7a:45:e7:53:
         28:6f:60:bd:e6:a7:1d:be:05:2b:fe:38:ca:b5:e5:b6:05:14:
         38:ad:d8:44:df:b4:74:0f:f2:4a:de:6c:54:5c:97:ab:8a:e4:
         da:97:1d:dc:fa:9c:d1:48:90:c1:7a:b9:84:9b:e3:75:60:38:
         0f:5f:1f:35:54:51:bb:72:2e:02:9a:ac:f8:a5:71:2d:82:44:
         c4:c5:89:01:dc:e2:34:36:4c:24:51:6f:52:1c:a1:0f:f3:8b:
         6f:96:73:95:c4:d9:2e:73:a6:d7:6e:b3:ea:68:f3:86:63:f4:
         99:35:61:c8:93:cf:3a:69:99:b7:33:11:64:04:e2:3b:38:51:
         6f:41:15:35:ab:f8:c9:61:b1:1c:79:d7:33:d2:48:40:72:ef:
         61:a2:7b:19:db:32:99:a2:c3:6b:1d:90:89:84:e4:5a:b8:2d:
         22:4b:49:f0:ee:30:8e:a3:dd:b2:53:76:c4:4e:2c:54:ce:40:
         69:cc:80:a4:d8:43:15:bc:f7:f3:1f:8f:41:5f:93:2e:f8:e0:
         e5:8d:6e:8e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYQzoIrKz+lVtp0wJR61pTdnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjIxMTAxMTQzNzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGE1NjVkZWQ5ZGE0NDhhMThhZTQxNjRjNWU3Mzg5NzkyNzdiYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxfmixxQjune/FkvXVU7DtwN97t+
PJbYNnkuVqZAcuQry4a2MsIqkB+EsDBLlOBgJEFvN2OLRErMD2A+p9cYgGMngHcO
UxiS4unlVc1k6J3Phm3YoX6wE8BaW6onyt0+QfrIgv7r6Ao8MULEHK4mKOiiPM86
iOdg9HD/mX+gJn22av1bAp5FzQvrwbFfaWFgN0g7HJTqd2k7DA0ON1ny1LaSk5/s
fqz7hXTcvvNwQ2JjErkCNiieJRx8X48PLINHyJnhKrN1QFn5CWqga5jaiy7fbJQE
JBTLOs9LyVdr2yYUxdX8svb4/+teWlsvFu7bcRFyklA6AFczaaJLjHgbqQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPSlZd7Z2kSKGK5BZMXnOJeSd7w7MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvOUtWbDN0bmFSSW9ZcmtGa3hlYzRsNUozdkRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjinMAwD
BAAtURUDBAMtURADBAEtjN4DBABNU/ADBABZvpwDBABZvp8DBAC58uIDBAHCMhAD
BADUawwwDQYJKoZIhvcNAQELBQADggEBALg3sRKzDDn6N7lBoOX047k8Oqivb9V2
KUAU8XuQZUBFXOFm326Fm3192R7hIwUperU6ekXnUyhvYL3mpx2+BSv+OMq15bYF
FDit2ETftHQP8krebFRcl6uK5NqXHdz6nNFIkMF6uYSb43VgOA9fHzVUUbtyLgKa
rPilcS2CRMTFiQHc4jQ2TCRRb1IcoQ/zi2+Wc5XE2S5zptdus+po84Zj9Jk1YciT
zzppmbczEWQE4js4UW9BFTWr+MlhsRx51zPSSEBy72GiexnbMpmiw2sdkImE5Fq4
LSJLSfDuMI6j3bJTdsROLFTOQGnMgKTYQxW89/Mfj0Ffky744OWNbo4=
-----END CERTIFICATE-----