Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/sBOV8ajkrCf3UCT0W1gWN5AdIzc.roa
File:                     sBOV8ajkrCf3UCT0W1gWN5AdIzc.roa (raw, json)
Hash identifier:          NHaGuPMISOBm8CNb3k6FzxEs2npuku8sfKBdM8dwiOk=
Subject key identifier:   B0:13:95:F1:A8:E4:AC:27:F7:50:24:F4:5B:58:16:37:90:1D:23:37
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       01825EB6EF35629E81E0A2F04A52B0D502E5
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/sBOV8ajkrCf3UCT0W1gWN5AdIzc.roa
Signing time:             Tue 02 Aug 2022 13:20:23 +0000
ROA not before:           Tue 02 Aug 2022 13:20:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34549
IP address blocks:        195.179.44.0/22 maxlen: 22
                          194.233.20.0/22 maxlen: 22
                          194.64.172.0/22 maxlen: 22
                          194.163.72.0/22 maxlen: 22
                          194.163.76.0/22 maxlen: 22
                          195.180.140.0/22 maxlen: 22
                          195.179.80.0/22 maxlen: 22
                          212.224.0.0/22 maxlen: 24
                          194.195.108.0/22 maxlen: 22
                          195.179.32.0/21 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:5e:b6:ef:35:62:9e:81:e0:a2:f0:4a:52:b0:d5:02:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Aug  2 13:20:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b01395f1a8e4ac27f75024f45b581637901d2337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:91:98:15:c6:16:07:2f:85:be:cd:0e:64:76:
                    b2:cd:1c:10:a8:08:f9:76:08:2b:cd:5e:b6:3d:6e:
                    fa:d5:01:4b:11:44:3b:ee:5e:b7:08:97:48:f0:ff:
                    ac:68:30:45:31:89:da:eb:59:6a:6a:13:0f:97:54:
                    4e:3b:e4:43:c4:d3:2a:06:66:79:85:22:36:04:78:
                    1e:dc:2a:c5:e5:15:23:4e:22:50:cf:f7:7c:62:b8:
                    99:1b:47:a0:6a:2d:2e:a0:6c:40:69:0b:94:13:b9:
                    2b:0f:a2:dc:38:96:f2:38:d3:4c:5c:5c:cd:fb:3e:
                    33:1e:8f:f1:f4:03:ae:f1:c8:d3:5c:e9:3d:7a:77:
                    20:17:15:01:cc:bc:ea:41:0e:22:37:ae:f1:e1:ee:
                    5c:f8:08:34:90:7d:5c:f5:ba:2a:28:a0:3f:d9:a8:
                    a2:e9:59:fa:19:50:45:37:cc:12:97:00:fa:e2:29:
                    f0:6b:c7:34:4c:fa:29:6e:c2:43:df:86:bd:5c:8b:
                    b9:d0:e0:56:85:66:42:74:9a:b7:86:f9:8f:35:11:
                    c3:07:92:14:dc:22:31:3b:a1:aa:56:82:84:c9:2f:
                    a9:74:6c:d1:0d:bd:8a:88:1b:bf:da:1a:0d:18:68:
                    ca:82:7c:ce:b2:c5:c6:c9:9a:68:b1:c2:73:5a:82:
                    6d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:13:95:F1:A8:E4:AC:27:F7:50:24:F4:5B:58:16:37:90:1D:23:37
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/sBOV8ajkrCf3UCT0W1gWN5AdIzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.64.172.0/22
                  194.163.72.0/21
                  194.195.108.0/22
                  194.233.20.0/22
                  195.179.32.0/21
                  195.179.44.0/22
                  195.179.80.0/22
                  195.180.140.0/22
                  212.224.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:16:46:94:0b:ea:e5:5a:7c:db:de:6a:74:64:07:9e:0c:52:
         91:04:08:a3:92:7b:46:69:31:8c:51:c7:1a:11:2a:0f:54:66:
         57:9c:a1:e0:b2:e7:a1:d4:be:65:c1:c3:36:14:6a:f0:02:c9:
         7a:6d:71:78:88:af:5a:7f:e5:64:00:48:05:19:6f:08:53:83:
         95:d7:b5:7c:ed:d4:92:12:d4:ac:2a:a1:f2:aa:87:28:81:39:
         9a:99:80:15:df:5c:e4:10:45:1e:a5:a1:e8:65:77:87:26:c7:
         db:2a:17:05:aa:6a:1d:52:9e:02:2f:72:c6:ff:5d:ea:7c:02:
         06:6a:f6:70:27:c1:c7:a0:2c:11:c4:6f:29:b6:b3:aa:7f:0c:
         e1:69:4f:1f:0f:b6:98:9b:cb:a3:22:74:c8:fd:cc:19:e3:1d:
         99:15:17:5d:6f:f5:d2:89:c3:f0:7d:92:4b:f5:2f:bf:42:73:
         bc:65:8c:c1:c2:e1:c8:ad:77:1d:43:28:c9:f8:34:3e:8c:65:
         c9:16:06:3d:7a:fa:a5:bd:31:80:66:96:a4:da:ca:cb:17:5b:
         92:20:49:8a:4e:86:e2:15:2c:9c:46:d0:08:34:e9:c7:97:b6:
         6d:8f:4e:aa:50:c4:fb:43:e9:bb:cc:d6:d7:53:c0:7e:4d:e6:
         d6:45:e4:7c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYJetu81Yp6B4KLwSlKw1QLlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjIwODAyMTMyMDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDEzOTVmMWE4ZTRhYzI3Zjc1MDI0ZjQ1YjU4MTYzNzkwMWQyMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pGYFcYWBy+Fvs0OZHayzRwQqAj5
dggrzV62PW761QFLEUQ77l63CJdI8P+saDBFMYna61lqahMPl1ROO+RDxNMqBmZ5
hSI2BHge3CrF5RUjTiJQz/d8YriZG0egai0uoGxAaQuUE7krD6LcOJbyONNMXFzN
+z4zHo/x9AOu8cjTXOk9encgFxUBzLzqQQ4iN67x4e5c+Ag0kH1c9boqKKA/2aii
6Vn6GVBFN8wSlwD64inwa8c0TPopbsJD34a9XIu50OBWhWZCdJq3hvmPNRHDB5IU
3CIxO6GqVoKEyS+pdGzRDb2KiBu/2hoNGGjKgnzOssXGyZposcJzWoJtiQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLATlfGo5Kwn91Ak9FtYFjeQHSM3MB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvc0JPVjhhamtyQ2YzVUNUMFcxZ1dONUFkSXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCwkCsAwQD
wqNIAwQCwsNsAwQCwukUAwQDw7MgAwQCw7MsAwQCw7NQAwQCw7SMAwQC1OAAMA0G
CSqGSIb3DQEBCwUAA4IBAQCIFkaUC+rlWnzb3mp0ZAeeDFKRBAijkntGaTGMUcca
ESoPVGZXnKHgsueh1L5lwcM2FGrwAsl6bXF4iK9af+VkAEgFGW8IU4OV17V87dSS
EtSsKqHyqocogTmamYAV31zkEEUepaHoZXeHJsfbKhcFqmodUp4CL3LG/13qfAIG
avZwJ8HHoCwRxG8ptrOqfwzhaU8fD7aYm8ujInTI/cwZ4x2ZFRddb/XSicPwfZJL
9S+/QnO8ZYzBwuHIrXcdQyjJ+DQ+jGXJFgY9evqlvTGAZpak2srLF1uSIEmKTobi
FSycRtAINOnHl7Ztj06qUMT7Q+m7zNbXU8B+TebWReR8
-----END CERTIFICATE-----