Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/772e7e-f0f0-4fe0-a634-f4fbe0cb9444/1/ZXhNJ0ozlCWaroYrSM5rQaGe738.roa
File:                     ZXhNJ0ozlCWaroYrSM5rQaGe738.roa (raw, json)
Hash identifier:          0dl4zJBkvVzeNOH5U76CweffoUjkpiX6pF4SECZjvCw=
Subject key identifier:   65:78:4D:27:4A:33:94:25:9A:AE:86:2B:48:CE:6B:41:A1:9E:EF:7F
Certificate issuer:       /CN=13f3ad40f96ed5e7f39d8d9e196abf0fa2381e8c
Certificate serial:       02814032
Authority key identifier: 13:F3:AD:40:F9:6E:D5:E7:F3:9D:8D:9E:19:6A:BF:0F:A2:38:1E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E_OtQPlu1efznY2eGWq_D6I4How.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/772e7e-f0f0-4fe0-a634-f4fbe0cb9444/1/ZXhNJ0ozlCWaroYrSM5rQaGe738.roa
Signing time:             Thu 13 Jan 2022 12:47:44 +0000
ROA not before:           Thu 13 Jan 2022 12:47:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28757
IP address blocks:        217.16.216.0/22 maxlen: 22
                          217.16.220.0/23 maxlen: 23
                          217.16.222.0/24 maxlen: 24
                          217.16.223.0/24 maxlen: 24
                          80.80.178.0/24 maxlen: 24
                          80.80.179.0/24 maxlen: 24
                          80.80.176.0/23 maxlen: 23
                          185.71.108.0/22 maxlen: 22
                          80.80.176.0/20 maxlen: 20
                          80.80.184.0/21 maxlen: 21
                          80.80.180.0/23 maxlen: 23
                          80.80.182.0/24 maxlen: 24
                          80.80.183.0/24 maxlen: 24
                          80.80.191.0/24 maxlen: 24
                          217.16.208.0/21 maxlen: 21
                          217.16.208.0/20 maxlen: 20
                          2a02:6b00::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42025010 (0x2814032)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13f3ad40f96ed5e7f39d8d9e196abf0fa2381e8c
        Validity
            Not Before: Jan 13 12:47:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=65784d274a3394259aae862b48ce6b41a19eef7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:28:60:4d:7b:84:e8:17:4e:60:4d:0f:3e:f6:
                    45:59:e2:aa:a1:27:c6:bf:34:03:51:7a:89:86:14:
                    84:ce:a4:dd:3c:4f:36:d1:30:bf:b2:a2:bc:dd:74:
                    e1:33:df:a5:cb:61:80:d4:c7:11:65:e1:cc:c3:b7:
                    a7:79:a5:f9:84:18:bc:d2:2f:55:ff:1e:10:de:65:
                    29:e2:6c:a0:ee:5a:ac:22:dc:7b:8b:f3:b3:3b:c4:
                    77:b2:f8:5c:9f:fc:75:d5:76:d3:9a:ef:04:23:0f:
                    c2:03:a4:97:1d:f2:98:c5:3f:f3:e3:8b:b3:31:9f:
                    36:db:8e:89:01:70:00:d7:f9:d8:27:32:89:a5:7e:
                    2c:3c:96:ec:95:3e:d1:3a:30:d9:20:1f:69:47:6f:
                    9e:2c:e7:28:57:35:a9:fe:f2:73:81:61:26:61:f0:
                    9b:24:ce:f0:05:2f:84:46:be:44:13:15:73:28:b3:
                    97:55:1d:7b:0d:0f:5b:db:12:a4:8d:ce:93:be:dd:
                    9f:b3:4f:74:fd:2d:bc:e0:61:e9:9d:ab:60:d3:54:
                    d2:a7:17:4b:be:ae:bf:e0:f6:98:5b:69:05:48:dc:
                    58:7c:aa:52:26:b4:01:d1:2f:b7:5e:0c:df:36:46:
                    eb:4f:d4:62:3c:3d:81:d8:da:f1:1f:58:61:01:0f:
                    54:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:78:4D:27:4A:33:94:25:9A:AE:86:2B:48:CE:6B:41:A1:9E:EF:7F
            X509v3 Authority Key Identifier:
                keyid:13:F3:AD:40:F9:6E:D5:E7:F3:9D:8D:9E:19:6A:BF:0F:A2:38:1E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E_OtQPlu1efznY2eGWq_D6I4How.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/772e7e-f0f0-4fe0-a634-f4fbe0cb9444/1/ZXhNJ0ozlCWaroYrSM5rQaGe738.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/772e7e-f0f0-4fe0-a634-f4fbe0cb9444/1/E_OtQPlu1efznY2eGWq_D6I4How.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.80.176.0/20
                  185.71.108.0/22
                  217.16.208.0/20
                IPv6:
                  2a02:6b00::/36

    Signature Algorithm: sha256WithRSAEncryption
         64:6e:44:92:3e:d6:d4:44:c5:50:8d:c2:2b:ba:dd:27:f9:d1:
         1f:0b:b9:b1:b4:3c:3e:48:0e:df:ad:54:b9:d4:8e:2e:b8:b9:
         b9:05:8d:ce:71:c0:61:ee:8f:b5:0b:b8:47:c2:31:ae:ca:12:
         a7:d0:ca:84:94:e1:d1:e3:28:ac:17:fd:17:f4:b0:7b:9a:31:
         23:e7:77:e1:9d:84:41:72:d6:6e:9a:cd:e1:0d:f9:8f:d3:bb:
         3a:50:8d:3f:68:d0:57:cc:89:09:42:77:f8:42:61:b2:8e:67:
         d5:a3:9f:c2:73:7d:c3:44:cb:34:a9:40:5a:25:0d:cd:d4:b0:
         4a:7e:e5:17:cb:f5:cb:2b:22:a6:57:16:93:4c:4b:3e:09:29:
         04:b6:59:45:66:fe:95:5b:26:09:cd:d7:43:b3:d3:f4:45:5f:
         a8:13:47:fb:9b:fe:f3:04:51:65:1f:03:b7:44:02:d6:46:45:
         36:d8:b3:fe:ba:f3:b1:aa:1e:cb:b6:b9:56:b5:bd:9d:c8:7e:
         e4:1d:ff:ba:93:54:47:e7:2e:fa:56:55:2e:d5:5f:1f:b8:9f:
         71:19:dd:e8:ed:46:8e:26:1f:77:d8:84:77:c4:14:cb:1b:86:
         bc:2d:c4:db:08:f7:84:e8:ce:6c:2d:6f:b9:53:6d:a4:8a:19:
         46:99:94:d9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEAoFAMjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
M2YzYWQ0MGY5NmVkNWU3ZjM5ZDhkOWUxOTZhYmYwZmEyMzgxZThjMB4XDTIyMDEx
MzEyNDc0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjU3ODRkMjc0YTMz
OTQyNTlhYWU4NjJiNDhjZTZiNDFhMTllZWY3ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJwoYE17hOgXTmBNDz72RVniqqEnxr80A1F6iYYUhM6k3TxP
NtEwv7KivN104TPfpcthgNTHEWXhzMO3p3ml+YQYvNIvVf8eEN5lKeJsoO5arCLc
e4vzszvEd7L4XJ/8ddV205rvBCMPwgOklx3ymMU/8+OLszGfNtuOiQFwANf52Ccy
iaV+LDyW7JU+0Tow2SAfaUdvniznKFc1qf7yc4FhJmHwmyTO8AUvhEa+RBMVcyiz
l1Udew0PW9sSpI3Ok77dn7NPdP0tvOBh6Z2rYNNU0qcXS76uv+D2mFtpBUjcWHyq
Uia0AdEvt14M3zZG60/UYjw9gdja8R9YYQEPVMECAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBRleE0nSjOUJZquhitIzmtBoZ7vfzAfBgNVHSMEGDAWgBQT861A+W7V5/Od
jZ4Zar8PojgejDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VfT3RRUGx1MWVmem5ZMmVHV3FfRDZJNEhvdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWIvNzcyZTdlLWYwZjAtNGZlMC1hNjM0LWY0ZmJlMGNiOTQ0NC8x
L1pYaE5KMG96bENXYXJvWXJTTTVyUWFHZTczOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWIv
NzcyZTdlLWYwZjAtNGZlMC1hNjM0LWY0ZmJlMGNiOTQ0NC8xL0VfT3RRUGx1MWVm
em5ZMmVHV3FfRDZJNEhvdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowGAQCAAEwEgMEBFBQsAMEArlHbAMEBNkQ0DAOBAIA
AjAIAwYEKgJrAAAwDQYJKoZIhvcNAQELBQADggEBAGRuRJI+1tRExVCNwiu63Sf5
0R8LubG0PD5IDt+tVLnUji64ubkFjc5xwGHuj7ULuEfCMa7KEqfQyoSU4dHjKKwX
/Rf0sHuaMSPnd+GdhEFy1m6azeEN+Y/TuzpQjT9o0FfMiQlCd/hCYbKOZ9Wjn8Jz
fcNEyzSpQFolDc3UsEp+5RfL9csrIqZXFpNMSz4JKQS2WUVm/pVbJgnN10Oz0/RF
X6gTR/ub/vMEUWUfA7dEAtZGRTbYs/6687GqHsu2uVa1vZ3IfuQd/7qTVEfnLvpW
VS7VXx+4n3EZ3ejtRo4mH3fYhHfEFMsbhrwtxNsI94Tozmwtb7lTbaSKGUaZlNk=
-----END CERTIFICATE-----