Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/Pa-FEEtooIqsGbtTUvMO7deG0xc.roa
File:                     Pa-FEEtooIqsGbtTUvMO7deG0xc.roa (raw, json)
Hash identifier:          rOUk2rO73e5mtP5Ur1PDedIrbAIR+kcRgosz8VBjIis=
Subject key identifier:   3D:AF:85:10:4B:68:A0:8A:AC:19:BB:53:52:F3:0E:ED:D7:86:D3:17
Certificate issuer:       /CN=8d4dd2d06d920e403933fdb2cd1984893552579c
Certificate serial:       012C2755
Authority key identifier: 8D:4D:D2:D0:6D:92:0E:40:39:33:FD:B2:CD:19:84:89:35:52:57:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jU3S0G2SDkA5M_2yzRmEiTVSV5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/Pa-FEEtooIqsGbtTUvMO7deG0xc.roa
Signing time:             Wed 23 Feb 2022 08:59:07 +0000
ROA not before:           Wed 23 Feb 2022 08:59:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39232
IP address blocks:        89.219.156.0/23 maxlen: 23
                          89.219.156.0/22 maxlen: 22
                          89.219.155.0/24 maxlen: 24
                          89.219.158.0/23 maxlen: 23
                          89.219.160.0/24 maxlen: 24
                          89.219.164.0/23 maxlen: 23
                          89.219.164.0/22 maxlen: 22
                          89.219.163.0/24 maxlen: 24
                          89.219.166.0/23 maxlen: 23
                          89.219.171.0/24 maxlen: 24
                          89.219.170.0/24 maxlen: 24
                          89.219.170.0/23 maxlen: 23
                          89.219.169.0/24 maxlen: 24
                          89.219.132.0/23 maxlen: 23
                          89.219.132.0/24 maxlen: 24
                          89.219.133.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 19670869 (0x12c2755)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d4dd2d06d920e403933fdb2cd1984893552579c
        Validity
            Not Before: Feb 23 08:59:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3daf85104b68a08aac19bb5352f30eedd786d317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fd:29:91:2c:76:e2:3d:90:08:1c:5b:ca:62:
                    33:59:9a:d3:7b:ee:dd:dd:7d:80:db:04:f9:ca:1b:
                    5f:d6:35:78:25:e8:53:2d:41:ec:1d:2d:a3:8e:fc:
                    94:d1:da:d8:e7:01:28:1e:57:eb:25:5b:ec:54:d5:
                    4f:a8:37:cc:64:5f:65:6b:12:7d:cd:00:e6:05:c6:
                    23:5e:f5:43:f9:54:ef:15:f3:05:3b:12:dd:4c:1d:
                    37:26:17:bc:49:21:46:dd:61:d2:3f:3d:ce:ac:d0:
                    d3:e0:d7:8a:90:d7:62:33:d4:7b:dd:18:e1:7c:21:
                    bd:62:a0:e2:92:57:1e:36:62:7f:30:95:10:ae:e6:
                    88:ff:4b:3c:f6:79:3f:b4:a2:d8:bb:60:f6:9e:f4:
                    46:59:93:9c:50:e8:52:63:3b:4f:e8:32:cd:ce:f5:
                    eb:92:9d:a6:a8:56:cc:78:e2:53:a2:38:35:d9:0d:
                    6b:3a:4e:93:4d:7c:35:14:48:55:fe:2a:14:12:13:
                    4d:89:5a:89:ca:1a:ef:d9:d6:54:63:78:9b:23:f6:
                    89:4d:d7:0d:50:ba:1f:63:4f:8b:21:3b:4c:94:06:
                    1d:28:20:54:b1:27:6a:1b:73:38:b2:4e:4c:d4:69:
                    03:8d:63:e5:aa:5c:79:9a:d0:e8:41:0c:54:13:0f:
                    49:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:AF:85:10:4B:68:A0:8A:AC:19:BB:53:52:F3:0E:ED:D7:86:D3:17
            X509v3 Authority Key Identifier:
                keyid:8D:4D:D2:D0:6D:92:0E:40:39:33:FD:B2:CD:19:84:89:35:52:57:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jU3S0G2SDkA5M_2yzRmEiTVSV5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/Pa-FEEtooIqsGbtTUvMO7deG0xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/jU3S0G2SDkA5M_2yzRmEiTVSV5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.219.132.0/23
                  89.219.155.0-89.219.160.255
                  89.219.163.0-89.219.167.255
                  89.219.169.0-89.219.171.255

    Signature Algorithm: sha256WithRSAEncryption
         eb:5d:ee:20:a7:66:2f:6f:18:67:ae:79:40:0e:40:7c:75:ca:
         6d:cc:e1:60:6b:f5:ed:9a:63:b3:b9:6f:0a:19:be:ad:07:01:
         cd:e2:04:a9:60:06:df:8e:ca:70:79:72:31:f8:e9:34:b9:d8:
         2e:75:6f:0f:fc:d7:d1:d5:b7:96:8a:dd:c3:f3:22:10:25:dc:
         fc:17:cb:6b:75:66:2f:2b:97:91:7b:c7:73:e5:ce:17:c6:ad:
         6f:49:3d:2b:01:20:c4:75:2f:e1:70:90:71:8b:de:8a:ae:bb:
         d6:47:d0:f8:54:86:2a:b8:01:a6:c1:39:06:48:ed:9e:d0:f9:
         4e:2b:9b:eb:41:07:98:e0:fe:5a:e4:fe:8c:64:27:da:4b:56:
         09:e0:cf:dc:77:45:f3:8c:fd:5c:ac:16:88:0e:d5:3b:19:63:
         51:af:a6:56:e0:9e:7b:ee:e7:70:23:d6:27:7e:69:19:29:cf:
         34:8c:c8:70:4e:96:3a:af:ab:08:3d:6c:7d:f9:53:84:1c:5b:
         d7:ce:76:08:5d:21:de:59:50:79:48:fe:70:74:e9:60:c8:21:
         91:7d:56:a1:03:7a:c1:a0:bb:65:f4:08:40:8b:64:25:bb:63:
         5c:d2:15:fb:c0:5a:6c:dd:bf:b5:88:83:97:da:c8:02:1b:89:
         d4:51:8a:77
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEASwnVTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZDRkZDJkMDZkOTIwZTQwMzkzM2ZkYjJjZDE5ODQ4OTM1NTI1NzljMB4XDTIyMDIy
MzA4NTkwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2RhZjg1MTA0YjY4
YTA4YWFjMTliYjUzNTJmMzBlZWRkNzg2ZDMxNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMb9KZEsduI9kAgcW8piM1ma03vu3d19gNsE+cobX9Y1eCXo
Uy1B7B0to478lNHa2OcBKB5X6yVb7FTVT6g3zGRfZWsSfc0A5gXGI171Q/lU7xXz
BTsS3UwdNyYXvEkhRt1h0j89zqzQ0+DXipDXYjPUe90Y4XwhvWKg4pJXHjZifzCV
EK7miP9LPPZ5P7Si2Ltg9p70RlmTnFDoUmM7T+gyzc7165KdpqhWzHjiU6I4NdkN
azpOk018NRRIVf4qFBITTYlaicoa79nWVGN4myP2iU3XDVC6H2NPiyE7TJQGHSgg
VLEnahtzOLJOTNRpA41j5apceZrQ6EEMVBMPSb0CAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBQ9r4UQS2igiqwZu1NS8w7t14bTFzAfBgNVHSMEGDAWgBSNTdLQbZIOQDkz
/bLNGYSJNVJXnDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2pVM1MwRzJTRGtBNU1fMnl6Um1FaVRWU1Y1dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWUvZjYyMWE3LWUwODAtNDI1NS05MjZkLTMyZmYzMWNlZWM4Yi8x
L1BhLUZFRXRvb0lxc0didFRVdk1PN2RlRzB4Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUv
ZjYyMWE3LWUwODAtNDI1NS05MjZkLTMyZmYzMWNlZWM4Yi8xL2pVM1MwRzJTRGtB
NU1fMnl6Um1FaVRWU1Y1dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAVnbhDAMAwQAWdubAwQAWdugMAwD
BABZ26MDBANZ26AwDAMEAFnbqQMEAlnbqDANBgkqhkiG9w0BAQsFAAOCAQEA613u
IKdmL28YZ655QA5AfHXKbczhYGv17Zpjs7lvChm+rQcBzeIEqWAG347KcHlyMfjp
NLnYLnVvD/zX0dW3lordw/MiECXc/BfLa3VmLyuXkXvHc+XOF8atb0k9KwEgxHUv
4XCQcYveiq671kfQ+FSGKrgBpsE5BkjtntD5Tiub60EHmOD+WuT+jGQn2ktWCeDP
3HdF84z9XKwWiA7VOxljUa+mVuCee+7ncCPWJ35pGSnPNIzIcE6WOq+rCD1sfflT
hBxb1852CF0h3llQeUj+cHTpYMghkX1WoQN6waC7ZfQIQItkJbtjXNIV+8BabN2/
tYiDl9rIAhuJ1FGKdw==
-----END CERTIFICATE-----