Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/lzBPZUwZOMy9q2xbZQCpnnkMr3Q.roa
File:                     lzBPZUwZOMy9q2xbZQCpnnkMr3Q.roa (raw, json)
Hash identifier:          1/o92N5Dd4tx59ul+O5+RoXK/vq3vyz3me3qNmZQ+ss=
Subject key identifier:   97:30:4F:65:4C:19:38:CC:BD:AB:6C:5B:65:00:A9:9E:79:0C:AF:74
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       1BBF6998
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/lzBPZUwZOMy9q2xbZQCpnnkMr3Q.roa
Signing time:             Fri 15 Apr 2022 18:08:09 +0000
ROA not before:           Fri 15 Apr 2022 18:08:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47843
IP address blocks:        87.248.132.0/23 maxlen: 24
                          87.248.128.0/24 maxlen: 24
                          87.248.129.0/24 maxlen: 24
                          87.248.138.0/24 maxlen: 24
                          87.248.136.0/24 maxlen: 24
                          87.248.137.0/24 maxlen: 24
                          87.248.143.0/24 maxlen: 24
                          87.248.148.0/24 maxlen: 24
                          87.248.149.0/24 maxlen: 24
                          87.248.150.0/24 maxlen: 24
                          87.248.155.0/24 maxlen: 24
                          87.248.156.0/24 maxlen: 24
                          87.248.157.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 465529240 (0x1bbf6998)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Apr 15 18:08:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=97304f654c1938ccbdab6c5b6500a99e790caf74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a9:92:9e:57:59:08:7f:e3:b3:89:b7:e8:f6:
                    41:97:2e:15:e3:92:07:0b:69:07:a6:5d:f5:fc:90:
                    ab:b6:4d:46:ea:a3:f7:7d:58:44:2c:1a:4b:8f:53:
                    6c:96:4a:bc:2a:0b:ac:6f:ea:3f:73:6a:12:85:12:
                    f1:c5:a7:f2:56:1f:11:fb:ec:77:0b:68:25:a9:db:
                    ae:a3:d2:ae:6d:c0:23:60:7b:06:68:10:cf:e0:de:
                    a4:db:0c:ef:49:9c:0f:bc:2d:62:ed:7b:e8:72:42:
                    24:44:23:89:3a:93:b3:4b:ca:5d:0c:9d:08:f1:0a:
                    50:df:2b:c7:b8:58:79:85:4b:08:44:41:02:8d:5b:
                    e9:cc:24:15:4e:44:1d:15:af:f1:3c:50:af:4a:22:
                    47:07:47:17:d1:5d:28:6e:d6:f1:4c:46:98:cb:28:
                    17:4d:e3:e6:4f:17:58:ea:7a:c4:d6:31:1a:66:6f:
                    ad:71:8f:85:c4:ef:b9:8a:b8:48:82:c7:d0:e6:09:
                    7d:43:af:62:74:ba:ab:1a:7a:48:8d:f7:c7:2d:15:
                    70:b1:2e:fd:99:b0:31:6b:c7:38:9f:3e:5b:fc:70:
                    42:9c:20:30:18:18:09:da:56:76:2d:29:e8:09:bb:
                    cf:60:fc:6a:56:fa:33:58:9f:5e:e8:1f:b5:08:df:
                    22:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:30:4F:65:4C:19:38:CC:BD:AB:6C:5B:65:00:A9:9E:79:0C:AF:74
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/lzBPZUwZOMy9q2xbZQCpnnkMr3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.128.0/23
                  87.248.132.0/23
                  87.248.136.0-87.248.138.255
                  87.248.143.0/24
                  87.248.148.0-87.248.150.255
                  87.248.155.0-87.248.157.255

    Signature Algorithm: sha256WithRSAEncryption
         6b:26:9d:be:31:44:8a:e4:e4:fa:26:08:cf:2b:d5:27:8a:40:
         26:32:9c:3e:f5:8e:7b:b4:3c:e8:ed:85:88:74:f6:d5:53:40:
         34:0c:9b:b3:1b:75:a7:bb:74:32:6a:8d:84:80:8c:bf:0f:33:
         d2:42:fb:ae:03:6b:3e:ca:c4:d7:15:8c:a7:36:04:56:37:36:
         fd:c8:24:bd:3d:5b:64:6c:71:d3:f0:31:19:e9:cd:d2:f9:b8:
         b1:ed:40:dc:57:a0:1a:8b:07:42:39:c3:62:1f:21:49:cb:fc:
         39:53:f7:ff:58:71:17:f2:84:96:9e:d2:c2:e2:35:b7:ca:1a:
         d2:cf:33:4d:6a:25:8d:86:a4:aa:ec:01:99:b3:00:09:f2:aa:
         b1:5c:af:e7:b1:89:f5:25:c3:00:a1:ef:55:5d:81:fa:cb:bd:
         5a:24:90:f8:9a:e8:fa:32:72:a5:f0:7f:f3:c8:d2:8b:69:f6:
         08:2e:ca:ca:d0:33:c6:12:e7:33:53:8d:cc:2d:52:8e:90:98:
         b2:ae:9a:11:8f:94:ae:92:ec:d0:04:6d:5e:d3:e9:35:b4:3d:
         76:2e:67:bd:bf:c5:c2:96:0b:23:9b:55:e2:b2:b9:79:97:54:
         8b:35:3f:ed:b6:39:4d:d3:eb:e3:4d:7f:d0:15:55:b8:62:5b:
         a8:eb:f3:62
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEG79pmDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
N2Y2MWZjN2MwYWI0MWNlMTU0ZTdiY2IwOGVmOTYyMzUxYTQ2Nzg0MB4XDTIyMDQx
NTE4MDgwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTczMDRmNjU0YzE5
MzhjY2JkYWI2YzViNjUwMGE5OWU3OTBjYWY3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ+pkp5XWQh/47OJt+j2QZcuFeOSBwtpB6Zd9fyQq7ZNRuqj
931YRCwaS49TbJZKvCoLrG/qP3NqEoUS8cWn8lYfEfvsdwtoJanbrqPSrm3AI2B7
BmgQz+DepNsM70mcD7wtYu176HJCJEQjiTqTs0vKXQydCPEKUN8rx7hYeYVLCERB
Ao1b6cwkFU5EHRWv8TxQr0oiRwdHF9FdKG7W8UxGmMsoF03j5k8XWOp6xNYxGmZv
rXGPhcTvuYq4SILH0OYJfUOvYnS6qxp6SI33xy0VcLEu/ZmwMWvHOJ8+W/xwQpwg
MBgYCdpWdi0p6Am7z2D8alb6M1ifXugftQjfIvMCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBSXME9lTBk4zL2rbFtlAKmeeQyvdDAfBgNVHSMEGDAWgBR39h/HwKtBzhVO
e8sI75YjUaRnhDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2RfWWZ4OENyUWM0VlRudkxDTy1XSTFHa1o0US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjQvOTIxM2VjLTg1YTktNDhkNi1hYTY5LWVkYzlkMDJmYWY1NC8x
L2x6QlBaVXdaT015OXEyeGJaUUNwbm5rTXIzUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQv
OTIxM2VjLTg1YTktNDhkNi1hYTY5LWVkYzlkMDJmYWY1NC8xL2RfWWZ4OENyUWM0
VlRudkxDTy1XSTFHa1o0US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAVf4gAMEAVf4hDAMAwQDV/iIAwQA
V/iKAwQAV/iPMAwDBAJX+JQDBABX+JYwDAMEAFf4mwMEAVf4nDANBgkqhkiG9w0B
AQsFAAOCAQEAayadvjFEiuTk+iYIzyvVJ4pAJjKcPvWOe7Q86O2FiHT21VNANAyb
sxt1p7t0MmqNhICMvw8z0kL7rgNrPsrE1xWMpzYEVjc2/cgkvT1bZGxx0/AxGenN
0vm4se1A3FegGosHQjnDYh8hScv8OVP3/1hxF/KElp7SwuI1t8oa0s8zTWoljYak
quwBmbMACfKqsVyv57GJ9SXDAKHvVV2B+su9WiSQ+Jro+jJypfB/88jSi2n2CC7K
ytAzxhLnM1ONzC1SjpCYsq6aEY+UrpLs0ARtXtPpNbQ9di5nvb/FwpYLI5tV4rK5
eZdUizU/7bY5TdPr401/0BVVuGJbqOvzYg==
-----END CERTIFICATE-----