Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/LZFNTROhirawgUb-XT9mJHs4eOA.roa
File:                     LZFNTROhirawgUb-XT9mJHs4eOA.roa (raw, json)
Hash identifier:          6HiasAKRsHjaboHhhp8DuhPRwRDBB/FOirZJKHDUlmY=
Subject key identifier:   2D:91:4D:4D:13:A1:8A:B6:B0:81:46:FE:5D:3F:66:24:7B:38:78:E0
Certificate issuer:       /CN=f1da67135b737ca9d2dfd7b97fe5978b8f300d6b
Certificate serial:       01849F79961ABD4942334A6F7620AA33585F
Authority key identifier: F1:DA:67:13:5B:73:7C:A9:D2:DF:D7:B9:7F:E5:97:8B:8F:30:0D:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dpnE1tzfKnS39e5f-WXi48wDWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/LZFNTROhirawgUb-XT9mJHs4eOA.roa
Signing time:             Tue 22 Nov 2022 13:14:16 +0000
ROA not before:           Tue 22 Nov 2022 13:14:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60486
IP address blocks:        185.29.152.0/22 maxlen: 22
                          185.29.152.0/23 maxlen: 23
                          185.29.154.0/24 maxlen: 24
                          85.184.244.0/24 maxlen: 24
                          85.184.246.0/24 maxlen: 24
                          85.184.245.0/24 maxlen: 24
                          2a00:a920:700::/40 maxlen: 40
                          2a00:a920:900::/40 maxlen: 40
                          2a00:a920:800::/40 maxlen: 40
                          2a00:a920:400::/40 maxlen: 40
                          2a00:a920:300::/40 maxlen: 40
                          2a00:a920:200::/40 maxlen: 40
                          2a00:a920:100::/40 maxlen: 40
                          2a00:a920:c00::/40 maxlen: 40
                          2a00:a920::/40 maxlen: 40
                          2a00:a920::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:79:96:1a:bd:49:42:33:4a:6f:76:20:aa:33:58:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1da67135b737ca9d2dfd7b97fe5978b8f300d6b
        Validity
            Not Before: Nov 22 13:14:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2d914d4d13a18ab6b08146fe5d3f66247b3878e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:27:31:f7:d1:a2:86:c8:54:a6:c0:98:ab:ec:
                    29:00:fd:45:fa:7f:aa:19:7f:77:1c:c1:48:a7:a0:
                    4c:f7:24:78:28:c0:75:0d:5c:02:6e:95:d5:eb:25:
                    11:91:2c:f7:e0:f2:6c:88:36:46:5c:e3:db:0b:f9:
                    fe:93:3a:13:98:21:33:f7:98:41:14:78:fc:8d:02:
                    d7:41:3e:91:3d:b1:2a:65:e1:87:9a:62:9a:55:c2:
                    fc:d5:38:72:f6:5b:f3:e8:53:f5:5f:c7:df:4d:a5:
                    1e:e0:e6:b5:d5:f8:d8:0f:f9:aa:91:82:2e:96:77:
                    08:a3:1e:2c:48:0f:ab:f1:7f:dc:57:b6:18:67:64:
                    8e:59:0c:b5:f9:82:23:5c:28:cd:81:20:0b:b6:14:
                    8d:9c:f1:84:54:fb:bd:86:3b:3a:10:22:b6:86:07:
                    9f:ca:e9:0b:e3:b0:8e:e9:d4:64:75:43:a3:a4:cc:
                    4d:d4:c6:9f:4f:90:d6:dc:35:c7:78:62:0b:b0:12:
                    1d:14:c7:66:d0:0d:1f:ea:fc:49:51:d0:bc:7e:9c:
                    66:bb:72:f0:d7:34:37:d9:c2:fa:26:26:f2:19:17:
                    ec:fa:ea:8d:dd:03:2a:33:23:16:2d:49:08:fd:41:
                    eb:2b:1a:46:2b:7a:a6:84:5a:2a:6c:75:9f:9e:da:
                    06:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:91:4D:4D:13:A1:8A:B6:B0:81:46:FE:5D:3F:66:24:7B:38:78:E0
            X509v3 Authority Key Identifier:
                keyid:F1:DA:67:13:5B:73:7C:A9:D2:DF:D7:B9:7F:E5:97:8B:8F:30:0D:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dpnE1tzfKnS39e5f-WXi48wDWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/LZFNTROhirawgUb-XT9mJHs4eOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/8dpnE1tzfKnS39e5f-WXi48wDWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.184.244.0-85.184.246.255
                  185.29.152.0/22
                IPv6:
                  2a00:a920::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:69:05:c3:96:d5:ce:05:eb:69:75:37:93:dc:1c:0c:39:f3:
         2e:18:6b:a4:7b:e1:85:0a:23:f4:31:9f:bd:e3:19:f2:6c:db:
         f0:9a:51:66:e7:9b:b2:a1:67:62:b4:62:60:24:ef:58:32:c4:
         5f:e1:92:a0:dd:6e:48:50:92:b8:bd:2c:09:a3:0d:e6:a9:5a:
         79:58:62:71:b2:d0:d6:9e:27:28:cc:7a:d2:06:f1:67:55:45:
         a8:2c:14:78:e1:50:79:da:ce:2c:77:ef:05:73:ff:35:3e:74:
         f6:14:66:fb:c6:fa:84:07:51:dd:76:3e:25:50:06:c1:e7:a1:
         e9:80:fd:61:74:9b:cc:f2:5b:0e:b8:76:02:92:f1:49:71:9c:
         e0:78:ce:7d:ab:77:00:7e:59:f5:24:eb:7c:31:0f:3f:c1:c1:
         cc:ca:83:0d:00:4b:06:18:66:71:7d:0d:df:ac:b1:0e:93:ab:
         45:d9:68:d5:e3:13:cb:fb:8f:c2:24:d9:bb:27:59:2a:cc:c7:
         c5:61:ad:ed:b0:74:5c:54:9d:0a:bb:a3:8c:df:cc:25:2e:64:
         23:ff:01:d8:51:d4:34:04:7e:4f:3a:49:bc:5d:df:c8:15:0d:
         cc:85:c1:2c:3c:a4:86:e0:ff:93:e8:40:aa:1e:ae:12:ff:b9:
         24:86:5f:67
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYSfeZYavUlCM0pvdiCqM1hfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZGE2NzEzNWI3MzdjYTlkMmRmZDdiOTdmZTU5NzhiOGYz
MDBkNmIwHhcNMjIxMTIyMTMxNDE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDkxNGQ0ZDEzYTE4YWI2YjA4MTQ2ZmU1ZDNmNjYyNDdiMzg3OGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCcx99GihshUpsCYq+wpAP1F+n+q
GX93HMFIp6BM9yR4KMB1DVwCbpXV6yURkSz34PJsiDZGXOPbC/n+kzoTmCEz95hB
FHj8jQLXQT6RPbEqZeGHmmKaVcL81Thy9lvz6FP1X8ffTaUe4Oa11fjYD/mqkYIu
lncIox4sSA+r8X/cV7YYZ2SOWQy1+YIjXCjNgSALthSNnPGEVPu9hjs6ECK2hgef
yukL47CO6dRkdUOjpMxN1MafT5DW3DXHeGILsBIdFMdm0A0f6vxJUdC8fpxmu3Lw
1zQ32cL6JibyGRfs+uqN3QMqMyMWLUkI/UHrKxpGK3qmhFoqbHWfntoG+wIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFC2RTU0ToYq2sIFG/l0/ZiR7OHjgMB8GA1UdIwQY
MBaAFPHaZxNbc3yp0t/XuX/ll4uPMA1rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRwbkUxdHpmS25TMzllNWYtV1hpNDh3RFdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9hMmNjYjEtYTcyOC00ZjA0LTk2NDEt
ZmMxMTJhZTYzZWE0LzEvTFpGTlRST2hpcmF3Z1ViLVhUOW1KSHM0ZU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9hMmNjYjEtYTcyOC00ZjA0LTk2NDEtZmMxMTJhZTYzZWE0
LzEvOGRwbkUxdHpmS25TMzllNWYtV1hpNDh3RFdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAJVuPQD
BABVuPYDBAK5HZgwDQQCAAIwBwMFACoAqSAwDQYJKoZIhvcNAQELBQADggEBAGVp
BcOW1c4F62l1N5PcHAw58y4Ya6R74YUKI/Qxn73jGfJs2/CaUWbnm7KhZ2K0YmAk
71gyxF/hkqDdbkhQkri9LAmjDeapWnlYYnGy0NaeJyjMetIG8WdVRagsFHjhUHna
zix37wVz/zU+dPYUZvvG+oQHUd12PiVQBsHnoemA/WF0m8zyWw64dgKS8UlxnOB4
zn2rdwB+WfUk63wxDz/BwczKgw0ASwYYZnF9Dd+ssQ6Tq0XZaNXjE8v7j8Ik2bsn
WSrMx8Vhre2wdFxUnQq7o4zfzCUuZCP/AdhR1DQEfk86Sbxd38gVDcyFwSw8pIbg
/5PoQKoerhL/uSSGX2c=
-----END CERTIFICATE-----