Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/uL-zh85qp9v41wmkTnuEedTHuD8.roa
File:                     uL-zh85qp9v41wmkTnuEedTHuD8.roa (raw, json)
Hash identifier:          +4moTBxZJe6lfF7ZjE8jNPAqO7KWo7tlSXGU5dacWBc=
Subject key identifier:   B8:BF:B3:87:CE:6A:A7:DB:F8:D7:09:A4:4E:7B:84:79:D4:C7:B8:3F
Certificate issuer:       /CN=f1da67135b737ca9d2dfd7b97fe5978b8f300d6b
Certificate serial:       0184D2D951AD62E60171AC9579D31C374608
Authority key identifier: F1:DA:67:13:5B:73:7C:A9:D2:DF:D7:B9:7F:E5:97:8B:8F:30:0D:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dpnE1tzfKnS39e5f-WXi48wDWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/uL-zh85qp9v41wmkTnuEedTHuD8.roa
Signing time:             Fri 02 Dec 2022 12:39:28 +0000
ROA not before:           Fri 02 Dec 2022 12:39:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60486
IP address blocks:        185.29.152.0/22 maxlen: 22
                          185.29.152.0/23 maxlen: 23
                          185.29.154.0/24 maxlen: 24
                          85.184.244.0/24 maxlen: 24
                          85.184.246.0/24 maxlen: 24
                          85.184.245.0/24 maxlen: 24
                          85.184.247.0/24 maxlen: 24
                          83.143.72.0/24 maxlen: 24
                          2a00:a920:700::/40 maxlen: 40
                          2a00:a920:900::/40 maxlen: 40
                          2a00:a920:800::/40 maxlen: 40
                          2a00:a920:400::/40 maxlen: 40
                          2a00:a920:300::/40 maxlen: 40
                          2a00:a920:200::/40 maxlen: 40
                          2a00:a920:100::/40 maxlen: 40
                          2a00:a920::/40 maxlen: 40
                          2a00:a920:c00::/40 maxlen: 40
                          2a00:a920::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d2:d9:51:ad:62:e6:01:71:ac:95:79:d3:1c:37:46:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1da67135b737ca9d2dfd7b97fe5978b8f300d6b
        Validity
            Not Before: Dec  2 12:39:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b8bfb387ce6aa7dbf8d709a44e7b8479d4c7b83f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fa:d1:c1:b5:c3:2a:93:50:f6:d0:66:72:18:
                    49:ea:49:13:ce:0b:e8:18:5d:41:94:69:c3:d8:d8:
                    af:c3:24:86:b1:9c:a4:4e:f9:16:27:18:44:55:bc:
                    1c:03:e0:8f:4d:8d:c1:9c:4b:bb:74:c8:db:53:36:
                    8c:f7:e5:24:5b:69:ff:63:51:8f:9b:db:a7:49:f3:
                    50:62:83:0f:47:75:d3:cc:76:4c:4a:4f:a2:0a:c5:
                    38:33:12:c4:90:4e:20:22:13:82:c1:72:7b:01:e1:
                    45:c1:72:95:a7:7b:50:02:6a:da:e1:c7:21:3f:f4:
                    a6:7e:60:98:8f:8d:23:99:6d:ff:eb:59:87:1a:4d:
                    cb:12:ce:31:bd:7f:0e:8e:3b:e7:46:e7:c5:c5:fe:
                    37:49:c0:2a:65:f3:fe:2a:3e:f5:4c:55:8d:5f:91:
                    ea:46:47:8b:14:20:2f:2b:2c:6f:83:67:0a:72:27:
                    44:69:aa:99:a0:67:71:5f:72:c1:e7:0a:65:80:62:
                    da:ba:2b:31:92:46:39:99:b1:77:93:b8:fa:22:28:
                    f3:d9:d7:13:e6:e7:be:5c:d2:6d:8e:69:b1:17:db:
                    8c:7f:55:ee:59:34:e8:06:66:3f:33:10:ef:ef:66:
                    46:87:49:bb:08:91:af:8f:5c:e7:80:7b:ee:f9:af:
                    c0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:BF:B3:87:CE:6A:A7:DB:F8:D7:09:A4:4E:7B:84:79:D4:C7:B8:3F
            X509v3 Authority Key Identifier:
                keyid:F1:DA:67:13:5B:73:7C:A9:D2:DF:D7:B9:7F:E5:97:8B:8F:30:0D:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dpnE1tzfKnS39e5f-WXi48wDWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/uL-zh85qp9v41wmkTnuEedTHuD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/8dpnE1tzfKnS39e5f-WXi48wDWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.143.72.0/24
                  85.184.244.0/22
                  185.29.152.0/22
                IPv6:
                  2a00:a920::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:22:0b:43:1d:7b:d9:25:6d:46:37:04:22:92:68:ab:d9:cb:
         18:df:bd:f4:70:68:13:12:ec:e0:d3:84:83:e2:eb:e9:d0:c9:
         ad:24:fd:b9:2b:22:85:3d:6c:bf:17:29:35:56:55:b5:c9:42:
         a5:1d:dc:a8:81:f4:5b:ad:79:87:f7:c8:b3:de:fc:3c:08:cc:
         19:1a:a5:2d:98:9a:03:d8:2a:8a:3c:aa:39:13:08:45:95:87:
         f3:72:17:38:a5:16:a2:a0:5e:e9:d3:c1:37:98:50:49:a2:d7:
         ef:46:26:74:e0:8c:f2:e6:10:a7:9b:9c:93:04:a9:0f:40:71:
         8c:df:b9:f3:80:6b:e9:89:fb:70:a9:d5:3a:e5:d0:0e:d0:98:
         e6:48:5c:a4:f8:db:28:1e:dd:a9:85:68:dd:ee:5f:88:b2:2c:
         f9:5c:a7:a6:e2:72:a6:8d:e9:27:46:0a:18:2f:2d:fc:40:07:
         25:7a:89:12:1b:ed:b4:93:69:f0:68:93:14:3f:76:01:2f:e1:
         98:b9:f4:6e:15:82:44:36:11:21:6c:81:2b:17:8d:15:5c:93:
         c5:0f:a7:53:ad:58:d8:d5:2e:af:1c:b9:c3:a2:36:ad:8d:29:
         ce:c4:61:26:68:d7:17:d0:85:3f:51:da:60:4b:28:1d:2d:36:
         34:ff:56:0f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYTS2VGtYuYBcayVedMcN0YIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZGE2NzEzNWI3MzdjYTlkMmRmZDdiOTdmZTU5NzhiOGYz
MDBkNmIwHhcNMjIxMjAyMTIzOTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGJmYjM4N2NlNmFhN2RiZjhkNzA5YTQ0ZTdiODQ3OWQ0YzdiODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/rRwbXDKpNQ9tBmchhJ6kkTzgvo
GF1BlGnD2NivwySGsZykTvkWJxhEVbwcA+CPTY3BnEu7dMjbUzaM9+UkW2n/Y1GP
m9unSfNQYoMPR3XTzHZMSk+iCsU4MxLEkE4gIhOCwXJ7AeFFwXKVp3tQAmra4cch
P/SmfmCYj40jmW3/61mHGk3LEs4xvX8OjjvnRufFxf43ScAqZfP+Kj71TFWNX5Hq
RkeLFCAvKyxvg2cKcidEaaqZoGdxX3LB5wplgGLauisxkkY5mbF3k7j6Iijz2dcT
5ue+XNJtjmmxF9uMf1XuWTToBmY/MxDv72ZGh0m7CJGvj1zngHvu+a/AFwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLi/s4fOaqfb+NcJpE57hHnUx7g/MB8GA1UdIwQY
MBaAFPHaZxNbc3yp0t/XuX/ll4uPMA1rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRwbkUxdHpmS25TMzllNWYtV1hpNDh3RFdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9hMmNjYjEtYTcyOC00ZjA0LTk2NDEt
ZmMxMTJhZTYzZWE0LzEvdUwtemg4NXFwOXY0MXdta1RudUVlZFRIdUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9hMmNjYjEtYTcyOC00ZjA0LTk2NDEtZmMxMTJhZTYzZWE0
LzEvOGRwbkUxdHpmS25TMzllNWYtV1hpNDh3RFdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAU49IAwQC
Vbj0AwQCuR2YMA0EAgACMAcDBQAqAKkgMA0GCSqGSIb3DQEBCwUAA4IBAQAIIgtD
HXvZJW1GNwQikmir2csY3730cGgTEuzg04SD4uvp0MmtJP25KyKFPWy/Fyk1VlW1
yUKlHdyogfRbrXmH98iz3vw8CMwZGqUtmJoD2CqKPKo5EwhFlYfzchc4pRaioF7p
08E3mFBJotfvRiZ04Izy5hCnm5yTBKkPQHGM37nzgGvpiftwqdU65dAO0JjmSFyk
+NsoHt2phWjd7l+Isiz5XKem4nKmjeknRgoYLy38QAcleokSG+20k2nwaJMUP3YB
L+GYufRuFYJENhEhbIErF40VXJPFD6dTrVjY1S6vHLnDojatjSnOxGEmaNcX0IU/
UdpgSygdLTY0/1YP
-----END CERTIFICATE-----