Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/D41mAcWkiZf4rNUdZytbSe4tUpA.roa
File:                     D41mAcWkiZf4rNUdZytbSe4tUpA.roa (raw, json)
Hash identifier:          5n5zrn2UmRwjLqEo01Gf9lI1WO19om+FpGylfSwzc1s=
Subject key identifier:   0F:8D:66:01:C5:A4:89:97:F8:AC:D5:1D:67:2B:5B:49:EE:2D:52:90
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       01844E73EA411A27559C0D478467B870005F
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/D41mAcWkiZf4rNUdZytbSe4tUpA.roa
Signing time:             Sun 06 Nov 2022 19:38:50 +0000
ROA not before:           Sun 06 Nov 2022 19:38:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30938
IP address blocks:        45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.249.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.248.0/24 maxlen: 24
                          5.39.253.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22
                          31.192.240.0/21 maxlen: 21
                          5.178.96.0/21 maxlen: 21
                          5.144.176.0/21 maxlen: 21
                          5.178.104.0/21 maxlen: 21
                          5.144.182.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.39.255.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:4e:73:ea:41:1a:27:55:9c:0d:47:84:67:b8:70:00:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Nov  6 19:38:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0f8d6601c5a48997f8acd51d672b5b49ee2d5290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9d:b7:ae:94:fb:c2:ef:84:98:8e:b6:46:ca:
                    5e:96:00:64:d9:f4:8c:98:84:88:c8:f6:7d:41:c1:
                    56:05:ad:fa:fa:fb:36:43:89:c7:26:89:1d:1d:6c:
                    0d:86:a9:8e:c4:5e:86:cd:e7:b9:24:5e:5c:9e:27:
                    ab:b2:c7:89:63:2a:74:a3:5c:b5:27:df:22:9f:01:
                    67:ae:92:93:25:a8:5a:28:34:86:75:f3:e4:90:da:
                    bd:43:b3:3d:08:79:e7:57:3f:0d:c2:52:45:db:af:
                    bd:99:de:1e:5d:5e:df:cf:a4:76:3b:78:6a:93:35:
                    6c:e7:aa:88:b7:71:26:8c:78:de:63:1d:43:86:69:
                    ba:34:49:6b:9b:66:f5:09:f8:48:b0:33:83:08:43:
                    e7:f1:cf:73:37:03:08:9f:e1:ea:7b:21:46:e5:50:
                    b7:c2:29:fc:18:5d:cd:ff:4a:29:71:db:eb:16:c1:
                    a9:ff:be:aa:f6:e5:20:01:2f:ad:64:7d:9a:c6:d1:
                    d3:08:cf:ee:1f:5c:3c:4c:e0:08:5d:6c:45:16:ad:
                    51:bb:4a:47:d6:7e:a2:74:bb:e1:aa:0e:a9:81:04:
                    2e:70:ba:8d:d0:f3:e8:87:e1:38:fc:80:a4:66:c3:
                    04:49:62:75:d2:42:ad:03:ea:4f:ea:65:f3:5b:7f:
                    7c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8D:66:01:C5:A4:89:97:F8:AC:D5:1D:67:2B:5B:49:EE:2D:52:90
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/D41mAcWkiZf4rNUdZytbSe4tUpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/21
                  5.144.176.0/21
                  5.178.96.0/20
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:34:be:30:c8:d0:1a:52:6e:9a:92:2d:21:41:a9:bc:c7:4c:
         ec:28:14:6f:69:7d:72:60:a0:fd:be:3b:b7:eb:64:31:d2:6e:
         30:c8:ed:15:56:ed:7b:81:86:7e:27:66:ca:da:54:b9:3e:72:
         19:cf:83:a3:fa:d2:2e:23:3e:cb:3d:3b:9b:9c:f7:6e:34:41:
         aa:34:d3:41:3f:67:3a:e5:4f:a1:b3:c7:75:69:f0:b9:df:aa:
         d7:81:93:ea:03:0c:99:53:dc:9c:60:69:39:f0:b4:bb:91:a0:
         72:fe:db:8d:46:cf:a3:be:17:55:9a:b2:6b:a7:8b:b8:83:df:
         d4:b0:5f:ad:60:85:98:32:e7:4a:a7:2a:56:3c:53:55:a4:e1:
         29:5f:0f:32:9f:0a:45:5e:18:3f:45:20:e0:b5:fd:db:8d:de:
         3c:f9:71:07:e6:f1:6b:51:42:94:f3:0d:97:e2:c8:d2:1b:3e:
         84:46:74:8b:8b:b8:19:54:df:99:39:1f:84:63:e4:07:73:bb:
         c0:12:db:6f:c5:0e:ef:a2:9e:dc:8a:90:be:45:3f:42:9a:16:
         a4:2f:28:0c:10:d3:c2:8f:37:db:b3:95:e9:a2:ad:f7:ee:f7:
         44:e4:6a:0b:02:a0:8a:08:47:5c:51:35:53:e7:74:5e:bb:5e:
         45:0b:85:aa
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYROc+pBGidVnA1HhGe4cABfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjIxMTA2MTkzODUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjhkNjYwMWM1YTQ4OTk3ZjhhY2Q1MWQ2NzJiNWI0OWVlMmQ1MjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhp23rpT7wu+EmI62RspelgBk2fSM
mISIyPZ9QcFWBa36+vs2Q4nHJokdHWwNhqmOxF6Gzee5JF5cniersseJYyp0o1y1
J98inwFnrpKTJahaKDSGdfPkkNq9Q7M9CHnnVz8NwlJF26+9md4eXV7fz6R2O3hq
kzVs56qIt3EmjHjeYx1Dhmm6NElrm2b1CfhIsDODCEPn8c9zNwMIn+HqeyFG5VC3
win8GF3N/0opcdvrFsGp/76q9uUgAS+tZH2axtHTCM/uH1w8TOAIXWxFFq1Ru0pH
1n6idLvhqg6pgQQucLqN0PPoh+E4/ICkZsMESWJ10kKtA+pP6mXzW398CQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFA+NZgHFpImX+KzVHWcrW0nuLVKQMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvRDQxbUFjV2tpWmY0ck5VZFp5dGJTZTR0VXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQDBSf4AwQD
BZCwAwQEBbJgAwQDH8DwAwQCLQzYAwQCuQUkMA0GCSqGSIb3DQEBCwUAA4IBAQAt
NL4wyNAaUm6aki0hQam8x0zsKBRvaX1yYKD9vju362Qx0m4wyO0VVu17gYZ+J2bK
2lS5PnIZz4Oj+tIuIz7LPTubnPduNEGqNNNBP2c65U+hs8d1afC536rXgZPqAwyZ
U9ycYGk58LS7kaBy/tuNRs+jvhdVmrJrp4u4g9/UsF+tYIWYMudKpypWPFNVpOEp
Xw8ynwpFXhg/RSDgtf3bjd48+XEH5vFrUUKU8w2X4sjSGz6ERnSLi7gZVN+ZOR+E
Y+QHc7vAEttvxQ7vop7cipC+RT9CmhakLygMENPCjzfbs5Xpoq337vdE5GoLAqCK
CEdcUTVT53Reu15FC4Wq
-----END CERTIFICATE-----