Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/7E7BEGmL9SYeh3zPR8lp_UvxSZ0.roa
File:                     7E7BEGmL9SYeh3zPR8lp_UvxSZ0.roa (raw, json)
Hash identifier:          FgdB+aiXG7Q1+lJNf8+On+06CuppShJQirKWyt2zgtQ=
Subject key identifier:   EC:4E:C1:10:69:8B:F5:26:1E:87:7C:CF:47:C9:69:FD:4B:F1:49:9D
Certificate issuer:       /CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
Certificate serial:       0183C383937B8BA8B33F081CEF64F982F03F
Authority key identifier: 92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/7E7BEGmL9SYeh3zPR8lp_UvxSZ0.roa
Signing time:             Mon 10 Oct 2022 20:08:43 +0000
ROA not before:           Mon 10 Oct 2022 20:08:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59545
IP address blocks:        92.63.163.0/24 maxlen: 24
                          92.63.162.0/24 maxlen: 24
                          92.63.160.0/24 maxlen: 24
                          92.63.160.0/21 maxlen: 24
                          92.63.161.0/24 maxlen: 24
                          109.205.199.0/24 maxlen: 32
                          185.69.100.0/22 maxlen: 24
                          178.20.248.0/21 maxlen: 24
                          141.138.144.0/21 maxlen: 24
                          141.138.145.0/24 maxlen: 24
                          141.138.151.0/24 maxlen: 24
                          141.138.148.0/24 maxlen: 24
                          141.138.149.0/24 maxlen: 24
                          141.138.146.0/24 maxlen: 24
                          141.138.147.0/24 maxlen: 24
                          2a01:a680:a1::/48 maxlen: 64
                          2a01:a680::/32 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c3:83:93:7b:8b:a8:b3:3f:08:1c:ef:64:f9:82:f0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
        Validity
            Not Before: Oct 10 20:08:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ec4ec110698bf5261e877ccf47c969fd4bf1499d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2e:1d:e5:65:81:65:7d:5d:52:4a:ab:31:3c:
                    09:67:37:75:66:06:43:43:31:f3:3d:0d:d8:cb:51:
                    51:33:6e:98:93:b8:1e:a8:d8:23:4e:74:f5:79:f7:
                    36:4e:96:22:4b:bb:7b:e4:7c:5d:c9:06:30:17:ae:
                    fc:13:db:73:a2:e8:b7:94:7a:ff:96:b1:f6:27:4c:
                    b8:b4:74:c6:10:96:71:ee:67:64:73:cc:26:6f:73:
                    35:9f:ab:c6:33:ff:fe:94:db:29:43:f9:62:9b:03:
                    13:9c:e2:06:3b:cf:02:2b:cc:9f:cc:8b:7e:95:68:
                    64:2a:c2:81:ac:b8:a3:76:a5:b6:e0:d5:d0:fd:28:
                    59:7f:91:6b:a1:82:03:d0:75:81:af:22:6e:41:c1:
                    36:1f:3e:26:f4:8d:6e:63:d0:c3:b3:9a:7f:f1:77:
                    20:70:87:2e:48:06:5d:f4:9f:08:84:9a:fd:c2:85:
                    33:5a:5a:f1:a8:7f:54:f4:98:bb:8b:60:08:d3:c4:
                    8a:36:62:0c:7f:ec:23:7b:9a:25:6d:4e:8c:2b:50:
                    f3:ae:f9:83:b7:a6:32:38:bf:57:c3:ad:ca:2c:22:
                    3c:3f:07:e8:d9:f1:27:3f:ab:b1:f0:f5:bf:79:c8:
                    4c:ac:bb:bf:b5:1c:fa:05:1c:31:cb:55:8a:06:eb:
                    a1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:4E:C1:10:69:8B:F5:26:1E:87:7C:CF:47:C9:69:FD:4B:F1:49:9D
            X509v3 Authority Key Identifier:
                keyid:92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/7E7BEGmL9SYeh3zPR8lp_UvxSZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/kkGtDn_CK_urVnvon2PZgF5euao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.160.0/21
                  109.205.199.0/24
                  141.138.144.0/21
                  178.20.248.0/21
                  185.69.100.0/22
                IPv6:
                  2a01:a680::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:4c:62:4b:db:81:1d:03:02:e7:aa:c7:b0:fa:c8:53:a6:cc:
         3a:2f:22:6f:01:37:06:f0:63:3d:02:d3:cb:b6:12:08:21:93:
         16:2d:2c:fc:1f:f8:bf:c1:56:a2:15:7f:00:7b:98:85:88:06:
         b7:f8:e0:2a:ba:8f:de:c7:3a:06:24:3c:88:88:b2:ef:f6:c7:
         74:96:f7:2b:eb:c9:c7:08:96:da:85:7d:61:66:89:26:90:b4:
         51:0a:56:e1:e7:44:7d:d0:ee:60:02:1a:7e:66:06:6a:08:15:
         b1:a5:fe:10:b5:7e:41:62:79:39:49:d5:15:b4:b5:d0:57:62:
         76:58:20:95:f0:8a:73:61:fa:f0:69:04:4b:33:eb:29:46:6f:
         97:ba:b4:56:c9:60:77:fe:1c:81:dd:c6:b5:fa:2a:da:8c:f4:
         f7:eb:02:8a:cd:67:ea:ad:e9:94:20:2e:fe:3a:f8:18:bd:ff:
         4f:b1:34:df:87:38:f2:f1:55:43:db:70:c6:fd:65:e5:f0:3b:
         39:08:7e:1e:fb:3f:09:41:4c:01:6f:e3:82:26:9c:97:7b:fa:
         ec:e8:55:63:0c:e8:4c:75:8f:d2:c0:47:37:2e:a2:8a:20:9b:
         8a:44:54:e4:26:d5:58:59:d4:fe:4e:52:92:b7:b4:39:c9:32:
         64:45:14:2b
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYPDg5N7i6izPwgc72T5gvA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDFhZDBlN2ZjMjJiZmJhYjU2N2JlODlmNjNkOTgwNWU1
ZWI5YWEwHhcNMjIxMDEwMjAwODQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzRlYzExMDY5OGJmNTI2MWU4NzdjY2Y0N2M5NjlmZDRiZjE0OTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlC4d5WWBZX1dUkqrMTwJZzd1ZgZD
QzHzPQ3Yy1FRM26Yk7geqNgjTnT1efc2TpYiS7t75HxdyQYwF678E9tzoui3lHr/
lrH2J0y4tHTGEJZx7mdkc8wmb3M1n6vGM//+lNspQ/limwMTnOIGO88CK8yfzIt+
lWhkKsKBrLijdqW24NXQ/ShZf5FroYID0HWBryJuQcE2Hz4m9I1uY9DDs5p/8Xcg
cIcuSAZd9J8IhJr9woUzWlrxqH9U9Ji7i2AI08SKNmIMf+wje5olbU6MK1DzrvmD
t6YyOL9Xw63KLCI8Pwfo2fEnP6ux8PW/echMrLu/tRz6BRwxy1WKBuuh8wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFOxOwRBpi/UmHod8z0fJaf1L8UmdMB8GA1UdIwQY
MBaAFJJBrQ5/wiv7q1Z76J9j2YBeXrmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDkt
NDU0NGM2MTA5NzI5LzEvN0U3QkVHbUw5U1llaDN6UFI4bHBfVXZ4U1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDktNDU0NGM2MTA5NzI5
LzEva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDXD+gAwQA
bc3HAwQDjYqQAwQDshT4AwQCuUVkMA0EAgACMAcDBQAqAaaAMA0GCSqGSIb3DQEB
CwUAA4IBAQBuTGJL24EdAwLnqsew+shTpsw6LyJvATcG8GM9AtPLthIIIZMWLSz8
H/i/wVaiFX8Ae5iFiAa3+OAquo/exzoGJDyIiLLv9sd0lvcr68nHCJbahX1hZokm
kLRRClbh50R90O5gAhp+ZgZqCBWxpf4QtX5BYnk5SdUVtLXQV2J2WCCV8IpzYfrw
aQRLM+spRm+XurRWyWB3/hyB3ca1+irajPT36wKKzWfqremUIC7+OvgYvf9PsTTf
hzjy8VVD23DG/WXl8Ds5CH4e+z8JQUwBb+OCJpyXe/rs6FVjDOhMdY/SwEc3LqKK
IJuKRFTkJtVYWdT+TlKSt7Q5yTJkRRQr
-----END CERTIFICATE-----