Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/rVjBdUZyXRXUdmRJvprcFj8xKGw.roa
File:                     rVjBdUZyXRXUdmRJvprcFj8xKGw.roa (raw, json)
Hash identifier:          2B5yST9SaUa5sdfswIt6qe9nQ4MYAO8xzaffb+xTpvs=
Subject key identifier:   AD:58:C1:75:46:72:5D:15:D4:76:64:49:BE:9A:DC:16:3F:31:28:6C
Certificate issuer:       /CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
Certificate serial:       01835A1B6EAE514ED3D23D63BABB65F136B5
Authority key identifier: 92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/rVjBdUZyXRXUdmRJvprcFj8xKGw.roa
Signing time:             Tue 20 Sep 2022 08:54:50 +0000
ROA not before:           Tue 20 Sep 2022 08:54:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59545
IP address blocks:        92.63.163.0/24 maxlen: 24
                          92.63.162.0/24 maxlen: 24
                          92.63.160.0/24 maxlen: 24
                          92.63.160.0/21 maxlen: 24
                          92.63.161.0/24 maxlen: 24
                          185.69.100.0/22 maxlen: 24
                          178.20.248.0/21 maxlen: 24
                          141.138.144.0/21 maxlen: 24
                          141.138.145.0/24 maxlen: 24
                          141.138.151.0/24 maxlen: 24
                          141.138.148.0/24 maxlen: 24
                          141.138.149.0/24 maxlen: 24
                          141.138.146.0/24 maxlen: 24
                          141.138.147.0/24 maxlen: 24
                          2a01:a680:a1::/48 maxlen: 64
                          2a01:a680::/32 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:5a:1b:6e:ae:51:4e:d3:d2:3d:63:ba:bb:65:f1:36:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
        Validity
            Not Before: Sep 20 08:54:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ad58c17546725d15d4766449be9adc163f31286c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:35:a2:dc:c8:a5:d4:f9:6c:3c:ad:77:df:81:
                    ba:5b:aa:e8:bb:30:3c:19:c5:05:35:0b:df:36:71:
                    d7:50:fe:d4:90:d6:9a:a3:e2:92:ea:41:ee:00:dd:
                    d2:bb:63:89:84:45:c2:f6:2c:a6:aa:8f:7d:29:18:
                    be:c1:cf:ed:79:c2:3d:9b:7a:8e:28:66:c2:9a:63:
                    12:79:68:90:ba:49:11:b2:1b:cb:09:3c:d2:27:66:
                    dd:c8:58:80:05:5a:04:b7:d0:81:0e:df:7b:8a:23:
                    b7:0a:60:a3:82:40:ca:75:2b:7e:2c:5f:33:81:38:
                    ac:09:d5:19:3d:71:a7:91:2a:ef:72:79:82:e5:63:
                    79:64:bb:68:ba:bd:eb:a3:4f:a3:e9:89:2e:5e:ee:
                    5e:9f:30:5c:ce:4a:6a:c0:9d:8b:4c:9c:58:a3:88:
                    b3:3d:07:0e:65:e6:0e:e6:36:bb:da:3d:72:e7:68:
                    ae:e3:6e:31:a6:4e:55:73:1a:0d:20:7e:da:c4:2a:
                    58:d4:43:ea:82:e0:c8:b7:cc:89:1b:a6:76:f8:7c:
                    67:b7:d8:36:f6:ee:2c:8f:3a:10:4c:5e:6a:4b:9d:
                    74:4b:f7:a3:a9:f6:72:b4:7e:42:01:b4:9d:21:d3:
                    c9:ac:6c:78:30:30:ec:66:65:b1:ec:0c:a4:8f:79:
                    65:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:58:C1:75:46:72:5D:15:D4:76:64:49:BE:9A:DC:16:3F:31:28:6C
            X509v3 Authority Key Identifier:
                keyid:92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/rVjBdUZyXRXUdmRJvprcFj8xKGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/kkGtDn_CK_urVnvon2PZgF5euao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.160.0/21
                  141.138.144.0/21
                  178.20.248.0/21
                  185.69.100.0/22
                IPv6:
                  2a01:a680::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:61:66:52:80:90:a1:58:2a:24:21:6b:26:14:fb:50:2b:13:
         03:f2:6c:1b:37:eb:5d:ee:23:9f:00:b0:bf:cf:9a:be:aa:d0:
         ad:5d:1c:48:2c:77:ff:48:13:db:e8:fa:76:8c:51:b9:70:38:
         04:e8:2c:70:00:da:44:69:24:2f:81:56:22:5c:fb:ea:1f:d9:
         de:50:aa:1d:89:cd:68:72:70:46:bc:5a:b0:6e:3d:01:32:72:
         13:a6:51:bd:eb:87:69:32:2e:a5:a2:16:77:7c:99:12:1a:e9:
         31:25:08:bc:f2:80:13:07:f5:76:b6:11:d1:b2:c4:85:59:5b:
         55:38:92:d7:a5:12:9b:0d:95:ea:69:2f:d6:c5:3c:97:bb:72:
         4b:1d:1b:dc:3a:d7:a7:42:5a:93:49:a3:46:37:2c:d1:a7:32:
         40:dc:e4:8b:9c:08:fd:42:8d:22:18:92:9b:ec:d7:03:9b:e7:
         a2:38:e1:70:ae:6f:86:fb:9a:66:7d:17:60:c7:f5:30:9c:a6:
         10:5f:ce:4f:f4:73:32:1f:bf:7c:cd:15:42:38:4b:a4:8c:08:
         f3:82:69:bc:79:c5:a1:53:6f:61:a9:c5:8c:68:af:02:58:b2:
         14:ee:fb:a7:6a:dd:61:55:a2:9d:cf:5d:b6:df:7e:79:14:9c:
         4c:b5:b8:3c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYNaG26uUU7T0j1jurtl8Ta1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDFhZDBlN2ZjMjJiZmJhYjU2N2JlODlmNjNkOTgwNWU1
ZWI5YWEwHhcNMjIwOTIwMDg1NDUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDU4YzE3NTQ2NzI1ZDE1ZDQ3NjY0NDliZTlhZGMxNjNmMzEyODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzWi3Mil1PlsPK1334G6W6rouzA8
GcUFNQvfNnHXUP7UkNaao+KS6kHuAN3Su2OJhEXC9iymqo99KRi+wc/tecI9m3qO
KGbCmmMSeWiQukkRshvLCTzSJ2bdyFiABVoEt9CBDt97iiO3CmCjgkDKdSt+LF8z
gTisCdUZPXGnkSrvcnmC5WN5ZLtour3ro0+j6YkuXu5enzBczkpqwJ2LTJxYo4iz
PQcOZeYO5ja72j1y52iu424xpk5VcxoNIH7axCpY1EPqguDIt8yJG6Z2+Hxnt9g2
9u4sjzoQTF5qS510S/ejqfZytH5CAbSdIdPJrGx4MDDsZmWx7Aykj3llpwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFK1YwXVGcl0V1HZkSb6a3BY/MShsMB8GA1UdIwQY
MBaAFJJBrQ5/wiv7q1Z76J9j2YBeXrmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDkt
NDU0NGM2MTA5NzI5LzEvclZqQmRVWnlYUlhVZG1SSnZwcmNGajh4S0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDktNDU0NGM2MTA5NzI5
LzEva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDXD+gAwQD
jYqQAwQDshT4AwQCuUVkMA0EAgACMAcDBQAqAaaAMA0GCSqGSIb3DQEBCwUAA4IB
AQAEYWZSgJChWCokIWsmFPtQKxMD8mwbN+td7iOfALC/z5q+qtCtXRxILHf/SBPb
6Pp2jFG5cDgE6CxwANpEaSQvgVYiXPvqH9neUKodic1ocnBGvFqwbj0BMnITplG9
64dpMi6lohZ3fJkSGukxJQi88oATB/V2thHRssSFWVtVOJLXpRKbDZXqaS/WxTyX
u3JLHRvcOtenQlqTSaNGNyzRpzJA3OSLnAj9Qo0iGJKb7NcDm+eiOOFwrm+G+5pm
fRdgx/UwnKYQX85P9HMyH798zRVCOEukjAjzgmm8ecWhU29hqcWMaK8CWLIU7vun
at1hVaKdz1223355FJxMtbg8
-----END CERTIFICATE-----