Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1RHpYAT_hLe18l-ZX--JLXSLqmI.roa
File:                     1RHpYAT_hLe18l-ZX--JLXSLqmI.roa (raw, json)
Hash identifier:          5mIE5iHmHbKApjIg9BgSOsF1ziLVP4xROIH3O1i78Qk=
Subject key identifier:   D5:11:E9:60:04:FF:84:B7:B5:F2:5F:99:5F:EF:89:2D:74:8B:AA:62
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0184D40EC5A3E087DEFD7DC7E93C82F913A5
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1RHpYAT_hLe18l-ZX--JLXSLqmI.roa
Signing time:             Fri 02 Dec 2022 18:17:28 +0000
ROA not before:           Fri 02 Dec 2022 18:17:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35346
IP address blocks:        194.114.144.0/24 maxlen: 25
                          194.114.144.128/27 maxlen: 27
                          45.67.116.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          91.242.108.0/22 maxlen: 22
                          91.242.112.0/20 maxlen: 24
                          91.242.112.0/21 maxlen: 24
                          91.242.120.0/21 maxlen: 21
                          178.175.176.0/22 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.64.0/18 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          2a07:5540::/29 maxlen: 29
                          2a09:4440::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d4:0e:c5:a3:e0:87:de:fd:7d:c7:e9:3c:82:f9:13:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Dec  2 18:17:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d511e96004ff84b7b5f25f995fef892d748baa62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0a:e6:98:8f:eb:3c:bf:01:2d:5e:af:e7:b4:
                    64:83:64:6d:4d:b7:4a:02:d8:e7:4b:d0:7c:76:46:
                    ee:ac:3d:3f:b3:5b:9a:18:71:81:8a:5c:ec:7b:c8:
                    59:2c:bc:9d:86:d8:1a:c6:16:a0:bf:00:ae:25:a6:
                    b7:a0:33:b3:bb:47:52:f8:11:6e:1f:87:0d:bb:2b:
                    51:a8:50:52:25:17:55:99:a9:1b:5b:2d:bc:ab:3e:
                    51:d6:2c:23:d8:d6:30:c8:fc:78:33:60:7f:c6:ca:
                    6c:27:b1:b9:f3:8c:bb:ff:78:0d:d5:74:10:13:3b:
                    6d:60:1f:59:20:08:51:3f:68:d0:ad:8b:a2:64:11:
                    ce:c7:e9:8a:a4:e2:e3:20:2f:30:a4:95:56:e0:8e:
                    0a:62:46:25:56:6d:7c:be:6b:67:77:2e:e7:af:83:
                    c2:29:05:b4:bb:a5:ee:9a:ab:e5:a1:f7:7b:f4:80:
                    31:0b:71:fa:c3:f0:e8:38:f0:c4:c3:24:ed:57:6d:
                    c3:e5:27:c8:28:42:a4:ff:fb:98:0f:d5:cd:94:10:
                    74:fc:6a:1e:ff:75:39:bd:74:73:f1:9a:fa:04:5b:
                    d7:06:69:22:14:13:37:f7:f0:68:01:67:90:4d:9e:
                    99:19:ec:07:5f:db:17:af:e9:5b:1b:ae:1e:7e:23:
                    08:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:11:E9:60:04:FF:84:B7:B5:F2:5F:99:5F:EF:89:2D:74:8B:AA:62
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1RHpYAT_hLe18l-ZX--JLXSLqmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.116.0/24
                  91.242.64.0/18
                  178.175.176.0/22
                  194.114.144.0/24
                IPv6:
                  2a07:5540::/29
                  2a09:4440::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:16:a4:36:b4:27:87:db:cd:37:e0:b3:65:88:44:e7:84:ed:
         fa:b8:73:51:31:bd:03:aa:f8:5b:79:b7:03:f1:f0:28:e0:e0:
         65:45:75:ca:24:69:25:36:21:39:f3:40:05:d5:85:37:ea:fe:
         20:57:84:86:e0:0d:ca:7b:2a:53:69:4d:ad:39:4d:89:a7:77:
         0e:e4:1d:4a:e9:49:42:e3:26:43:19:0c:0c:2b:34:ee:09:91:
         22:9b:4e:7e:49:7a:e6:da:1b:ef:f4:c0:aa:77:65:0f:b8:15:
         a4:c6:0f:ac:53:89:16:57:29:a5:05:fc:de:5d:29:5e:70:34:
         3e:cb:5a:ec:35:a6:92:c7:d9:0d:65:bd:07:3e:92:b5:a2:16:
         f5:84:cf:d0:58:30:5d:0b:77:f0:a7:4c:06:c7:d3:ff:be:f7:
         68:a6:b7:fc:6f:92:cb:77:c8:68:49:08:e6:56:44:76:b4:9a:
         f8:b6:aa:d5:8b:a9:bf:f1:ee:a7:28:e2:ce:fc:d1:61:95:47:
         12:af:8c:03:b6:0b:12:05:3e:45:1b:94:2e:17:b3:74:c1:2c:
         80:35:2f:72:01:37:99:12:32:8f:d6:1e:04:35:21:ca:79:cf:
         39:fe:45:7e:aa:df:18:93:49:ea:bb:f7:ca:3f:3d:db:23:93:
         1a:be:a1:9f
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYTUDsWj4Ife/X3H6TyC+ROlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMjAyMTgxNzI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTExZTk2MDA0ZmY4NGI3YjVmMjVmOTk1ZmVmODkyZDc0OGJhYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQrmmI/rPL8BLV6v57Rkg2RtTbdK
AtjnS9B8dkburD0/s1uaGHGBilzse8hZLLydhtgaxhagvwCuJaa3oDOzu0dS+BFu
H4cNuytRqFBSJRdVmakbWy28qz5R1iwj2NYwyPx4M2B/xspsJ7G584y7/3gN1XQQ
EzttYB9ZIAhRP2jQrYuiZBHOx+mKpOLjIC8wpJVW4I4KYkYlVm18vmtndy7nr4PC
KQW0u6Xumqvlofd79IAxC3H6w/DoOPDEwyTtV23D5SfIKEKk//uYD9XNlBB0/Goe
/3U5vXRz8Zr6BFvXBmkiFBM39/BoAWeQTZ6ZGewHX9sXr+lbG64efiMIhwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFNUR6WAE/4S3tfJfmV/viS10i6piMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvMVJIcFlBVF9oTGUxOGwtWlgtLUpMWFNMcW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQALUN0AwQG
W/JAAwQCsq+wAwQAwnKQMBQEAgACMA4DBQMqB1VAAwUDKglEQDANBgkqhkiG9w0B
AQsFAAOCAQEAohakNrQnh9vNN+CzZYhE54Tt+rhzUTG9A6r4W3m3A/HwKODgZUV1
yiRpJTYhOfNABdWFN+r+IFeEhuANynsqU2lNrTlNiad3DuQdSulJQuMmQxkMDCs0
7gmRIptOfkl65tob7/TAqndlD7gVpMYPrFOJFlcppQX83l0pXnA0Psta7DWmksfZ
DWW9Bz6StaIW9YTP0FgwXQt38KdMBsfT/773aKa3/G+Sy3fIaEkI5lZEdrSa+Laq
1Yupv/HupyjizvzRYZVHEq+MA7YLEgU+RRuULhezdMEsgDUvcgE3mRIyj9YeBDUh
ynnPOf5FfqrfGJNJ6rv3yj892yOTGr6hnw==
-----END CERTIFICATE-----