Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Rgen5BIFdl-ZYV5zTTP7SwvqVEA.roa
File:                     Rgen5BIFdl-ZYV5zTTP7SwvqVEA.roa (raw, json)
Hash identifier:          CwpdUNLWAXKT4ocNZhVbfqoyx3UYk76vzo9gbl/Y7/s=
Subject key identifier:   46:07:A7:E4:12:05:76:5F:99:61:5E:73:4D:33:FB:4B:0B:EA:54:40
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01843237D37F953AFA5029B4BCA424C04A1F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Rgen5BIFdl-ZYV5zTTP7SwvqVEA.roa
Signing time:             Tue 01 Nov 2022 08:03:50 +0000
ROA not before:           Tue 01 Nov 2022 08:03:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35346
IP address blocks:        194.114.144.0/24 maxlen: 25
                          194.114.144.128/27 maxlen: 27
                          45.67.116.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          91.242.108.0/22 maxlen: 22
                          91.242.112.0/20 maxlen: 24
                          91.242.112.0/21 maxlen: 24
                          91.242.120.0/21 maxlen: 21
                          91.242.64.0/18 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          2a07:5540::/29 maxlen: 29
                          2a09:4440::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:32:37:d3:7f:95:3a:fa:50:29:b4:bc:a4:24:c0:4a:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Nov  1 08:03:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4607a7e41205765f99615e734d33fb4b0bea5440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e7:1e:25:32:66:e9:94:70:df:6f:cc:d2:87:
                    a4:3a:03:e9:ac:28:93:c7:3c:08:ad:ef:05:d9:b2:
                    4d:61:a4:76:a7:35:60:c9:d9:f0:e9:25:5c:00:c5:
                    b1:c1:d1:1a:56:f6:dc:50:8a:3f:cc:88:7f:3b:e1:
                    70:d9:15:5d:0b:9a:6d:f6:5f:6a:fd:92:22:df:89:
                    ce:cc:f1:9e:cf:84:25:1f:f6:82:4d:21:f5:4d:0c:
                    cb:43:a9:43:19:8f:15:b7:71:7e:1b:32:54:2e:fc:
                    4e:e0:b8:ac:8a:bb:2a:de:db:24:cb:d3:b1:71:91:
                    3c:a1:1e:41:ec:93:a6:1b:5f:aa:60:64:9b:7c:ac:
                    32:fb:27:56:ca:26:c0:1f:23:c5:8b:a7:07:45:64:
                    38:08:30:a3:37:5f:eb:6c:da:61:d3:fb:3a:bf:1c:
                    aa:63:49:29:7a:0c:f5:87:51:d8:26:43:66:ba:e8:
                    6e:ad:f2:ef:dc:5f:61:d8:72:21:4c:64:0f:98:63:
                    20:92:7e:25:b0:90:f5:7f:17:b1:da:68:c7:56:59:
                    ba:e0:87:41:08:2a:7a:2f:59:43:5d:49:3a:37:78:
                    6f:bd:1f:94:a7:17:9b:56:85:3a:85:c1:df:62:b3:
                    d0:dd:43:7f:f3:7c:ac:6f:70:60:7d:00:1c:4a:1e:
                    5d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:07:A7:E4:12:05:76:5F:99:61:5E:73:4D:33:FB:4B:0B:EA:54:40
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Rgen5BIFdl-ZYV5zTTP7SwvqVEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.116.0/24
                  91.242.64.0/18
                  194.114.144.0/24
                IPv6:
                  2a07:5540::/29
                  2a09:4440::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:06:c6:7e:ef:25:3d:6a:4c:ae:20:8e:8b:a0:b0:7d:b2:39:
         98:ef:6f:5d:5d:8f:a2:6b:83:b0:b3:a4:f1:38:78:c4:8b:b9:
         00:b1:0e:ca:c2:31:bc:ce:30:3a:c6:e1:21:2b:7a:b3:b6:23:
         64:0e:31:3e:68:38:d6:c1:a8:db:15:92:f0:fc:f4:f1:5c:eb:
         08:11:27:64:a9:bf:dd:41:cf:ae:5b:86:5f:6a:75:21:61:1f:
         98:56:f1:0d:e1:f2:f4:a4:8a:04:dd:fe:97:69:35:15:9d:cd:
         d5:63:c9:08:42:cd:b4:b3:0f:dd:2d:cc:e3:2a:a9:04:bc:29:
         5f:7b:db:35:19:e9:e2:df:75:59:38:da:53:76:ba:7e:39:ee:
         0f:07:33:ec:18:af:af:32:e2:09:67:3f:5d:56:d5:ba:4c:e1:
         02:62:11:ad:15:c9:2f:10:56:38:d6:47:c7:58:6a:ee:33:46:
         43:44:63:35:2d:82:a1:5b:ee:21:ca:2a:4c:77:4d:c0:a9:2f:
         48:99:68:26:54:58:62:0d:36:c0:b3:9f:e7:ad:3b:e0:8b:a6:
         21:42:ee:64:d4:cd:78:1c:08:e5:2f:98:a9:33:72:9b:ab:cb:
         9c:af:f1:c9:6a:62:1d:50:de:84:17:a8:9c:52:76:c2:4a:62:
         7a:f4:87:2f
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYQyN9N/lTr6UCm0vKQkwEofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMTAxMDgwMzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjA3YTdlNDEyMDU3NjVmOTk2MTVlNzM0ZDMzZmI0YjBiZWE1NDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuceJTJm6ZRw32/M0oekOgPprCiT
xzwIre8F2bJNYaR2pzVgydnw6SVcAMWxwdEaVvbcUIo/zIh/O+Fw2RVdC5pt9l9q
/ZIi34nOzPGez4QlH/aCTSH1TQzLQ6lDGY8Vt3F+GzJULvxO4Lisirsq3tsky9Ox
cZE8oR5B7JOmG1+qYGSbfKwy+ydWyibAHyPFi6cHRWQ4CDCjN1/rbNph0/s6vxyq
Y0kpegz1h1HYJkNmuuhurfLv3F9h2HIhTGQPmGMgkn4lsJD1fxex2mjHVlm64IdB
CCp6L1lDXUk6N3hvvR+UpxebVoU6hcHfYrPQ3UN/83ysb3BgfQAcSh5dtQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFEYHp+QSBXZfmWFec00z+0sL6lRAMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUmdlbjVCSUZkbC1aWVY1elRUUDdTd3ZxVkVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQALUN0AwQG
W/JAAwQAwnKQMBQEAgACMA4DBQMqB1VAAwUDKglEQDANBgkqhkiG9w0BAQsFAAOC
AQEAhwbGfu8lPWpMriCOi6CwfbI5mO9vXV2PomuDsLOk8Th4xIu5ALEOysIxvM4w
OsbhISt6s7YjZA4xPmg41sGo2xWS8Pz08VzrCBEnZKm/3UHPrluGX2p1IWEfmFbx
DeHy9KSKBN3+l2k1FZ3N1WPJCELNtLMP3S3M4yqpBLwpX3vbNRnp4t91WTjaU3a6
fjnuDwcz7BivrzLiCWc/XVbVukzhAmIRrRXJLxBWONZHx1hq7jNGQ0RjNS2CoVvu
IcoqTHdNwKkvSJloJlRYYg02wLOf56074IumIULuZNTNeBwI5S+YqTNym6vLnK/x
yWpiHVDehBeonFJ2wkpievSHLw==
-----END CERTIFICATE-----