Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_CmJPJvDdqDr4qZWpfo7bvzZpX8.roa
File:                     _CmJPJvDdqDr4qZWpfo7bvzZpX8.roa (raw, json)
Hash identifier:          aeZ2O3mzSUR1UoUJtR7QsUWpP9GLarGaWtl4JXvYjwE=
Subject key identifier:   FC:29:89:3C:9B:C3:76:A0:EB:E2:A6:56:A5:FA:3B:6E:FC:D9:A5:7F
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       146DF3D6
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_CmJPJvDdqDr4qZWpfo7bvzZpX8.roa
Signing time:             Thu 24 Mar 2022 19:33:04 +0000
ROA not before:           Thu 24 Mar 2022 19:33:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7029
IP address blocks:        5.182.28.0/22 maxlen: 22
                          194.50.200.0/23 maxlen: 23
                          195.138.96.0/19 maxlen: 24
                          194.50.206.0/23 maxlen: 23
                          45.88.124.0/22 maxlen: 22
                          45.86.20.0/22 maxlen: 22
                          91.242.100.0/23 maxlen: 23
                          91.242.105.0/24 maxlen: 24
                          91.242.108.0/22 maxlen: 22
                          45.15.244.0/22 maxlen: 22
                          91.242.120.0/21 maxlen: 21
                          185.173.244.0/22 maxlen: 24
                          91.242.64.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 342750166 (0x146df3d6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Mar 24 19:33:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fc29893c9bc376a0ebe2a656a5fa3b6efcd9a57f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6f:58:a2:0c:f0:30:69:01:cc:66:87:d6:03:
                    10:53:14:99:b7:52:ce:a1:59:10:bf:91:a8:dd:e8:
                    d9:23:b2:56:b6:21:d3:da:a7:e4:8e:16:6d:6a:1a:
                    4e:43:26:94:18:7b:26:ef:fd:58:7d:e4:ec:09:27:
                    ab:84:2f:62:01:63:f4:31:9b:e2:78:55:0c:a1:00:
                    85:1c:4c:c5:f2:dc:ce:dc:ba:9c:d6:6f:48:a4:ce:
                    da:8d:00:3b:38:5c:52:23:2c:a7:78:f6:d5:e1:31:
                    82:05:99:b3:15:2a:d8:69:7e:52:c1:7b:51:30:9d:
                    df:ff:b1:52:31:5f:4e:b4:ae:e3:99:a7:68:fa:ee:
                    07:b4:4d:7a:54:d1:39:45:29:54:dc:6a:92:2e:67:
                    a2:9a:e5:43:fe:ee:89:ff:26:84:d4:da:da:6c:ba:
                    bb:09:24:9e:35:61:61:cd:18:e4:bf:2a:11:cc:c1:
                    9e:b1:c6:04:41:4f:eb:29:84:6e:1a:2b:e9:e9:ee:
                    ef:e4:ad:c3:3e:fc:f0:4b:45:6e:27:13:5f:e1:a0:
                    03:e3:70:3e:3f:9d:ed:2e:66:00:67:e3:f0:1b:15:
                    9a:54:46:df:b6:f6:f4:77:ba:ed:56:e1:88:75:7f:
                    ba:d3:ab:93:b3:82:96:7d:e3:0c:61:b3:f8:e1:fe:
                    39:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:29:89:3C:9B:C3:76:A0:EB:E2:A6:56:A5:FA:3B:6E:FC:D9:A5:7F
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_CmJPJvDdqDr4qZWpfo7bvzZpX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.28.0/22
                  45.15.244.0/22
                  45.86.20.0/22
                  45.88.124.0/22
                  91.242.64.0/22
                  91.242.100.0/23
                  91.242.105.0/24
                  91.242.108.0/22
                  91.242.120.0/21
                  185.173.244.0/22
                  194.50.200.0/23
                  194.50.206.0/23
                  195.138.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         79:16:71:61:a9:7f:ca:17:34:51:58:82:0c:c1:52:87:b5:f2:
         bd:84:89:9a:3e:19:b0:07:cc:4a:cb:6f:f2:81:8a:49:ee:73:
         d3:8b:d1:29:8a:d7:68:05:fc:49:fd:06:2a:f8:16:e2:0b:fc:
         82:2f:31:88:ec:cf:79:4e:52:e2:9e:a9:e2:16:8d:d2:9c:b7:
         f8:31:45:b4:e0:ef:f9:81:74:2d:37:7d:f0:fe:f6:96:23:75:
         11:f1:7a:7a:8f:2a:5c:48:a8:04:9c:9e:bc:b4:b2:b6:63:3a:
         ff:bd:34:1d:34:d0:38:b8:15:b9:ac:08:97:72:00:f5:3a:ab:
         bf:1b:60:f9:3d:93:65:df:7d:57:75:fd:7a:09:87:bb:03:94:
         c5:95:be:da:3a:89:fd:89:ea:92:50:24:98:f1:64:57:65:7f:
         a5:a8:6c:38:5e:57:f1:6e:fa:a2:64:9a:bb:3e:c3:6e:a0:f0:
         1f:5f:d2:91:05:47:d1:e5:15:4d:cb:a0:c1:55:ee:95:ed:19:
         69:a2:6b:36:b5:e1:12:f6:6d:0d:cd:58:96:d6:03:e6:76:77:
         3f:c3:ab:0b:c5:d2:e5:9c:bf:1d:87:d5:de:07:bf:52:a3:9f:
         b9:03:9c:a5:ce:da:f1:b2:33:0d:b8:3e:cc:34:63:bd:8c:98:
         50:b3:93:82
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIEFG3z1jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YmFiMzA2ODM4NTllYzdlMDIwNmZlOTI2NTM2M2U4ZTM5NzFhOWE4MB4XDTIyMDMy
NDE5MzMwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmMyOTg5M2M5YmMz
NzZhMGViZTJhNjU2YTVmYTNiNmVmY2Q5YTU3ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKtvWKIM8DBpAcxmh9YDEFMUmbdSzqFZEL+RqN3o2SOyVrYh
09qn5I4WbWoaTkMmlBh7Ju/9WH3k7Aknq4QvYgFj9DGb4nhVDKEAhRxMxfLczty6
nNZvSKTO2o0AOzhcUiMsp3j21eExggWZsxUq2Gl+UsF7UTCd3/+xUjFfTrSu45mn
aPruB7RNelTROUUpVNxqki5noprlQ/7uif8mhNTa2my6uwkknjVhYc0Y5L8qEczB
nrHGBEFP6ymEbhor6enu7+Stwz788EtFbicTX+GgA+NwPj+d7S5mAGfj8BsVmlRG
37b29He67VbhiHV/utOrk7OCln3jDGGz+OH+OSkCAwEAAaOCAlEwggJNMB0GA1Ud
DgQWBBT8KYk8m8N2oOviplal+jtu/NmlfzAfBgNVHSMEGDAWgBSLqzBoOFnsfgIG
/pJlNj6OOXGpqDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2k2c3dhRGhaN0g0Q0J2NlNaVFktampseHFhZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8x
L19DbUpQSnZEZHFEcjRxWldwZm83YnZ6WnBYOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
ODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8xL2k2c3dhRGhaN0g0
Q0J2NlNaVFktampseHFhZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBn
BggrBgEFBQcBBwEB/wRYMFYwVAQCAAEwTgMEAgW2HAMEAi0P9AMEAi1WFAMEAi1Y
fAMEAlvyQAMEAVvyZAMEAFvyaQMEAlvybAMEA1vyeAMEArmt9AMEAcIyyAMEAcIy
zgMEBcOKYDANBgkqhkiG9w0BAQsFAAOCAQEAeRZxYal/yhc0UViCDMFSh7XyvYSJ
mj4ZsAfMSstv8oGKSe5z04vRKYrXaAX8Sf0GKvgW4gv8gi8xiOzPeU5S4p6p4haN
0py3+DFFtODv+YF0LTd98P72liN1EfF6eo8qXEioBJyevLSytmM6/700HTTQOLgV
uawIl3IA9Tqrvxtg+T2TZd99V3X9egmHuwOUxZW+2jqJ/YnqklAkmPFkV2V/pahs
OF5X8W76omSauz7DbqDwH1/SkQVH0eUVTcugwVXule0ZaaJrNrXhEvZtDc1YltYD
5nZ3P8OrC8XS5Zy/HYfV3ge/UqOfuQOcpc7a8bIzDbg+zDRjvYyYULOTgg==
-----END CERTIFICATE-----