Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/L2Rrh4ZFFmk4YCH8TcFHjnaQ0Bo.roa
File:                     L2Rrh4ZFFmk4YCH8TcFHjnaQ0Bo.roa (raw, json)
Hash identifier:          KxBSMcbD9ZUVeV3UOusA0ALzM4MiPMWcfarBShg6mmY=
Subject key identifier:   2F:64:6B:87:86:45:16:69:38:60:21:FC:4D:C1:47:8E:76:90:D0:1A
Certificate issuer:       /CN=be8c0a74f47312df298a46095e47525d515854a1
Certificate serial:       018498CB60E326C7DA49D8480B06180DF8BC
Authority key identifier: BE:8C:0A:74:F4:73:12:DF:29:8A:46:09:5E:47:52:5D:51:58:54:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vowKdPRzEt8pikYJXkdSXVFYVKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/L2Rrh4ZFFmk4YCH8TcFHjnaQ0Bo.roa
Signing time:             Mon 21 Nov 2022 06:06:16 +0000
ROA not before:           Mon 21 Nov 2022 06:06:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12963
IP address blocks:        94.232.210.0/24 maxlen: 24
                          94.232.211.0/24 maxlen: 24
                          94.232.212.0/24 maxlen: 24
                          176.97.3.0/24 maxlen: 24
                          176.97.4.0/22 maxlen: 22
                          176.97.0.0/23 maxlen: 23
                          176.97.2.0/24 maxlen: 24
                          91.218.72.0/24 maxlen: 24
                          91.218.73.0/24 maxlen: 24
                          91.218.74.0/24 maxlen: 24
                          91.218.75.0/24 maxlen: 24
                          91.197.168.0/24 maxlen: 24
                          91.197.169.0/24 maxlen: 24
                          91.197.170.0/24 maxlen: 24
                          91.197.171.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:98:cb:60:e3:26:c7:da:49:d8:48:0b:06:18:0d:f8:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be8c0a74f47312df298a46095e47525d515854a1
        Validity
            Not Before: Nov 21 06:06:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2f646b8786451669386021fc4dc1478e7690d01a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d6:df:de:7f:47:41:bb:f2:40:6d:34:10:01:
                    cc:4f:3c:1d:0c:31:e8:55:c3:62:c0:4b:1d:78:70:
                    9d:13:a1:55:3c:74:9f:2f:93:1a:2c:bd:bb:08:02:
                    1c:d5:39:05:28:6a:d9:95:26:f1:8d:ff:4b:f0:8d:
                    24:24:4c:76:2d:c7:84:7d:24:13:c3:d8:5f:6a:0a:
                    58:1e:12:2c:e5:a6:2c:3c:fa:e7:f1:56:81:ca:8f:
                    b2:4b:5e:ec:0b:f6:33:c4:ad:ce:51:b5:62:33:f3:
                    e0:6b:71:36:b0:96:fb:96:94:74:22:2e:36:e7:80:
                    67:b7:88:0f:72:e0:81:b5:4d:66:9c:e7:7e:fd:57:
                    15:46:55:f6:aa:ea:d7:84:95:62:14:6a:10:82:ed:
                    86:5b:ec:9d:d8:27:ad:c6:81:dd:de:2a:be:03:4a:
                    03:46:c5:dd:3e:96:45:b7:69:75:a0:fb:69:7e:42:
                    e3:6a:bd:f2:44:19:22:db:4a:fe:ab:38:88:5e:9e:
                    e4:90:67:cd:9f:4d:4d:5b:38:5d:a4:93:09:ce:98:
                    f0:b0:43:af:c9:78:2f:52:60:0b:67:c9:2c:7c:74:
                    f8:e2:69:de:82:be:39:e4:b4:f7:ba:f2:01:52:28:
                    9f:64:52:43:f0:6c:81:59:9b:20:f6:7e:e1:19:36:
                    b5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:64:6B:87:86:45:16:69:38:60:21:FC:4D:C1:47:8E:76:90:D0:1A
            X509v3 Authority Key Identifier:
                keyid:BE:8C:0A:74:F4:73:12:DF:29:8A:46:09:5E:47:52:5D:51:58:54:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vowKdPRzEt8pikYJXkdSXVFYVKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/L2Rrh4ZFFmk4YCH8TcFHjnaQ0Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/vowKdPRzEt8pikYJXkdSXVFYVKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.168.0/22
                  91.218.72.0/22
                  94.232.210.0-94.232.212.255
                  176.97.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:95:4c:74:ca:56:28:aa:f1:f3:cf:a1:94:01:f9:3c:d3:84:
         ea:56:44:fb:4b:4a:e1:6a:45:bf:18:ba:3b:4a:34:cb:32:51:
         e4:a5:a7:31:98:49:b9:c5:16:53:37:9d:f2:44:69:1d:4d:70:
         d9:24:c6:b0:1d:6c:00:0d:51:a9:fc:23:32:cf:fe:4f:20:e8:
         86:b1:a3:aa:91:8c:c0:30:fc:4a:85:bb:37:fc:95:09:4b:66:
         f6:dc:17:5a:f3:33:1b:7d:b0:af:3d:72:d0:7b:b5:51:66:a8:
         b9:f6:a6:69:74:f2:67:6c:bf:07:f1:b1:81:69:76:89:68:9f:
         6e:f6:4b:f6:58:4a:f0:3e:1a:78:d6:1d:de:c2:01:f6:60:b1:
         fc:c0:1e:f9:1f:c1:a1:ae:a5:b4:e2:a0:9b:6e:91:36:83:9d:
         05:5d:f8:e3:d5:f9:7b:37:33:fd:a3:f6:7b:14:05:0a:d3:2d:
         e9:d8:d9:93:24:70:b9:cd:28:ac:cb:48:80:e3:f0:43:fa:78:
         ae:eb:c7:5e:6a:a8:dc:49:a1:f7:98:83:87:b7:b9:75:1e:5e:
         a2:33:fc:9d:19:f6:f6:a8:76:5c:b3:60:b0:96:7d:bf:9a:ec:
         45:b7:20:3e:85:87:8d:86:9f:8e:a7:20:f6:a8:51:49:ad:69:
         ca:24:69:a3
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYSYy2DjJsfaSdhICwYYDfi8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlOGMwYTc0ZjQ3MzEyZGYyOThhNDYwOTVlNDc1MjVkNTE1
ODU0YTEwHhcNMjIxMTIxMDYwNjE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjY0NmI4Nzg2NDUxNjY5Mzg2MDIxZmM0ZGMxNDc4ZTc2OTBkMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNbf3n9HQbvyQG00EAHMTzwdDDHo
VcNiwEsdeHCdE6FVPHSfL5MaLL27CAIc1TkFKGrZlSbxjf9L8I0kJEx2LceEfSQT
w9hfagpYHhIs5aYsPPrn8VaByo+yS17sC/YzxK3OUbViM/Pga3E2sJb7lpR0Ii42
54Bnt4gPcuCBtU1mnOd+/VcVRlX2qurXhJViFGoQgu2GW+yd2CetxoHd3iq+A0oD
RsXdPpZFt2l1oPtpfkLjar3yRBki20r+qziIXp7kkGfNn01NWzhdpJMJzpjwsEOv
yXgvUmALZ8ksfHT44mnegr455LT3uvIBUiifZFJD8GyBWZsg9n7hGTa1rwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFC9ka4eGRRZpOGAh/E3BR452kNAaMB8GA1UdIwQY
MBaAFL6MCnT0cxLfKYpGCV5HUl1RWFShMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm93S2RQUnpFdDhwaWtZSlhrZFNYVkZZVktFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9mYzgwZjAtNWMyNy00ODk4LTg0YWMt
MjhlNDE2Y2YxMWNmLzEvTDJScmg0WkZGbWs0WUNIOFRjRkhqbmFRMEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9mYzgwZjAtNWMyNy00ODk4LTg0YWMtMjhlNDE2Y2YxMWNm
LzEvdm93S2RQUnpFdDhwaWtZSlhrZFNYVkZZVktFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCW8WoAwQC
W9pIMAwDBAFe6NIDBABe6NQDBAOwYQAwDQYJKoZIhvcNAQELBQADggEBAEKVTHTK
Viiq8fPPoZQB+TzThOpWRPtLSuFqRb8YujtKNMsyUeSlpzGYSbnFFlM3nfJEaR1N
cNkkxrAdbAANUan8IzLP/k8g6Iaxo6qRjMAw/EqFuzf8lQlLZvbcF1rzMxt9sK89
ctB7tVFmqLn2pml08mdsvwfxsYFpdolon272S/ZYSvA+GnjWHd7CAfZgsfzAHvkf
waGupbTioJtukTaDnQVd+OPV+Xs3M/2j9nsUBQrTLenY2ZMkcLnNKKzLSIDj8EP6
eK7rx15qqNxJofeYg4e3uXUeXqIz/J0Z9vaodlyzYLCWfb+a7EW3ID6Fh42Gn46n
IPaoUUmtacokaaM=
-----END CERTIFICATE-----