Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/ZuwNTg_MZURchvaTWuvfHVVQjOQ.roa
File:                     ZuwNTg_MZURchvaTWuvfHVVQjOQ.roa (raw, json)
Hash identifier:          93TPMGNitvVGksuBEXC7h5Y1MybaqhRYqOD+zCkEvSI=
Subject key identifier:   66:EC:0D:4E:0F:CC:65:44:5C:86:F6:93:5A:EB:DF:1D:55:50:8C:E4
Certificate issuer:       /CN=be8c0a74f47312df298a46095e47525d515854a1
Certificate serial:       0184852F5ADDAB015FE8E0B27DFAE5E98645
Authority key identifier: BE:8C:0A:74:F4:73:12:DF:29:8A:46:09:5E:47:52:5D:51:58:54:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vowKdPRzEt8pikYJXkdSXVFYVKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/ZuwNTg_MZURchvaTWuvfHVVQjOQ.roa
Signing time:             Thu 17 Nov 2022 10:43:03 +0000
ROA not before:           Thu 17 Nov 2022 10:43:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12963
IP address blocks:        94.232.210.0/24 maxlen: 24
                          94.232.211.0/24 maxlen: 24
                          94.232.212.0/24 maxlen: 24
                          176.97.3.0/24 maxlen: 24
                          176.97.4.0/22 maxlen: 22
                          176.97.2.0/24 maxlen: 24
                          91.218.72.0/24 maxlen: 24
                          91.218.73.0/24 maxlen: 24
                          91.218.74.0/24 maxlen: 24
                          91.218.75.0/24 maxlen: 24
                          91.197.168.0/24 maxlen: 24
                          91.197.169.0/24 maxlen: 24
                          91.197.170.0/24 maxlen: 24
                          91.197.171.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:85:2f:5a:dd:ab:01:5f:e8:e0:b2:7d:fa:e5:e9:86:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be8c0a74f47312df298a46095e47525d515854a1
        Validity
            Not Before: Nov 17 10:43:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=66ec0d4e0fcc65445c86f6935aebdf1d55508ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d5:e0:cb:00:b3:2d:05:ab:b6:ae:38:9c:58:
                    e1:a1:c9:7f:58:ca:02:3f:c3:bf:4f:82:55:c7:a8:
                    3c:5f:64:d9:e6:31:f2:f1:b0:26:52:08:2f:85:bf:
                    aa:4a:19:bb:65:20:f1:d7:87:f5:ac:08:15:b6:85:
                    75:6b:1c:5c:ff:1a:a4:e4:fd:2e:16:5c:bc:76:84:
                    7f:c9:18:8e:1b:f3:5e:34:88:41:7e:9e:96:00:ab:
                    c6:24:79:d9:46:b5:64:0e:45:6a:87:ae:3e:2f:26:
                    56:bf:dd:2c:76:6c:62:ed:2a:96:35:54:33:62:d5:
                    90:5a:98:a4:64:ae:88:62:02:fd:fb:8e:cb:cc:cd:
                    f7:c0:da:8a:fe:f7:27:13:5a:1e:51:0a:4c:8b:85:
                    8c:ad:de:8f:71:cd:7a:d5:8b:b4:9e:b4:83:00:14:
                    1b:bd:7f:05:db:9b:7f:39:53:67:a2:89:23:3c:1e:
                    02:a3:d0:21:e1:07:46:4b:e7:c4:e9:14:ae:82:bf:
                    93:45:f2:45:85:94:cb:be:1c:e3:e4:26:66:74:ec:
                    d4:5b:8c:e1:d9:5d:03:f0:3e:11:b2:ce:78:2a:34:
                    ff:2c:7f:41:ef:f8:4f:d6:72:90:e5:43:0a:41:12:
                    54:1b:53:8a:a8:f4:35:08:66:69:08:41:b9:f0:f5:
                    af:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:EC:0D:4E:0F:CC:65:44:5C:86:F6:93:5A:EB:DF:1D:55:50:8C:E4
            X509v3 Authority Key Identifier:
                keyid:BE:8C:0A:74:F4:73:12:DF:29:8A:46:09:5E:47:52:5D:51:58:54:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vowKdPRzEt8pikYJXkdSXVFYVKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/ZuwNTg_MZURchvaTWuvfHVVQjOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/vowKdPRzEt8pikYJXkdSXVFYVKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.168.0/22
                  91.218.72.0/22
                  94.232.210.0-94.232.212.255
                  176.97.2.0-176.97.7.255

    Signature Algorithm: sha256WithRSAEncryption
         42:d1:76:b0:5c:d4:02:92:44:78:ac:75:eb:e0:f3:a0:a4:c3:
         95:49:6f:df:41:a6:6d:e8:e7:c6:95:ef:d6:7f:ba:11:ae:da:
         6a:04:18:4d:6c:53:8e:f1:04:09:2c:15:df:9c:ed:cd:32:b3:
         e5:0b:cc:a2:9c:3b:36:1d:78:64:44:aa:3b:de:37:b9:fc:f8:
         d2:06:c6:c3:2a:21:9b:33:72:97:ce:d9:97:aa:8d:e2:16:70:
         ac:9a:2e:a4:82:1f:94:56:e6:14:c7:3d:91:92:e9:eb:f0:d7:
         35:72:ab:c8:45:3f:4a:05:f3:65:c2:ff:2c:2a:5f:81:2d:21:
         6a:9e:d6:33:d8:24:38:27:bb:9f:d0:28:76:16:71:22:c9:60:
         d7:2c:8d:cc:ae:c9:93:87:09:b9:8f:24:a2:e2:e9:ad:45:ea:
         8c:f6:1a:f5:32:08:09:bc:8e:51:15:42:94:8d:c7:f8:47:d7:
         04:50:63:42:b2:ad:16:e4:e6:8b:61:1e:af:12:8c:29:64:83:
         56:c0:b0:eb:3b:b2:79:70:b4:b0:ac:80:0d:d3:e6:3d:d9:14:
         f2:47:6c:63:75:cc:08:3d:c0:19:0e:fb:d1:d6:7e:8b:fb:c4:
         6a:e8:58:b1:1d:58:f3:e3:6e:ce:59:fd:39:71:51:9a:d2:4b:
         c7:26:6d:f2
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYSFL1rdqwFf6OCyffrl6YZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlOGMwYTc0ZjQ3MzEyZGYyOThhNDYwOTVlNDc1MjVkNTE1
ODU0YTEwHhcNMjIxMTE3MTA0MzAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmVjMGQ0ZTBmY2M2NTQ0NWM4NmY2OTM1YWViZGYxZDU1NTA4Y2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtXgywCzLQWrtq44nFjhocl/WMoC
P8O/T4JVx6g8X2TZ5jHy8bAmUggvhb+qShm7ZSDx14f1rAgVtoV1axxc/xqk5P0u
Fly8doR/yRiOG/NeNIhBfp6WAKvGJHnZRrVkDkVqh64+LyZWv90sdmxi7SqWNVQz
YtWQWpikZK6IYgL9+47LzM33wNqK/vcnE1oeUQpMi4WMrd6Pcc161Yu0nrSDABQb
vX8F25t/OVNnookjPB4Co9Ah4QdGS+fE6RSugr+TRfJFhZTLvhzj5CZmdOzUW4zh
2V0D8D4Rss54KjT/LH9B7/hP1nKQ5UMKQRJUG1OKqPQ1CGZpCEG58PWvmQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFGbsDU4PzGVEXIb2k1rr3x1VUIzkMB8GA1UdIwQY
MBaAFL6MCnT0cxLfKYpGCV5HUl1RWFShMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm93S2RQUnpFdDhwaWtZSlhrZFNYVkZZVktFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9mYzgwZjAtNWMyNy00ODk4LTg0YWMt
MjhlNDE2Y2YxMWNmLzEvWnV3TlRnX01aVVJjaHZhVFd1dmZIVlZRak9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9mYzgwZjAtNWMyNy00ODk4LTg0YWMtMjhlNDE2Y2YxMWNm
LzEvdm93S2RQUnpFdDhwaWtZSlhrZFNYVkZZVktFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCW8WoAwQC
W9pIMAwDBAFe6NIDBABe6NQwDAMEAbBhAgMEA7BhADANBgkqhkiG9w0BAQsFAAOC
AQEAQtF2sFzUApJEeKx16+DzoKTDlUlv30GmbejnxpXv1n+6Ea7aagQYTWxTjvEE
CSwV35ztzTKz5QvMopw7Nh14ZESqO943ufz40gbGwyohmzNyl87Zl6qN4hZwrJou
pIIflFbmFMc9kZLp6/DXNXKryEU/SgXzZcL/LCpfgS0hap7WM9gkOCe7n9AodhZx
Islg1yyNzK7Jk4cJuY8kouLprUXqjPYa9TIICbyOURVClI3H+EfXBFBjQrKtFuTm
i2EerxKMKWSDVsCw6zuyeXC0sKyADdPmPdkU8kdsY3XMCD3AGQ770dZ+i/vEauhY
sR1Y8+Nuzln9OXFRmtJLxyZt8g==
-----END CERTIFICATE-----