Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/866015-28e9-4898-98ac-a35d51d6dc54/1/hjsinGR1yt7ATzXy_DyvgCDtOlU.roa
File:                     hjsinGR1yt7ATzXy_DyvgCDtOlU.roa (raw, json)
Hash identifier:          jRRkTD1QZe4tvcelzIwM57zoDwE5uhJ39KXqgA8Qu28=
Subject key identifier:   86:3B:22:9C:64:75:CA:DE:C0:4F:35:F2:FC:3C:AF:80:20:ED:3A:55
Certificate issuer:       /CN=f537b74a94fc472561ac7973ede288842fcf0044
Certificate serial:       0CAC2167
Authority key identifier: F5:37:B7:4A:94:FC:47:25:61:AC:79:73:ED:E2:88:84:2F:CF:00:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Te3SpT8RyVhrHlz7eKIhC_PAEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/866015-28e9-4898-98ac-a35d51d6dc54/1/hjsinGR1yt7ATzXy_DyvgCDtOlU.roa
Signing time:             Sat 01 Jan 2022 06:04:09 +0000
ROA not before:           Sat 01 Jan 2022 06:04:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39232
IP address blocks:        91.242.0.0/23 maxlen: 23
                          91.242.2.0/23 maxlen: 23
                          91.242.0.0/19 maxlen: 19
                          91.242.0.0/20 maxlen: 20
                          91.242.4.0/23 maxlen: 23
                          91.242.10.0/23 maxlen: 23
                          91.242.9.0/24 maxlen: 24
                          91.242.8.0/24 maxlen: 24
                          91.242.7.0/24 maxlen: 24
                          91.242.6.0/24 maxlen: 24
                          91.242.14.0/24 maxlen: 24
                          91.242.12.0/23 maxlen: 23
                          91.242.16.0/20 maxlen: 20
                          91.242.17.0/24 maxlen: 24
                          91.242.16.0/24 maxlen: 24
                          91.242.15.0/24 maxlen: 24
                          91.242.24.0/24 maxlen: 24
                          91.242.20.0/22 maxlen: 22
                          91.242.19.0/24 maxlen: 24
                          91.242.18.0/24 maxlen: 24
                          91.242.28.0/23 maxlen: 23
                          91.242.27.0/24 maxlen: 24
                          91.242.26.0/23 maxlen: 23
                          91.242.26.0/24 maxlen: 24
                          91.242.25.0/24 maxlen: 24
                          91.242.31.0/24 maxlen: 24
                          91.242.30.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 212607335 (0xcac2167)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f537b74a94fc472561ac7973ede288842fcf0044
        Validity
            Not Before: Jan  1 06:04:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=863b229c6475cadec04f35f2fc3caf8020ed3a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ff:c6:63:24:eb:27:53:fa:27:e0:ec:97:85:
                    21:1d:71:9e:ed:cd:5e:ea:cf:de:f8:cb:73:9d:f6:
                    6b:50:b0:96:12:df:c7:1f:3e:12:8f:47:48:7f:e5:
                    3c:8a:39:f9:8f:bf:32:9c:d3:6b:9b:ae:54:55:c3:
                    c7:57:50:cd:ee:e7:bd:c7:6b:90:1c:a6:5f:d3:6c:
                    c5:26:17:70:41:79:82:75:db:38:7d:d8:cd:85:c1:
                    c4:af:49:f0:cc:21:51:49:e6:3f:94:d4:d9:c3:8c:
                    b8:51:7e:ca:ee:2d:14:85:94:27:99:96:59:b7:97:
                    4b:ac:a5:94:ba:bd:c5:27:b2:8c:0a:c8:c8:1c:a0:
                    e8:57:88:33:c4:6b:db:d6:71:10:db:c7:cf:06:94:
                    b2:ae:c0:cd:ee:de:a5:8e:09:ea:20:cc:08:fc:f4:
                    74:bb:30:cc:3a:b2:af:90:aa:0e:8a:c2:3f:bf:c6:
                    83:ed:d8:23:fd:9f:a7:32:25:2a:23:ca:f2:be:6c:
                    e9:4d:58:df:a9:32:88:bc:f7:be:3a:af:55:e0:b1:
                    17:0d:2a:6d:a7:9c:60:d5:82:36:6e:e2:f2:31:c2:
                    9c:5d:cb:da:d2:2f:ba:27:23:60:10:33:4d:62:1e:
                    20:0d:24:65:7e:99:ad:de:3a:4c:8a:07:4d:ee:61:
                    49:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:3B:22:9C:64:75:CA:DE:C0:4F:35:F2:FC:3C:AF:80:20:ED:3A:55
            X509v3 Authority Key Identifier:
                keyid:F5:37:B7:4A:94:FC:47:25:61:AC:79:73:ED:E2:88:84:2F:CF:00:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Te3SpT8RyVhrHlz7eKIhC_PAEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/866015-28e9-4898-98ac-a35d51d6dc54/1/hjsinGR1yt7ATzXy_DyvgCDtOlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/866015-28e9-4898-98ac-a35d51d6dc54/1/9Te3SpT8RyVhrHlz7eKIhC_PAEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         43:20:3a:be:d3:1b:2d:1a:50:35:1f:20:2e:39:d8:78:d2:d5:
         b1:1b:3e:a3:98:7c:ce:37:01:45:a4:ff:3e:15:f8:0c:d3:d3:
         5e:37:9b:93:94:76:00:dc:de:7b:80:88:96:0a:ad:6d:ac:32:
         ad:db:d4:a2:f9:87:29:5c:c0:e7:f5:35:5f:35:3e:6a:ff:d3:
         b1:28:c2:24:cb:aa:95:ef:a8:56:64:d9:23:f0:f8:8b:6b:b2:
         c1:75:21:2d:82:0d:50:c8:34:4f:c5:0f:ec:71:6f:7c:f8:19:
         d2:51:17:a0:3e:1b:89:60:47:72:5b:86:8a:c9:39:1a:f6:9b:
         c2:90:3f:ff:5d:a3:ff:84:bd:67:56:02:34:5a:8d:cd:c4:10:
         72:25:2f:ca:c8:d9:66:3c:6c:19:6f:20:e8:35:dc:13:85:64:
         0b:d2:95:6d:fc:64:ab:36:4d:29:69:ce:bf:48:63:63:b9:de:
         44:2f:a5:df:06:62:77:33:87:40:11:9b:bf:71:db:3f:a5:d8:
         3f:f3:c6:62:85:40:4e:0f:93:9b:43:10:f1:69:98:f2:ac:53:
         f6:aa:c2:58:c7:83:f4:1e:11:e8:38:da:56:84:ca:9e:47:22:
         e3:28:36:e0:23:8d:90:1d:f5:0e:c1:99:c1:32:d5:6a:f7:4c:
         8a:96:74:8a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDKwhZzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
NTM3Yjc0YTk0ZmM0NzI1NjFhYzc5NzNlZGUyODg4NDJmY2YwMDQ0MB4XDTIyMDEw
MTA2MDQwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODYzYjIyOWM2NDc1
Y2FkZWMwNGYzNWYyZmMzY2FmODAyMGVkM2E1NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMP/xmMk6ydT+ifg7JeFIR1xnu3NXurP3vjLc532a1CwlhLf
xx8+Eo9HSH/lPIo5+Y+/MpzTa5uuVFXDx1dQze7nvcdrkBymX9NsxSYXcEF5gnXb
OH3YzYXBxK9J8MwhUUnmP5TU2cOMuFF+yu4tFIWUJ5mWWbeXS6yllLq9xSeyjArI
yByg6FeIM8Rr29ZxENvHzwaUsq7Aze7epY4J6iDMCPz0dLswzDqyr5CqDorCP7/G
g+3YI/2fpzIlKiPK8r5s6U1Y36kyiLz3vjqvVeCxFw0qbaecYNWCNm7i8jHCnF3L
2tIvuicjYBAzTWIeIA0kZX6Zrd46TIoHTe5hSckCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSGOyKcZHXK3sBPNfL8PK+AIO06VTAfBgNVHSMEGDAWgBT1N7dKlPxHJWGs
eXPt4oiEL88ARDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzlUZTNTcFQ4UnlWaHJIbHo3ZUtJaENfUEFFUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmQvODY2MDE1LTI4ZTktNDg5OC05OGFjLWEzNWQ1MWQ2ZGM1NC8x
L2hqc2luR1IxeXQ3QVR6WHlfRHl2Z0NEdE9sVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQv
ODY2MDE1LTI4ZTktNDg5OC05OGFjLWEzNWQ1MWQ2ZGM1NC8xLzlUZTNTcFQ4UnlW
aHJIbHo3ZUtJaENfUEFFUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBVvyADANBgkqhkiG9w0BAQsFAAOC
AQEAQyA6vtMbLRpQNR8gLjnYeNLVsRs+o5h8zjcBRaT/PhX4DNPTXjebk5R2ANze
e4CIlgqtbawyrdvUovmHKVzA5/U1XzU+av/TsSjCJMuqle+oVmTZI/D4i2uywXUh
LYINUMg0T8UP7HFvfPgZ0lEXoD4biWBHcluGisk5GvabwpA//12j/4S9Z1YCNFqN
zcQQciUvysjZZjxsGW8g6DXcE4VkC9KVbfxkqzZNKWnOv0hjY7neRC+l3wZidzOH
QBGbv3HbP6XYP/PGYoVATg+Tm0MQ8WmY8qxT9qrCWMeD9B4R6DjaVoTKnkci4yg2
4CONkB31DsGZwTLVavdMipZ0ig==
-----END CERTIFICATE-----