Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ndqHkBLM5MRQ2MnYpxy0ShvsSOc.roa
File:                     ndqHkBLM5MRQ2MnYpxy0ShvsSOc.roa (raw, json)
Hash identifier:          NJSCMkBLxITRV5W0NaalO148iUDkq7uU8V5bZhgB1xs=
Subject key identifier:   9D:DA:87:90:12:CC:E4:C4:50:D8:C9:D8:A7:1C:B4:4A:1B:EC:48:E7
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0184DE7262C3A5BF2744F52929792F57A46F
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ndqHkBLM5MRQ2MnYpxy0ShvsSOc.roa
Signing time:             Sun 04 Dec 2022 18:42:29 +0000
ROA not before:           Sun 04 Dec 2022 18:42:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3561
IP address blocks:        77.36.112.0/21 maxlen: 24
                          93.120.96.0/22 maxlen: 22
                          46.151.36.0/22 maxlen: 24
                          188.191.252.0/22 maxlen: 24
                          77.36.68.0/22 maxlen: 24
                          93.120.24.0/23 maxlen: 24
                          91.237.44.0/22 maxlen: 24
                          194.33.102.0/23 maxlen: 24
                          194.33.100.0/23 maxlen: 24
                          194.33.100.0/22 maxlen: 24
                          91.224.40.0/24 maxlen: 24
                          81.161.4.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:de:72:62:c3:a5:bf:27:44:f5:29:29:79:2f:57:a4:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Dec  4 18:42:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9dda879012cce4c450d8c9d8a71cb44a1bec48e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:0c:48:d3:68:fc:f2:e3:7f:b8:d6:32:e7:aa:
                    d8:ff:37:1e:d1:b8:eb:27:db:2f:f4:64:3b:ac:67:
                    fc:95:e4:12:96:b9:b4:33:4d:4a:92:01:51:1b:73:
                    fb:4e:18:27:1d:ef:09:52:ae:b7:af:f9:c8:bf:0b:
                    49:a6:f1:51:82:5f:91:70:66:b1:43:e4:7c:e7:8e:
                    b1:72:70:25:7d:0c:41:9b:10:cd:80:15:bc:e2:b0:
                    f9:8b:8f:b2:88:27:36:61:1c:d8:ae:6e:73:45:e2:
                    75:02:82:aa:68:0f:a8:83:95:4c:de:f2:8a:26:b7:
                    81:d5:64:b1:5a:ce:7a:6e:68:98:fd:07:29:b3:f9:
                    8e:52:f9:1f:4f:fd:f1:c6:ec:ec:89:70:16:83:36:
                    e4:95:c4:32:4f:53:3c:91:2c:fa:17:c7:56:0f:e3:
                    20:79:67:f2:91:a5:9d:31:0d:b5:aa:e8:78:85:c4:
                    37:ad:59:d0:05:39:da:78:3b:e9:45:4d:3a:cc:c4:
                    6f:cd:cc:28:ff:35:2c:ab:17:4f:b8:4b:d7:72:72:
                    9e:71:a9:ce:43:45:b9:93:28:3c:dd:eb:93:49:f6:
                    f6:5c:35:63:a3:2f:a7:d4:c5:cd:0a:86:44:11:5b:
                    25:77:74:63:73:23:f2:25:fa:cb:13:80:44:ce:7b:
                    38:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:DA:87:90:12:CC:E4:C4:50:D8:C9:D8:A7:1C:B4:4A:1B:EC:48:E7
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ndqHkBLM5MRQ2MnYpxy0ShvsSOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.36.0/22
                  77.36.68.0/22
                  77.36.112.0/21
                  81.161.4.0/22
                  91.224.40.0/24
                  91.237.44.0/22
                  93.120.24.0/23
                  93.120.96.0/22
                  188.191.252.0/22
                  194.33.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:8c:8f:b0:64:7d:b6:29:ef:30:41:38:dc:2f:04:d4:4b:b6:
         89:b2:03:4d:69:85:4d:f6:51:8f:70:88:86:4d:b2:7a:29:cc:
         71:53:96:e6:63:59:ed:38:24:e3:a0:e5:a4:60:0a:89:81:8a:
         dc:69:b5:84:07:8a:de:2d:31:df:13:e6:7f:2b:cf:89:67:b3:
         34:73:e3:57:65:1c:96:30:09:37:4b:4c:c3:bd:ce:42:33:9d:
         b1:04:8a:c1:ef:a4:99:72:84:fb:b5:ff:88:90:ab:80:f6:59:
         1d:3b:2a:ec:1a:44:4b:c4:1c:17:a0:e6:6b:29:0c:9e:b1:38:
         6f:5c:22:00:64:02:e8:5f:0d:df:e6:65:42:7d:9e:52:e9:d3:
         a2:e9:8c:d9:f7:ec:2e:8b:8b:c1:ad:f2:d4:fe:c8:f7:42:c7:
         e4:92:fa:e7:23:75:26:e9:18:55:7e:27:cf:31:45:e8:e6:b6:
         ff:8b:d4:6e:c3:b7:08:73:48:a9:88:69:ee:63:03:38:5e:ad:
         23:43:68:cc:18:35:20:52:a5:81:52:49:fe:ba:64:6d:0e:ac:
         d9:0b:1a:01:70:41:7a:91:39:4e:77:02:5b:05:82:2c:16:0f:
         de:d6:32:55:99:84:5c:9c:2d:fe:ef:59:9b:35:f8:75:f0:16:
         1d:e5:6a:65
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYTecmLDpb8nRPUpKXkvV6RvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjIxMjA0MTg0MjI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGRhODc5MDEyY2NlNGM0NTBkOGM5ZDhhNzFjYjQ0YTFiZWM0OGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQxI02j88uN/uNYy56rY/zce0bjr
J9sv9GQ7rGf8leQSlrm0M01KkgFRG3P7ThgnHe8JUq63r/nIvwtJpvFRgl+RcGax
Q+R8546xcnAlfQxBmxDNgBW84rD5i4+yiCc2YRzYrm5zReJ1AoKqaA+og5VM3vKK
JreB1WSxWs56bmiY/Qcps/mOUvkfT/3xxuzsiXAWgzbklcQyT1M8kSz6F8dWD+Mg
eWfykaWdMQ21quh4hcQ3rVnQBTnaeDvpRU06zMRvzcwo/zUsqxdPuEvXcnKecanO
Q0W5kyg83euTSfb2XDVjoy+n1MXNCoZEEVsld3RjcyPyJfrLE4BEzns4NQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJ3ah5ASzOTEUNjJ2KcctEob7EjnMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvbmRxSGtCTE01TVJRMk1uWXB4eTBTaHZzU09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCLpckAwQC
TSREAwQDTSRwAwQCUaEEAwQAW+AoAwQCW+0sAwQBXXgYAwQCXXhgAwQCvL/8AwQC
wiFkMA0GCSqGSIb3DQEBCwUAA4IBAQB1jI+wZH22Ke8wQTjcLwTUS7aJsgNNaYVN
9lGPcIiGTbJ6KcxxU5bmY1ntOCTjoOWkYAqJgYrcabWEB4reLTHfE+Z/K8+JZ7M0
c+NXZRyWMAk3S0zDvc5CM52xBIrB76SZcoT7tf+IkKuA9lkdOyrsGkRLxBwXoOZr
KQyesThvXCIAZALoXw3f5mVCfZ5S6dOi6YzZ9+wui4vBrfLU/sj3QsfkkvrnI3Um
6RhVfifPMUXo5rb/i9Ruw7cIc0ipiGnuYwM4Xq0jQ2jMGDUgUqWBUkn+umRtDqzZ
CxoBcEF6kTlOdwJbBYIsFg/e1jJVmYRcnC3+71mbNfh18BYd5Wpl
-----END CERTIFICATE-----