Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/PRdlAZi0Ge5Fq3mTi_yDRQ2z5NI.roa
File:                     PRdlAZi0Ge5Fq3mTi_yDRQ2z5NI.roa (raw, json)
Hash identifier:          I/dpDlZnfnbUxzuOxNjL/7P2ODhRF1bGbQj1QwfulI8=
Subject key identifier:   3D:17:65:01:98:B4:19:EE:45:AB:79:93:8B:FC:83:45:0D:B3:E4:D2
Certificate issuer:       /CN=a501c89f44829c72f2a953d2a2ba4ae0b7b50d8a
Certificate serial:       1671F8B8
Authority key identifier: A5:01:C8:9F:44:82:9C:72:F2:A9:53:D2:A2:BA:4A:E0:B7:B5:0D:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pQHIn0SCnHLyqVPSorpK4Le1DYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/PRdlAZi0Ge5Fq3mTi_yDRQ2z5NI.roa
Signing time:             Wed 20 Apr 2022 15:58:57 +0000
ROA not before:           Wed 20 Apr 2022 15:58:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59414
IP address blocks:        5.102.144.0/21 maxlen: 24
                          45.151.213.0/24 maxlen: 24
                          185.79.232.0/22 maxlen: 24
                          185.98.120.0/22 maxlen: 24
                          45.81.68.0/22 maxlen: 24
                          45.11.220.0/22 maxlen: 24
                          185.72.238.0/23 maxlen: 24
                          2a06:c07::/32 maxlen: 48
                          2a06:c01::/32 maxlen: 48
                          2a06:c02::/32 maxlen: 48
                          2a06:c00::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 376567992 (0x1671f8b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a501c89f44829c72f2a953d2a2ba4ae0b7b50d8a
        Validity
            Not Before: Apr 20 15:58:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3d17650198b419ee45ab79938bfc83450db3e4d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:de:f5:63:c9:ce:08:db:fe:53:9e:49:8d:d4:
                    69:43:42:22:16:dc:0b:3d:b0:99:f6:61:35:da:37:
                    8e:d0:45:d7:76:d7:ef:38:ea:e5:62:1e:dd:4c:cb:
                    f1:b2:43:e5:27:33:a7:ec:f2:41:89:01:00:47:c9:
                    05:55:12:bc:b9:09:94:55:1c:7d:63:09:9c:7c:b7:
                    be:88:b0:20:d7:9b:cf:4a:a8:97:0f:b5:6b:8d:2d:
                    2b:f2:a6:1b:10:bf:b2:ca:db:6c:f1:18:6b:89:04:
                    9c:21:d2:eb:37:46:b4:f9:8b:76:72:9a:8c:ad:49:
                    c8:bf:c4:a2:cb:34:44:9e:28:47:ba:a9:cd:9c:1a:
                    78:b4:1f:02:7c:54:cb:80:85:82:c3:f9:cc:0a:40:
                    0a:d0:8e:2d:f2:83:11:4f:f1:90:cb:57:b6:e2:3e:
                    85:bc:75:7c:61:29:a8:c0:7d:c4:21:b9:7c:b2:86:
                    18:f1:35:b4:c4:b6:99:32:31:83:c2:76:3c:c7:ba:
                    b7:22:28:4c:4e:62:57:41:0b:01:5a:29:0b:ce:f1:
                    7b:9b:c9:e8:da:e4:22:ef:07:68:6d:7c:fe:7f:47:
                    19:39:3b:7e:de:f5:52:bc:87:a7:48:38:80:1c:80:
                    ef:70:d3:90:6b:71:7c:b5:ba:59:6b:72:b4:c3:78:
                    18:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:17:65:01:98:B4:19:EE:45:AB:79:93:8B:FC:83:45:0D:B3:E4:D2
            X509v3 Authority Key Identifier:
                keyid:A5:01:C8:9F:44:82:9C:72:F2:A9:53:D2:A2:BA:4A:E0:B7:B5:0D:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pQHIn0SCnHLyqVPSorpK4Le1DYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/PRdlAZi0Ge5Fq3mTi_yDRQ2z5NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/pQHIn0SCnHLyqVPSorpK4Le1DYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.144.0/21
                  45.11.220.0/22
                  45.81.68.0/22
                  45.151.213.0/24
                  185.72.238.0/23
                  185.79.232.0/22
                  185.98.120.0/22
                IPv6:
                  2a06:c00::-2a06:c02:ffff:ffff:ffff:ffff:ffff:ffff
                  2a06:c07::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:4d:92:49:5c:16:4f:a3:39:66:0e:23:e5:31:18:5d:f2:fa:
         a8:af:b4:bf:4e:cf:9b:f7:33:c2:3f:4e:fb:07:67:40:d3:6e:
         b3:dc:e8:b4:55:0e:8d:0f:bf:78:92:79:1c:a3:2d:1f:9d:9e:
         b0:13:b9:f9:68:3b:ba:77:4f:c8:f0:ab:c1:d6:4d:fe:fd:c1:
         47:05:f5:7b:ff:da:df:52:5a:a5:38:bd:b8:b8:6d:43:33:da:
         8f:18:88:d5:c2:85:ab:3f:99:b9:a9:4d:98:49:85:a4:7d:c7:
         61:33:85:02:3f:a1:82:1a:72:a9:1a:05:be:58:2f:03:e3:d4:
         26:54:84:33:78:c0:21:78:fa:9d:b9:f0:2e:0c:4c:2b:4c:1d:
         f3:51:cd:18:eb:fd:01:7a:af:71:aa:01:a9:e0:28:e1:cd:85:
         b0:ae:64:80:a9:99:06:31:92:3c:71:45:4d:98:0a:1d:46:ee:
         99:f9:9f:1c:9c:70:b3:e3:f2:21:70:88:0a:33:0a:5c:ad:87:
         a1:5f:b5:b2:50:9c:73:ec:48:a4:92:ad:91:f8:7d:66:7d:ec:
         71:b1:54:13:24:8e:d3:45:b9:6e:2b:98:2d:0a:38:34:0c:32:
         91:38:43:96:73:f3:12:c1:62:84:be:3f:fb:ea:54:87:91:72:
         d5:54:41:c6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIEFnH4uDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NTAxYzg5ZjQ0ODI5YzcyZjJhOTUzZDJhMmJhNGFlMGI3YjUwZDhhMB4XDTIyMDQy
MDE1NTg1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2QxNzY1MDE5OGI0
MTllZTQ1YWI3OTkzOGJmYzgzNDUwZGIzZTRkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ3e9WPJzgjb/lOeSY3UaUNCIhbcCz2wmfZhNdo3jtBF13bX
7zjq5WIe3UzL8bJD5Sczp+zyQYkBAEfJBVUSvLkJlFUcfWMJnHy3voiwINebz0qo
lw+1a40tK/KmGxC/ssrbbPEYa4kEnCHS6zdGtPmLdnKajK1JyL/Eoss0RJ4oR7qp
zZwaeLQfAnxUy4CFgsP5zApACtCOLfKDEU/xkMtXtuI+hbx1fGEpqMB9xCG5fLKG
GPE1tMS2mTIxg8J2PMe6tyIoTE5iV0ELAVopC87xe5vJ6NrkIu8HaG18/n9HGTk7
ft71UryHp0g4gByA73DTkGtxfLW6WWtytMN4GO0CAwEAAaOCAkswggJHMB0GA1Ud
DgQWBBQ9F2UBmLQZ7kWreZOL/INFDbPk0jAfBgNVHSMEGDAWgBSlAcifRIKccvKp
U9Kiukrgt7UNijAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BRSEluMFNDbkhMeXFWUFNvcnBLNExlMURZby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmQvZDVlMTAzLTkwYjUtNDRmMS1iODY0LTE0YTFlYjU1MTJkNi8x
L1BSZGxBWmkwR2U1RnEzbVRpX3lEUlEyejVOSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQv
ZDVlMTAzLTkwYjUtNDRmMS1iODY0LTE0YTFlYjU1MTJkNi8xL3BRSEluMFNDbkhM
eXFWUFNvcnBLNExlMURZby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBh
BggrBgEFBQcBBwEB/wRSMFAwMAQCAAEwKgMEAwVmkAMEAi0L3AMEAi1RRAMEAC2X
1QMEAblI7gMEArlP6AMEArlieDAcBAIAAjAWMA0DBAIqBgwDBQAqBgwCAwUAKgYM
BzANBgkqhkiG9w0BAQsFAAOCAQEAAU2SSVwWT6M5Zg4j5TEYXfL6qK+0v07Pm/cz
wj9O+wdnQNNus9zotFUOjQ+/eJJ5HKMtH52esBO5+Wg7undPyPCrwdZN/v3BRwX1
e//a31JapTi9uLhtQzPajxiI1cKFqz+ZualNmEmFpH3HYTOFAj+hghpyqRoFvlgv
A+PUJlSEM3jAIXj6nbnwLgxMK0wd81HNGOv9AXqvcaoBqeAo4c2FsK5kgKmZBjGS
PHFFTZgKHUbumfmfHJxws+PyIXCICjMKXK2HoV+1slCcc+xIpJKtkfh9Zn3scbFU
EySO00W5biuYLQo4NAwykThDlnPzEsFihL4/++pUh5Fy1VRBxg==
-----END CERTIFICATE-----