Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/lx-Ka2MjcaEj1mxcfJzoZFvqKaQ.roa
File:                     lx-Ka2MjcaEj1mxcfJzoZFvqKaQ.roa (raw, json)
Hash identifier:          MMLJba0k22PnEHeCC4aHuYVr2/sqtiGbmVltRCYB6qA=
Subject key identifier:   97:1F:8A:6B:63:23:71:A1:23:D6:6C:5C:7C:9C:E8:64:5B:EA:29:A4
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       01826A4F12C7458BF4142390372145BC86BB
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/lx-Ka2MjcaEj1mxcfJzoZFvqKaQ.roa
Signing time:             Thu 04 Aug 2022 19:22:23 +0000
ROA not before:           Thu 04 Aug 2022 19:22:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     394814
IP address blocks:        95.164.112.0/20 maxlen: 24
                          95.164.16.0/22 maxlen: 24
                          95.164.240.0/21 maxlen: 24
                          95.164.248.0/22 maxlen: 24
                          95.164.144.0/20 maxlen: 24
                          95.164.44.0/22 maxlen: 24
                          94.131.80.0/20 maxlen: 24
                          95.164.60.0/22 maxlen: 24
                          95.164.176.0/20 maxlen: 24
                          95.164.84.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:6a:4f:12:c7:45:8b:f4:14:23:90:37:21:45:bc:86:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Aug  4 19:22:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=971f8a6b632371a123d66c5c7c9ce8645bea29a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:10:c5:94:8c:0f:35:80:d5:1e:b3:74:7a:f9:
                    95:1a:fa:c7:4e:0a:ed:f9:3c:61:13:20:1e:ad:41:
                    dd:69:f7:5a:0f:38:b5:a5:f6:76:c0:a7:74:30:2f:
                    c7:96:88:5d:08:b9:59:14:74:31:4c:78:7d:f2:cb:
                    ce:d4:e2:86:32:6c:2d:50:28:6a:d3:12:62:a2:b5:
                    76:da:66:57:a1:c3:6c:a2:91:dc:75:9c:1a:0a:1d:
                    50:bb:8e:32:5b:4b:76:59:6f:fa:cf:ef:04:50:e6:
                    5c:fe:d2:3b:85:da:58:9e:19:ee:94:68:3f:29:f4:
                    e8:c1:c8:c6:9e:3a:c7:ca:92:8e:18:16:47:65:5a:
                    7a:17:60:9d:fe:85:e1:47:c7:4f:8e:d1:b0:36:e1:
                    30:dc:ed:b7:d9:1a:5c:ff:96:fe:51:d0:b9:d7:37:
                    e3:40:0b:38:ae:e7:8a:68:a7:f8:b1:29:d5:1b:e7:
                    3e:be:40:09:da:59:a7:ce:6f:16:36:de:40:2a:d7:
                    ee:ce:f4:95:6a:fd:eb:58:45:d1:57:3e:b4:72:15:
                    f8:f6:50:f3:45:c1:f8:cd:2d:d0:80:4b:aa:8c:18:
                    e0:e6:00:20:f8:51:52:6c:5d:9d:91:65:d2:45:a9:
                    36:ae:81:4b:0b:94:c6:01:7f:da:0f:f5:67:64:d0:
                    71:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:1F:8A:6B:63:23:71:A1:23:D6:6C:5C:7C:9C:E8:64:5B:EA:29:A4
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/lx-Ka2MjcaEj1mxcfJzoZFvqKaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.80.0/20
                  95.164.16.0/22
                  95.164.44.0/22
                  95.164.60.0/22
                  95.164.84.0/22
                  95.164.112.0/20
                  95.164.144.0/20
                  95.164.176.0/20
                  95.164.240.0-95.164.251.255

    Signature Algorithm: sha256WithRSAEncryption
         5c:1e:0c:0b:33:b7:3e:7b:20:8d:9d:ed:0e:ad:d0:89:a8:0e:
         6d:95:82:2e:49:00:eb:61:64:f2:db:e9:55:bf:d9:28:97:37:
         0a:b7:4f:e8:f6:15:ee:83:b9:f1:bb:7d:7b:ac:be:1a:15:90:
         90:95:5e:77:67:00:c6:7f:c6:7b:29:ee:48:80:61:d5:d9:3d:
         86:d0:34:36:12:c7:2a:d5:0e:11:f3:30:3f:ec:69:59:5a:8f:
         04:8f:79:14:44:cd:84:c8:c1:5f:ce:cf:91:57:41:2e:9b:1d:
         6f:91:4c:27:a4:97:5e:25:9e:97:c9:3a:a7:85:1d:55:3b:b1:
         bd:ec:c0:81:dc:a2:2e:74:74:c8:3a:7a:4c:57:0a:93:e4:11:
         6e:3d:e5:01:ab:fd:d3:37:f7:b6:32:6e:ef:9d:bb:52:b9:8a:
         71:9f:6d:5a:b9:77:be:6a:25:1c:cb:60:3d:70:a2:e3:14:a6:
         2e:d8:e7:7a:cc:d3:cc:27:4b:63:ad:fc:84:ca:37:0e:58:6f:
         be:35:b5:d5:68:cc:f8:f7:44:ca:7a:9a:60:09:9f:c9:89:9d:
         9a:a5:d9:68:7a:ea:28:66:bd:e1:93:4f:02:50:03:05:e4:28:
         49:22:fb:a4:3c:b5:b0:41:11:2a:9d:18:75:9a:cc:fc:fe:2f:
         57:77:92:a2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYJqTxLHRYv0FCOQNyFFvIa7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjIwODA0MTkyMjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzFmOGE2YjYzMjM3MWExMjNkNjZjNWM3YzljZTg2NDViZWEyOWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxDFlIwPNYDVHrN0evmVGvrHTgrt
+TxhEyAerUHdafdaDzi1pfZ2wKd0MC/HlohdCLlZFHQxTHh98svO1OKGMmwtUChq
0xJiorV22mZXocNsopHcdZwaCh1Qu44yW0t2WW/6z+8EUOZc/tI7hdpYnhnulGg/
KfTowcjGnjrHypKOGBZHZVp6F2Cd/oXhR8dPjtGwNuEw3O232Rpc/5b+UdC51zfj
QAs4rueKaKf4sSnVG+c+vkAJ2lmnzm8WNt5AKtfuzvSVav3rWEXRVz60chX49lDz
RcH4zS3QgEuqjBjg5gAg+FFSbF2dkWXSRak2roFLC5TGAX/aD/VnZNBxjwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJcfimtjI3GhI9ZsXHyc6GRb6imkMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvbHgtS2EyTWpjYUVqMW14Y2ZKem9aRnZxS2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQEXoNQAwQC
X6QQAwQCX6QsAwQCX6Q8AwQCX6RUAwQEX6RwAwQEX6SQAwQEX6SwMAwDBARfpPAD
BAJfpPgwDQYJKoZIhvcNAQELBQADggEBAFweDAsztz57II2d7Q6t0ImoDm2Vgi5J
AOthZPLb6VW/2SiXNwq3T+j2Fe6DufG7fXusvhoVkJCVXndnAMZ/xnsp7kiAYdXZ
PYbQNDYSxyrVDhHzMD/saVlajwSPeRREzYTIwV/Oz5FXQS6bHW+RTCekl14lnpfJ
OqeFHVU7sb3swIHcoi50dMg6ekxXCpPkEW495QGr/dM397Yybu+du1K5inGfbVq5
d75qJRzLYD1wouMUpi7Y53rM08wnS2Ot/ITKNw5Yb741tdVozPj3RMp6mmAJn8mJ
nZql2Wh66ihmveGTTwJQAwXkKEki+6Q8tbBBESqdGHWazPz+L1d3kqI=
-----END CERTIFICATE-----