Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/W1kFXex39QVfss4WgeNysfXFN8E.roa
File:                     W1kFXex39QVfss4WgeNysfXFN8E.roa (raw, json)
Hash identifier:          LQPPvzK22yu7Lkjt/DxfaXG8LZvaafJrgoEkTW/Kl6U=
Subject key identifier:   5B:59:05:5D:EC:77:F5:05:5F:B2:CE:16:81:E3:72:B1:F5:C5:37:C1
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       0185153B69F8C000467CAF41DE2F6A770DCA
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/W1kFXex39QVfss4WgeNysfXFN8E.roa
Signing time:             Thu 15 Dec 2022 10:01:33 +0000
ROA not before:           Thu 15 Dec 2022 10:01:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6762
IP address blocks:        85.204.125.0/24 maxlen: 24
                          85.204.127.0/24 maxlen: 24
                          86.106.104.0/24 maxlen: 24
                          93.113.158.0/24 maxlen: 24
                          89.43.73.0/24 maxlen: 24
                          89.33.163.0/24 maxlen: 24
                          89.39.252.0/24 maxlen: 24
                          188.240.14.0/24 maxlen: 24
                          188.215.72.0/24 maxlen: 24
                          93.114.171.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:15:3b:69:f8:c0:00:46:7c:af:41:de:2f:6a:77:0d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Dec 15 10:01:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5b59055dec77f5055fb2ce1681e372b1f5c537c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:20:6c:04:71:79:cd:05:8e:33:d8:92:39:02:
                    c8:02:a9:88:cc:e8:b3:4e:a2:37:a6:8c:6a:ae:78:
                    42:27:df:c8:6f:59:f2:93:7f:bf:c3:5d:da:57:ba:
                    c1:a3:c1:d9:8a:dc:dd:78:c4:99:1b:64:09:42:5f:
                    f4:87:54:20:76:5c:fe:45:53:e7:9f:a3:dd:4f:d3:
                    f0:38:b6:26:97:f7:4a:00:88:73:a7:d1:97:23:7e:
                    b2:35:af:c7:76:6d:08:2e:cd:68:f0:87:12:4d:8b:
                    b0:c9:ea:0d:ed:45:b2:7e:2d:be:f8:fe:80:52:bc:
                    80:d6:93:1e:7b:70:26:a4:b8:57:e2:46:20:ea:a4:
                    29:3c:26:c2:0f:68:4b:d5:c0:d7:a6:4f:d5:a4:3b:
                    62:ff:5a:3c:fc:6f:a2:41:49:88:67:25:7f:62:7c:
                    d3:16:43:bc:e1:21:99:2e:43:08:95:ab:cc:f1:0c:
                    46:ba:7c:d0:65:ed:35:14:33:ce:51:7a:a1:e4:96:
                    3c:98:71:70:dd:8e:7f:3f:c5:78:97:f1:0c:c6:ac:
                    de:da:a2:19:00:87:15:70:20:c1:97:dd:e9:f7:1b:
                    11:c6:a6:e2:84:69:7f:2d:07:71:2e:64:3e:fd:1e:
                    9e:5e:9e:8a:e6:8a:fa:f6:15:be:5a:74:7b:52:84:
                    fc:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:59:05:5D:EC:77:F5:05:5F:B2:CE:16:81:E3:72:B1:F5:C5:37:C1
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/W1kFXex39QVfss4WgeNysfXFN8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.125.0/24
                  85.204.127.0/24
                  86.106.104.0/24
                  89.33.163.0/24
                  89.39.252.0/24
                  89.43.73.0/24
                  93.113.158.0/24
                  93.114.171.0/24
                  188.215.72.0/24
                  188.240.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:40:ce:a3:92:98:ee:de:87:43:d2:66:00:bd:96:08:9f:bd:
         ee:9b:fd:38:56:24:8e:5a:f5:37:8f:27:03:56:30:eb:8d:32:
         ec:a7:ae:6b:74:ea:2f:2f:3e:89:97:d0:13:ae:ce:aa:0b:55:
         9c:26:9b:df:04:6e:7c:55:a4:5f:9b:e0:e8:cc:1e:bd:a4:9c:
         29:b7:5c:f6:9f:ab:50:7f:e7:c6:59:ad:82:04:b1:29:30:c8:
         75:6a:f5:f7:b0:ca:ce:b7:6f:01:c2:ff:55:e0:e3:9d:07:bb:
         f7:d8:89:73:54:2c:4d:61:1b:97:73:d2:87:bc:91:fe:f9:15:
         cb:38:f9:8d:24:da:52:5e:68:f1:49:7d:07:8c:26:73:94:21:
         e4:09:ad:bb:a8:19:d9:97:d0:5a:3c:a2:f3:d0:f2:0a:33:62:
         a9:ea:1e:86:59:25:8c:94:ef:ff:78:e9:8d:dd:65:7f:6b:a1:
         38:b1:8c:80:8b:f5:50:b9:bd:68:96:42:c1:46:66:b0:f8:5a:
         a9:5d:63:68:32:cf:e1:71:87:be:84:b9:4e:89:77:79:71:cc:
         e5:89:09:64:57:a5:86:a6:55:2c:6b:e0:f2:9a:19:dd:19:7d:
         0a:8b:97:90:55:9a:a4:93:45:94:9f:a0:71:90:12:1c:22:27:
         37:50:82:c8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYUVO2n4wABGfK9B3i9qdw3KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjIxMjE1MTAwMTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjU5MDU1ZGVjNzdmNTA1NWZiMmNlMTY4MWUzNzJiMWY1YzUzN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyBsBHF5zQWOM9iSOQLIAqmIzOiz
TqI3poxqrnhCJ9/Ib1nyk3+/w13aV7rBo8HZitzdeMSZG2QJQl/0h1Qgdlz+RVPn
n6PdT9PwOLYml/dKAIhzp9GXI36yNa/Hdm0ILs1o8IcSTYuwyeoN7UWyfi2++P6A
UryA1pMee3AmpLhX4kYg6qQpPCbCD2hL1cDXpk/VpDti/1o8/G+iQUmIZyV/YnzT
FkO84SGZLkMIlavM8QxGunzQZe01FDPOUXqh5JY8mHFw3Y5/P8V4l/EMxqze2qIZ
AIcVcCDBl93p9xsRxqbihGl/LQdxLmQ+/R6eXp6K5or69hW+WnR7UoT8wwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFtZBV3sd/UFX7LOFoHjcrH1xTfBMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvVzFrRlhleDM5UVZmc3M0V2dlTnlzZlhGTjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAVcx9AwQA
Vcx/AwQAVmpoAwQAWSGjAwQAWSf8AwQAWStJAwQAXXGeAwQAXXKrAwQAvNdIAwQA
vPAOMA0GCSqGSIb3DQEBCwUAA4IBAQAGQM6jkpju3odD0mYAvZYIn73um/04ViSO
WvU3jycDVjDrjTLsp65rdOovLz6Jl9ATrs6qC1WcJpvfBG58VaRfm+DozB69pJwp
t1z2n6tQf+fGWa2CBLEpMMh1avX3sMrOt28Bwv9V4OOdB7v32IlzVCxNYRuXc9KH
vJH++RXLOPmNJNpSXmjxSX0HjCZzlCHkCa27qBnZl9BaPKLz0PIKM2Kp6h6GWSWM
lO//eOmN3WV/a6E4sYyAi/VQub1olkLBRmaw+FqpXWNoMs/hcYe+hLlOiXd5cczl
iQlkV6WGplUsa+DymhndGX0Ki5eQVZqkk0WUn6BxkBIcIic3UILI
-----END CERTIFICATE-----