Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/21nEjpRUlU1e3is6txDjih6Arr8.roa
File:                     21nEjpRUlU1e3is6txDjih6Arr8.roa (raw, json)
Hash identifier:          My3qCntkUBHVnmr1Q8iNdu/rgY4ZJDeXS8BGR9hTHi4=
Subject key identifier:   DB:59:C4:8E:94:54:95:4D:5E:DE:2B:3A:B7:10:E3:8A:1E:80:AE:BF
Certificate issuer:       /CN=340bea3fcc3cbcedc82919cf57c74108baea369e
Certificate serial:       0752A357
Authority key identifier: 34:0B:EA:3F:CC:3C:BC:ED:C8:29:19:CF:57:C7:41:08:BA:EA:36:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/21nEjpRUlU1e3is6txDjih6Arr8.roa
Signing time:             Sat 01 Jan 2022 11:04:40 +0000
ROA not before:           Sat 01 Jan 2022 11:04:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6762
IP address blocks:        213.144.160.0/19 maxlen: 19
                          185.100.112.0/22 maxlen: 22
                          149.3.176.0/21 maxlen: 21
                          176.115.184.0/22 maxlen: 22
                          93.186.128.0/21 maxlen: 24
                          93.186.136.0/22 maxlen: 22
                          195.22.192.0/19 maxlen: 24
                          5.178.40.0/21 maxlen: 24
                          185.70.200.0/22 maxlen: 22
                          89.221.32.0/20 maxlen: 20
                          79.140.80.0/20 maxlen: 24
                          2001:41a8::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122856279 (0x752a357)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=340bea3fcc3cbcedc82919cf57c74108baea369e
        Validity
            Not Before: Jan  1 11:04:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=db59c48e9454954d5ede2b3ab710e38a1e80aebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fa:58:f5:11:bc:e5:c7:1b:55:df:b7:99:89:
                    be:a7:e3:ee:94:a3:5e:80:e9:aa:35:d7:44:91:b5:
                    c4:3a:3a:e5:ad:67:ef:e3:bf:0a:3e:c7:75:ff:b3:
                    19:2a:58:72:5a:b5:c1:e5:64:27:63:20:c5:45:fa:
                    a8:e9:7c:76:bd:b7:93:b1:ea:14:28:e7:3a:c8:76:
                    03:17:e2:09:3b:e6:8d:4d:24:bc:63:3b:f6:f2:8f:
                    de:8f:2f:7d:ee:ae:f8:37:89:c6:a2:b4:33:e7:fa:
                    92:a0:97:a3:2f:f2:30:ad:b2:24:07:26:ab:cc:0a:
                    fe:cb:3b:42:16:bd:43:ed:c7:08:f5:ce:27:19:78:
                    38:cd:7e:6b:16:af:59:ed:0d:83:06:81:b4:a7:d9:
                    55:92:de:ba:f2:47:12:7a:5f:9e:55:ed:8d:83:d7:
                    51:65:67:b7:9a:e8:ed:e0:16:09:a1:58:89:ef:35:
                    50:cc:84:f7:c5:48:5a:77:d2:25:99:37:34:2e:b6:
                    88:ae:fe:9a:6c:2e:cc:57:4a:a2:89:1c:a0:eb:a8:
                    f3:64:3b:b3:02:ae:85:e1:0a:46:a8:69:1c:38:a3:
                    42:26:63:23:c3:ee:9f:b7:5f:64:7c:5c:79:50:d3:
                    83:4c:bd:b6:7e:c4:98:e8:25:92:20:52:cb:01:52:
                    56:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:59:C4:8E:94:54:95:4D:5E:DE:2B:3A:B7:10:E3:8A:1E:80:AE:BF
            X509v3 Authority Key Identifier:
                keyid:34:0B:EA:3F:CC:3C:BC:ED:C8:29:19:CF:57:C7:41:08:BA:EA:36:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/21nEjpRUlU1e3is6txDjih6Arr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.40.0/21
                  79.140.80.0/20
                  89.221.32.0/20
                  93.186.128.0-93.186.139.255
                  149.3.176.0/21
                  176.115.184.0/22
                  185.70.200.0/22
                  185.100.112.0/22
                  195.22.192.0/19
                  213.144.160.0/19
                IPv6:
                  2001:41a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:0d:f9:38:0e:4c:e4:97:6c:67:e9:a8:92:46:4e:2d:15:2e:
         d2:2a:2a:e0:3c:59:24:1b:d8:c9:d8:43:21:af:d9:6c:1b:9c:
         e8:c7:ea:d8:87:38:3b:2d:36:0a:c4:a7:fc:be:a2:85:ad:7d:
         a8:2c:d0:b9:bc:e7:df:31:86:9d:81:44:2d:b7:e2:4a:92:77:
         04:d8:f8:29:cd:7f:aa:88:69:ab:e2:7b:76:35:69:d0:5b:d6:
         47:dc:4f:1d:ef:99:47:72:54:62:d5:c0:e9:85:9d:63:93:29:
         41:c8:a9:ef:18:9f:49:56:25:1f:1a:85:25:52:46:f5:93:55:
         62:24:c5:c2:dc:f2:58:d2:5d:a9:36:d8:f6:f8:93:57:27:d1:
         d7:2b:96:75:7f:03:14:f3:03:da:c2:95:15:45:ce:9b:3c:f2:
         98:de:f8:29:9b:08:10:ec:ba:a3:a3:47:82:d2:72:08:1c:fd:
         48:ab:58:95:b2:8a:c5:6f:3c:2c:70:d3:a4:f2:47:7a:a2:04:
         9c:53:10:63:5d:4d:98:11:e5:03:7b:9c:54:5b:87:c3:ac:c8:
         fe:07:01:e8:1a:61:fd:2f:44:20:af:42:76:71:93:85:47:f5:
         61:50:a6:55:49:4a:05:76:31:ea:ee:5c:78:b0:be:ce:ae:76:
         dc:0e:ec:75
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIEB1KjVzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NDBiZWEzZmNjM2NiY2VkYzgyOTE5Y2Y1N2M3NDEwOGJhZWEzNjllMB4XDTIyMDEw
MTExMDQ0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGI1OWM0OGU5NDU0
OTU0ZDVlZGUyYjNhYjcxMGUzOGExZTgwYWViZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKb6WPURvOXHG1Xft5mJvqfj7pSjXoDpqjXXRJG1xDo65a1n
7+O/Cj7Hdf+zGSpYclq1weVkJ2MgxUX6qOl8dr23k7HqFCjnOsh2AxfiCTvmjU0k
vGM79vKP3o8vfe6u+DeJxqK0M+f6kqCXoy/yMK2yJAcmq8wK/ss7Qha9Q+3HCPXO
Jxl4OM1+axavWe0NgwaBtKfZVZLeuvJHEnpfnlXtjYPXUWVnt5ro7eAWCaFYie81
UMyE98VIWnfSJZk3NC62iK7+mmwuzFdKookcoOuo82Q7swKuheEKRqhpHDijQiZj
I8Pun7dfZHxceVDTg0y9tn7EmOglkiBSywFSVo8CAwEAAaOCAlYwggJSMB0GA1Ud
DgQWBBTbWcSOlFSVTV7eKzq3EOOKHoCuvzAfBgNVHSMEGDAWgBQ0C+o/zDy87cgp
Gc9Xx0EIuuo2njAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05BdnFQOHc4dk8zSUtSblBWOGRCQ0xycU5wNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzMvZWNkYTNkLWEyZGItNDkwOC04NjJmLTExMTA1NjM2OWEyMy8x
LzIxbkVqcFJVbFUxZTNpczZ0eERqaWg2QXJyOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMv
ZWNkYTNkLWEyZGItNDkwOC04NjJmLTExMTA1NjM2OWEyMy8xL05BdnFQOHc4dk8z
SUtSblBWOGRCQ0xycU5wNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBs
BggrBgEFBQcBBwEB/wRdMFswSgQCAAEwRAMEAwWyKAMEBE+MUAMEBFndIDAMAwQH
XbqAAwQCXbqIAwQDlQOwAwQCsHO4AwQCuUbIAwQCuWRwAwQFwxbAAwQF1ZCgMA0E
AgACMAcDBQAgAUGoMA0GCSqGSIb3DQEBCwUAA4IBAQAEDfk4Dkzkl2xn6aiSRk4t
FS7SKirgPFkkG9jJ2EMhr9lsG5zox+rYhzg7LTYKxKf8vqKFrX2oLNC5vOffMYad
gUQtt+JKkncE2PgpzX+qiGmr4nt2NWnQW9ZH3E8d75lHclRi1cDphZ1jkylByKnv
GJ9JViUfGoUlUkb1k1ViJMXC3PJY0l2pNtj2+JNXJ9HXK5Z1fwMU8wPawpUVRc6b
PPKY3vgpmwgQ7Lqjo0eC0nIIHP1Iq1iVsorFbzwscNOk8kd6ogScUxBjXU2YEeUD
e5xUW4fDrMj+BwHoGmH9L0Qgr0J2cZOFR/VhUKZVSUoFdjHq7lx4sL7OrnbcDux1
-----END CERTIFICATE-----