Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1bde39-b6d5-46ec-a813-26ef96643d84/1/e_w9FpB4wsDZlvi1tudopgg9xZg.roa
File:                     e_w9FpB4wsDZlvi1tudopgg9xZg.roa (raw, json)
Hash identifier:          uX97Z+Mrx8nOLbpLDyMYx6ndSWGwQD+0bRuT5CvxGto=
Subject key identifier:   7B:FC:3D:16:90:78:C2:C0:D9:96:F8:B5:B6:E7:68:A6:08:3D:C5:98
Certificate issuer:       /CN=9e80702ee6a1dcbf3ae257a199415f59b8338ea4
Certificate serial:       07792843
Authority key identifier: 9E:80:70:2E:E6:A1:DC:BF:3A:E2:57:A1:99:41:5F:59:B8:33:8E:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/noBwLuah3L864lehmUFfWbgzjqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1bde39-b6d5-46ec-a813-26ef96643d84/1/e_w9FpB4wsDZlvi1tudopgg9xZg.roa
Signing time:             Sat 01 Jan 2022 03:55:38 +0000
ROA not before:           Sat 01 Jan 2022 03:55:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47548
IP address blocks:        5.149.178.0/24 maxlen: 24
                          5.149.176.0/20 maxlen: 20
                          5.149.179.0/24 maxlen: 24
                          5.149.176.0/24 maxlen: 24
                          5.149.177.0/24 maxlen: 24
                          5.149.182.0/24 maxlen: 24
                          5.149.180.0/24 maxlen: 24
                          5.149.181.0/24 maxlen: 24
                          5.149.185.0/24 maxlen: 24
                          5.149.186.0/24 maxlen: 24
                          5.149.183.0/24 maxlen: 24
                          5.149.184.0/24 maxlen: 24
                          5.149.188.0/23 maxlen: 23
                          5.149.187.0/24 maxlen: 24
                          5.149.190.0/23 maxlen: 23
                          185.216.38.0/24 maxlen: 24
                          185.216.36.0/24 maxlen: 24
                          185.216.36.0/22 maxlen: 22
                          185.216.37.0/24 maxlen: 24
                          185.216.39.0/24 maxlen: 24
                          2a00:b7c0:200::/40 maxlen: 40
                          2a00:b7c0:100::/40 maxlen: 40
                          2a00:b7c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 125380675 (0x7792843)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e80702ee6a1dcbf3ae257a199415f59b8338ea4
        Validity
            Not Before: Jan  1 03:55:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7bfc3d169078c2c0d996f8b5b6e768a6083dc598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:56:32:53:46:a4:65:74:da:02:23:19:7c:6e:
                    57:a4:94:2b:4b:aa:9b:e1:04:63:94:6b:15:60:06:
                    cc:b8:6a:1e:77:4d:90:e6:86:0f:1e:0d:02:fb:06:
                    74:46:b1:29:cb:ef:9c:23:cc:11:31:24:31:5f:25:
                    74:3c:c6:d3:a9:c8:f5:45:ad:8a:11:5d:45:2f:32:
                    00:c8:9b:cf:7c:19:bf:58:8b:6f:11:d4:0d:db:bf:
                    47:a1:2f:9b:31:60:ac:db:03:52:38:ec:21:87:64:
                    ee:e3:8e:40:61:ad:2d:06:9d:a4:80:19:e7:f4:66:
                    f9:93:18:02:ed:88:9c:16:ed:43:f8:18:39:94:8a:
                    39:99:68:25:b8:6f:4b:bd:19:71:5b:8e:90:a6:e8:
                    cc:29:6e:9d:c8:4c:06:b1:23:8a:6c:43:94:0a:c9:
                    6e:73:fb:04:64:f7:37:bb:96:1a:d8:09:12:ac:34:
                    c3:ec:30:1a:fa:53:c1:35:66:d4:23:2d:d3:d4:f3:
                    50:85:9d:be:c8:14:e4:d9:8d:22:96:34:94:c0:e1:
                    42:62:4b:3d:98:50:0c:56:b2:65:80:a0:4f:1d:33:
                    09:97:2b:12:7e:d2:5e:14:52:5b:e4:b1:de:c6:c4:
                    3e:bf:de:77:f2:c3:2a:f8:e9:3d:19:73:76:c8:88:
                    66:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:FC:3D:16:90:78:C2:C0:D9:96:F8:B5:B6:E7:68:A6:08:3D:C5:98
            X509v3 Authority Key Identifier:
                keyid:9E:80:70:2E:E6:A1:DC:BF:3A:E2:57:A1:99:41:5F:59:B8:33:8E:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/noBwLuah3L864lehmUFfWbgzjqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1bde39-b6d5-46ec-a813-26ef96643d84/1/e_w9FpB4wsDZlvi1tudopgg9xZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1bde39-b6d5-46ec-a813-26ef96643d84/1/noBwLuah3L864lehmUFfWbgzjqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.176.0/20
                  185.216.36.0/22
                IPv6:
                  2a00:b7c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:9f:c6:b3:1c:cc:dd:c1:be:52:37:8e:83:cb:fa:ab:66:a2:
         9c:a5:6b:cf:4d:3e:f5:fb:a5:23:69:24:53:1d:44:6e:e7:1b:
         b1:42:95:d8:7d:2b:42:30:0f:62:a2:b8:eb:69:4e:c8:6e:03:
         9e:8e:8c:fa:ad:cb:fd:d1:3d:e0:3d:ba:08:83:bf:85:b6:0b:
         04:c1:06:02:6b:dd:fd:10:80:21:29:2d:30:64:f2:14:ef:ba:
         3a:77:fc:10:ea:71:ee:44:fd:b7:3c:03:00:b0:34:14:eb:f6:
         a3:5c:31:96:81:2a:b7:3e:f3:a7:f2:c4:6c:fb:05:fc:c7:dc:
         62:43:f4:29:40:83:d4:03:52:61:d9:b1:66:4e:d5:d5:48:0f:
         6f:36:a2:71:5b:76:81:a8:2c:ce:74:b2:80:14:e7:e9:fd:d7:
         95:47:19:65:fb:5a:60:cf:86:93:b4:52:d7:6d:7c:83:ea:6f:
         18:90:15:22:23:1c:fe:47:ad:5a:a6:52:68:c9:a2:c5:ce:43:
         69:6b:fc:68:cb:bf:77:c6:c3:61:9b:10:7c:ea:44:26:b0:97:
         dd:54:a5:22:a1:74:c3:b3:42:bd:28:e2:fa:ea:6b:3f:74:75:
         81:fd:c1:85:fc:7e:87:19:9f:49:da:90:b2:91:21:fd:11:4e:
         b2:63:c7:62
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEB3koQzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZTgwNzAyZWU2YTFkY2JmM2FlMjU3YTE5OTQxNWY1OWI4MzM4ZWE0MB4XDTIyMDEw
MTAzNTUzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2JmYzNkMTY5MDc4
YzJjMGQ5OTZmOGI1YjZlNzY4YTYwODNkYzU5ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMZWMlNGpGV02gIjGXxuV6SUK0uqm+EEY5RrFWAGzLhqHndN
kOaGDx4NAvsGdEaxKcvvnCPMETEkMV8ldDzG06nI9UWtihFdRS8yAMibz3wZv1iL
bxHUDdu/R6EvmzFgrNsDUjjsIYdk7uOOQGGtLQadpIAZ5/Rm+ZMYAu2InBbtQ/gY
OZSKOZloJbhvS70ZcVuOkKbozClunchMBrEjimxDlArJbnP7BGT3N7uWGtgJEqw0
w+wwGvpTwTVm1CMt09TzUIWdvsgU5NmNIpY0lMDhQmJLPZhQDFayZYCgTx0zCZcr
En7SXhRSW+Sx3sbEPr/ed/LDKvjpPRlzdsiIZjkCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBR7/D0WkHjCwNmW+LW252imCD3FmDAfBgNVHSMEGDAWgBSegHAu5qHcvzri
V6GZQV9ZuDOOpDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25vQndMdWFoM0w4NjRsZWhtVUZmV2JnempxUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvMWJkZTM5LWI2ZDUtNDZlYy1hODEzLTI2ZWY5NjY0M2Q4NC8x
L2VfdzlGcEI0d3NEWmx2aTF0dWRvcGdnOXhaZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
MWJkZTM5LWI2ZDUtNDZlYy1hODEzLTI2ZWY5NjY0M2Q4NC8xL25vQndMdWFoM0w4
NjRsZWhtVUZmV2JnempxUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBAWVsAMEArnYJDANBAIAAjAHAwUA
KgC3wDANBgkqhkiG9w0BAQsFAAOCAQEAJJ/GsxzM3cG+UjeOg8v6q2ainKVrz00+
9fulI2kkUx1EbucbsUKV2H0rQjAPYqK462lOyG4Dno6M+q3L/dE94D26CIO/hbYL
BMEGAmvd/RCAISktMGTyFO+6Onf8EOpx7kT9tzwDALA0FOv2o1wxloEqtz7zp/LE
bPsF/MfcYkP0KUCD1ANSYdmxZk7V1UgPbzaicVt2gagsznSygBTn6f3XlUcZZfta
YM+Gk7RS1218g+pvGJAVIiMc/ketWqZSaMmixc5DaWv8aMu/d8bDYZsQfOpEJrCX
3VSlIqF0w7NCvSji+uprP3R1gf3Bhfx+hxmfSdqQspEh/RFOsmPHYg==
-----END CERTIFICATE-----