Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/HxsQMfsXaCy0xbNIO6j4NM5_0lo.roa
File:                     HxsQMfsXaCy0xbNIO6j4NM5_0lo.roa (raw, json)
Hash identifier:          JhEobggInYrAsMB8TuRDpSBaj6PR0yfD1gffTwAqfmc=
Subject key identifier:   1F:1B:10:31:FB:17:68:2C:B4:C5:B3:48:3B:A8:F8:34:CE:7F:D2:5A
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0184BE37F8A9B675F0A2822B1FA3728158C9
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/HxsQMfsXaCy0xbNIO6j4NM5_0lo.roa
Signing time:             Mon 28 Nov 2022 12:30:49 +0000
ROA not before:           Mon 28 Nov 2022 12:30:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        79.175.95.0/24 maxlen: 24
                          188.255.212.0/24 maxlen: 24
                          109.121.37.0/24 maxlen: 24
                          109.121.34.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.39.0/24 maxlen: 24
                          109.121.47.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          212.69.11.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:be:37:f8:a9:b6:75:f0:a2:82:2b:1f:a3:72:81:58:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Nov 28 12:30:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1f1b1031fb17682cb4c5b3483ba8f834ce7fd25a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6f:21:7c:2f:e3:b6:48:9e:7c:2e:fb:03:8d:
                    97:e9:a0:05:aa:bc:61:7d:ce:59:8b:91:56:c3:ba:
                    49:23:56:84:2b:25:e9:4b:ad:da:68:ca:4c:e5:8c:
                    0c:b3:92:e8:39:ef:ae:e3:2d:47:36:98:27:f6:9e:
                    88:4e:76:fe:13:b7:74:21:a3:65:83:6d:d2:7f:6b:
                    0d:1e:46:9a:02:91:ca:14:12:f7:c4:d5:40:e0:fb:
                    df:9f:ff:30:d4:09:88:a5:ce:74:58:c7:0c:9e:3c:
                    5d:e3:31:e3:29:b8:21:aa:7f:7c:ed:b7:a4:7b:fe:
                    4a:c8:b1:8a:64:b9:b6:01:e5:62:dc:9b:11:b4:39:
                    ce:18:02:ab:07:12:a7:6c:d8:0e:43:b0:70:d9:2b:
                    56:93:c4:49:b3:76:42:11:80:fb:ad:28:ef:82:5b:
                    b4:77:23:62:cc:53:5e:8e:0a:29:d4:49:f7:54:de:
                    59:5c:74:a0:87:c2:cb:41:60:07:fa:ca:ba:83:10:
                    ff:9d:6e:e4:9c:58:14:7b:e0:44:b8:86:f7:a3:28:
                    01:ae:43:aa:65:61:0d:c4:58:93:4a:32:d6:f2:36:
                    8f:71:b4:a3:80:7f:98:0b:da:d7:47:47:df:a3:30:
                    38:b5:69:09:10:ad:25:65:57:55:ad:4b:15:41:c1:
                    c5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:1B:10:31:FB:17:68:2C:B4:C5:B3:48:3B:A8:F8:34:CE:7F:D2:5A
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/HxsQMfsXaCy0xbNIO6j4NM5_0lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.95.0/24
                  109.121.33.0-109.121.34.255
                  109.121.37.0/24
                  109.121.39.0/24
                  109.121.42.0/23
                  109.121.45.0/24
                  109.121.47.0/24
                  188.255.212.0/24
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:56:d7:2e:9d:12:0f:0b:17:d2:44:63:98:b9:e0:d9:9f:88:
         07:e6:28:4d:87:2d:73:df:33:43:71:70:07:c2:aa:9e:d4:83:
         9c:10:01:a8:6d:be:2f:5d:2b:82:99:3d:ae:89:fa:7d:5b:99:
         a7:ca:58:bf:ca:8f:60:eb:c3:e7:d6:78:cf:1d:f9:1a:ad:0e:
         43:f7:3c:05:ba:2e:91:60:e4:33:5c:37:3e:b0:d7:68:72:15:
         93:2e:f7:66:54:78:12:fd:0a:45:16:6b:75:c7:47:8c:00:27:
         8e:ce:56:b9:77:c1:a8:e7:e2:6e:f7:78:1e:28:e1:bd:53:d4:
         d2:75:a0:58:bd:5a:b7:ce:25:20:ec:3e:2a:a2:dc:cc:86:58:
         b1:a4:09:30:e5:91:96:29:1c:6d:a8:bd:82:8a:bf:39:d7:b4:
         5d:c9:bc:87:ef:ff:28:12:b6:ae:9e:79:e4:d9:43:18:00:12:
         70:a8:70:d8:ac:3f:9a:4e:4c:c9:b4:94:50:80:6e:b8:08:bb:
         36:5a:e8:a2:8a:37:07:85:a9:bb:51:8c:39:6f:fa:38:84:8d:
         85:8b:3d:74:78:30:12:b1:58:da:bd:07:f3:41:f0:fa:69:c6:
         bd:fb:c5:f7:56:6e:1d:6a:8f:cf:9e:db:d0:c6:15:e3:36:73:
         4f:44:79:a2
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYS+N/iptnXwooIrH6NygVjJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIxMTI4MTIzMDQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjFiMTAzMWZiMTc2ODJjYjRjNWIzNDgzYmE4ZjgzNGNlN2ZkMjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzW8hfC/jtkiefC77A42X6aAFqrxh
fc5Zi5FWw7pJI1aEKyXpS63aaMpM5YwMs5LoOe+u4y1HNpgn9p6ITnb+E7d0IaNl
g23Sf2sNHkaaApHKFBL3xNVA4Pvfn/8w1AmIpc50WMcMnjxd4zHjKbghqn987bek
e/5KyLGKZLm2AeVi3JsRtDnOGAKrBxKnbNgOQ7Bw2StWk8RJs3ZCEYD7rSjvglu0
dyNizFNejgop1En3VN5ZXHSgh8LLQWAH+sq6gxD/nW7knFgUe+BEuIb3oygBrkOq
ZWENxFiTSjLW8jaPcbSjgH+YC9rXR0ffozA4tWkJEK0lZVdVrUsVQcHFKwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFB8bEDH7F2gstMWzSDuo+DTOf9JaMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvSHhzUU1mc1hhQ3kweGJOSU82ajROTTVfMGxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAT69fMAwD
BABteSEDBABteSIDBABteSUDBABteScDBAFteSoDBABteS0DBABteS8DBAC8/9QD
BADURQswDQYJKoZIhvcNAQELBQADggEBAHRW1y6dEg8LF9JEY5i54NmfiAfmKE2H
LXPfM0NxcAfCqp7Ug5wQAahtvi9dK4KZPa6J+n1bmafKWL/Kj2Drw+fWeM8d+Rqt
DkP3PAW6LpFg5DNcNz6w12hyFZMu92ZUeBL9CkUWa3XHR4wAJ47OVrl3wajn4m73
eB4o4b1T1NJ1oFi9WrfOJSDsPiqi3MyGWLGkCTDlkZYpHG2ovYKKvznXtF3JvIfv
/ygStq6eeeTZQxgAEnCocNisP5pOTMm0lFCAbrgIuzZa6KKKNweFqbtRjDlv+jiE
jYWLPXR4MBKxWNq9B/NB8Pppxr37xfdWbh1qj8+e29DGFeM2c09EeaI=
-----END CERTIFICATE-----