Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Ogc8Oz66YglQyVcenEKXvM9Dqyk.roa
File:                     Ogc8Oz66YglQyVcenEKXvM9Dqyk.roa (raw, json)
Hash identifier:          /tjFQ1ftHIlX3ag9oXY8TSY7B3j2Hhm8JPCzy/2oWes=
Subject key identifier:   3A:07:3C:3B:3E:BA:62:09:50:C9:57:1E:9C:42:97:BC:CF:43:AB:29
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01823C15E2A8994C904F2496AB18AED7D3FA
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Ogc8Oz66YglQyVcenEKXvM9Dqyk.roa
Signing time:             Tue 26 Jul 2022 19:57:23 +0000
ROA not before:           Tue 26 Jul 2022 19:57:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        188.255.206.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          188.255.134.0/24 maxlen: 24
                          212.69.10.0/23 maxlen: 23
                          212.69.11.0/24 maxlen: 24
                          212.69.14.0/24 maxlen: 24
                          109.233.184.0/23 maxlen: 24
                          178.253.237.0/24 maxlen: 24
                          109.121.0.0/19 maxlen: 19
                          185.47.91.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:3c:15:e2:a8:99:4c:90:4f:24:96:ab:18:ae:d7:d3:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jul 26 19:57:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3a073c3b3eba620950c9571e9c4297bccf43ab29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5d:cc:b5:bf:87:e6:c5:3c:fc:7a:db:ce:19:
                    b0:0b:3c:1f:bf:09:ab:1c:93:35:07:23:c5:32:b6:
                    df:05:89:60:96:f4:0e:1e:c2:b0:20:d2:96:5d:44:
                    ae:c5:9f:8f:88:94:f2:1a:b2:f2:c5:03:d7:5c:6b:
                    cd:90:fb:52:44:e4:bc:ac:38:f7:6d:89:87:4a:06:
                    3b:9a:0d:bf:1c:22:54:04:35:bc:19:7b:ed:2b:a2:
                    3c:1b:0d:a8:0a:fc:5f:af:c0:16:18:74:07:b9:f0:
                    9f:4b:cf:45:e4:41:f5:34:68:0e:77:aa:33:79:64:
                    68:e3:73:cb:0a:18:35:98:66:85:97:3d:b9:d7:4e:
                    0d:77:98:3e:03:19:00:b8:91:fa:49:d9:7e:e7:bc:
                    5a:8e:83:03:62:5d:d2:9c:37:89:8f:90:1c:72:30:
                    5c:30:22:49:1a:2b:96:2d:5f:7b:5f:a4:76:77:d6:
                    42:3c:69:d9:1a:e2:ec:00:b3:0a:7e:01:b9:0f:01:
                    c1:2e:c1:0c:09:4e:1c:e3:2e:83:1f:70:be:ab:3e:
                    d1:d8:07:41:ec:67:d7:f9:03:64:ff:73:2c:e7:30:
                    b2:05:11:a2:b8:a5:ed:66:35:8a:aa:2a:77:dd:68:
                    76:db:23:95:65:27:ac:9f:2e:54:e7:52:29:ec:0e:
                    7c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:07:3C:3B:3E:BA:62:09:50:C9:57:1E:9C:42:97:BC:CF:43:AB:29
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Ogc8Oz66YglQyVcenEKXvM9Dqyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.0.0/19
                  109.121.33.0/24
                  109.121.42.0/24
                  109.121.45.0/24
                  109.233.184.0/23
                  178.253.237.0/24
                  185.47.91.0/24
                  188.255.134.0/24
                  188.255.206.0/24
                  212.69.10.0/23
                  212.69.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:07:7d:f1:66:2a:d8:f8:67:34:34:61:4d:f1:c2:c1:10:22:
         a9:10:1f:40:a2:52:ca:36:04:38:47:50:58:30:9e:b8:f7:bb:
         55:82:51:fd:2c:13:6a:bc:36:c6:1a:fc:9e:f7:b1:5d:44:30:
         57:47:d9:6e:a0:2b:74:88:af:40:7c:82:04:12:c2:b7:3f:39:
         6b:6b:39:0e:72:fc:4c:3f:4a:08:35:1c:87:eb:3d:dd:10:8d:
         80:33:2f:4b:7b:44:00:95:46:da:5b:c8:f1:1e:7b:e6:32:13:
         09:97:25:fa:e0:6f:57:f0:ac:13:c1:9b:b5:5a:7c:59:7a:66:
         f1:d5:84:88:63:ab:c3:65:cf:fe:06:86:49:73:6b:ad:ed:24:
         8c:32:14:7d:be:60:71:2a:7f:eb:7c:fb:af:01:cf:9b:19:2f:
         b9:cd:f3:16:97:2e:fb:8e:51:d9:28:83:28:90:b7:92:ad:5d:
         7f:22:1a:2e:42:34:74:18:da:ef:47:49:7a:ca:51:e8:d0:54:
         36:45:b8:15:bc:f4:55:70:d1:cc:a7:db:fa:03:46:4c:38:bc:
         1e:c7:ca:e7:0d:36:5c:0c:a6:47:b7:8e:93:b4:ca:02:10:44:
         38:00:5a:0e:e6:cf:2b:98:f7:35:f7:2f:12:9b:91:5a:fd:f1:
         2d:d2:8c:64
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYI8FeKomUyQTySWqxiu19P6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIwNzI2MTk1NzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTA3M2MzYjNlYmE2MjA5NTBjOTU3MWU5YzQyOTdiY2NmNDNhYjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn13Mtb+H5sU8/HrbzhmwCzwfvwmr
HJM1ByPFMrbfBYlglvQOHsKwINKWXUSuxZ+PiJTyGrLyxQPXXGvNkPtSROS8rDj3
bYmHSgY7mg2/HCJUBDW8GXvtK6I8Gw2oCvxfr8AWGHQHufCfS89F5EH1NGgOd6oz
eWRo43PLChg1mGaFlz25104Nd5g+AxkAuJH6Sdl+57xajoMDYl3SnDeJj5AccjBc
MCJJGiuWLV97X6R2d9ZCPGnZGuLsALMKfgG5DwHBLsEMCU4c4y6DH3C+qz7R2AdB
7GfX+QNk/3Ms5zCyBRGiuKXtZjWKqip33Wh22yOVZSesny5U51Ip7A58PQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDoHPDs+umIJUMlXHpxCl7zPQ6spMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvT2djOE96NjZZZ2xReVZjZW5FS1h2TTlEcXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQFbXkAAwQA
bXkhAwQAbXkqAwQAbXktAwQBbem4AwQAsv3tAwQAuS9bAwQAvP+GAwQAvP/OAwQB
1EUKAwQA1EUOMA0GCSqGSIb3DQEBCwUAA4IBAQCeB33xZirY+Gc0NGFN8cLBECKp
EB9AolLKNgQ4R1BYMJ6497tVglH9LBNqvDbGGvye97FdRDBXR9luoCt0iK9AfIIE
EsK3PzlrazkOcvxMP0oINRyH6z3dEI2AMy9Le0QAlUbaW8jxHnvmMhMJlyX64G9X
8KwTwZu1WnxZembx1YSIY6vDZc/+BoZJc2ut7SSMMhR9vmBxKn/rfPuvAc+bGS+5
zfMWly77jlHZKIMokLeSrV1/IhouQjR0GNrvR0l6ylHo0FQ2RbgVvPRVcNHMp9v6
A0ZMOLwex8rnDTZcDKZHt46TtMoCEEQ4AFoO5s8rmPc19y8Sm5Fa/fEt0oxk
-----END CERTIFICATE-----