Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/WhYAJeEnuVIZKuU1ScO7JjxzEOc.roa
File:                     WhYAJeEnuVIZKuU1ScO7JjxzEOc.roa (raw, json)
Hash identifier:          SoNRdb+kfgBOAO7RxZ0FqrEegYDhGLfpEO/TOCrsnVk=
Subject key identifier:   5A:16:00:25:E1:27:B9:52:19:2A:E5:35:49:C3:BB:26:3C:73:10:E7
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01844E863A22D269C5A17C48E8A1E864E096
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/WhYAJeEnuVIZKuU1ScO7JjxzEOc.roa
Signing time:             Sun 06 Nov 2022 19:58:50 +0000
ROA not before:           Sun 06 Nov 2022 19:58:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        109.121.38.0/24 maxlen: 24
                          109.121.34.0/24 maxlen: 24
                          109.121.35.0/24 maxlen: 24
                          79.175.117.0/24 maxlen: 24
                          109.121.32.0/24 maxlen: 24
                          109.121.40.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.44.0/24 maxlen: 24
                          109.121.46.0/24 maxlen: 24
                          109.233.184.0/24 maxlen: 24
                          77.105.4.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:4e:86:3a:22:d2:69:c5:a1:7c:48:e8:a1:e8:64:e0:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Nov  6 19:58:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5a160025e127b952192ae53549c3bb263c7310e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0e:32:b8:fa:94:b3:2d:2b:80:1d:cb:14:e1:
                    e9:3d:39:cb:c9:c2:a3:30:4e:c2:6d:ce:a4:be:13:
                    3c:5c:90:86:10:87:af:3c:73:a8:7d:4d:13:d9:2b:
                    1c:dc:dc:c5:10:2f:be:8a:f6:05:7a:f0:32:ce:fa:
                    81:e0:ec:30:1b:71:0b:73:ad:66:1c:4b:b0:fc:77:
                    da:45:52:4c:6f:ea:a3:9f:be:3f:ec:0c:51:53:7f:
                    f6:1f:58:c4:68:e9:b8:02:6a:b9:2d:3f:a0:f1:9e:
                    bb:23:4d:7e:42:cc:cd:cd:ed:2e:72:70:cd:8f:07:
                    88:8f:9c:90:ef:db:3e:25:f0:c7:42:6a:29:28:63:
                    7f:66:be:64:3e:b5:b4:11:1f:1f:bb:dd:38:46:4b:
                    34:51:aa:07:73:2d:8c:81:75:d3:cf:21:30:2b:cd:
                    a2:51:ed:c5:77:2c:c9:4c:e9:c2:a2:bb:8e:82:76:
                    55:f8:95:ac:bd:a6:ba:b3:7f:8b:9d:05:a7:88:7a:
                    9e:e1:bb:78:4f:ab:80:c7:af:fc:d7:bf:49:88:0e:
                    2b:c6:b7:c9:06:76:9e:e7:6e:ca:12:d2:18:53:dc:
                    a2:b9:fa:96:0a:91:ac:01:c1:e4:cf:46:a3:11:82:
                    7f:f5:f1:64:40:36:d8:76:e1:93:92:c0:37:36:d9:
                    32:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:16:00:25:E1:27:B9:52:19:2A:E5:35:49:C3:BB:26:3C:73:10:E7
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/WhYAJeEnuVIZKuU1ScO7JjxzEOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.4.0/24
                  79.175.117.0/24
                  109.121.32.0/24
                  109.121.34.0/23
                  109.121.38.0/24
                  109.121.40.0/24
                  109.121.43.0-109.121.44.255
                  109.121.46.0/24
                  109.233.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:78:62:47:65:8c:fb:a6:ac:0a:e5:13:33:ba:be:3f:40:ed:
         38:86:90:8f:3b:86:49:6e:14:31:20:fe:8e:c5:fd:b9:f6:f8:
         35:d9:3d:a4:55:1b:02:a9:36:13:56:9e:f6:35:6a:00:49:c8:
         08:29:fb:85:05:05:69:84:ec:d4:6d:f1:94:3b:98:1c:96:e6:
         1d:4a:e1:9c:b9:52:41:08:bb:58:ca:c9:64:ff:37:73:0b:57:
         50:fe:1a:2e:2b:6a:da:76:ee:e0:84:3e:f0:94:1d:d3:00:92:
         f8:90:77:b7:1a:2f:ed:0b:84:38:3a:65:f4:b1:5d:4f:ca:7f:
         db:3b:cc:54:8e:d5:a1:ce:e5:5b:41:fc:e5:60:a5:43:72:d3:
         65:a2:88:3e:f7:e6:33:56:a5:00:45:32:66:bf:cb:dd:2b:f0:
         2b:87:3f:19:d2:ed:7e:b2:1f:cc:48:e3:cf:58:24:2c:cd:96:
         c1:ba:04:44:52:23:cb:44:19:b4:e3:b0:85:40:1d:73:e2:5c:
         ed:db:1b:7d:54:e5:17:29:1b:5f:5b:87:a4:41:5e:ad:b4:0c:
         92:84:d8:b5:d1:06:6c:ce:c4:b2:6e:78:59:25:54:22:6e:0c:
         aa:27:f2:10:02:73:e8:43:32:22:61:a6:05:31:7e:72:8f:66:
         e9:b1:c6:0f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYROhjoi0mnFoXxI6KHoZOCWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIxMTA2MTk1ODUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTE2MDAyNWUxMjdiOTUyMTkyYWU1MzU0OWMzYmIyNjNjNzMxMGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw4yuPqUsy0rgB3LFOHpPTnLycKj
ME7Cbc6kvhM8XJCGEIevPHOofU0T2Ssc3NzFEC++ivYFevAyzvqB4OwwG3ELc61m
HEuw/HfaRVJMb+qjn74/7AxRU3/2H1jEaOm4Amq5LT+g8Z67I01+QszNze0ucnDN
jweIj5yQ79s+JfDHQmopKGN/Zr5kPrW0ER8fu904Rks0UaoHcy2MgXXTzyEwK82i
Ue3FdyzJTOnCoruOgnZV+JWsvaa6s3+LnQWniHqe4bt4T6uAx6/8179JiA4rxrfJ
Bnae527KEtIYU9yiufqWCpGsAcHkz0ajEYJ/9fFkQDbYduGTksA3Ntky9wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFFoWACXhJ7lSGSrlNUnDuyY8cxDnMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvV2hZQUplRW51VklaS3VVMVNjTzdKanh6RU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQATWkEAwQA
T691AwQAbXkgAwQBbXkiAwQAbXkmAwQAbXkoMAwDBABteSsDBABteSwDBABteS4D
BABt6bgwDQYJKoZIhvcNAQELBQADggEBAJ94YkdljPumrArlEzO6vj9A7TiGkI87
hkluFDEg/o7F/bn2+DXZPaRVGwKpNhNWnvY1agBJyAgp+4UFBWmE7NRt8ZQ7mByW
5h1K4Zy5UkEIu1jKyWT/N3MLV1D+Gi4ratp27uCEPvCUHdMAkviQd7caL+0LhDg6
ZfSxXU/Kf9s7zFSO1aHO5VtB/OVgpUNy02WiiD735jNWpQBFMma/y90r8CuHPxnS
7X6yH8xI489YJCzNlsG6BERSI8tEGbTjsIVAHXPiXO3bG31U5RcpG19bh6RBXq20
DJKE2LXRBmzOxLJueFklVCJuDKon8hACc+hDMiJhpgUxfnKPZumxxg8=
-----END CERTIFICATE-----