Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/l_optiduzsxckQmSP86jfP8GFM0.roa
File:                     l_optiduzsxckQmSP86jfP8GFM0.roa (raw, json)
Hash identifier:          qjXRacEYPgyjHpzN7ng4pe/lCKMz31b9arCRvsNnddU=
Subject key identifier:   97:FA:29:B6:27:6E:CE:CC:5C:91:09:92:3F:CE:A3:7C:FF:06:14:CD
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01841D92821A97CA475A011E1D640675D298
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/l_optiduzsxckQmSP86jfP8GFM0.roa
Signing time:             Fri 28 Oct 2022 07:50:51 +0000
ROA not before:           Fri 28 Oct 2022 07:50:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        109.121.38.0/24 maxlen: 24
                          109.121.35.0/24 maxlen: 24
                          79.175.117.0/24 maxlen: 24
                          109.121.32.0/24 maxlen: 24
                          109.121.41.0/24 maxlen: 24
                          109.121.40.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.44.0/24 maxlen: 24
                          109.121.46.0/24 maxlen: 24
                          109.233.184.0/24 maxlen: 24
                          77.105.4.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:1d:92:82:1a:97:ca:47:5a:01:1e:1d:64:06:75:d2:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 28 07:50:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=97fa29b6276ececc5c9109923fcea37cff0614cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d6:3b:dd:e5:04:52:7b:bf:3c:93:f2:80:80:
                    39:90:db:a2:43:03:27:42:3e:1e:c1:25:19:4f:1b:
                    b8:f6:e6:86:bc:8e:11:19:6e:0c:bb:2f:8d:28:e1:
                    fd:c6:7c:43:a2:35:1a:41:d2:c0:8f:85:77:00:f4:
                    8c:2d:ab:e2:fe:92:bc:42:aa:ba:5a:a8:76:1a:a3:
                    03:41:28:15:52:ad:91:e9:80:53:cd:47:3f:4e:66:
                    38:f1:4d:64:8c:b5:d3:7e:b6:9d:fa:58:c2:4d:8b:
                    46:f7:b9:fb:62:2a:8e:40:8f:eb:ad:2f:e8:11:aa:
                    ec:8e:5a:00:ae:10:3f:07:6f:a7:b6:9d:d8:e7:21:
                    bd:01:e4:34:68:25:64:dd:2d:f3:76:a9:16:81:79:
                    9a:0a:38:9b:5b:38:cb:b3:2c:be:c1:1e:ea:cc:4e:
                    83:11:3c:4e:3f:d6:2c:75:04:9f:12:cc:97:21:d8:
                    d3:a2:30:e9:d9:6c:96:fc:63:b8:28:a3:8c:07:61:
                    ae:6e:99:ba:78:a8:df:2a:25:d6:c2:35:01:cb:18:
                    d5:f3:ef:93:9b:a9:0a:77:bf:63:8d:c3:f2:e7:4f:
                    ae:3c:db:82:78:db:33:c6:44:c7:39:84:11:ce:45:
                    27:43:4f:f2:eb:4b:99:d0:1a:82:06:ec:9a:84:fb:
                    54:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:FA:29:B6:27:6E:CE:CC:5C:91:09:92:3F:CE:A3:7C:FF:06:14:CD
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/l_optiduzsxckQmSP86jfP8GFM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.4.0/24
                  79.175.117.0/24
                  109.121.32.0/24
                  109.121.35.0/24
                  109.121.38.0/24
                  109.121.40.0/23
                  109.121.43.0-109.121.44.255
                  109.121.46.0/24
                  109.233.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:d5:63:18:b7:3f:5a:4e:92:1f:65:bd:af:61:e9:07:98:4e:
         21:d0:5c:13:e9:79:85:36:41:af:b4:0a:31:fb:99:2c:44:c3:
         72:0f:4a:87:ab:36:7f:3e:b6:45:6b:36:1d:41:34:0e:be:1b:
         87:34:fb:8e:af:e1:9d:25:99:ca:16:88:9a:db:98:1c:d5:75:
         a3:5c:09:6b:55:9d:d8:00:6f:a1:31:ca:e9:13:57:25:9f:60:
         38:f0:77:06:21:88:40:a5:25:9b:f1:59:f0:8a:f5:d5:71:b4:
         25:60:66:ff:fa:a8:f1:1a:d6:0b:36:30:13:ea:b1:f9:00:30:
         9c:b4:68:34:d4:ef:ed:cd:4d:00:e1:ce:ea:dc:7d:af:ef:a0:
         d0:79:4d:8b:e8:f0:05:50:ce:7c:4e:68:5a:fe:0e:86:e4:b4:
         d9:e5:98:d3:a8:59:58:80:cc:0e:62:32:8b:39:44:9d:bd:a7:
         f1:4d:90:24:66:58:f0:2f:e1:0d:10:da:0b:c5:e5:6e:39:e4:
         a7:d3:63:02:27:47:e6:56:84:32:38:3a:de:62:65:31:6a:d2:
         32:3d:9a:92:5a:aa:e9:ab:64:1a:4c:e2:e7:58:6a:48:d1:0b:
         e9:9f:83:f4:bc:fc:2d:4f:ee:40:11:52:1e:eb:90:19:ce:a7:
         68:5f:d1:81
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYQdkoIal8pHWgEeHWQGddKYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIxMDI4MDc1MDUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2ZhMjliNjI3NmVjZWNjNWM5MTA5OTIzZmNlYTM3Y2ZmMDYxNGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNY73eUEUnu/PJPygIA5kNuiQwMn
Qj4ewSUZTxu49uaGvI4RGW4Muy+NKOH9xnxDojUaQdLAj4V3APSMLavi/pK8Qqq6
Wqh2GqMDQSgVUq2R6YBTzUc/TmY48U1kjLXTfrad+ljCTYtG97n7YiqOQI/rrS/o
EarsjloArhA/B2+ntp3Y5yG9AeQ0aCVk3S3zdqkWgXmaCjibWzjLsyy+wR7qzE6D
ETxOP9YsdQSfEsyXIdjTojDp2WyW/GO4KKOMB2Gubpm6eKjfKiXWwjUByxjV8++T
m6kKd79jjcPy50+uPNuCeNszxkTHOYQRzkUnQ0/y60uZ0BqCBuyahPtUSQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJf6KbYnbs7MXJEJkj/Oo3z/BhTNMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvbF9vcHRpZHV6c3hja1FtU1A4NmpmUDhHRk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQATWkEAwQA
T691AwQAbXkgAwQAbXkjAwQAbXkmAwQBbXkoMAwDBABteSsDBABteSwDBABteS4D
BABt6bgwDQYJKoZIhvcNAQELBQADggEBAH/VYxi3P1pOkh9lva9h6QeYTiHQXBPp
eYU2Qa+0CjH7mSxEw3IPSoerNn8+tkVrNh1BNA6+G4c0+46v4Z0lmcoWiJrbmBzV
daNcCWtVndgAb6ExyukTVyWfYDjwdwYhiEClJZvxWfCK9dVxtCVgZv/6qPEa1gs2
MBPqsfkAMJy0aDTU7+3NTQDhzurcfa/voNB5TYvo8AVQznxOaFr+DobktNnlmNOo
WViAzA5iMos5RJ29p/FNkCRmWPAv4Q0Q2gvF5W455KfTYwInR+ZWhDI4Ot5iZTFq
0jI9mpJaqumrZBpM4udYakjRC+mfg/S8/C1P7kARUh7rkBnOp2hf0YE=
-----END CERTIFICATE-----