Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/YJNZVkSriqwnStk4xZVWR3VakwE.roa
File:                     YJNZVkSriqwnStk4xZVWR3VakwE.roa (raw, json)
Hash identifier:          PCRd8hIaShDxD901i3VVjht1TkiZRaRHFIHTyMhaqRw=
Subject key identifier:   60:93:59:56:44:AB:8A:AC:27:4A:D9:38:C5:95:56:47:75:5A:93:01
Certificate issuer:       /CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
Certificate serial:       018414323693E1877944583F93357B106D03
Authority key identifier: 74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/YJNZVkSriqwnStk4xZVWR3VakwE.roa
Signing time:             Wed 26 Oct 2022 12:09:05 +0000
ROA not before:           Wed 26 Oct 2022 12:09:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        88.202.210.0/24 maxlen: 24
                          88.202.208.0/24 maxlen: 24
                          88.202.208.0/23 maxlen: 23
                          88.212.156.0/24 maxlen: 24
                          88.212.158.0/24 maxlen: 24
                          88.212.159.0/24 maxlen: 24
                          185.8.135.0/24 maxlen: 24
                          185.8.133.0/24 maxlen: 24
                          83.151.192.0/24 maxlen: 24
                          83.151.195.0/24 maxlen: 24
                          83.151.193.0/24 maxlen: 24
                          83.151.194.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:14:32:36:93:e1:87:79:44:58:3f:93:35:7b:10:6d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
        Validity
            Not Before: Oct 26 12:09:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6093595644ab8aac274ad938c5955647755a9301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f9:d4:77:14:4d:a2:e8:9c:89:e4:6d:67:81:
                    ea:75:d9:2b:ec:76:fe:2a:ea:d4:d1:13:2a:75:d4:
                    57:d1:27:94:d2:95:8b:0d:d0:47:a4:2f:63:d2:f9:
                    9b:fc:0a:65:2e:01:e2:c7:e2:a2:4a:10:08:0b:85:
                    82:2a:a4:3a:18:cf:ae:e2:08:b2:03:be:0d:e9:07:
                    bd:66:f5:14:92:9a:73:e4:8a:6f:05:26:34:ed:4e:
                    e5:d7:f1:84:6b:f1:11:1d:34:e2:69:2e:d7:3f:e1:
                    ae:e8:9d:a3:8d:e6:7e:11:18:2d:b4:e3:16:19:72:
                    9b:4b:d6:3d:ab:38:14:ae:27:19:0d:2d:03:00:2c:
                    09:d5:c0:04:b2:f3:61:ad:be:1b:16:9b:3d:bb:61:
                    59:16:53:ea:c2:c2:0e:b9:0f:48:46:f8:f4:3f:00:
                    53:cd:36:0b:52:97:1c:5b:42:3e:2b:39:e3:05:e3:
                    e0:ba:40:d2:6d:df:d4:e5:30:d2:83:f0:6c:81:4c:
                    ca:24:06:8b:bc:40:9d:86:12:b5:de:b1:d4:c8:da:
                    1e:88:88:a4:d8:69:ea:6c:24:27:a2:db:73:a4:15:
                    5e:f4:bf:04:4d:1b:3d:c9:87:e0:97:78:2e:41:4d:
                    67:9f:0d:d0:bb:60:da:2e:eb:77:58:0b:12:bb:d0:
                    36:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:93:59:56:44:AB:8A:AC:27:4A:D9:38:C5:95:56:47:75:5A:93:01
            X509v3 Authority Key Identifier:
                keyid:74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/YJNZVkSriqwnStk4xZVWR3VakwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.151.192.0/22
                  88.202.208.0-88.202.210.255
                  88.212.156.0/24
                  88.212.158.0/23
                  185.8.133.0/24
                  185.8.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:c2:f8:2d:d7:cf:b2:e6:d1:95:20:49:c9:85:f7:00:35:c5:
         41:ac:b5:c7:5c:d0:f0:11:17:d2:ce:64:c8:34:bf:89:b2:65:
         76:c8:79:23:a1:9e:a7:26:4f:e5:7a:2b:63:58:e2:54:61:e0:
         3c:02:28:17:3e:94:04:a7:cb:2b:fb:cf:c7:61:69:e5:14:1c:
         28:14:57:eb:80:0f:9b:a6:d0:62:c4:ba:a7:1a:86:57:52:d0:
         6f:34:46:c8:1e:90:e0:38:2a:3d:ae:50:5a:f4:a3:ab:e0:c9:
         89:d5:a0:7f:bf:88:31:ae:36:8d:4b:30:7b:06:c3:ec:ae:63:
         4a:7a:bb:f0:f9:8a:19:6f:87:d7:8d:78:4d:70:72:b1:62:60:
         ef:70:90:3e:ac:80:ab:30:8b:3a:1a:38:8b:34:9f:95:e4:f5:
         a9:09:e9:3d:06:87:a4:2b:25:10:5e:ca:90:44:8a:46:3a:12:
         c4:8b:cb:41:b7:5c:97:e9:84:28:d5:77:7c:15:b7:f3:3a:b2:
         e3:cd:c5:56:4c:63:17:21:c7:99:f3:4d:52:56:ab:a9:02:71:
         44:b5:c2:b6:a1:f9:c3:1e:b1:49:f6:d3:0b:f7:06:0b:d3:c0:
         3e:b9:9c:85:c3:ac:4a:b8:13:bd:ff:ec:9b:59:f0:e8:d4:ca:
         16:86:00:d5
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYQUMjaT4Yd5RFg/kzV7EG0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NDVkZGVlZGZiZDcyZDMxM2U5ZWU4Y2NlZWFlODQwM2Nj
MzQxNDYwHhcNMjIxMDI2MTIwOTA1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDkzNTk1NjQ0YWI4YWFjMjc0YWQ5MzhjNTk1NTY0Nzc1NWE5MzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvnUdxRNouicieRtZ4Hqddkr7Hb+
KurU0RMqddRX0SeU0pWLDdBHpC9j0vmb/AplLgHix+KiShAIC4WCKqQ6GM+u4giy
A74N6Qe9ZvUUkppz5IpvBSY07U7l1/GEa/ERHTTiaS7XP+Gu6J2jjeZ+ERgttOMW
GXKbS9Y9qzgUricZDS0DACwJ1cAEsvNhrb4bFps9u2FZFlPqwsIOuQ9IRvj0PwBT
zTYLUpccW0I+KznjBePgukDSbd/U5TDSg/BsgUzKJAaLvECdhhK13rHUyNoeiIik
2GnqbCQnottzpBVe9L8ETRs9yYfgl3guQU1nnw3Qu2DaLut3WAsSu9A2lQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFGCTWVZEq4qsJ0rZOMWVVkd1WpMBMB8GA1UdIwQY
MBaAFHRF3e7fvXLTE+nujM7q6EA8w0FGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMt
NmNhMzQwZmE3NDkzLzEvWUpOWlZrU3JpcXduU3RrNHhaVldSM1Zha3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMtNmNhMzQwZmE3NDkz
LzEvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCU5fAMAwD
BARYytADBABYytIDBABY1JwDBAFY1J4DBAC5CIUDBAC5CIcwDQYJKoZIhvcNAQEL
BQADggEBAKXC+C3Xz7Lm0ZUgScmF9wA1xUGstcdc0PARF9LOZMg0v4myZXbIeSOh
nqcmT+V6K2NY4lRh4DwCKBc+lASnyyv7z8dhaeUUHCgUV+uAD5um0GLEuqcahldS
0G80RsgekOA4Kj2uUFr0o6vgyYnVoH+/iDGuNo1LMHsGw+yuY0p6u/D5ihlvh9eN
eE1wcrFiYO9wkD6sgKswizoaOIs0n5Xk9akJ6T0Gh6QrJRBeypBEikY6EsSLy0G3
XJfphCjVd3wVt/M6suPNxVZMYxchx5nzTVJWq6kCcUS1wrah+cMesUn20wv3BgvT
wD65nIXDrEq4E73/7JtZ8OjUyhaGANU=
-----END CERTIFICATE-----