Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/vrxRxz7kBucoFvUtJNsxAJhIibs.roa
File:                     vrxRxz7kBucoFvUtJNsxAJhIibs.roa (raw, json)
Hash identifier:          T5Wfb2QL3RZehb5wDeLV/TjO26cA21kTmVoZCimIksM=
Subject key identifier:   BE:BC:51:C7:3E:E4:06:E7:28:16:F5:2D:24:DB:31:00:98:48:89:BB
Certificate issuer:       /CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
Certificate serial:       01841432377D1FF6C8A8A042E89ADE38836E
Authority key identifier: 74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/vrxRxz7kBucoFvUtJNsxAJhIibs.roa
Signing time:             Wed 26 Oct 2022 12:09:06 +0000
ROA not before:           Wed 26 Oct 2022 12:09:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        88.212.158.0/24 maxlen: 24
                          88.212.156.0/24 maxlen: 24
                          88.212.159.0/24 maxlen: 24
                          185.8.135.0/24 maxlen: 24
                          185.8.134.0/24 maxlen: 24
                          185.8.133.0/24 maxlen: 24
                          83.151.192.0/24 maxlen: 24
                          83.151.193.0/24 maxlen: 24
                          83.151.195.0/24 maxlen: 24
                          83.151.194.0/24 maxlen: 24
                          88.202.210.0/24 maxlen: 24
                          88.202.208.0/24 maxlen: 24
                          88.202.208.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:14:32:37:7d:1f:f6:c8:a8:a0:42:e8:9a:de:38:83:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
        Validity
            Not Before: Oct 26 12:09:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bebc51c73ee406e72816f52d24db3100984889bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0f:00:af:ce:3b:f7:e4:bf:26:9a:e5:b6:1d:
                    3a:af:41:d1:40:f5:d1:2a:9f:6c:83:3c:8b:cf:51:
                    63:e5:34:97:79:3f:f8:a0:bf:ec:ff:cf:a8:b8:37:
                    18:60:e1:bc:3a:d1:7a:8b:59:21:cc:93:05:96:cc:
                    09:5f:b3:e8:01:da:c5:f2:27:46:f9:30:eb:26:22:
                    8d:2a:17:bc:86:25:30:98:f5:a9:cb:7e:62:74:15:
                    25:57:5f:00:6a:19:08:3c:95:b9:7b:8c:6b:81:67:
                    ad:b8:62:47:46:11:21:46:40:6d:7f:f6:63:c2:ee:
                    73:42:62:0b:d9:dd:2a:4f:c1:e8:04:c3:c4:6c:0a:
                    ea:b6:b4:ce:88:a9:3c:91:de:25:0b:93:24:cf:95:
                    c9:7c:8b:bf:92:72:69:06:7b:18:a4:c8:4d:85:d7:
                    42:64:93:c3:56:a7:a3:92:95:98:3d:02:52:97:a1:
                    62:d6:d0:d0:97:20:ce:11:e0:a6:92:5f:06:ba:e8:
                    44:1f:3d:ad:d2:50:f2:34:ee:f0:69:03:0c:79:cd:
                    ab:58:67:34:6c:9f:b2:73:36:59:f3:b7:b8:db:3e:
                    b6:34:fc:9a:20:d3:75:2b:e3:aa:e0:7b:44:4c:88:
                    00:23:d2:55:3e:cd:74:f3:d0:94:26:d1:31:d2:72:
                    32:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:BC:51:C7:3E:E4:06:E7:28:16:F5:2D:24:DB:31:00:98:48:89:BB
            X509v3 Authority Key Identifier:
                keyid:74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/vrxRxz7kBucoFvUtJNsxAJhIibs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.151.192.0/22
                  88.202.208.0-88.202.210.255
                  88.212.156.0/24
                  88.212.158.0/23
                  185.8.133.0-185.8.135.255

    Signature Algorithm: sha256WithRSAEncryption
         67:77:6a:25:79:61:ce:a5:bc:91:27:04:6d:c6:63:6a:ba:47:
         37:c6:a4:39:0d:c7:66:9c:3f:74:fb:bd:ae:2a:61:77:3f:7c:
         e8:b6:a8:31:70:81:24:99:4a:bf:0a:59:da:06:ab:0e:e5:a3:
         86:69:fb:66:75:e5:45:d9:fb:c2:9f:e1:da:4e:73:98:98:25:
         6e:d2:26:98:5e:79:c3:a5:1c:4b:ab:db:d3:93:cc:0b:84:88:
         4c:bf:5d:84:c9:88:63:92:66:63:c4:d2:69:7c:70:4d:88:72:
         c6:6e:48:58:46:7b:e7:1d:59:e9:ac:fa:bc:ff:8e:72:5c:36:
         4f:45:54:0c:50:d2:99:b3:46:33:7b:3e:31:e7:24:82:c6:6a:
         81:ea:92:a9:3f:3e:b1:f1:67:cd:bd:2c:9a:07:3d:d1:01:2b:
         93:7c:30:41:61:11:5f:e2:34:43:2c:8a:f7:e9:35:9e:fe:fe:
         8d:4b:0b:fb:f9:a6:9d:1e:54:82:40:06:37:d3:eb:01:ec:1a:
         7c:bf:03:32:40:68:b7:67:cc:67:5d:ed:c5:8a:eb:45:88:82:
         d0:4d:4f:68:54:b1:43:0f:fc:07:e3:cc:b6:64:e3:0b:82:92:
         fd:d7:30:26:87:10:ae:04:de:ab:25:f9:aa:a6:0e:61:99:45:
         b4:cd:41:2c
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYQUMjd9H/bIqKBC6JreOINuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NDVkZGVlZGZiZDcyZDMxM2U5ZWU4Y2NlZWFlODQwM2Nj
MzQxNDYwHhcNMjIxMDI2MTIwOTA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWJjNTFjNzNlZTQwNmU3MjgxNmY1MmQyNGRiMzEwMDk4NDg4OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoA8Ar8479+S/Jprlth06r0HRQPXR
Kp9sgzyLz1Fj5TSXeT/4oL/s/8+ouDcYYOG8OtF6i1khzJMFlswJX7PoAdrF8idG
+TDrJiKNKhe8hiUwmPWpy35idBUlV18AahkIPJW5e4xrgWetuGJHRhEhRkBtf/Zj
wu5zQmIL2d0qT8HoBMPEbArqtrTOiKk8kd4lC5Mkz5XJfIu/knJpBnsYpMhNhddC
ZJPDVqejkpWYPQJSl6Fi1tDQlyDOEeCmkl8GuuhEHz2t0lDyNO7waQMMec2rWGc0
bJ+yczZZ87e42z62NPyaINN1K+Oq4HtETIgAI9JVPs1089CUJtEx0nIyfQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFL68Ucc+5AbnKBb1LSTbMQCYSIm7MB8GA1UdIwQY
MBaAFHRF3e7fvXLTE+nujM7q6EA8w0FGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMt
NmNhMzQwZmE3NDkzLzEvdnJ4Unh6N2tCdWNvRnZVdEpOc3hBSmhJaWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMtNmNhMzQwZmE3NDkz
LzEvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCU5fAMAwD
BARYytADBABYytIDBABY1JwDBAFY1J4wDAMEALkIhQMEA7kIgDANBgkqhkiG9w0B
AQsFAAOCAQEAZ3dqJXlhzqW8kScEbcZjarpHN8akOQ3HZpw/dPu9riphdz986Lao
MXCBJJlKvwpZ2garDuWjhmn7ZnXlRdn7wp/h2k5zmJglbtImmF55w6UcS6vb05PM
C4SITL9dhMmIY5JmY8TSaXxwTYhyxm5IWEZ75x1Z6az6vP+Oclw2T0VUDFDSmbNG
M3s+MeckgsZqgeqSqT8+sfFnzb0smgc90QErk3wwQWERX+I0QyyK9+k1nv7+jUsL
+/mmnR5UgkAGN9PrAewafL8DMkBot2fMZ13txYrrRYiC0E1PaFSxQw/8B+PMtmTj
C4KS/dcwJocQrgTeqyX5qqYOYZlFtM1BLA==
-----END CERTIFICATE-----