Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/LCY0jNRm1n2cQXaDMj_A64WxFBs.roa
File:                     LCY0jNRm1n2cQXaDMj_A64WxFBs.roa (raw, json)
Hash identifier:          d7sFyLZHXapyZVpaz5She2jx+veG4BGvzA7nRcobACE=
Subject key identifier:   2C:26:34:8C:D4:66:D6:7D:9C:41:76:83:32:3F:C0:EB:85:B1:14:1B
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0184C7FFCCE67A7A314A4DB2F0AB010BC449
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/LCY0jNRm1n2cQXaDMj_A64WxFBs.roa
Signing time:             Wed 30 Nov 2022 10:05:40 +0000
ROA not before:           Wed 30 Nov 2022 10:05:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204843
IP address blocks:        5.105.130.0/24 maxlen: 24
                          5.105.30.0/24 maxlen: 24
                          5.105.31.0/24 maxlen: 24
                          5.105.33.0/24 maxlen: 24
                          5.105.32.0/24 maxlen: 24
                          5.105.184.0/24 maxlen: 24
                          5.105.96.0/24 maxlen: 24
                          5.105.200.0/24 maxlen: 24
                          5.105.215.0/24 maxlen: 24
                          5.105.7.0/24 maxlen: 24
                          5.105.226.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c7:ff:cc:e6:7a:7a:31:4a:4d:b2:f0:ab:01:0b:c4:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Nov 30 10:05:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2c26348cd466d67d9c417683323fc0eb85b1141b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:95:0d:5e:f6:10:78:1f:a9:65:af:4b:26:50:
                    bf:f5:3b:74:e9:6c:0d:b4:b5:e3:73:10:6b:52:cb:
                    fe:93:1c:67:5d:68:fc:b3:29:67:c9:07:d7:52:7f:
                    4f:2c:e8:35:cd:59:7d:d3:86:52:8b:07:60:e2:96:
                    d4:98:fd:52:b5:be:c0:bd:dd:25:26:50:7e:9a:ab:
                    1e:da:19:de:64:9f:ad:04:2d:0f:cc:b8:c1:3c:b4:
                    25:cd:e8:49:5c:f6:b9:52:15:60:be:0f:d8:fe:2d:
                    41:a0:88:69:c9:dc:9c:6b:dd:fc:bb:c3:aa:03:f8:
                    b5:3f:35:b2:b7:d3:a3:ba:f0:48:e4:19:56:9f:1f:
                    e6:6f:d9:d0:f6:76:5a:50:2b:60:76:b9:4c:4a:56:
                    8b:ea:c4:59:d1:43:99:95:af:d9:ea:03:57:3c:a3:
                    33:4a:99:c0:bb:cc:b6:ce:64:dc:d2:cc:fe:90:47:
                    1e:d6:1a:bf:7a:dd:85:b1:65:25:f5:b2:8e:15:b9:
                    31:f6:20:95:ca:6f:8c:56:cd:55:5d:28:f7:ed:81:
                    d5:e6:f9:6b:f6:a0:94:6d:d1:87:df:f3:fc:45:38:
                    cb:47:1a:9d:c9:d8:ab:16:01:47:4d:c5:ce:c5:7c:
                    eb:13:3b:26:32:f6:55:f8:d9:88:76:95:64:73:63:
                    a1:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:26:34:8C:D4:66:D6:7D:9C:41:76:83:32:3F:C0:EB:85:B1:14:1B
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/LCY0jNRm1n2cQXaDMj_A64WxFBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.7.0/24
                  5.105.30.0-5.105.33.255
                  5.105.96.0/24
                  5.105.130.0/24
                  5.105.184.0/24
                  5.105.200.0/24
                  5.105.215.0/24
                  5.105.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:3e:77:31:4f:de:a7:8d:46:05:4d:ec:5d:c2:5d:09:26:7e:
         04:9a:a2:1c:b0:9d:b2:b7:d6:fb:b6:6a:9e:84:cd:ea:68:fb:
         22:bd:ac:d7:25:7a:49:89:fa:34:22:9c:78:5c:8f:0f:08:89:
         0c:8e:b1:d4:21:2e:2d:3c:7b:8a:3b:1c:77:be:ea:34:df:c0:
         2a:db:52:03:02:27:ae:4d:ae:7e:f3:8b:41:64:bb:e7:5c:b3:
         6d:cb:d9:51:13:e9:75:7e:bf:22:52:1a:e9:30:fd:b2:eb:ad:
         5e:ac:be:cf:d0:e0:8c:47:13:31:7b:30:ab:d0:bd:44:fc:89:
         e2:d7:b5:48:ed:87:fe:29:67:69:6e:3a:73:9e:c6:05:2e:90:
         89:e0:5d:29:8f:b5:bd:cd:29:20:a8:43:17:94:1c:25:c3:f3:
         2c:7c:0c:55:78:c3:2f:4a:be:25:8f:63:43:09:a7:42:7b:4e:
         1f:32:e8:dd:10:83:25:19:db:ed:9a:9e:5c:eb:5b:17:c7:b4:
         5b:df:24:df:20:b1:f8:8b:6f:9b:96:8a:89:ff:29:20:8a:28:
         4e:e2:61:44:75:d1:52:1d:53:ea:ff:12:ad:fc:98:80:0c:b5:
         4d:bb:81:35:08:c5:3a:93:42:84:92:11:09:d8:99:a1:3b:8f:
         65:e4:87:31
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYTH/8zmenoxSk2y8KsBC8RJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjIxMTMwMTAwNTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzI2MzQ4Y2Q0NjZkNjdkOWM0MTc2ODMzMjNmYzBlYjg1YjExNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5UNXvYQeB+pZa9LJlC/9Tt06WwN
tLXjcxBrUsv+kxxnXWj8sylnyQfXUn9PLOg1zVl904ZSiwdg4pbUmP1Stb7Avd0l
JlB+mqse2hneZJ+tBC0PzLjBPLQlzehJXPa5UhVgvg/Y/i1BoIhpydyca938u8Oq
A/i1PzWyt9OjuvBI5BlWnx/mb9nQ9nZaUCtgdrlMSlaL6sRZ0UOZla/Z6gNXPKMz
SpnAu8y2zmTc0sz+kEce1hq/et2FsWUl9bKOFbkx9iCVym+MVs1VXSj37YHV5vlr
9qCUbdGH3/P8RTjLRxqdydirFgFHTcXOxXzrEzsmMvZV+NmIdpVkc2OhWQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFCwmNIzUZtZ9nEF2gzI/wOuFsRQbMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvTENZMGpOUm0xbjJjUVhhRE1qX0E2NFd4RkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQABWkHMAwD
BAEFaR4DBAEFaSADBAAFaWADBAAFaYIDBAAFabgDBAAFacgDBAAFadcDBAAFaeIw
DQYJKoZIhvcNAQELBQADggEBADA+dzFP3qeNRgVN7F3CXQkmfgSaohywnbK31vu2
ap6Ezepo+yK9rNclekmJ+jQinHhcjw8IiQyOsdQhLi08e4o7HHe+6jTfwCrbUgMC
J65Nrn7zi0Fku+dcs23L2VET6XV+vyJSGukw/bLrrV6svs/Q4IxHEzF7MKvQvUT8
ieLXtUjth/4pZ2luOnOexgUukIngXSmPtb3NKSCoQxeUHCXD8yx8DFV4wy9KviWP
Y0MJp0J7Th8y6N0QgyUZ2+2anlzrWxfHtFvfJN8gsfiLb5uWion/KSCKKE7iYUR1
0VIdU+r/Eq38mIAMtU27gTUIxTqTQoSSEQnYmaE7j2XkhzE=
-----END CERTIFICATE-----