Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/dc616f-de9b-478e-8539-8ce51018e2e6/1/eHpSgdWZzYNK-nvkUYjJueE3C78.roa
File:                     eHpSgdWZzYNK-nvkUYjJueE3C78.roa (raw, json)
Hash identifier:          1ij9iEFnOmkhPjse7atN8ItAjSRqHFrboxislz/YS2s=
Subject key identifier:   78:7A:52:81:D5:99:CD:83:4A:FA:7B:E4:51:88:C9:B9:E1:37:0B:BF
Certificate issuer:       /CN=cfa968319d72a98a759400338b70fdc678912de6
Certificate serial:       0183F4D128ABF7E471A0C00F5F5ED28586EE
Authority key identifier: CF:A9:68:31:9D:72:A9:8A:75:94:00:33:8B:70:FD:C6:78:91:2D:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z6loMZ1yqYp1lAAzi3D9xniRLeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/dc616f-de9b-478e-8539-8ce51018e2e6/1/eHpSgdWZzYNK-nvkUYjJueE3C78.roa
Signing time:             Thu 20 Oct 2022 09:54:51 +0000
ROA not before:           Thu 20 Oct 2022 09:54:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41887
IP address blocks:        94.228.128.0/20 maxlen: 24
                          94.228.133.226/32 maxlen: 32
                          195.144.2.0/24 maxlen: 24
                          94.228.129.181/32 maxlen: 32
                          178.22.80.0/21 maxlen: 24
                          62.204.64.0/19 maxlen: 24
                          62.204.64.0/20 maxlen: 24
                          62.204.64.0/24 maxlen: 24
                          185.63.164.0/22 maxlen: 24
                          62.204.67.0/24 maxlen: 24
                          62.204.66.0/24 maxlen: 24
                          62.204.65.0/24 maxlen: 24
                          62.204.80.0/20 maxlen: 20
                          62.204.94.0/23 maxlen: 24
                          62.204.92.0/22 maxlen: 22
                          62.204.92.0/23 maxlen: 24
                          2a00:d00::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:f4:d1:28:ab:f7:e4:71:a0:c0:0f:5f:5e:d2:85:86:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfa968319d72a98a759400338b70fdc678912de6
        Validity
            Not Before: Oct 20 09:54:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=787a5281d599cd834afa7be45188c9b9e1370bbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:60:56:12:f3:7c:86:2e:81:32:45:f4:47:4c:
                    cd:95:17:7c:d0:e1:ba:ae:8f:db:a4:0c:d8:e5:01:
                    3c:8f:6b:9f:08:22:30:ee:20:c4:ad:4c:84:ce:fa:
                    5f:3a:22:0e:cc:71:c4:3a:03:36:80:8b:55:31:3f:
                    34:f8:96:de:91:1d:5f:2c:41:f9:59:89:fc:5e:14:
                    11:b1:51:75:f3:e2:d6:3b:40:71:97:a7:9d:c7:9b:
                    ad:af:93:df:16:2f:db:de:ee:74:a1:65:20:08:7c:
                    39:c8:7e:b2:92:c5:35:56:87:f1:c3:f9:5c:ec:98:
                    0a:69:7d:b5:69:46:12:70:c2:ac:ed:cc:9c:42:60:
                    c1:31:26:a2:61:ac:a1:a0:59:a0:b1:6c:7a:7d:e7:
                    8c:6f:0b:6c:dc:34:5d:2a:e0:ee:a2:31:5d:a1:cf:
                    e0:e4:cf:70:fb:8b:79:78:c6:a4:01:96:d6:1a:01:
                    02:68:0a:57:fd:db:14:6d:0d:e7:c9:51:df:cb:f6:
                    d7:77:9a:02:e1:f6:bb:49:ac:d2:39:0b:62:67:2d:
                    2b:a7:de:a7:6d:1b:f1:9d:cf:1d:78:86:f3:66:ef:
                    93:1e:20:0e:01:51:dc:01:13:d0:bb:b9:6a:0a:13:
                    f6:de:55:45:48:43:8c:c8:20:d3:c2:c6:ed:35:9c:
                    e1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:7A:52:81:D5:99:CD:83:4A:FA:7B:E4:51:88:C9:B9:E1:37:0B:BF
            X509v3 Authority Key Identifier:
                keyid:CF:A9:68:31:9D:72:A9:8A:75:94:00:33:8B:70:FD:C6:78:91:2D:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z6loMZ1yqYp1lAAzi3D9xniRLeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dc616f-de9b-478e-8539-8ce51018e2e6/1/eHpSgdWZzYNK-nvkUYjJueE3C78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dc616f-de9b-478e-8539-8ce51018e2e6/1/z6loMZ1yqYp1lAAzi3D9xniRLeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.64.0/19
                  94.228.128.0/20
                  178.22.80.0/21
                  185.63.164.0/22
                  195.144.2.0/24
                IPv6:
                  2a00:d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:28:89:6f:6d:3a:23:2f:c7:5e:cb:bd:a1:3c:9d:38:5d:6b:
         d8:32:cb:d7:08:6f:ae:bd:52:cd:ee:b5:33:f2:a2:ee:7c:81:
         1e:ef:9c:d1:02:44:f8:5f:de:24:5b:d0:7c:9f:ed:87:a5:60:
         e7:e4:43:18:be:4a:65:4f:af:18:61:5a:37:bf:fb:75:75:56:
         7f:33:98:09:a8:8c:da:70:79:0f:22:2c:14:ab:a9:e2:c7:b3:
         d7:e3:2a:19:52:9c:7f:c9:d4:fa:a6:50:18:8a:2f:86:2d:bc:
         ad:7e:23:b9:7c:74:cc:84:b3:e5:60:d1:68:f8:56:b8:21:26:
         93:b8:7a:84:fa:f3:cc:23:ea:46:7f:af:12:1f:03:c0:3d:49:
         5c:09:59:06:6e:8d:03:3a:aa:4e:6a:94:8d:f3:e7:ed:59:3d:
         47:e6:f9:a0:1c:61:6b:1f:06:f6:47:13:fb:28:9d:0a:f6:df:
         d4:10:69:8c:35:4b:ee:78:38:cc:52:a7:11:2a:62:15:44:1f:
         e3:e1:b5:1d:79:1e:0b:45:ae:8a:f2:d1:9b:4a:27:01:d2:ce:
         42:0d:e4:63:0c:04:6a:f9:db:1d:15:df:49:32:ae:7f:80:73:
         0a:5c:37:09:d3:4a:fe:cb:6c:be:ee:95:f6:a0:80:b8:68:63:
         58:64:ba:66
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYP00Sir9+RxoMAPX17ShYbuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYTk2ODMxOWQ3MmE5OGE3NTk0MDAzMzhiNzBmZGM2Nzg5
MTJkZTYwHhcNMjIxMDIwMDk1NDUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODdhNTI4MWQ1OTljZDgzNGFmYTdiZTQ1MTg4YzliOWUxMzcwYmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWBWEvN8hi6BMkX0R0zNlRd80OG6
ro/bpAzY5QE8j2ufCCIw7iDErUyEzvpfOiIOzHHEOgM2gItVMT80+JbekR1fLEH5
WYn8XhQRsVF18+LWO0Bxl6edx5utr5PfFi/b3u50oWUgCHw5yH6yksU1Vofxw/lc
7JgKaX21aUYScMKs7cycQmDBMSaiYayhoFmgsWx6feeMbwts3DRdKuDuojFdoc/g
5M9w+4t5eMakAZbWGgECaApX/dsUbQ3nyVHfy/bXd5oC4fa7SazSOQtiZy0rp96n
bRvxnc8deIbzZu+THiAOAVHcARPQu7lqChP23lVFSEOMyCDTwsbtNZzh2QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFHh6UoHVmc2DSvp75FGIybnhNwu/MB8GA1UdIwQY
MBaAFM+paDGdcqmKdZQAM4tw/cZ4kS3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejZsb01aMXlxWXAxbEFBemkzRDl4bmlSTGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9kYzYxNmYtZGU5Yi00NzhlLTg1Mzkt
OGNlNTEwMThlMmU2LzEvZUhwU2dkV1p6WU5LLW52a1VZakp1ZUUzQzc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9kYzYxNmYtZGU5Yi00NzhlLTg1MzktOGNlNTEwMThlMmU2
LzEvejZsb01aMXlxWXAxbEFBemkzRDl4bmlSTGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFPsxAAwQE
XuSAAwQDshZQAwQCuT+kAwQAw5ACMA0EAgACMAcDBQMqAA0AMA0GCSqGSIb3DQEB
CwUAA4IBAQBPKIlvbTojL8dey72hPJ04XWvYMsvXCG+uvVLN7rUz8qLufIEe75zR
AkT4X94kW9B8n+2HpWDn5EMYvkplT68YYVo3v/t1dVZ/M5gJqIzacHkPIiwUq6ni
x7PX4yoZUpx/ydT6plAYii+GLbytfiO5fHTMhLPlYNFo+Fa4ISaTuHqE+vPMI+pG
f68SHwPAPUlcCVkGbo0DOqpOapSN8+ftWT1H5vmgHGFrHwb2RxP7KJ0K9t/UEGmM
NUvueDjMUqcRKmIVRB/j4bUdeR4LRa6K8tGbSicB0s5CDeRjDARq+dsdFd9JMq5/
gHMKXDcJ00r+y2y+7pX2oIC4aGNYZLpm
-----END CERTIFICATE-----