Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/KYtDoa7Wvh2Er1qVaImc2YZFi9U.roa
File:                     KYtDoa7Wvh2Er1qVaImc2YZFi9U.roa (raw, json)
Hash identifier:          BmY1RXc0xV0m6m8+PWi2yyPGn7EgQaCcxhDLIxO2dOI=
Subject key identifier:   29:8B:43:A1:AE:D6:BE:1D:84:AF:5A:95:68:89:9C:D9:86:45:8B:D5
Certificate issuer:       /CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Certificate serial:       0182A97C0DDA0091706F0CB169D07F28AD40
Authority key identifier: 8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/KYtDoa7Wvh2Er1qVaImc2YZFi9U.roa
Signing time:             Wed 17 Aug 2022 01:47:35 +0000
ROA not before:           Wed 17 Aug 2022 01:47:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209372
IP address blocks:        158.46.251.0/24 maxlen: 24
                          158.46.250.0/24 maxlen: 24
                          178.171.69.0/24 maxlen: 24
                          178.171.88.0/23 maxlen: 23
                          158.46.188.0/22 maxlen: 24
                          178.171.104.0/24 maxlen: 24
                          178.171.100.0/24 maxlen: 24
                          158.46.200.0/21 maxlen: 21
                          178.171.20.0/22 maxlen: 24
                          178.171.32.0/22 maxlen: 22
                          178.171.36.0/24 maxlen: 24
                          178.171.37.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:a9:7c:0d:da:00:91:70:6f:0c:b1:69:d0:7f:28:ad:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
        Validity
            Not Before: Aug 17 01:47:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=298b43a1aed6be1d84af5a9568899cd986458bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5e:c2:08:80:77:f4:b4:9e:c7:7b:6a:a1:42:
                    ac:1b:50:21:18:6f:30:bd:26:33:31:c2:24:11:c7:
                    62:a9:9e:5f:49:6c:ab:07:8d:df:29:b3:10:4c:a6:
                    e2:5a:6f:0e:80:15:f1:fa:21:56:14:a2:92:9c:a8:
                    a3:ae:d0:cf:d6:0b:ff:dc:59:64:ac:28:d2:df:a0:
                    17:6d:ac:44:ad:c0:a7:cd:5d:3b:b0:3d:a9:82:51:
                    c9:6b:a2:78:e2:56:2b:05:20:ad:6b:47:e5:a9:2b:
                    e0:c1:98:49:66:4e:99:94:31:48:4c:a8:e5:bc:35:
                    0b:ab:38:dd:24:16:a3:b8:34:8f:c4:f3:ee:32:6e:
                    64:a7:ff:6b:a1:82:9c:e5:c2:fd:32:97:f7:41:c1:
                    cd:ba:3a:51:b9:ff:42:e2:ce:fc:57:3b:0a:d7:24:
                    54:87:58:fa:71:06:bd:b6:43:ba:a7:73:c7:cf:9f:
                    70:b7:3f:87:6d:d6:83:d6:cb:0b:ed:39:22:ac:d7:
                    a4:9b:7d:1a:2a:a3:d7:15:bf:9f:63:f8:3e:6e:72:
                    f4:3e:04:07:2f:41:e6:66:f0:2a:1e:9c:34:3d:51:
                    28:80:28:3d:7f:f6:5f:55:7a:1a:35:48:e2:2e:76:
                    42:6d:ad:a0:16:ff:85:51:06:aa:d8:45:4f:bd:ff:
                    12:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:8B:43:A1:AE:D6:BE:1D:84:AF:5A:95:68:89:9C:D9:86:45:8B:D5
            X509v3 Authority Key Identifier:
                keyid:8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/KYtDoa7Wvh2Er1qVaImc2YZFi9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.46.188.0/22
                  158.46.200.0/21
                  158.46.250.0/23
                  178.171.20.0/22
                  178.171.32.0-178.171.37.255
                  178.171.69.0/24
                  178.171.88.0/23
                  178.171.100.0/24
                  178.171.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:ec:11:7f:b6:d9:90:6c:8e:2f:1f:9f:e4:0b:e2:f7:d6:5d:
         2f:72:32:3c:43:74:3d:bf:cc:cf:1b:92:a3:f3:09:cd:b2:a0:
         13:f9:84:a3:54:ad:67:2f:16:b0:fd:4e:87:f2:05:60:44:b9:
         16:d9:90:de:b3:b3:10:98:a3:66:b2:90:11:04:27:59:4d:13:
         12:14:df:e5:20:f6:2d:7a:49:ab:e7:3c:de:3f:54:04:72:29:
         4a:63:e0:1f:0e:c2:1f:2e:23:84:b2:fe:d8:28:a1:f0:61:de:
         07:c0:66:52:95:c5:a9:3f:65:5c:0f:96:81:d5:52:cd:f4:fe:
         a3:2f:26:d7:8a:53:90:97:d7:dd:fe:1b:c6:dd:f2:88:f8:61:
         e0:2f:b1:1c:9a:92:31:eb:9a:50:9e:f3:da:a4:ef:5a:66:11:
         32:cd:4c:8d:89:15:ee:84:0f:ea:70:e9:dd:cb:7a:9a:a2:50:
         75:2b:60:c5:1a:85:c4:9d:73:a5:13:30:c1:fc:93:07:d7:75:
         8d:5a:eb:ac:b2:c7:f5:b1:30:ad:25:60:b0:bf:3a:df:e3:9a:
         86:34:2c:d9:fc:9a:7a:62:6f:fb:cd:94:d3:61:08:00:19:c4:
         95:5c:cf:4b:c1:d3:b3:e1:c6:fd:95:22:d2:ce:be:3d:be:ee:
         d2:75:79:1c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYKpfA3aAJFwbwyxadB/KK1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMTFjYjAxNWRmOWJhYWI2MTIyOGRiYmNlMTdkZDRlMDBl
NjNjMTMwHhcNMjIwODE3MDE0NzM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOThiNDNhMWFlZDZiZTFkODRhZjVhOTU2ODg5OWNkOTg2NDU4YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv17CCIB39LSex3tqoUKsG1AhGG8w
vSYzMcIkEcdiqZ5fSWyrB43fKbMQTKbiWm8OgBXx+iFWFKKSnKijrtDP1gv/3Flk
rCjS36AXbaxErcCnzV07sD2pglHJa6J44lYrBSCta0flqSvgwZhJZk6ZlDFITKjl
vDULqzjdJBajuDSPxPPuMm5kp/9roYKc5cL9Mpf3QcHNujpRuf9C4s78VzsK1yRU
h1j6cQa9tkO6p3PHz59wtz+HbdaD1ssL7TkirNekm30aKqPXFb+fY/g+bnL0PgQH
L0HmZvAqHpw0PVEogCg9f/ZfVXoaNUjiLnZCba2gFv+FUQaq2EVPvf8S5QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCmLQ6Gu1r4dhK9alWiJnNmGRYvVMB8GA1UdIwQY
MBaAFI0RywFd+bqrYSKNu84X3U4A5jwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEt
YmE3NzFmZmQyNjljLzEvS1l0RG9hN1d2aDJFcjFxVmFJbWMyWVpGaTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEtYmE3NzFmZmQyNjlj
LzEvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCni68AwQD
ni7IAwQBni76AwQCsqsUMAwDBAWyqyADBAGyqyQDBACyq0UDBAGyq1gDBACyq2QD
BACyq2gwDQYJKoZIhvcNAQELBQADggEBACLsEX+22ZBsji8fn+QL4vfWXS9yMjxD
dD2/zM8bkqPzCc2yoBP5hKNUrWcvFrD9TofyBWBEuRbZkN6zsxCYo2aykBEEJ1lN
ExIU3+Ug9i16SavnPN4/VARyKUpj4B8Owh8uI4Sy/tgoofBh3gfAZlKVxak/ZVwP
loHVUs30/qMvJteKU5CX193+G8bd8oj4YeAvsRyakjHrmlCe89qk71pmETLNTI2J
Fe6ED+pw6d3LepqiUHUrYMUahcSdc6UTMMH8kwfXdY1a66yyx/WxMK0lYLC/Ot/j
moY0LNn8mnpib/vNlNNhCAAZxJVcz0vB07Phxv2VItLOvj2+7tJ1eRw=
-----END CERTIFICATE-----