Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/22A87MNl9VnVBJFJGS9UgcpUis4.roa
File:                     22A87MNl9VnVBJFJGS9UgcpUis4.roa (raw, json)
Hash identifier:          jjnLhPF+9D4aD1vagEcZ2sQK852kBot2zqnmR5iF6kU=
Subject key identifier:   DB:60:3C:EC:C3:65:F5:59:D5:04:91:49:19:2F:54:81:CA:54:8A:CE
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0184BCE3B8E2FB9291F9AAFE97563D80D6DB
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/22A87MNl9VnVBJFJGS9UgcpUis4.roa
Signing time:             Mon 28 Nov 2022 06:19:11 +0000
ROA not before:           Mon 28 Nov 2022 06:19:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61138
IP address blocks:        84.32.57.0/24 maxlen: 24
                          84.32.67.0/24 maxlen: 24
                          88.216.187.0/24 maxlen: 24
                          84.32.85.0/24 maxlen: 24
                          84.32.91.0/24 maxlen: 24
                          88.216.130.0/24 maxlen: 24
                          84.32.241.0/24 maxlen: 24
                          84.32.39.0/24 maxlen: 24
                          88.216.100.0/24 maxlen: 24
                          88.216.101.0/24 maxlen: 24
                          88.216.37.0/24 maxlen: 24
                          88.216.38.0/24 maxlen: 24
                          88.216.39.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:bc:e3:b8:e2:fb:92:91:f9:aa:fe:97:56:3d:80:d6:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 28 06:19:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=db603cecc365f559d5049149192f5481ca548ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1e:5a:2c:98:7c:ee:2e:ed:ee:59:99:1a:93:
                    0c:be:51:55:1d:01:d8:56:27:17:54:54:e1:38:d1:
                    d9:c9:a2:7b:37:31:99:b5:8e:af:40:60:1d:03:3f:
                    a0:7b:c3:e4:4a:60:fa:19:7a:40:f1:52:27:4d:0e:
                    ee:87:ad:c8:ee:e2:be:55:02:f7:e2:cd:0b:ab:aa:
                    cb:9c:b5:10:0f:77:5a:1e:3b:6e:9d:cd:33:54:db:
                    de:29:5e:47:d1:7e:dd:53:df:e5:e5:68:9d:5b:f1:
                    1c:0c:f3:2f:d6:31:1d:90:2e:71:06:6d:d9:30:da:
                    2c:c0:4f:0e:10:1e:6e:3b:f6:8a:7c:c0:bb:ff:44:
                    7f:73:dc:43:15:33:e9:df:77:23:c0:63:85:ad:77:
                    e5:73:cd:44:84:3f:b5:b5:0b:08:d2:bd:17:8a:ed:
                    0f:11:a9:5b:e7:dd:32:d8:e3:63:50:c8:3f:f0:8c:
                    1e:50:3c:9d:7d:51:07:01:73:ad:10:50:df:86:ea:
                    f5:e8:78:38:ee:e0:e0:75:b9:87:6c:ee:fc:e7:57:
                    50:12:a7:51:99:84:0c:f4:d4:2d:30:57:d3:43:ff:
                    58:aa:66:8e:83:07:0d:4b:ea:77:9c:44:6e:d4:a0:
                    cf:0e:75:9c:ac:65:e8:31:4d:42:13:05:d0:4d:34:
                    7c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:60:3C:EC:C3:65:F5:59:D5:04:91:49:19:2F:54:81:CA:54:8A:CE
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/22A87MNl9VnVBJFJGS9UgcpUis4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.39.0/24
                  84.32.57.0/24
                  84.32.67.0/24
                  84.32.85.0/24
                  84.32.91.0/24
                  84.32.241.0/24
                  88.216.37.0-88.216.39.255
                  88.216.100.0/23
                  88.216.130.0/24
                  88.216.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:53:de:7f:73:e1:9b:4f:23:52:4e:b9:d0:41:9a:4c:2e:c7:
         b0:74:8f:72:50:e2:00:90:cd:5e:7b:13:e3:9f:4f:56:ba:5e:
         06:c7:20:4f:c2:5d:92:47:20:47:47:44:3e:7a:74:48:ef:f9:
         2b:56:e7:25:9d:b4:50:c2:de:1b:aa:6a:42:93:06:66:8a:09:
         ec:e2:0d:2d:90:76:2d:14:41:39:34:b7:83:b8:d7:71:7a:66:
         55:03:a3:6e:d2:e1:29:29:51:15:68:d9:df:68:08:00:a7:05:
         46:7f:10:99:94:94:f4:cc:51:1a:68:f1:f3:ad:2c:ea:fe:07:
         2b:03:6a:71:db:81:56:93:9b:09:f8:1b:52:cb:0e:a8:0f:3d:
         31:5e:e1:4d:84:8f:96:55:a3:ef:1f:81:8b:38:44:dc:b9:aa:
         7d:26:25:99:1b:09:42:b5:5f:43:c8:12:48:2e:2d:69:08:d1:
         75:ad:50:aa:6f:3d:55:c5:b0:5c:47:d0:e6:27:a0:f8:74:30:
         30:a8:8a:3b:63:bb:c0:53:85:01:3c:f9:60:d8:32:43:02:e2:
         29:39:25:46:f4:e3:8f:a4:9f:be:a2:a7:56:a1:87:12:e5:e6:
         eb:d6:69:99:b9:a7:2b:75:a5:80:d9:d1:d0:91:3b:26:a8:18:
         85:44:71:ba
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYS847ji+5KR+ar+l1Y9gNbbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTI4MDYxOTExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjYwM2NlY2MzNjVmNTU5ZDUwNDkxNDkxOTJmNTQ4MWNhNTQ4YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh5aLJh87i7t7lmZGpMMvlFVHQHY
VicXVFThONHZyaJ7NzGZtY6vQGAdAz+ge8PkSmD6GXpA8VInTQ7uh63I7uK+VQL3
4s0Lq6rLnLUQD3daHjtunc0zVNveKV5H0X7dU9/l5WidW/EcDPMv1jEdkC5xBm3Z
MNoswE8OEB5uO/aKfMC7/0R/c9xDFTPp33cjwGOFrXflc81EhD+1tQsI0r0Xiu0P
Ealb590y2ONjUMg/8IweUDydfVEHAXOtEFDfhur16Hg47uDgdbmHbO7851dQEqdR
mYQM9NQtMFfTQ/9YqmaOgwcNS+p3nERu1KDPDnWcrGXoMU1CEwXQTTR8MwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNtgPOzDZfVZ1QSRSRkvVIHKVIrOMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvMjJBODdNTmw5Vm5WQkpGSkdTOVVnY3BVaXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAVCAnAwQA
VCA5AwQAVCBDAwQAVCBVAwQAVCBbAwQAVCDxMAwDBABY2CUDBANY2CADBAFY2GQD
BABY2IIDBABY2LswDQYJKoZIhvcNAQELBQADggEBAD5T3n9z4ZtPI1JOudBBmkwu
x7B0j3JQ4gCQzV57E+OfT1a6XgbHIE/CXZJHIEdHRD56dEjv+StW5yWdtFDC3huq
akKTBmaKCeziDS2Qdi0UQTk0t4O413F6ZlUDo27S4SkpURVo2d9oCACnBUZ/EJmU
lPTMURpo8fOtLOr+BysDanHbgVaTmwn4G1LLDqgPPTFe4U2Ej5ZVo+8fgYs4RNy5
qn0mJZkbCUK1X0PIEkguLWkI0XWtUKpvPVXFsFxH0OYnoPh0MDCoijtju8BThQE8
+WDYMkMC4ik5JUb044+kn76ip1ahhxLl5uvWaZm5pyt1pYDZ0dCROyaoGIVEcbo=
-----END CERTIFICATE-----