Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/lJG1PuQIGI1-ABjuCHvbJqP8b-I.roa
File:                     lJG1PuQIGI1-ABjuCHvbJqP8b-I.roa (raw, json)
Hash identifier:          2sw0EpPrc3L+RftEqjkLKdP+3Y/MX3ohyb2oXegKbL0=
Subject key identifier:   94:91:B5:3E:E4:08:18:8D:7E:00:18:EE:08:7B:DB:26:A3:FC:6F:E2
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       04287826
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/lJG1PuQIGI1-ABjuCHvbJqP8b-I.roa
Signing time:             Sat 02 Apr 2022 16:11:12 +0000
ROA not before:           Sat 02 Apr 2022 16:11:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207326
IP address blocks:        78.135.83.199/32 maxlen: 32
                          78.135.83.196/32 maxlen: 32
                          78.135.83.225/32 maxlen: 32
                          78.135.83.224/32 maxlen: 32
                          78.135.83.207/32 maxlen: 32
                          78.135.83.206/32 maxlen: 32
                          78.135.83.204/32 maxlen: 32
                          78.135.83.203/32 maxlen: 32
                          78.135.83.201/32 maxlen: 32
                          78.135.83.223/32 maxlen: 32
                          78.135.83.222/32 maxlen: 32
                          78.135.83.221/32 maxlen: 32
                          78.135.83.220/32 maxlen: 32
                          78.135.83.219/32 maxlen: 32
                          78.135.67.0/24 maxlen: 32
                          78.135.83.218/32 maxlen: 32
                          78.135.83.0/24 maxlen: 32
                          78.135.82.0/24 maxlen: 24
                          78.135.81.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 69761062 (0x4287826)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Apr  2 16:11:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9491b53ee408188d7e0018ee087bdb26a3fc6fe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c9:86:f1:57:ec:6d:fc:ef:10:46:4c:e1:f2:
                    ec:c0:b6:e2:77:aa:07:b1:6f:9d:ee:1b:02:73:ed:
                    49:1f:2b:59:d3:c6:fc:91:da:16:7d:d2:c6:a8:92:
                    bd:03:e1:63:3c:b4:cb:8d:b8:b8:bf:fc:93:0e:de:
                    f5:72:b1:82:89:0a:0a:47:53:c6:f7:41:b0:c1:93:
                    63:13:a0:20:17:7b:6f:1d:a2:26:a9:a6:24:d4:72:
                    90:97:6d:b3:b2:b5:7f:1f:fa:51:56:14:03:d7:79:
                    51:ac:26:75:ac:86:a4:00:b2:3e:15:ae:2b:4f:d7:
                    4f:92:d6:06:05:ff:d3:b5:fc:23:4c:55:85:7c:5f:
                    6d:59:b3:88:20:99:f9:04:ad:e5:ef:37:47:ed:5e:
                    25:f5:05:04:67:21:37:f9:96:a0:6e:33:0f:e9:fb:
                    08:33:b3:12:3b:4b:d0:99:16:99:58:fc:76:05:77:
                    60:0a:3e:c3:ea:9a:7c:9f:b3:1e:ac:6c:29:50:41:
                    d9:78:f9:b7:da:df:42:3a:83:21:ee:84:f5:4e:4c:
                    1b:0c:ae:62:82:bd:a0:2b:54:18:bc:79:ed:c2:5c:
                    76:1a:b2:39:59:61:33:7d:e0:a7:20:f3:b7:5e:a1:
                    a4:ac:94:d8:51:6e:0f:f6:ad:d3:67:5f:db:aa:bd:
                    dd:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:91:B5:3E:E4:08:18:8D:7E:00:18:EE:08:7B:DB:26:A3:FC:6F:E2
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/lJG1PuQIGI1-ABjuCHvbJqP8b-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.67.0/24
                  78.135.81.0-78.135.83.255

    Signature Algorithm: sha256WithRSAEncryption
         02:61:04:b4:ec:c5:0b:ae:39:f1:43:52:8f:83:a9:42:54:b0:
         0f:3b:37:0f:e5:cf:ca:4e:35:3c:d9:ea:c8:55:63:b5:ca:18:
         b0:62:d7:18:9a:3f:d4:a0:28:af:78:59:e7:5d:65:c9:b2:bb:
         c8:34:c9:72:b0:15:06:34:58:20:8d:57:49:40:9b:0f:bb:42:
         9a:fc:d9:8a:09:92:dd:07:5a:85:b1:96:e7:53:08:78:bd:79:
         f2:c7:4a:c3:fe:de:b2:1c:63:7e:b4:ae:54:0d:d9:5a:bf:fa:
         fc:77:91:1c:d3:18:c9:d0:74:d3:88:7a:b8:9b:19:97:9c:b2:
         43:a4:ed:8f:c5:59:8d:bd:71:8a:d8:67:ef:0e:e5:ea:79:d3:
         b2:3d:21:6c:a0:62:e8:0b:7d:60:70:8b:92:9a:df:31:df:c9:
         dd:75:67:f8:12:e6:0a:14:90:48:9e:4c:8a:85:33:be:26:7d:
         d8:14:32:06:36:0e:d5:f6:8f:6e:9d:c8:78:eb:3b:bc:c2:5e:
         a0:91:b3:9c:93:fc:0e:f2:79:25:43:c2:00:7d:ef:bd:23:cd:
         3c:a0:de:7c:82:89:0e:eb:6c:2e:8c:1e:9c:5d:9b:73:b3:6a:
         47:aa:8b:a6:59:25:b3:6c:47:28:e6:ed:ae:02:02:e4:38:4a:
         6f:ab:2c:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIEBCh4JjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
OWQ1NzQ0N2UzNDIwYjg1Mzg3NWI2ZmE0MDM3MmFhZGUzMTkyY2EyMB4XDTIyMDQw
MjE2MTExMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTQ5MWI1M2VlNDA4
MTg4ZDdlMDAxOGVlMDg3YmRiMjZhM2ZjNmZlMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOTJhvFX7G387xBGTOHy7MC24neqB7Fvne4bAnPtSR8rWdPG
/JHaFn3SxqiSvQPhYzy0y424uL/8kw7e9XKxgokKCkdTxvdBsMGTYxOgIBd7bx2i
JqmmJNRykJdts7K1fx/6UVYUA9d5UawmdayGpACyPhWuK0/XT5LWBgX/07X8I0xV
hXxfbVmziCCZ+QSt5e83R+1eJfUFBGchN/mWoG4zD+n7CDOzEjtL0JkWmVj8dgV3
YAo+w+qafJ+zHqxsKVBB2Xj5t9rfQjqDIe6E9U5MGwyuYoK9oCtUGLx57cJcdhqy
OVlhM33gpyDzt16hpKyU2FFuD/at02df26q93ZECAwEAAaOCAhcwggITMB0GA1Ud
DgQWBBSUkbU+5AgYjX4AGO4Ie9smo/xv4jAfBgNVHSMEGDAWgBTJ1XRH40ILhTh1
tvpANyqt4xksojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lkVjBSLU5DQzRVNGRiYjZRRGNxcmVNWkxLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGQvMTU4NmZkLWZkMmMtNDFmOC04ZmU5LTRlMTk4ZjBhNjAxMy8x
L2xKRzFQdVFJR0kxLUFCanVDSHZiSnFQOGItSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQv
MTU4NmZkLWZkMmMtNDFmOC04ZmU5LTRlMTk4ZjBhNjAxMy8xL3lkVjBSLU5DQzRV
NGRiYjZRRGNxcmVNWkxLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAt
BggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFAMEAE6HQzAMAwQATodRAwQCTodQMA0G
CSqGSIb3DQEBCwUAA4IBAQACYQS07MULrjnxQ1KPg6lCVLAPOzcP5c/KTjU82erI
VWO1yhiwYtcYmj/UoCiveFnnXWXJsrvINMlysBUGNFggjVdJQJsPu0Ka/NmKCZLd
B1qFsZbnUwh4vXnyx0rD/t6yHGN+tK5UDdlav/r8d5Ec0xjJ0HTTiHq4mxmXnLJD
pO2PxVmNvXGK2GfvDuXqedOyPSFsoGLoC31gcIuSmt8x38nddWf4EuYKFJBInkyK
hTO+Jn3YFDIGNg7V9o9unch46zu8wl6gkbOck/wO8nklQ8IAfe+9I808oN58gokO
62wujB6cXZtzs2pHqoumWSWzbEco5u2uAgLkOEpvqyxC
-----END CERTIFICATE-----