Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/21a927-8dd3-48f7-92ce-02ffceff1acc/1/f5YQ6nhFzwaGAZs5iEQElTyg3Rg.roa
File:                     f5YQ6nhFzwaGAZs5iEQElTyg3Rg.roa (raw, json)
Hash identifier:          veq5hrP2JUCtwUbO00E+i85IMrGdm0Iwe4efY3BhAv4=
Subject key identifier:   7F:96:10:EA:78:45:CF:06:86:01:9B:39:88:44:04:95:3C:A0:DD:18
Certificate issuer:       /CN=ecb1ea5a1050a829224ea486c0e22ebfc75d640c
Certificate serial:       018216C0B12FAE6E31813DEB080DB74C2D3B
Authority key identifier: EC:B1:EA:5A:10:50:A8:29:22:4E:A4:86:C0:E2:2E:BF:C7:5D:64:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7LHqWhBQqCkiTqSGwOIuv8ddZAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/21a927-8dd3-48f7-92ce-02ffceff1acc/1/f5YQ6nhFzwaGAZs5iEQElTyg3Rg.roa
Signing time:             Tue 19 Jul 2022 13:58:23 +0000
ROA not before:           Tue 19 Jul 2022 13:58:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62214
IP address blocks:        79.139.56.0/21 maxlen: 21
                          92.119.120.0/22 maxlen: 22
                          193.39.12.0/22 maxlen: 22
                          185.187.72.0/22 maxlen: 22
                          185.43.204.0/22 maxlen: 22
                          193.201.184.0/21 maxlen: 21
                          46.29.136.0/21 maxlen: 21
                          185.80.48.0/22 maxlen: 22
                          2a01:6ee0::/40 maxlen: 40
                          2a01:6ee0::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:16:c0:b1:2f:ae:6e:31:81:3d:eb:08:0d:b7:4c:2d:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecb1ea5a1050a829224ea486c0e22ebfc75d640c
        Validity
            Not Before: Jul 19 13:58:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7f9610ea7845cf0686019b39884404953ca0dd18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4d:90:9e:f8:50:eb:41:b3:cf:55:44:f0:73:
                    1b:dd:16:5a:ac:3f:99:fe:a7:f4:63:b5:a0:9a:e4:
                    c9:3a:37:7c:b9:16:bc:aa:ac:da:76:ea:ea:8f:34:
                    6b:7c:17:c8:51:e5:fd:3c:68:be:f2:5d:d8:a5:97:
                    7d:cc:62:78:5b:d7:f4:8c:82:91:42:1f:d2:2c:00:
                    6d:16:4a:9b:b3:3d:a5:e2:b4:56:fc:54:df:46:b3:
                    7e:14:c0:10:b2:9d:61:c5:1f:4c:de:0a:fd:67:15:
                    4a:91:ba:f4:2e:28:74:94:1d:ae:cd:25:f0:98:5a:
                    03:5f:98:33:ec:39:c5:27:c0:04:3c:17:1a:53:46:
                    a9:27:d6:5a:b3:6a:25:64:39:08:77:48:e3:8b:0e:
                    97:3e:8e:8f:88:34:7d:df:7f:2e:b6:3b:87:1c:0b:
                    fc:4b:7d:55:5f:e5:9b:50:36:ec:89:36:9f:17:fa:
                    3c:75:a3:eb:f8:25:f1:46:cc:53:9b:21:68:f8:4f:
                    c7:ce:76:2c:d2:5f:b3:1d:fb:60:e5:32:af:c2:57:
                    ce:b0:d5:59:eb:36:ae:e9:3e:3a:f3:1e:21:65:92:
                    3f:0e:79:b8:0e:41:b1:ae:17:01:4d:8e:79:d4:7b:
                    43:5d:aa:b0:f8:87:33:a7:f6:f4:74:6d:16:57:40:
                    d7:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:96:10:EA:78:45:CF:06:86:01:9B:39:88:44:04:95:3C:A0:DD:18
            X509v3 Authority Key Identifier:
                keyid:EC:B1:EA:5A:10:50:A8:29:22:4E:A4:86:C0:E2:2E:BF:C7:5D:64:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7LHqWhBQqCkiTqSGwOIuv8ddZAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/21a927-8dd3-48f7-92ce-02ffceff1acc/1/f5YQ6nhFzwaGAZs5iEQElTyg3Rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/21a927-8dd3-48f7-92ce-02ffceff1acc/1/7LHqWhBQqCkiTqSGwOIuv8ddZAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.136.0/21
                  79.139.56.0/21
                  92.119.120.0/22
                  185.43.204.0/22
                  185.80.48.0/22
                  185.187.72.0/22
                  193.39.12.0/22
                  193.201.184.0/21
                IPv6:
                  2a01:6ee0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:19:cf:58:b6:18:99:d7:73:df:96:c8:75:10:f6:0c:34:18:
         ed:15:f3:6d:e5:7d:db:d9:8b:8a:36:75:1f:1e:d0:6c:8b:0b:
         e8:a6:a6:f2:df:1a:14:71:24:44:ea:0b:cf:3a:74:73:81:e6:
         c2:df:f9:6f:1e:93:8e:eb:60:9b:af:da:48:f2:2b:40:a2:97:
         6f:ff:c9:f3:53:e4:3c:b8:44:e0:6f:13:07:b6:71:2d:d0:b4:
         8c:28:e8:f6:5d:87:76:f3:a8:f8:87:35:0e:79:16:d7:72:6d:
         f6:91:0f:cf:3f:1c:e5:c4:70:9b:7e:75:7c:65:71:d9:d0:0c:
         61:34:2c:53:9f:ac:61:36:bc:a9:88:12:4c:eb:88:cf:88:ec:
         51:ac:e9:2d:3e:fd:51:1f:57:e5:d6:16:1c:7e:76:3b:d5:e1:
         d4:00:2f:d7:5f:14:b7:ff:e6:aa:84:7b:ea:e1:f9:34:ce:a3:
         39:43:4f:c0:31:b0:7f:33:66:90:ff:7b:6b:4c:3f:95:c4:32:
         fb:85:cb:ed:d3:b6:00:f7:0b:73:0b:46:79:2d:ae:5f:3f:f6:
         18:65:34:01:eb:0a:e9:1c:0f:a4:9a:68:7d:38:4c:fd:2f:b4:
         32:6a:c2:8e:15:6d:78:13:40:3a:f0:91:b0:c9:06:55:86:98:
         b2:01:9a:b6
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYIWwLEvrm4xgT3rCA23TC07MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjYjFlYTVhMTA1MGE4MjkyMjRlYTQ4NmMwZTIyZWJmYzc1
ZDY0MGMwHhcNMjIwNzE5MTM1ODIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjk2MTBlYTc4NDVjZjA2ODYwMTliMzk4ODQ0MDQ5NTNjYTBkZDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArE2QnvhQ60Gzz1VE8HMb3RZarD+Z
/qf0Y7WgmuTJOjd8uRa8qqzadurqjzRrfBfIUeX9PGi+8l3YpZd9zGJ4W9f0jIKR
Qh/SLABtFkqbsz2l4rRW/FTfRrN+FMAQsp1hxR9M3gr9ZxVKkbr0Lih0lB2uzSXw
mFoDX5gz7DnFJ8AEPBcaU0apJ9Zas2olZDkId0jjiw6XPo6PiDR9338utjuHHAv8
S31VX+WbUDbsiTafF/o8daPr+CXxRsxTmyFo+E/HznYs0l+zHftg5TKvwlfOsNVZ
6zau6T468x4hZZI/Dnm4DkGxrhcBTY551HtDXaqw+Iczp/b0dG0WV0DXNQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFH+WEOp4Rc8GhgGbOYhEBJU8oN0YMB8GA1UdIwQY
MBaAFOyx6loQUKgpIk6khsDiLr/HXWQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0xIcVdoQlFxQ2tpVHFTR3dPSXV2OGRkWkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8yMWE5MjctOGRkMy00OGY3LTkyY2Ut
MDJmZmNlZmYxYWNjLzEvZjVZUTZuaEZ6d2FHQVpzNWlFUUVsVHlnM1JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8yMWE5MjctOGRkMy00OGY3LTkyY2UtMDJmZmNlZmYxYWNj
LzEvN0xIcVdoQlFxQ2tpVHFTR3dPSXV2OGRkWkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDLh2IAwQD
T4s4AwQCXHd4AwQCuSvMAwQCuVAwAwQCubtIAwQCwScMAwQDwcm4MA0EAgACMAcD
BQAqAW7gMA0GCSqGSIb3DQEBCwUAA4IBAQCLGc9YthiZ13Pflsh1EPYMNBjtFfNt
5X3b2YuKNnUfHtBsiwvopqby3xoUcSRE6gvPOnRzgebC3/lvHpOO62Cbr9pI8itA
opdv/8nzU+Q8uETgbxMHtnEt0LSMKOj2XYd286j4hzUOeRbXcm32kQ/PPxzlxHCb
fnV8ZXHZ0AxhNCxTn6xhNrypiBJM64jPiOxRrOktPv1RH1fl1hYcfnY71eHUAC/X
XxS3/+aqhHvq4fk0zqM5Q0/AMbB/M2aQ/3trTD+VxDL7hcvt07YA9wtzC0Z5La5f
P/YYZTQB6wrpHA+kmmh9OEz9L7QyasKOFW14E0A68JGwyQZVhpiyAZq2
-----END CERTIFICATE-----