Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/Zgy5S067AJXFbYCEF_wazzEx_yQ.roa
File:                     Zgy5S067AJXFbYCEF_wazzEx_yQ.roa (raw, json)
Hash identifier:          oPnKGyN/W2AAvX6FN6qD4p2DmjsCL1ELBzkgTcRfc+s=
Subject key identifier:   66:0C:B9:4B:4E:BB:00:95:C5:6D:80:84:17:FC:1A:CF:31:31:FF:24
Certificate issuer:       /CN=6efa8c0fe62ec54accbde35c60bd8ad4b9014ff7
Certificate serial:       0184652867EAD50A8733A04C82733AE5BB32
Authority key identifier: 6E:FA:8C:0F:E6:2E:C5:4A:CC:BD:E3:5C:60:BD:8A:D4:B9:01:4F:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bvqMD-YuxUrMveNcYL2K1LkBT_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/Zgy5S067AJXFbYCEF_wazzEx_yQ.roa
Signing time:             Fri 11 Nov 2022 05:27:37 +0000
ROA not before:           Fri 11 Nov 2022 05:27:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     63399
IP address blocks:        185.91.9.0/24 maxlen: 24
                          185.91.8.0/24 maxlen: 24
                          2a05:e580:800::/40 maxlen: 40
                          2a05:e580:200::/40 maxlen: 40
                          2a05:e580:300::/40 maxlen: 40
                          2a05:e580:c00::/40 maxlen: 40
                          2a05:e580:500::/40 maxlen: 40
                          2a05:e580:a00::/40 maxlen: 40
                          2a05:e580:b00::/40 maxlen: 40
                          2a05:e580:100::/40 maxlen: 40
                          2a05:e580:900::/40 maxlen: 40
                          2a05:e580:600::/40 maxlen: 40
                          2a05:e580:400::/40 maxlen: 40
                          2a05:e580:700::/40 maxlen: 40
                          2a05:e580::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:65:28:67:ea:d5:0a:87:33:a0:4c:82:73:3a:e5:bb:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6efa8c0fe62ec54accbde35c60bd8ad4b9014ff7
        Validity
            Not Before: Nov 11 05:27:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=660cb94b4ebb0095c56d808417fc1acf3131ff24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4b:df:22:9c:53:3a:35:4a:37:5c:1b:e8:db:
                    2d:1a:41:6e:54:3e:50:2c:aa:d0:c5:e2:44:e4:63:
                    c7:9b:a8:6e:ce:70:fd:cf:bc:27:86:9b:2d:5e:dd:
                    a1:b8:f7:ba:92:cf:5c:a9:71:22:da:8b:d8:70:af:
                    72:d7:ec:f0:21:9c:84:32:bd:37:dd:16:45:3b:66:
                    51:a9:e0:a7:34:32:9b:50:db:12:39:4e:09:fe:0f:
                    94:e8:19:c4:9e:09:ba:ff:34:b4:a0:33:c9:27:36:
                    cc:9e:ef:a5:d4:1c:f3:67:7a:f7:a2:93:6a:9f:c3:
                    5e:7a:9c:ca:9c:99:b7:53:d8:82:4f:55:e2:c8:99:
                    f1:f6:3d:4f:6c:5e:92:5b:17:71:40:f1:df:7b:20:
                    6b:e9:55:d0:0e:af:4f:00:bf:e7:31:cf:76:65:ef:
                    7d:51:75:d1:16:11:09:39:33:58:ca:13:b3:cb:14:
                    bf:54:e2:ca:8b:c1:a4:0f:df:49:07:45:15:e0:70:
                    a6:c5:a3:28:b8:ef:f9:24:8b:44:ee:69:c7:b3:0e:
                    d2:ef:c8:23:39:0a:53:90:9f:61:78:be:27:a4:ae:
                    e1:da:5d:ff:36:c0:63:b3:6f:94:21:61:86:86:cc:
                    af:e5:1e:f9:6e:3c:7d:f1:b9:4e:17:a0:97:51:f2:
                    27:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:0C:B9:4B:4E:BB:00:95:C5:6D:80:84:17:FC:1A:CF:31:31:FF:24
            X509v3 Authority Key Identifier:
                keyid:6E:FA:8C:0F:E6:2E:C5:4A:CC:BD:E3:5C:60:BD:8A:D4:B9:01:4F:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bvqMD-YuxUrMveNcYL2K1LkBT_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/Zgy5S067AJXFbYCEF_wazzEx_yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/bvqMD-YuxUrMveNcYL2K1LkBT_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.8.0/23
                IPv6:
                  2a05:e580::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:1d:12:e4:3a:1a:eb:cd:66:aa:12:b3:be:b7:f8:93:62:28:
         75:90:e2:dd:d4:6a:db:40:20:56:31:ca:33:39:8b:5f:b9:9c:
         e6:fe:01:c6:ac:b9:79:37:ef:a4:e4:f6:14:67:d2:a6:fd:ef:
         2b:38:89:59:cf:10:98:1c:3f:78:c9:1a:fe:65:d4:f7:20:b1:
         5d:78:bd:dd:1c:9f:6f:3b:4f:f0:37:9b:ab:cf:05:ea:3f:4c:
         45:73:1c:f9:11:19:ff:e8:3f:e0:20:e3:d1:70:4d:d7:57:77:
         d4:06:06:ca:d0:50:28:49:de:92:37:54:e1:97:c5:23:81:37:
         81:2d:97:18:f7:09:30:bb:3d:8c:71:6f:cf:12:cb:f3:56:cf:
         52:bd:ca:58:5e:6d:2a:93:a1:5a:6e:4d:85:a2:da:62:4c:58:
         34:32:dd:e1:61:bb:7f:0b:45:ea:06:61:96:9a:cd:08:ae:f8:
         ec:4e:72:bd:4c:21:c8:13:c2:34:c9:b2:ca:68:57:4b:74:d7:
         7f:6e:0a:b2:86:4a:3a:22:f5:00:18:43:0e:c5:f4:c2:2f:1a:
         4e:0e:36:9a:3f:cd:41:c5:c7:51:54:4c:d3:17:82:35:82:33:
         7c:91:fa:f5:3f:3c:7e:78:cb:f5:2d:c1:10:da:e0:2b:70:f0:
         05:be:9d:89
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYRlKGfq1QqHM6BMgnM65bsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZmE4YzBmZTYyZWM1NGFjY2JkZTM1YzYwYmQ4YWQ0Yjkw
MTRmZjcwHhcNMjIxMTExMDUyNzM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjBjYjk0YjRlYmIwMDk1YzU2ZDgwODQxN2ZjMWFjZjMxMzFmZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0vfIpxTOjVKN1wb6NstGkFuVD5Q
LKrQxeJE5GPHm6huznD9z7wnhpstXt2huPe6ks9cqXEi2ovYcK9y1+zwIZyEMr03
3RZFO2ZRqeCnNDKbUNsSOU4J/g+U6BnEngm6/zS0oDPJJzbMnu+l1BzzZ3r3opNq
n8NeepzKnJm3U9iCT1XiyJnx9j1PbF6SWxdxQPHfeyBr6VXQDq9PAL/nMc92Ze99
UXXRFhEJOTNYyhOzyxS/VOLKi8GkD99JB0UV4HCmxaMouO/5JItE7mnHsw7S78gj
OQpTkJ9heL4npK7h2l3/NsBjs2+UIWGGhsyv5R75bjx98blOF6CXUfInMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGYMuUtOuwCVxW2AhBf8Gs8xMf8kMB8GA1UdIwQY
MBaAFG76jA/mLsVKzL3jXGC9itS5AU/3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnZxTUQtWXV4VXJNdmVOY1lMMksxTGtCVF9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82YzdiMjItYjY1Zi00ZjM3LWE0MGUt
YTk5MTdjYzE1ZTBhLzEvWmd5NVMwNjdBSlhGYllDRUZfd2F6ekV4X3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82YzdiMjItYjY1Zi00ZjM3LWE0MGUtYTk5MTdjYzE1ZTBh
LzEvYnZxTUQtWXV4VXJNdmVOY1lMMksxTGtCVF9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuVsIMA0E
AgACMAcDBQMqBeWAMA0GCSqGSIb3DQEBCwUAA4IBAQABHRLkOhrrzWaqErO+t/iT
Yih1kOLd1GrbQCBWMcozOYtfuZzm/gHGrLl5N++k5PYUZ9Km/e8rOIlZzxCYHD94
yRr+ZdT3ILFdeL3dHJ9vO0/wN5urzwXqP0xFcxz5ERn/6D/gIOPRcE3XV3fUBgbK
0FAoSd6SN1Thl8UjgTeBLZcY9wkwuz2McW/PEsvzVs9SvcpYXm0qk6Fabk2Fotpi
TFg0Mt3hYbt/C0XqBmGWms0IrvjsTnK9TCHIE8I0ybLKaFdLdNd/bgqyhko6IvUA
GEMOxfTCLxpODjaaP81BxcdRVEzTF4I1gjN8kfr1Pzx+eMv1LcEQ2uArcPAFvp2J
-----END CERTIFICATE-----