Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4MKM_iu359HkzKb-N63XfPJrS0Y.roa
File:                     4MKM_iu359HkzKb-N63XfPJrS0Y.roa (raw, json)
Hash identifier:          isHma+dg518QxaiwUB9LTG+iyKH/H/gQ+Bkyu8+vRUE=
Subject key identifier:   E0:C2:8C:FE:2B:B7:E7:D1:E4:CC:A6:FE:37:AD:D7:7C:F2:6B:4B:46
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01832E6E0016478BAA909634A9C0F958F2F2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4MKM_iu359HkzKb-N63XfPJrS0Y.roa
Signing time:             Sun 11 Sep 2022 21:21:44 +0000
ROA not before:           Sun 11 Sep 2022 21:21:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208223
IP address blocks:        2a0e:b107:1a30::/48 maxlen: 48
                          2a0e:b107:1a35::/48 maxlen: 48
                          2a0e:b107:1a3a::/48 maxlen: 48
                          2a0e:b107:1a3f::/48 maxlen: 48
                          2a0e:b107:1a34::/48 maxlen: 48
                          2a0e:b107:1a39::/48 maxlen: 48
                          2a0e:b107:1a3e::/48 maxlen: 48
                          2a0e:b107:1a33::/48 maxlen: 48
                          2a0e:b107:1a38::/48 maxlen: 48
                          2a0e:b107:1a3d::/48 maxlen: 48
                          2a0e:b107:1a32::/48 maxlen: 48
                          2a0e:b107:1a37::/48 maxlen: 48
                          2a0e:b107:1a3c::/48 maxlen: 48
                          2a0e:b107:1a31::/48 maxlen: 48
                          2a0e:b107:1a36::/48 maxlen: 48
                          2a0e:b107:1a3b::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:2e:6e:00:16:47:8b:aa:90:96:34:a9:c0:f9:58:f2:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 11 21:21:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e0c28cfe2bb7e7d1e4cca6fe37add77cf26b4b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:24:68:39:95:8c:9a:54:97:24:0f:d0:a9:75:
                    0d:30:2d:bf:05:4e:57:bb:d4:2d:c9:12:b0:c7:d1:
                    85:f5:f3:75:84:63:75:40:6e:32:ce:62:b5:ac:b4:
                    a4:a4:09:bc:c2:24:8c:b8:3f:61:e4:f5:ad:67:42:
                    04:91:a9:e8:01:3a:64:e5:2b:fb:06:9a:43:a8:8b:
                    59:fc:f3:30:ba:28:a7:be:9b:56:7f:69:d4:13:b8:
                    fd:08:46:dc:5d:aa:32:5a:69:29:bd:7e:3d:3e:b7:
                    8d:88:69:05:8a:20:48:f6:90:bd:4c:3e:ee:b6:0a:
                    ca:8f:10:62:6e:34:d3:25:cf:b5:3d:f1:13:df:c3:
                    3e:30:dd:15:a1:f4:10:54:95:b6:ae:fb:21:39:f3:
                    77:ae:0d:fb:88:64:b6:af:28:7f:53:18:0e:d8:ff:
                    e6:28:7e:6e:63:88:ef:53:e8:b8:3d:16:d4:ee:66:
                    35:c1:cb:02:08:6c:f8:17:2d:4c:c4:db:04:f5:a2:
                    56:7b:1d:99:c7:e2:c6:75:89:fe:ae:b8:1f:13:a0:
                    d1:17:32:b9:cf:a4:33:df:c1:94:8d:31:45:7f:a8:
                    e3:96:47:de:1b:bd:8b:a1:d4:c0:57:93:10:6c:e9:
                    70:9a:0b:e4:75:40:9a:30:ff:2f:e9:82:13:84:d0:
                    9b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:C2:8C:FE:2B:B7:E7:D1:E4:CC:A6:FE:37:AD:D7:7C:F2:6B:4B:46
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4MKM_iu359HkzKb-N63XfPJrS0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1a30::/44

    Signature Algorithm: sha256WithRSAEncryption
         0e:c3:64:fe:46:35:6e:70:ea:d3:46:c0:c3:fa:1e:e1:37:85:
         7a:3a:b7:4f:4d:b0:38:80:b1:47:c4:b1:bd:64:2c:d0:6d:2f:
         3f:0f:ae:be:49:a0:a5:b7:e1:a5:fe:ce:9d:cf:8f:55:5e:4a:
         8d:1b:ff:de:86:99:69:9f:fc:fb:0f:75:e8:57:8b:94:44:1d:
         7d:a8:1d:21:1e:fd:35:2b:f1:22:54:a0:60:28:6f:de:6b:a6:
         04:31:21:f6:30:74:da:d4:4b:b3:59:ef:f9:2b:fd:e6:f8:88:
         ec:41:ee:1b:16:52:c1:0f:6e:39:a4:59:e4:0b:56:fa:ae:62:
         d8:8c:51:1e:ed:a0:ee:00:91:ef:02:f0:5b:c2:cd:ec:24:86:
         b3:3a:ce:f9:5e:4b:4a:3f:ff:70:3f:18:bc:73:d9:19:d6:ed:
         45:5d:90:94:16:30:07:ee:c8:ad:8a:7d:fe:97:91:f8:43:2c:
         b6:2e:89:ae:73:51:5d:a8:08:23:45:2d:ea:61:1f:8e:2f:50:
         a1:e9:40:a0:1b:2e:60:84:7e:d7:86:bd:da:dc:cb:99:c1:89:
         5e:57:b0:d0:b6:d8:f7:d7:8e:5f:99:62:12:29:c7:dd:39:9b:
         ea:d1:e6:fb:3b:5e:6d:19:bd:d9:1b:f3:37:3a:78:bc:34:5f:
         ee:54:e6:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYMubgAWR4uqkJY0qcD5WPLyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIwOTExMjEyMTQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGMyOGNmZTJiYjdlN2QxZTRjY2E2ZmUzN2FkZDc3Y2YyNmI0YjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCRoOZWMmlSXJA/QqXUNMC2/BU5X
u9QtyRKwx9GF9fN1hGN1QG4yzmK1rLSkpAm8wiSMuD9h5PWtZ0IEkanoATpk5Sv7
BppDqItZ/PMwuiinvptWf2nUE7j9CEbcXaoyWmkpvX49PreNiGkFiiBI9pC9TD7u
tgrKjxBibjTTJc+1PfET38M+MN0VofQQVJW2rvshOfN3rg37iGS2ryh/UxgO2P/m
KH5uY4jvU+i4PRbU7mY1wcsCCGz4Fy1MxNsE9aJWex2Zx+LGdYn+rrgfE6DRFzK5
z6Qz38GUjTFFf6jjlkfeG72LodTAV5MQbOlwmgvkdUCaMP8v6YIThNCbNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFODCjP4rt+fR5Mym/jet13zya0tGMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNE1LTV9pdTM1OUhrektiLU42M1hmUEpyUzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxow
MA0GCSqGSIb3DQEBCwUAA4IBAQAOw2T+RjVucOrTRsDD+h7hN4V6OrdPTbA4gLFH
xLG9ZCzQbS8/D66+SaClt+Gl/s6dz49VXkqNG//ehplpn/z7D3XoV4uURB19qB0h
Hv01K/EiVKBgKG/ea6YEMSH2MHTa1EuzWe/5K/3m+IjsQe4bFlLBD245pFnkC1b6
rmLYjFEe7aDuAJHvAvBbws3sJIazOs75XktKP/9wPxi8c9kZ1u1FXZCUFjAH7sit
in3+l5H4Qyy2Lomuc1FdqAgjRS3qYR+OL1Ch6UCgGy5ghH7Xhr3a3MuZwYleV7DQ
ttj3145fmWISKcfdOZvq0eb7O15tGb3ZG/M3Oni8NF/uVOag
-----END CERTIFICATE-----