Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AqpiUcwRR3uFTLCBUSjvD1WdvAQ.roa
File:                     AqpiUcwRR3uFTLCBUSjvD1WdvAQ.roa (raw, json)
Hash identifier:          36ubVlfbPfH1/CTGbJ9jqthnfCfxd1RCS5iC2OPJlAk=
Subject key identifier:   02:AA:62:51:CC:11:47:7B:85:4C:B0:81:51:28:EF:0F:55:9D:BC:04
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       1155923F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AqpiUcwRR3uFTLCBUSjvD1WdvAQ.roa
Signing time:             Fri 14 Jan 2022 18:29:48 +0000
ROA not before:           Fri 14 Jan 2022 18:29:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211722
IP address blocks:        2a0e:b107:12f0::/48 maxlen: 48
                          2a0e:b107:12f5::/48 maxlen: 48
                          2a0e:b107:12fa::/48 maxlen: 48
                          2a0e:b107:12f4::/48 maxlen: 48
                          2a0e:b107:12fe::/48 maxlen: 48
                          2a0e:b107:12f3::/48 maxlen: 48
                          2a0e:b107:12f8::/48 maxlen: 48
                          2a0e:b107:12fd::/48 maxlen: 48
                          2a0e:b107:12f2::/48 maxlen: 48
                          2a0e:b107:12f7::/48 maxlen: 48
                          2a0e:b107:12fc::/48 maxlen: 48
                          2a0e:b107:12f1::/48 maxlen: 48
                          2a0e:b107:12f6::/48 maxlen: 48
                          2a0e:b107:12fb::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 290820671 (0x1155923f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 14 18:29:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=02aa6251cc11477b854cb0815128ef0f559dbc04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1d:b3:5c:f3:40:a6:3a:52:03:20:8e:28:17:
                    c4:de:f5:b7:d9:5b:c5:f1:f7:19:78:14:94:ac:67:
                    f1:fe:40:84:99:03:25:3a:b5:a3:f2:92:ba:56:68:
                    de:1f:f3:53:29:3d:00:f8:71:83:9e:bc:db:4e:3b:
                    07:64:73:42:18:7b:2b:45:7d:15:b3:fc:92:52:1c:
                    22:c0:ad:31:ef:c3:7a:42:17:f3:db:53:59:54:f9:
                    9d:69:25:13:cb:dc:10:82:76:38:92:bc:93:13:b8:
                    4c:05:e0:71:e3:6d:d4:78:0f:f4:8e:ca:eb:5d:84:
                    bb:d5:ed:6a:e1:84:a7:07:54:e1:00:bd:c2:c2:54:
                    d8:c6:90:31:19:28:33:22:bb:1f:db:ca:27:e2:d3:
                    81:bc:6b:59:15:78:9e:44:92:fa:ce:c3:17:11:b9:
                    13:b4:2d:6d:3a:81:2e:60:b6:d1:b4:9e:c8:4a:bf:
                    6b:77:15:d9:d6:7f:6d:74:fb:4c:8a:08:4e:a7:f0:
                    06:ae:1f:39:0f:ef:43:39:ba:f9:f3:b4:e5:cc:de:
                    b6:ad:e8:4d:4b:65:ed:59:c4:33:5f:c5:65:da:3c:
                    23:d8:2f:72:93:d6:09:be:56:50:cf:98:65:9c:cb:
                    53:4b:b2:8a:23:8b:f8:b2:ce:66:2e:68:12:24:51:
                    40:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:AA:62:51:CC:11:47:7B:85:4C:B0:81:51:28:EF:0F:55:9D:BC:04
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AqpiUcwRR3uFTLCBUSjvD1WdvAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:12f0::-2a0e:b107:12f8:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:12fa::-2a0e:b107:12fe:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5d:01:e3:47:f1:28:de:96:b8:46:f1:9a:83:f4:ba:c5:8e:c1:
         a0:f8:72:23:c6:fa:aa:2f:d9:9b:fa:ca:ff:04:b5:2c:7b:72:
         84:5a:f5:3b:98:ed:ed:a2:52:6c:c9:c1:54:f6:1b:78:5b:41:
         7d:d7:41:6b:a6:08:2c:77:73:65:be:d6:69:a8:72:f6:bb:ff:
         26:4d:8c:d8:c5:0a:91:05:e9:f1:61:e2:31:a8:d0:81:3f:10:
         97:92:c1:ac:b1:fd:6b:23:e4:90:24:73:d2:74:af:a5:68:9b:
         2f:f8:f0:d8:1e:93:aa:8b:27:7b:c2:4e:85:5f:0a:07:a0:0c:
         be:06:fe:c3:f4:c7:41:0f:3d:92:e1:c8:db:88:a7:a4:4f:b5:
         18:96:99:18:3f:41:2c:dd:db:8f:a6:72:37:bd:1e:e2:a7:a0:
         7d:47:d1:fb:65:94:2a:fa:a2:c2:4e:96:7e:76:3d:7b:3e:91:
         d3:1f:01:43:fd:75:1f:cb:49:d4:dd:f3:fd:fd:71:4f:c5:43:
         d1:5f:fd:ef:a3:8a:5e:6c:55:47:99:4a:6c:da:bb:d6:13:77:
         79:86:85:2a:3a:b0:44:df:3b:cb:cd:a6:6d:ee:87:72:30:38:
         85:77:60:30:39:70:dc:b9:00:3e:88:96:44:1c:03:40:26:c1:
         40:6e:e7:c7
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIEEVWSPzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDEx
NDE4Mjk0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDJhYTYyNTFjYzEx
NDc3Yjg1NGNiMDgxNTEyOGVmMGY1NTlkYmMwNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJEds1zzQKY6UgMgjigXxN71t9lbxfH3GXgUlKxn8f5AhJkD
JTq1o/KSulZo3h/zUyk9APhxg5682047B2RzQhh7K0V9FbP8klIcIsCtMe/DekIX
89tTWVT5nWklE8vcEIJ2OJK8kxO4TAXgceNt1HgP9I7K612Eu9XtauGEpwdU4QC9
wsJU2MaQMRkoMyK7H9vKJ+LTgbxrWRV4nkSS+s7DFxG5E7QtbTqBLmC20bSeyEq/
a3cV2dZ/bXT7TIoITqfwBq4fOQ/vQzm6+fO05czetq3oTUtl7VnEM1/FZdo8I9gv
cpPWCb5WUM+YZZzLU0uyiiOL+LLOZi5oEiRRQPcCAwEAAaOCAiswggInMB0GA1Ud
DgQWBBQCqmJRzBFHe4VMsIFRKO8PVZ28BDAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L0FxcGlVY3dSUjN1RlRMQ0JVU2p2RDFXZHZBUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBB
BggrBgEFBQcBBwEB/wQyMDAwLgQCAAIwKDASAwcEKg6xBxLwAwcAKg6xBxL4MBID
BwEqDrEHEvoDBwAqDrEHEv4wDQYJKoZIhvcNAQELBQADggEBAF0B40fxKN6WuEbx
moP0usWOwaD4ciPG+qov2Zv6yv8EtSx7coRa9TuY7e2iUmzJwVT2G3hbQX3XQWum
CCx3c2W+1mmocva7/yZNjNjFCpEF6fFh4jGo0IE/EJeSwayx/Wsj5JAkc9J0r6Vo
my/48Ngek6qLJ3vCToVfCgegDL4G/sP0x0EPPZLhyNuIp6RPtRiWmRg/QSzd24+m
cje9HuKnoH1H0ftllCr6osJOln52PXs+kdMfAUP9dR/LSdTd8/39cU/FQ9Ff/e+j
il5sVUeZSmzau9YTd3mGhSo6sETfO8vNpm3uh3IwOIV3YDA5cNy5AD6IlkQcA0Am
wUBu58c=
-----END CERTIFICATE-----