Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SbO9IaSba-w9eCg1JBw1KQVYCFA.roa
File:                     SbO9IaSba-w9eCg1JBw1KQVYCFA.roa (raw, json)
Hash identifier:          w+4UI0872THRnPDdUSWzo8tQM5oj54Q/rRlUAJR3EVo=
Subject key identifier:   49:B3:BD:21:A4:9B:6B:EC:3D:78:28:35:24:1C:35:29:05:58:08:50
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       14DA5290
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SbO9IaSba-w9eCg1JBw1KQVYCFA.roa
Signing time:             Fri 27 May 2022 08:58:15 +0000
ROA not before:           Fri 27 May 2022 08:58:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205977
IP address blocks:        2a0e:b107:760::/48 maxlen: 48
                          2a0e:b107:765::/48 maxlen: 48
                          2a0e:b107:76a::/48 maxlen: 48
                          2a0e:b107:76f::/48 maxlen: 48
                          2a10:2f00:120::/48 maxlen: 48
                          2a0e:b107:764::/48 maxlen: 48
                          2a0e:b107:769::/48 maxlen: 48
                          2a0e:b107:76e::/48 maxlen: 48
                          2a0e:b107:763::/48 maxlen: 48
                          2a0e:b107:768::/48 maxlen: 48
                          2a0e:b107:76d::/48 maxlen: 48
                          2a0e:b107:760::/44 maxlen: 48
                          2a0e:b107:762::/48 maxlen: 48
                          2a0e:b107:767::/48 maxlen: 48
                          2a0e:b107:76c::/48 maxlen: 48
                          2a0e:b107:761::/48 maxlen: 48
                          2a0e:b107:766::/48 maxlen: 48
                          2a0e:b107:76b::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 349852304 (0x14da5290)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May 27 08:58:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=49b3bd21a49b6bec3d782835241c352905580850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ec:12:e5:6d:d6:66:0a:21:9d:2a:54:6f:ab:
                    19:cf:55:60:56:29:95:c3:c4:a5:86:17:35:5f:ed:
                    6a:3e:2b:fa:dd:42:c5:49:10:1a:be:30:5f:d7:c6:
                    1c:ec:ab:a8:2d:55:83:f6:8c:99:9f:1f:4a:85:1e:
                    71:57:f8:8f:ab:da:ff:20:6a:ce:88:df:0a:c4:43:
                    73:28:fa:1f:04:46:28:d1:ce:99:18:68:50:dc:11:
                    72:10:6f:2d:16:63:8a:3a:56:f3:2a:8d:75:90:bd:
                    5c:0b:41:6b:f4:02:4d:0d:47:95:2a:79:a4:ea:cc:
                    10:7d:49:1d:d4:62:d2:63:9e:3e:4b:b4:42:9c:9e:
                    12:93:1f:1b:2d:9b:f4:d0:b5:89:2d:ce:a2:ef:b6:
                    b0:63:82:13:31:86:25:6d:1d:87:f6:c1:fc:eb:6a:
                    d1:43:db:a8:7e:bc:3c:37:c6:3e:92:7f:20:1e:97:
                    a2:8e:4b:ec:74:37:63:66:5a:23:50:ee:2d:1b:d7:
                    a3:a3:9e:e0:c2:24:20:08:7b:81:58:cd:f5:8a:e7:
                    3e:48:45:b1:9c:35:c9:e8:57:d2:04:25:68:ca:5f:
                    88:c4:e2:78:a8:04:c2:a8:f9:79:14:93:29:b0:98:
                    c7:0a:38:61:25:39:fd:a0:68:4b:d4:ce:e1:72:10:
                    93:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:B3:BD:21:A4:9B:6B:EC:3D:78:28:35:24:1C:35:29:05:58:08:50
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SbO9IaSba-w9eCg1JBw1KQVYCFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:760::/44
                  2a10:2f00:120::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:20:1d:80:c3:13:59:49:d4:07:de:f9:07:2e:73:a4:91:41:
         6c:8b:bf:41:ae:04:d3:e1:b2:6a:09:67:5b:a4:63:56:6b:22:
         04:74:12:14:48:9f:aa:a7:21:4a:46:27:83:57:1e:32:fe:04:
         39:cb:a5:2c:0e:ce:f2:73:24:68:3a:6e:8e:24:83:fd:c6:15:
         e7:61:31:f2:3e:f2:5e:32:de:a3:d4:1f:11:67:4a:d7:53:b7:
         8f:77:89:a9:ea:bd:6e:90:d8:57:21:7d:f6:fc:03:87:c0:a3:
         55:fd:ef:00:e2:5f:5e:f5:63:93:50:a1:fc:02:6f:0b:83:92:
         23:01:e4:47:5f:b1:72:de:dd:a0:f3:8f:7d:76:34:18:3e:e0:
         80:ed:58:f6:84:71:3b:c2:dc:c1:94:b0:e9:52:31:b9:9f:76:
         10:ee:bb:5e:53:b2:df:a8:1f:2c:0c:e4:f3:61:bd:e6:bc:83:
         03:67:6c:32:a7:33:ee:f4:07:1d:3a:8d:68:39:f4:5d:51:46:
         03:0a:78:4f:d1:e0:96:a9:c0:5a:d3:cf:a7:05:6e:4a:1b:e9:
         ee:86:5f:fb:66:c6:ef:4b:8f:f5:13:5b:b4:05:b8:8b:ea:81:
         a3:ad:c9:40:04:8d:a7:e9:84:6d:a1:94:ca:de:7b:ef:33:7b:
         0b:20:d9:42
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEFNpSkDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDUy
NzA4NTgxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDliM2JkMjFhNDli
NmJlYzNkNzgyODM1MjQxYzM1MjkwNTU4MDg1MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK/sEuVt1mYKIZ0qVG+rGc9VYFYplcPEpYYXNV/taj4r+t1C
xUkQGr4wX9fGHOyrqC1Vg/aMmZ8fSoUecVf4j6va/yBqzojfCsRDcyj6HwRGKNHO
mRhoUNwRchBvLRZjijpW8yqNdZC9XAtBa/QCTQ1HlSp5pOrMEH1JHdRi0mOePku0
QpyeEpMfGy2b9NC1iS3Oou+2sGOCEzGGJW0dh/bB/Otq0UPbqH68PDfGPpJ/IB6X
oo5L7HQ3Y2ZaI1DuLRvXo6Oe4MIkIAh7gVjN9YrnPkhFsZw1yehX0gQlaMpfiMTi
eKgEwqj5eRSTKbCYxwo4YSU5/aBoS9TO4XIQk78CAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBRJs70hpJtr7D14KDUkHDUpBVgIUDAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
L1NiTzlJYVNiYS13OWVDZzFKQncxS1FWWUNGQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAIwEgMHBCoOsQcHYAMHACoQLwABIDANBgkq
hkiG9w0BAQsFAAOCAQEAmiAdgMMTWUnUB975By5zpJFBbIu/Qa4E0+GyaglnW6Rj
VmsiBHQSFEifqqchSkYng1ceMv4EOculLA7O8nMkaDpujiSD/cYV52Ex8j7yXjLe
o9QfEWdK11O3j3eJqeq9bpDYVyF99vwDh8CjVf3vAOJfXvVjk1Ch/AJvC4OSIwHk
R1+xct7doPOPfXY0GD7ggO1Y9oRxO8LcwZSw6VIxuZ92EO67XlOy36gfLAzk82G9
5ryDA2dsMqcz7vQHHTqNaDn0XVFGAwp4T9HglqnAWtPPpwVuShvp7oZf+2bG70uP
9RNbtAW4i+qBo63JQASNp+mEbaGUyt577zN7CyDZQg==
-----END CERTIFICATE-----