Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nENCgI8wVa1P_iOTILAnDuLNK9s.roa
File:                     nENCgI8wVa1P_iOTILAnDuLNK9s.roa (raw, json)
Hash identifier:          qKUtxuiz+J9f98oKzX3HGYI8jRzufXf44IxvvURaxQQ=
Subject key identifier:   9C:43:42:80:8F:30:55:AD:4F:FE:23:93:20:B0:27:0E:E2:CD:2B:DB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01833D00F8141E6BEC06768D56E8EA0F7BF5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nENCgI8wVa1P_iOTILAnDuLNK9s.roa
Signing time:             Wed 14 Sep 2022 17:16:57 +0000
ROA not before:           Wed 14 Sep 2022 17:16:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211946
IP address blocks:        2a0e:97c0:145::/48 maxlen: 48
                          2a0e:b107:1c32::/48 maxlen: 48
                          2a0e:97c0:143::/48 maxlen: 48
                          2a0e:97c0:141::/48 maxlen: 48
                          2a0e:b107:1c31::/48 maxlen: 48
                          2a0e:97c0:144::/48 maxlen: 48
                          2a0e:b107:1c36::/48 maxlen: 48
                          2a0e:b107:1c33::/48 maxlen: 48
                          2a0e:97c0:142::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:3d:00:f8:14:1e:6b:ec:06:76:8d:56:e8:ea:0f:7b:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 14 17:16:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9c4342808f3055ad4ffe239320b0270ee2cd2bdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:24:da:79:20:cb:17:c0:3a:e4:84:34:6e:ce:
                    e1:3c:7a:ac:5e:1e:f5:6b:be:af:bc:e8:68:b2:35:
                    04:0a:9a:6c:36:30:4b:c5:b0:e4:7e:ee:5a:44:d4:
                    a5:4e:ea:80:a6:43:51:98:3a:b1:fe:ba:8c:84:66:
                    5e:ca:24:90:1c:74:bc:05:90:0e:b2:a5:3c:39:11:
                    81:68:87:bd:cf:7b:80:0d:e0:29:32:67:8a:b3:29:
                    ab:b1:f1:40:e1:b8:0f:76:78:7f:ec:c3:21:cc:6a:
                    4d:59:ab:27:cf:76:c9:d8:d0:81:5c:b5:6a:87:8a:
                    8a:10:14:6e:ec:d1:0a:b2:db:2c:26:3d:c6:3b:dd:
                    bf:cb:9a:c1:6f:71:72:85:f0:4f:a9:f8:d7:74:bd:
                    aa:c5:ca:4f:2c:63:09:a2:e7:c4:9e:08:c1:04:2a:
                    fe:63:63:a8:5b:e9:27:1d:5a:6c:d8:f4:e1:e5:7b:
                    ab:0c:7e:c2:c1:a3:3f:5c:51:fd:6c:ad:a5:24:bb:
                    af:a0:03:21:0c:3d:2c:c5:39:4e:0b:1c:e1:f1:e6:
                    b2:6d:d1:d4:db:42:a7:18:15:d7:5a:40:7c:66:ce:
                    17:89:97:bf:65:1b:b4:af:ab:71:cf:5a:c0:23:5b:
                    e3:68:1d:60:41:ac:63:ed:8c:28:73:65:02:e1:9c:
                    e0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:43:42:80:8F:30:55:AD:4F:FE:23:93:20:B0:27:0E:E2:CD:2B:DB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nENCgI8wVa1P_iOTILAnDuLNK9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:141::-2a0e:97c0:145:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:1c31::-2a0e:b107:1c33:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:1c36::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:ed:18:84:51:e0:34:e9:28:c4:9f:9c:2a:1d:6c:da:d6:11:
         b1:21:a4:44:bb:58:9f:c7:7a:c6:04:aa:22:db:67:ce:82:63:
         61:7b:5a:e8:9b:21:9e:fe:85:7f:15:fa:cf:79:ad:4a:88:8c:
         16:b0:34:82:ba:77:1f:2f:4f:09:86:43:c9:90:ce:4c:bd:6a:
         ff:49:8c:f4:a7:99:7b:a6:bc:f1:1d:44:8e:61:f4:54:30:81:
         8b:64:8d:f0:79:6d:c0:39:71:ee:bd:44:6d:0b:c8:6a:46:3d:
         cb:ab:14:9d:50:1d:1c:6f:6e:6e:3f:c5:8c:1d:49:75:23:11:
         37:65:b2:41:db:39:db:cd:0e:53:2d:0a:7a:42:ba:bb:dd:96:
         fe:51:a6:82:24:6b:4f:b8:3f:bc:b4:73:9c:8d:83:c1:3c:37:
         f1:11:31:1d:23:49:4f:59:7d:ec:5a:b8:09:28:4a:1e:7e:bd:
         cc:01:5d:90:eb:bd:2d:fe:b4:6e:cd:26:2b:a7:d0:80:23:9a:
         9f:c1:ae:f2:02:44:98:ac:f3:1b:2b:c6:95:a0:50:c2:9b:44:
         cf:b2:2d:50:9e:1a:6b:8a:87:12:37:5b:db:83:f5:db:29:b9:
         db:df:fe:8f:0e:26:3d:73:ff:31:0e:43:e8:ea:79:ef:04:5a:
         58:0d:ef:33
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYM9APgUHmvsBnaNVujqD3v1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIwOTE0MTcxNjU3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQzNDI4MDhmMzA1NWFkNGZmZTIzOTMyMGIwMjcwZWUyY2QyYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCTaeSDLF8A65IQ0bs7hPHqsXh71
a76vvOhosjUECppsNjBLxbDkfu5aRNSlTuqApkNRmDqx/rqMhGZeyiSQHHS8BZAO
sqU8ORGBaIe9z3uADeApMmeKsymrsfFA4bgPdnh/7MMhzGpNWasnz3bJ2NCBXLVq
h4qKEBRu7NEKstssJj3GO92/y5rBb3FyhfBPqfjXdL2qxcpPLGMJoufEngjBBCr+
Y2OoW+knHVps2PTh5XurDH7CwaM/XFH9bK2lJLuvoAMhDD0sxTlOCxzh8eaybdHU
20KnGBXXWkB8Zs4XiZe/ZRu0r6txz1rAI1vjaB1gQaxj7Ywoc2UC4ZzgXwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFJxDQoCPMFWtT/4jkyCwJw7izSvbMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbkVOQ2dJOHdWYTFQX2lPVElMQW5EdUxOSzlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxMBIDBwAqDpfA
AUEDBwEqDpfAAUQwEgMHACoOsQccMQMHAioOsQccMAMHACoOsQccNjANBgkqhkiG
9w0BAQsFAAOCAQEAke0YhFHgNOkoxJ+cKh1s2tYRsSGkRLtYn8d6xgSqIttnzoJj
YXta6Jshnv6FfxX6z3mtSoiMFrA0grp3Hy9PCYZDyZDOTL1q/0mM9KeZe6a88R1E
jmH0VDCBi2SN8HltwDlx7r1EbQvIakY9y6sUnVAdHG9ubj/FjB1JdSMRN2WyQds5
280OUy0KekK6u92W/lGmgiRrT7g/vLRznI2DwTw38RExHSNJT1l97Fq4CShKHn69
zAFdkOu9Lf60bs0mK6fQgCOan8Gu8gJEmKzzGyvGlaBQwptEz7ItUJ4aa4qHEjdb
24P12ym529/+jw4mPXP/MQ5D6Op57wRaWA3vMw==
-----END CERTIFICATE-----