Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tM1LpBjDIzdh-7KB0gj-AdJUO2g.roa
File:                     tM1LpBjDIzdh-7KB0gj-AdJUO2g.roa (raw, json)
Hash identifier:          jPC9LbxuBKTQfEzsir+OjwOlWb8oWVkjRpP/EfZV3pM=
Subject key identifier:   B4:CD:4B:A4:18:C3:23:37:61:FB:B2:81:D2:08:FE:01:D2:54:3B:68
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01850859B271658F8FFDA7624590EC1E2F7B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tM1LpBjDIzdh-7KB0gj-AdJUO2g.roa
Signing time:             Mon 12 Dec 2022 21:59:34 +0000
ROA not before:           Mon 12 Dec 2022 21:59:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200625
IP address blocks:        2a0e:97c0:61d::/48 maxlen: 48
                          2a0e:97c0:610::/44 maxlen: 48
                          2a0e:97c0:618::/48 maxlen: 48
                          2a0e:97c0:613::/48 maxlen: 48
                          2a0e:97c0:61e::/48 maxlen: 48
                          2a0e:97c0:611::/48 maxlen: 48
                          2a0e:97c0:61c::/48 maxlen: 48
                          2a0e:97c0:617::/48 maxlen: 48
                          2a0e:97c0:612::/48 maxlen: 48
                          2a0e:97c0:615::/48 maxlen: 48
                          2a0e:97c0:610::/48 maxlen: 48
                          2a0e:97c0:61b::/48 maxlen: 48
                          2a0e:97c0:616::/48 maxlen: 48
                          2a0e:97c0:619::/48 maxlen: 48
                          2a0e:97c0:614::/48 maxlen: 48
                          2a0e:97c0:61f::/48 maxlen: 48
                          2a0e:97c0:61a::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:08:59:b2:71:65:8f:8f:fd:a7:62:45:90:ec:1e:2f:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Dec 12 21:59:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b4cd4ba418c3233761fbb281d208fe01d2543b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:73:4a:92:45:2a:10:16:7a:9b:46:1a:ee:8c:
                    62:c8:d2:c2:1d:07:67:09:1a:42:3f:b4:95:aa:8f:
                    04:f9:cc:32:8d:f2:f0:ff:b4:1f:e3:84:1a:40:b1:
                    b5:8a:9b:f8:d2:23:91:97:0b:38:22:91:1d:4c:2f:
                    49:35:6e:38:67:31:44:80:2d:75:d9:75:a5:e4:f3:
                    33:82:ad:d6:70:57:bc:ad:d2:e0:c0:cc:66:5e:da:
                    01:58:5b:4e:52:25:ba:89:f7:04:f7:38:98:e4:6f:
                    58:bd:42:07:50:eb:75:3c:e2:48:32:ef:31:b1:b4:
                    88:09:06:6f:eb:21:ab:f2:96:56:ff:7c:25:75:ea:
                    47:df:ee:36:3d:15:eb:a2:58:17:25:fb:1b:dd:a7:
                    6f:de:52:44:20:57:b8:a1:1d:f8:71:30:4a:cb:6d:
                    3e:c9:33:62:7e:76:66:89:f5:19:d1:fb:fa:fa:fa:
                    64:5e:78:c6:ef:59:fe:86:78:aa:49:cc:45:db:c9:
                    f6:b7:fa:86:df:71:ba:4b:d6:74:6a:d2:23:45:01:
                    7d:90:b3:18:1b:ef:de:88:36:4e:e6:15:f2:b8:fc:
                    6d:48:ba:c5:a1:6d:36:29:86:5d:08:7e:4d:fc:d8:
                    bf:f7:8e:8f:5f:5a:33:10:01:4c:3e:2b:aa:bc:10:
                    af:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:CD:4B:A4:18:C3:23:37:61:FB:B2:81:D2:08:FE:01:D2:54:3B:68
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tM1LpBjDIzdh-7KB0gj-AdJUO2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:610::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:bb:15:22:41:ed:20:90:8b:de:4f:ca:86:cb:bc:8f:0c:9a:
         9c:be:a5:c7:74:83:07:6b:5b:77:b4:03:00:79:f1:ff:5f:d1:
         55:c7:1d:9a:32:0a:21:5a:5f:54:01:b9:61:2e:55:02:b1:d9:
         02:40:e1:5b:14:e6:ed:1a:fb:49:22:0d:bc:8e:9b:43:e5:ef:
         29:c0:49:00:e9:2d:25:64:19:94:23:32:9f:18:27:89:42:f4:
         eb:14:1b:d8:f6:2b:50:e8:38:e5:2f:07:02:d3:9d:5e:94:b5:
         21:ca:03:c1:ca:bd:70:1f:12:fa:f4:99:23:d0:fa:f4:ad:0d:
         76:01:75:b5:17:24:8c:c2:d1:ee:eb:7f:14:e2:3c:fb:3d:45:
         7e:ca:b8:2b:69:59:24:3f:c8:6d:94:8c:eb:27:dd:c0:03:ff:
         01:4c:fd:68:69:e4:1a:e8:2f:9d:40:24:46:31:03:f9:20:2d:
         15:fc:42:1d:68:48:dc:79:92:d6:de:10:d6:5a:1b:04:cd:87:
         66:74:18:4d:f4:77:a9:27:b0:6b:f9:64:fd:a2:95:9a:d9:23:
         34:c3:04:99:2f:5a:29:01:b1:ab:7d:52:5d:d9:3d:f0:e4:7d:
         27:11:db:46:ac:bb:47:60:74:f7:f7:ee:b3:7f:d8:61:9a:00:
         1c:db:08:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYUIWbJxZY+P/adiRZDsHi97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIxMjEyMjE1OTM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGNkNGJhNDE4YzMyMzM3NjFmYmIyODFkMjA4ZmUwMWQyNTQzYjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3HNKkkUqEBZ6m0Ya7oxiyNLCHQdn
CRpCP7SVqo8E+cwyjfLw/7Qf44QaQLG1ipv40iORlws4IpEdTC9JNW44ZzFEgC11
2XWl5PMzgq3WcFe8rdLgwMxmXtoBWFtOUiW6ifcE9ziY5G9YvUIHUOt1POJIMu8x
sbSICQZv6yGr8pZW/3wldepH3+42PRXrolgXJfsb3adv3lJEIFe4oR34cTBKy20+
yTNifnZmifUZ0fv6+vpkXnjG71n+hniqScxF28n2t/qG33G6S9Z0atIjRQF9kLMY
G+/eiDZO5hXyuPxtSLrFoW02KYZdCH5N/Ni/946PX1ozEAFMPiuqvBCvxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLTNS6QYwyM3YfuygdII/gHSVDtoMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdE0xTHBCakRJemRoLTdLQjBnai1BZEpVTzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAYQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBZuxUiQe0gkIveT8qGy7yPDJqcvqXHdIMHa1t3
tAMAefH/X9FVxx2aMgohWl9UAblhLlUCsdkCQOFbFObtGvtJIg28jptD5e8pwEkA
6S0lZBmUIzKfGCeJQvTrFBvY9itQ6DjlLwcC051elLUhygPByr1wHxL69Jkj0Pr0
rQ12AXW1FySMwtHu638U4jz7PUV+yrgraVkkP8htlIzrJ93AA/8BTP1oaeQa6C+d
QCRGMQP5IC0V/EIdaEjceZLW3hDWWhsEzYdmdBhN9HepJ7Br+WT9opWa2SM0wwSZ
L1opAbGrfVJd2T3w5H0nEdtGrLtHYHT39+6zf9hhmgAc2wgo
-----END CERTIFICATE-----