Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ykCtzT72CeGiLUYD_Fd85f43b8Q.roa
File:                     ykCtzT72CeGiLUYD_Fd85f43b8Q.roa (raw, json)
Hash identifier:          pSeF6V9nVyMcg0aufcKS7n+inzqxcdWoyoPXgbuTXY0=
Subject key identifier:   CA:40:AD:CD:3E:F6:09:E1:A2:2D:46:03:FC:57:7C:E5:FE:37:6F:C4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01822767045C2D823DFABC0ABE276DDCA276
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ykCtzT72CeGiLUYD_Fd85f43b8Q.roa
Signing time:             Fri 22 Jul 2022 19:33:58 +0000
ROA not before:           Fri 22 Jul 2022 19:33:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205977
IP address blocks:        2a0e:b107:760::/48 maxlen: 48
                          2a0e:b107:765::/48 maxlen: 48
                          2a0e:b107:76a::/48 maxlen: 48
                          2a10:2f00:120::/48 maxlen: 48
                          2a0e:b107:764::/48 maxlen: 48
                          2a0e:b107:769::/48 maxlen: 48
                          2a0e:b107:76e::/48 maxlen: 48
                          2a0e:b107:763::/48 maxlen: 48
                          2a0e:b107:768::/48 maxlen: 48
                          2a0e:b107:76d::/48 maxlen: 48
                          2a0e:b107:760::/44 maxlen: 48
                          2a0e:b107:762::/48 maxlen: 48
                          2a0e:b107:767::/48 maxlen: 48
                          2a0e:b107:76c::/48 maxlen: 48
                          2a0e:b107:761::/48 maxlen: 48
                          2a0e:b107:766::/48 maxlen: 48
                          2a0e:b107:76b::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:27:67:04:5c:2d:82:3d:fa:bc:0a:be:27:6d:dc:a2:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 22 19:33:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ca40adcd3ef609e1a22d4603fc577ce5fe376fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7f:6b:c4:67:2b:c4:f0:00:fc:54:3d:e2:4d:
                    55:06:21:f5:45:02:46:42:78:b2:77:d6:2a:cb:ae:
                    a7:41:d3:cd:f1:2c:a0:d4:17:42:65:49:2d:1b:b5:
                    24:c6:4a:e1:0c:b5:22:7d:a2:7e:62:1a:7b:a4:f7:
                    e2:d7:1e:fa:fe:f7:fb:65:a1:20:84:b1:cb:f1:84:
                    40:db:9a:55:08:3f:da:0d:94:33:43:70:dd:a3:de:
                    07:e1:83:3f:23:4c:82:61:95:b4:37:7d:6f:f6:5e:
                    e8:ea:36:df:05:0f:e4:c2:89:6f:f6:ad:d0:67:a5:
                    3a:f3:35:68:95:a0:f2:5c:bb:e7:d6:b7:03:6e:fb:
                    5a:6e:dc:2f:a3:34:50:31:b1:71:43:ba:96:2e:88:
                    9a:78:6c:da:ee:c0:70:c2:38:cb:cc:18:dd:b8:a6:
                    33:51:cc:cd:e6:38:00:de:f5:64:f5:3b:a7:15:b3:
                    c6:c5:ab:af:9c:f5:18:c7:a8:65:e2:88:40:22:82:
                    9a:12:13:5b:58:b8:c9:5c:a2:0e:b5:f4:64:25:cb:
                    fe:d8:98:0f:ff:78:b8:59:9d:3f:e5:49:3a:15:a1:
                    49:8a:a6:8c:a4:98:56:e7:a4:8a:56:cb:26:01:78:
                    f3:e9:bf:88:c7:e8:5c:a3:a5:cf:31:6f:03:86:e2:
                    92:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:40:AD:CD:3E:F6:09:E1:A2:2D:46:03:FC:57:7C:E5:FE:37:6F:C4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ykCtzT72CeGiLUYD_Fd85f43b8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:760::/44
                  2a10:2f00:120::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:fd:a0:f7:d8:55:32:ce:09:fc:05:8e:64:da:0c:9e:e5:dd:
         85:4d:6a:51:a8:c1:12:a3:18:9a:cd:07:d6:01:a2:b4:e6:81:
         2f:ef:5d:d0:1a:5c:9f:49:b4:cb:20:da:0f:3a:11:22:95:fa:
         03:3b:aa:34:01:94:b4:1c:3b:3d:8e:4c:87:cd:d4:c4:e4:e2:
         8d:55:87:13:67:ab:0e:34:87:4d:67:17:8a:d2:85:19:bd:5b:
         0f:ae:9b:9f:f7:0e:b5:57:2f:a2:29:ca:21:83:47:fc:ae:e3:
         a6:5b:75:c7:63:de:bf:69:03:e7:ab:ec:9b:b4:05:68:57:e4:
         eb:f2:0e:f4:dc:f4:ce:77:f0:5a:59:28:79:de:2d:19:ad:d1:
         8c:d1:6b:30:13:92:8c:ee:38:9e:cf:a8:b2:cf:44:54:78:1b:
         ff:39:20:b9:a8:dc:1d:1b:b2:e3:cf:c8:e8:c5:8a:ea:51:37:
         2b:04:c9:cf:16:4f:9e:b8:06:16:7d:32:2e:17:f6:49:93:56:
         bd:c4:09:b2:18:43:c9:5a:58:30:f4:71:8d:a4:99:01:0e:47:
         91:b9:0d:f2:4d:f0:89:17:4e:ac:af:69:80:de:63:11:a6:52:
         39:5a:80:68:c7:0d:3d:65:50:f9:75:e5:04:82:d9:8e:21:71:
         47:8d:d4:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYInZwRcLYI9+rwKvidt3KJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjIwNzIyMTkzMzU4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQwYWRjZDNlZjYwOWUxYTIyZDQ2MDNmYzU3N2NlNWZlMzc2ZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs39rxGcrxPAA/FQ94k1VBiH1RQJG
Qniyd9Yqy66nQdPN8Syg1BdCZUktG7UkxkrhDLUifaJ+Yhp7pPfi1x76/vf7ZaEg
hLHL8YRA25pVCD/aDZQzQ3Ddo94H4YM/I0yCYZW0N31v9l7o6jbfBQ/kwolv9q3Q
Z6U68zVolaDyXLvn1rcDbvtabtwvozRQMbFxQ7qWLoiaeGza7sBwwjjLzBjduKYz
UczN5jgA3vVk9TunFbPGxauvnPUYx6hl4ohAIoKaEhNbWLjJXKIOtfRkJcv+2JgP
/3i4WZ0/5Uk6FaFJiqaMpJhW56SKVssmAXjz6b+Ix+hco6XPMW8DhuKSdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMpArc0+9gnhoi1GA/xXfOX+N2/EMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveWtDdHpUNzJDZUdpTFVZRF9GZDg1ZjQzYjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xBwdg
AwcAKhAvAAEgMA0GCSqGSIb3DQEBCwUAA4IBAQB+/aD32FUyzgn8BY5k2gye5d2F
TWpRqMESoxiazQfWAaK05oEv713QGlyfSbTLINoPOhEilfoDO6o0AZS0HDs9jkyH
zdTE5OKNVYcTZ6sONIdNZxeK0oUZvVsPrpuf9w61Vy+iKcohg0f8ruOmW3XHY96/
aQPnq+ybtAVoV+Tr8g703PTOd/BaWSh53i0ZrdGM0WswE5KM7jiez6iyz0RUeBv/
OSC5qNwdG7Ljz8joxYrqUTcrBMnPFk+euAYWfTIuF/ZJk1a9xAmyGEPJWlgw9HGN
pJkBDkeRuQ3yTfCJF06sr2mA3mMRplI5WoBoxw09ZVD5deUEgtmOIXFHjdSA
-----END CERTIFICATE-----