Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/ykYBi3Efz8QgItA27ta5FDvQ6Hg.roa
File:                     ykYBi3Efz8QgItA27ta5FDvQ6Hg.roa (raw, json)
Hash identifier:          E9RKEqR7AhVihtaJu37QJ9G/6yHXDLAI94qVJt1wRZc=
Subject key identifier:   CA:46:01:8B:71:1F:CF:C4:20:22:D0:36:EE:D6:B9:14:3B:D0:E8:78
Certificate issuer:       /CN=79d565f99ff5e0ffb5bdf9995ed7a808d41406e5
Certificate serial:       0184464AACDE46A29CE55E587C9B33D9248A
Authority key identifier: 79:D5:65:F9:9F:F5:E0:FF:B5:BD:F9:99:5E:D7:A8:08:D4:14:06:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edVl-Z_14P-1vfmZXteoCNQUBuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/ykYBi3Efz8QgItA27ta5FDvQ6Hg.roa
Signing time:             Sat 05 Nov 2022 05:36:49 +0000
ROA not before:           Sat 05 Nov 2022 05:36:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208006
IP address blocks:        130.185.123.0/24 maxlen: 24
                          130.185.122.0/24 maxlen: 24
                          130.185.120.0/23 maxlen: 23
                          185.235.40.0/22 maxlen: 22
                          185.215.235.0/24 maxlen: 24
                          185.215.234.0/24 maxlen: 24
                          185.204.168.0/22 maxlen: 22
                          194.5.192.0/23 maxlen: 23
                          194.5.206.0/23 maxlen: 23
                          2a0d:4ac0::/48 maxlen: 48
                          2a0d:4ac0:3::/48 maxlen: 48
                          2a0d:4ac0:1::/48 maxlen: 48
                          2a0d:4ac0:2::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:46:4a:ac:de:46:a2:9c:e5:5e:58:7c:9b:33:d9:24:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d565f99ff5e0ffb5bdf9995ed7a808d41406e5
        Validity
            Not Before: Nov  5 05:36:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ca46018b711fcfc42022d036eed6b9143bd0e878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:07:fe:7c:11:55:c7:0c:85:66:4a:f1:9a:1b:
                    0d:fd:1a:78:98:50:a2:fd:cb:4d:f1:b5:c6:32:ec:
                    6a:df:7d:a2:9e:b3:f4:8f:66:63:f8:49:70:30:6a:
                    39:41:0c:08:d7:62:6c:a8:38:e7:1c:db:dd:6f:e4:
                    60:44:69:a7:49:5b:06:ec:c2:24:54:d6:9f:ac:6c:
                    49:74:fd:71:a9:91:46:1f:56:2b:b7:f8:1e:d5:03:
                    64:9d:1d:d4:f2:cd:a0:73:2c:2b:bc:d5:67:e9:1b:
                    ed:c3:2c:45:32:da:48:2f:83:0c:7d:45:e8:ac:27:
                    9f:05:00:7c:be:39:5f:bb:de:06:63:68:ae:34:f9:
                    98:da:d1:74:52:a1:46:77:a6:27:2d:b7:cb:cd:f7:
                    2d:c2:e2:0a:0e:57:38:d6:4e:a2:2e:3f:70:49:c3:
                    48:97:29:c7:a1:b0:b4:d5:42:d0:bd:49:4f:7d:6c:
                    85:4b:3a:59:ca:88:f5:96:06:e4:1e:73:13:e7:18:
                    63:35:bf:c1:e4:2f:43:7d:ef:eb:38:38:fb:aa:14:
                    64:9d:4d:57:48:9e:bc:00:f9:bc:fa:a5:8d:25:bd:
                    28:55:29:54:b9:4a:ba:e9:aa:ef:05:cd:1f:36:dc:
                    14:f4:32:9a:ed:e5:21:9a:c4:05:cb:47:76:19:1e:
                    2f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:46:01:8B:71:1F:CF:C4:20:22:D0:36:EE:D6:B9:14:3B:D0:E8:78
            X509v3 Authority Key Identifier:
                keyid:79:D5:65:F9:9F:F5:E0:FF:B5:BD:F9:99:5E:D7:A8:08:D4:14:06:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edVl-Z_14P-1vfmZXteoCNQUBuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/ykYBi3Efz8QgItA27ta5FDvQ6Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/edVl-Z_14P-1vfmZXteoCNQUBuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.120.0/22
                  185.204.168.0/22
                  185.215.234.0/23
                  185.235.40.0/22
                  194.5.192.0/23
                  194.5.206.0/23
                IPv6:
                  2a0d:4ac0::/46

    Signature Algorithm: sha256WithRSAEncryption
         e9:34:34:8d:22:2b:b3:98:89:77:dd:6f:29:e7:e5:f1:17:8a:
         10:e5:89:84:67:1c:21:c8:2a:71:b5:58:08:d2:6d:36:ec:cc:
         2d:f5:8a:92:da:7c:ce:fa:52:11:1b:cc:35:2d:7e:87:57:14:
         54:b4:15:73:0e:5d:64:46:50:5f:7c:c8:1d:64:4a:68:7d:af:
         c2:b6:6c:3a:e3:15:7d:b8:3a:a7:dc:38:95:73:f6:db:f5:d0:
         57:84:17:dd:49:d9:0b:72:98:87:c9:30:2c:05:cc:2c:d7:9e:
         c3:5b:94:2c:39:f3:3f:88:53:db:20:bd:93:f3:dc:45:5b:79:
         1c:ea:5a:c0:da:29:4a:4d:e9:61:e2:83:e2:2b:a7:84:9b:9d:
         83:e8:ef:90:1a:86:25:43:29:f3:c4:e2:22:e0:37:51:52:16:
         62:cd:e0:26:1f:70:34:08:5e:60:28:b0:89:49:fa:7c:9e:cd:
         0f:a1:cd:55:e8:03:6c:6e:be:7f:78:a8:07:87:05:d8:56:2d:
         00:32:92:79:44:7a:55:87:8f:54:8a:eb:c6:42:e6:f0:2e:cc:
         f1:00:35:fb:3b:11:51:cb:66:fd:3c:f4:bd:25:6b:92:2d:84:
         21:8f:fb:e0:6e:ec:3a:00:ba:ac:f9:cd:81:27:3d:cc:d6:7f:
         ec:46:ec:55
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYRGSqzeRqKc5V5YfJsz2SSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDU2NWY5OWZmNWUwZmZiNWJkZjk5OTVlZDdhODA4ZDQx
NDA2ZTUwHhcNMjIxMTA1MDUzNjQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQ2MDE4YjcxMWZjZmM0MjAyMmQwMzZlZWQ2YjkxNDNiZDBlODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Qf+fBFVxwyFZkrxmhsN/Rp4mFCi
/ctN8bXGMuxq332inrP0j2Zj+ElwMGo5QQwI12JsqDjnHNvdb+RgRGmnSVsG7MIk
VNafrGxJdP1xqZFGH1Yrt/ge1QNknR3U8s2gcywrvNVn6RvtwyxFMtpIL4MMfUXo
rCefBQB8vjlfu94GY2iuNPmY2tF0UqFGd6YnLbfLzfctwuIKDlc41k6iLj9wScNI
lynHobC01ULQvUlPfWyFSzpZyoj1lgbkHnMT5xhjNb/B5C9Dfe/rODj7qhRknU1X
SJ68APm8+qWNJb0oVSlUuUq66arvBc0fNtwU9DKa7eUhmsQFy0d2GR4vVQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFMpGAYtxH8/EICLQNu7WuRQ70Oh4MB8GA1UdIwQY
MBaAFHnVZfmf9eD/tb35mV7XqAjUFAblMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWRWbC1aXzE0UC0xdmZtWlh0ZW9DTlFVQnVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9lZTVjZDctYjMwZS00NjZiLWFhYWQt
NmMzYjg3NDQzZTA2LzEveWtZQmkzRWZ6OFFnSXRBMjd0YTVGRHZRNkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9lZTVjZDctYjMwZS00NjZiLWFhYWQtNmMzYjg3NDQzZTA2
LzEvZWRWbC1aXzE0UC0xdmZtWlh0ZW9DTlFVQnVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQCgrl4AwQC
ucyoAwQBudfqAwQCuesoAwQBwgXAAwQBwgXOMA8EAgACMAkDBwIqDUrAAAAwDQYJ
KoZIhvcNAQELBQADggEBAOk0NI0iK7OYiXfdbynn5fEXihDliYRnHCHIKnG1WAjS
bTbszC31ipLafM76UhEbzDUtfodXFFS0FXMOXWRGUF98yB1kSmh9r8K2bDrjFX24
OqfcOJVz9tv10FeEF91J2QtymIfJMCwFzCzXnsNblCw58z+IU9sgvZPz3EVbeRzq
WsDaKUpN6WHig+Irp4SbnYPo75AahiVDKfPE4iLgN1FSFmLN4CYfcDQIXmAosIlJ
+nyezQ+hzVXoA2xuvn94qAeHBdhWLQAyknlEelWHj1SK68ZC5vAuzPEANfs7EVHL
Zv089L0la5IthCGP++Bu7DoAuqz5zYEnPczWf+xG7FU=
-----END CERTIFICATE-----