Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/ed51d7-64fd-4c73-9e8c-0e37e11d0ec3/1/TrsShWfP5Sd5b7NU_IJSrJwrshc.roa
File:                     TrsShWfP5Sd5b7NU_IJSrJwrshc.roa (raw, json)
Hash identifier:          rZ338VjjQWKRZvrUB+E0P5EPPlZ+0WYbc9s519ri9+8=
Subject key identifier:   4E:BB:12:85:67:CF:E5:27:79:6F:B3:54:FC:82:52:AC:9C:2B:B2:17
Certificate issuer:       /CN=b6d14118dbd227298daa80c7acab11eea6d63e21
Certificate serial:       0181F2D109A6869D8FDBE532C05329B7D4F6
Authority key identifier: B6:D1:41:18:DB:D2:27:29:8D:AA:80:C7:AC:AB:11:EE:A6:D6:3E:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ttFBGNvSJymNqoDHrKsR7qbWPiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/ed51d7-64fd-4c73-9e8c-0e37e11d0ec3/1/TrsShWfP5Sd5b7NU_IJSrJwrshc.roa
Signing time:             Tue 12 Jul 2022 14:29:54 +0000
ROA not before:           Tue 12 Jul 2022 14:29:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34636
IP address blocks:        185.237.8.0/22 maxlen: 22
                          185.189.120.0/22 maxlen: 22
                          185.67.102.0/24 maxlen: 24
                          185.67.103.0/24 maxlen: 24
                          185.67.100.0/22 maxlen: 22
                          185.67.100.0/24 maxlen: 24
                          185.67.101.0/24 maxlen: 24
                          185.132.80.0/24 maxlen: 24
                          185.132.80.0/23 maxlen: 23
                          185.132.80.0/22 maxlen: 22
                          185.132.82.0/23 maxlen: 23
                          185.132.83.0/24 maxlen: 24
                          185.132.81.0/24 maxlen: 24
                          185.233.12.0/22 maxlen: 22
                          2a04:f080::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f2:d1:09:a6:86:9d:8f:db:e5:32:c0:53:29:b7:d4:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6d14118dbd227298daa80c7acab11eea6d63e21
        Validity
            Not Before: Jul 12 14:29:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4ebb128567cfe527796fb354fc8252ac9c2bb217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a0:38:82:1c:d6:81:49:ae:51:74:79:46:a4:
                    bc:c6:bc:34:95:dc:41:b2:a1:29:aa:2e:6c:e7:02:
                    0d:47:69:4d:d1:87:0b:4c:96:46:cb:98:97:9a:85:
                    c1:19:23:ec:c4:a1:f1:3a:4b:15:ea:62:c1:d9:b3:
                    48:4d:b8:f6:a6:cd:0c:f9:6e:15:3f:0a:70:59:c7:
                    93:3c:2c:08:5c:8b:ec:82:74:f0:53:b2:a7:17:ef:
                    1d:54:ac:9a:90:72:43:c0:6b:e9:6f:4e:74:bd:22:
                    cf:89:4a:4e:d6:a4:23:32:2b:8f:f6:75:97:1b:4b:
                    5a:49:55:37:03:fa:ed:7b:73:58:ab:75:c8:f8:65:
                    7f:66:68:9c:7b:68:40:d2:57:1c:34:40:80:3f:a1:
                    70:d6:d5:72:49:17:3c:cd:1d:92:2a:c1:f8:2e:91:
                    de:63:54:8b:d5:53:f8:82:41:f1:52:cc:74:41:60:
                    be:43:03:8a:e1:f8:7a:aa:96:e1:5a:62:f0:03:10:
                    4a:23:34:96:2d:a2:75:10:58:84:9f:94:20:7d:b1:
                    d9:62:57:40:bd:52:70:ae:a9:2f:7f:67:ce:62:b8:
                    8d:9c:d5:99:dd:fa:bf:e0:5b:ff:4d:f0:66:3c:4a:
                    5c:fe:dc:61:e2:aa:1a:07:f3:34:e6:3c:43:93:a9:
                    49:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:BB:12:85:67:CF:E5:27:79:6F:B3:54:FC:82:52:AC:9C:2B:B2:17
            X509v3 Authority Key Identifier:
                keyid:B6:D1:41:18:DB:D2:27:29:8D:AA:80:C7:AC:AB:11:EE:A6:D6:3E:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ttFBGNvSJymNqoDHrKsR7qbWPiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/ed51d7-64fd-4c73-9e8c-0e37e11d0ec3/1/TrsShWfP5Sd5b7NU_IJSrJwrshc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/ed51d7-64fd-4c73-9e8c-0e37e11d0ec3/1/ttFBGNvSJymNqoDHrKsR7qbWPiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.100.0/22
                  185.132.80.0/22
                  185.189.120.0/22
                  185.233.12.0/22
                  185.237.8.0/22
                IPv6:
                  2a04:f080::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:91:82:1d:be:bd:89:76:a2:03:4e:cb:5d:1f:e2:e5:f3:8e:
         61:30:d6:37:21:7d:00:70:b2:b8:36:92:4d:ed:70:71:4b:8c:
         8c:9a:0a:11:54:a7:9f:a3:74:bb:ac:6a:df:63:95:c8:82:19:
         08:60:26:3c:de:6f:41:36:4b:d0:42:73:9b:3f:f3:53:94:51:
         4f:69:c2:cd:f4:4d:6e:1a:10:ae:51:cd:68:ca:38:f3:6d:db:
         b3:05:75:dc:c5:1d:6b:47:99:87:90:88:7f:aa:19:64:29:52:
         10:19:70:4c:0d:a3:77:85:28:69:31:47:5f:e0:6a:0b:8a:fe:
         67:29:88:63:69:8f:3c:07:8f:64:04:35:9b:de:ef:33:ea:6d:
         73:d2:84:71:6e:42:54:b6:5b:fb:5f:6d:57:81:49:6b:f1:af:
         40:d7:8b:18:75:f6:1d:c1:4a:84:13:d3:ba:b1:c1:2a:3d:14:
         95:77:22:26:3c:20:00:c2:59:83:aa:6b:9d:dc:47:6f:34:f3:
         41:f0:1b:c6:41:73:52:84:2b:91:31:8d:0c:39:c0:0b:73:8d:
         bc:4a:ec:f2:97:5b:72:a7:ed:b0:4d:a8:fd:6a:5d:16:f1:e3:
         36:0b:25:4a:93:6f:25:59:4a:71:ae:c2:fc:e1:39:76:2b:e8:
         21:9f:06:ad
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYHy0Qmmhp2P2+UywFMpt9T2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZDE0MTE4ZGJkMjI3Mjk4ZGFhODBjN2FjYWIxMWVlYTZk
NjNlMjEwHhcNMjIwNzEyMTQyOTU0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWJiMTI4NTY3Y2ZlNTI3Nzk2ZmIzNTRmYzgyNTJhYzljMmJiMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqA4ghzWgUmuUXR5RqS8xrw0ldxB
sqEpqi5s5wINR2lN0YcLTJZGy5iXmoXBGSPsxKHxOksV6mLB2bNITbj2ps0M+W4V
PwpwWceTPCwIXIvsgnTwU7KnF+8dVKyakHJDwGvpb050vSLPiUpO1qQjMiuP9nWX
G0taSVU3A/rte3NYq3XI+GV/Zmice2hA0lccNECAP6Fw1tVySRc8zR2SKsH4LpHe
Y1SL1VP4gkHxUsx0QWC+QwOK4fh6qpbhWmLwAxBKIzSWLaJ1EFiEn5QgfbHZYldA
vVJwrqkvf2fOYriNnNWZ3fq/4Fv/TfBmPEpc/txh4qoaB/M05jxDk6lJkQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFE67EoVnz+UneW+zVPyCUqycK7IXMB8GA1UdIwQY
MBaAFLbRQRjb0icpjaqAx6yrEe6m1j4hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHRGQkdOdlNKeW1OcW9ESHJLc1I3cWJXUGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZDUxZDctNjRmZC00YzczLTllOGMt
MGUzN2UxMWQwZWMzLzEvVHJzU2hXZlA1U2Q1YjdOVV9JSlNySndyc2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZDUxZDctNjRmZC00YzczLTllOGMtMGUzN2UxMWQwZWMz
LzEvdHRGQkdOdlNKeW1OcW9ESHJLc1I3cWJXUGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuUNkAwQC
uYRQAwQCub14AwQCuekMAwQCue0IMA0EAgACMAcDBQMqBPCAMA0GCSqGSIb3DQEB
CwUAA4IBAQCIkYIdvr2JdqIDTstdH+Ll845hMNY3IX0AcLK4NpJN7XBxS4yMmgoR
VKefo3S7rGrfY5XIghkIYCY83m9BNkvQQnObP/NTlFFPacLN9E1uGhCuUc1oyjjz
bduzBXXcxR1rR5mHkIh/qhlkKVIQGXBMDaN3hShpMUdf4GoLiv5nKYhjaY88B49k
BDWb3u8z6m1z0oRxbkJUtlv7X21XgUlr8a9A14sYdfYdwUqEE9O6scEqPRSVdyIm
PCAAwlmDqmud3EdvNPNB8BvGQXNShCuRMY0MOcALc428Suzyl1typ+2wTaj9al0W
8eM2CyVKk28lWUpxrsL84Tl2K+ghnwat
-----END CERTIFICATE-----