Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/2mQwEFOc_86ifUQNzooGksoTRnY.roa
File:                     2mQwEFOc_86ifUQNzooGksoTRnY.roa (raw, json)
Hash identifier:          a1Mrlwp8WIXwkBp2ze2gEvHED4sg+sz/IhZWzcQKx3M=
Subject key identifier:   DA:64:30:10:53:9C:FF:CE:A2:7D:44:0D:CE:8A:06:92:CA:13:46:76
Certificate issuer:       /CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
Certificate serial:       0181F2F5E474AEBBCBB8424A69F15125AF61
Authority key identifier: F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/2mQwEFOc_86ifUQNzooGksoTRnY.roa
Signing time:             Tue 12 Jul 2022 15:10:09 +0000
ROA not before:           Tue 12 Jul 2022 15:10:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        31.133.82.0/24 maxlen: 24
                          31.133.83.0/24 maxlen: 24
                          31.133.80.0/24 maxlen: 24
                          31.133.81.0/24 maxlen: 24
                          176.103.224.0/24 maxlen: 24
                          176.103.225.0/24 maxlen: 24
                          176.103.226.0/24 maxlen: 24
                          31.133.88.0/24 maxlen: 24
                          31.133.89.0/24 maxlen: 24
                          31.133.90.0/24 maxlen: 24
                          31.133.91.0/24 maxlen: 24
                          176.103.227.0/24 maxlen: 24
                          176.103.232.0/24 maxlen: 24
                          176.103.233.0/24 maxlen: 24
                          176.103.234.0/24 maxlen: 24
                          176.103.235.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f2:f5:e4:74:ae:bb:cb:b8:42:4a:69:f1:51:25:af:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
        Validity
            Not Before: Jul 12 15:10:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=da643010539cffcea27d440dce8a0692ca134676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3b:f3:06:56:af:05:33:53:db:c3:f5:42:d7:
                    11:81:94:e8:f1:66:c8:87:d6:66:e1:07:f4:ab:8d:
                    ce:dc:fa:6e:9b:67:75:2d:d5:d6:24:c3:7e:1d:c4:
                    8b:79:a4:1d:c6:9e:83:0b:2c:e6:fb:1a:14:eb:3e:
                    67:1b:e5:b1:5d:02:28:9a:06:50:a5:f8:89:91:6e:
                    a3:f9:e1:e1:f4:42:f7:f6:1f:82:a2:9f:f4:93:b8:
                    1c:4b:df:52:06:88:c2:1b:b6:b4:7d:65:a2:0f:13:
                    0c:36:aa:5c:de:19:9d:92:bc:2d:28:e6:8d:19:4e:
                    2c:27:8e:57:f7:33:76:22:1c:f4:c3:08:d5:cc:2c:
                    6b:1b:df:cf:c3:40:87:e3:aa:35:62:67:6e:35:ad:
                    0e:c7:ab:6a:eb:85:6f:c1:23:95:49:5f:d4:0e:88:
                    b8:30:56:59:39:96:a4:a0:35:6a:67:9a:4d:a7:f8:
                    62:3e:66:cf:18:73:9d:7f:42:c1:69:af:25:d7:51:
                    c4:38:b7:04:8f:96:ad:37:19:3f:7d:1f:c6:26:12:
                    1a:9f:85:64:9a:d1:78:77:f5:de:ed:c9:47:d0:bb:
                    ce:81:2c:66:3e:9b:8f:34:3f:e5:05:0a:30:ab:de:
                    ac:02:cb:21:37:88:55:b0:3e:6a:d1:df:f3:7b:8c:
                    c1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:64:30:10:53:9C:FF:CE:A2:7D:44:0D:CE:8A:06:92:CA:13:46:76
            X509v3 Authority Key Identifier:
                keyid:F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/2mQwEFOc_86ifUQNzooGksoTRnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.80.0/22
                  31.133.88.0/22
                  176.103.224.0/22
                  176.103.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:b1:79:16:09:70:2a:4c:20:73:0e:7e:fc:d5:72:01:44:1e:
         2b:7a:83:7a:87:ab:86:f4:16:ef:c1:96:34:05:ee:7c:7d:9f:
         c9:a1:19:5c:c5:9c:51:9f:1e:68:53:2d:b5:32:3b:47:25:c2:
         fa:e0:a8:be:7f:40:95:b7:1e:3f:5d:2d:14:92:d5:80:04:bd:
         58:0b:1e:4b:bd:43:7d:44:5c:ab:14:6d:de:48:ec:ac:3d:82:
         cb:78:87:50:0d:fa:62:56:66:66:74:51:6f:16:ee:c0:85:e1:
         be:11:5d:fa:47:dd:bb:bc:0d:23:63:ab:93:21:5f:64:f7:dc:
         fc:4f:d8:3f:ef:04:bd:95:7d:bf:76:c5:c7:49:7f:11:61:1b:
         1d:5d:26:eb:b2:91:2f:de:28:59:ee:ad:3f:6a:34:01:c7:f2:
         ec:c8:f0:1b:97:c0:d3:cf:25:f6:dc:85:e5:0a:4c:ca:01:60:
         21:4a:f6:9c:b5:55:ff:e0:7d:6a:a3:05:cb:99:79:d7:a7:4d:
         ac:cc:4e:e8:3a:33:12:29:85:16:8e:cb:09:89:14:eb:e7:62:
         3c:ac:f9:eb:0f:3b:8c:c9:8f:a9:14:df:c9:e5:30:d1:10:fc:
         27:69:e1:21:ae:c9:36:0f:00:00:7c:53:38:da:4d:b2:5e:30:
         94:2e:5c:27
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYHy9eR0rrvLuEJKafFRJa9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjllYTRkOWQ4M2E3MjhkZDQxMDI5ZTg2YWY4YTEzMGQz
ODllZDQwHhcNMjIwNzEyMTUxMDA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTY0MzAxMDUzOWNmZmNlYTI3ZDQ0MGRjZThhMDY5MmNhMTM0Njc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDvzBlavBTNT28P1QtcRgZTo8WbI
h9Zm4Qf0q43O3Ppum2d1LdXWJMN+HcSLeaQdxp6DCyzm+xoU6z5nG+WxXQIomgZQ
pfiJkW6j+eHh9EL39h+Cop/0k7gcS99SBojCG7a0fWWiDxMMNqpc3hmdkrwtKOaN
GU4sJ45X9zN2Ihz0wwjVzCxrG9/Pw0CH46o1YmduNa0Ox6tq64VvwSOVSV/UDoi4
MFZZOZakoDVqZ5pNp/hiPmbPGHOdf0LBaa8l11HEOLcEj5atNxk/fR/GJhIan4Vk
mtF4d/Xe7clH0LvOgSxmPpuPND/lBQowq96sAsshN4hVsD5q0d/ze4zBNQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNpkMBBTnP/Oon1EDc6KBpLKE0Z2MB8GA1UdIwQY
MBaAFPS56k2dg6co3UECnoavihMNOJ7UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMt
MDgxY2IyYjE3YWI1LzEvMm1Rd0VGT2NfODZpZlVRTnpvb0drc29UUm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMtMDgxY2IyYjE3YWI1
LzEvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCH4VQAwQC
H4VYAwQCsGfgAwQCsGfoMA0GCSqGSIb3DQEBCwUAA4IBAQCNsXkWCXAqTCBzDn78
1XIBRB4reoN6h6uG9BbvwZY0Be58fZ/JoRlcxZxRnx5oUy21MjtHJcL64Ki+f0CV
tx4/XS0UktWABL1YCx5LvUN9RFyrFG3eSOysPYLLeIdQDfpiVmZmdFFvFu7AheG+
EV36R927vA0jY6uTIV9k99z8T9g/7wS9lX2/dsXHSX8RYRsdXSbrspEv3ihZ7q0/
ajQBx/LsyPAbl8DTzyX23IXlCkzKAWAhSvactVX/4H1qowXLmXnXp02szE7oOjMS
KYUWjssJiRTr52I8rPnrDzuMyY+pFN/J5TDREPwnaeEhrsk2DwAAfFM42k2yXjCU
Llwn
-----END CERTIFICATE-----