Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/lPhSOxEmvUbc0IQhxZbUnG6Orpg.roa
File:                     lPhSOxEmvUbc0IQhxZbUnG6Orpg.roa (raw, json)
Hash identifier:          U16X/A2mpVnpUlUmsn9B4tmRplsHn7zFkcRdVmmWt8w=
Subject key identifier:   94:F8:52:3B:11:26:BD:46:DC:D0:84:21:C5:96:D4:9C:6E:8E:AE:98
Certificate issuer:       /CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
Certificate serial:       0181DA54DC342CB3929150A8C8EF0C1A8C84
Authority key identifier: 7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/lPhSOxEmvUbc0IQhxZbUnG6Orpg.roa
Signing time:             Thu 07 Jul 2022 20:23:23 +0000
ROA not before:           Thu 07 Jul 2022 20:23:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43207
IP address blocks:        46.231.8.0/21 maxlen: 24
                          91.209.142.0/24 maxlen: 24
                          185.44.248.0/22 maxlen: 24
                          151.249.64.0/20 maxlen: 24
                          85.95.32.0/19 maxlen: 19
                          209.35.128.0/20 maxlen: 20
                          185.168.144.0/22 maxlen: 22
                          185.113.0.0/22 maxlen: 24
                          91.214.228.0/22 maxlen: 24
                          5.133.172.0/22 maxlen: 24
                          2a01:5640::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:da:54:dc:34:2c:b3:92:91:50:a8:c8:ef:0c:1a:8c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
        Validity
            Not Before: Jul  7 20:23:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=94f8523b1126bd46dcd08421c596d49c6e8eae98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:96:0b:30:87:cb:fa:2a:d2:23:29:e3:e6:30:
                    22:73:5e:2a:0d:49:27:d3:ba:e5:63:10:96:eb:87:
                    52:54:ce:7f:40:ac:c4:b4:e7:8c:1d:0a:dc:30:c6:
                    fc:b1:01:7b:1d:ab:19:9b:45:5c:dc:f7:73:e5:3d:
                    45:2e:59:be:94:ce:59:9c:45:25:31:4b:53:e8:56:
                    9a:b6:ff:b1:b9:69:cb:31:45:da:05:c9:1e:8e:46:
                    fd:f0:68:3f:4e:38:30:c3:5b:9b:7c:1d:35:b9:4c:
                    96:e2:cc:ce:e8:76:e5:43:ff:5a:c5:95:f0:cd:ff:
                    a9:50:b5:5a:ff:b6:c8:08:b5:45:97:2e:c1:4c:47:
                    24:76:dc:00:8e:7b:89:de:b9:f5:aa:9f:d9:17:bf:
                    2c:96:c7:0a:84:3d:33:c9:e0:eb:85:04:92:e1:8d:
                    bd:88:13:dd:cc:2c:a4:68:7a:1a:10:0f:1d:fb:8a:
                    dd:ab:cc:d2:69:0d:e6:50:43:e4:6a:f7:86:aa:41:
                    ab:2a:a2:a6:48:30:6d:b3:62:b7:54:a5:27:fd:51:
                    e4:3a:85:6b:18:b3:92:fb:f6:3d:e1:ea:13:e3:05:
                    68:b7:b3:66:f2:ce:69:43:d4:2f:39:b6:b7:47:f0:
                    77:f1:ee:ae:24:14:b1:83:80:77:f7:c4:28:5a:61:
                    1b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:F8:52:3B:11:26:BD:46:DC:D0:84:21:C5:96:D4:9C:6E:8E:AE:98
            X509v3 Authority Key Identifier:
                keyid:7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/lPhSOxEmvUbc0IQhxZbUnG6Orpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.172.0/22
                  46.231.8.0/21
                  85.95.32.0/19
                  91.209.142.0/24
                  91.214.228.0/22
                  151.249.64.0/20
                  185.44.248.0/22
                  185.113.0.0/22
                  185.168.144.0/22
                  209.35.128.0/20
                IPv6:
                  2a01:5640::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:01:6c:d1:94:84:e0:b3:8b:3d:90:02:32:b5:e7:61:c3:7a:
         78:56:b1:11:bd:9a:ac:20:2b:9e:44:27:43:8c:a3:92:5f:4f:
         b9:60:c5:d7:7b:88:7f:28:da:ba:53:fc:81:45:01:99:4d:16:
         3f:ff:56:c9:79:b6:4d:17:09:2a:58:fd:68:1a:1d:50:d8:a7:
         10:b5:c9:a6:d1:61:f4:f9:26:89:cf:49:b7:ae:a2:64:26:38:
         97:db:9a:f9:15:31:57:9f:e6:dd:b4:e9:ab:bf:b7:2e:ce:4d:
         e3:d7:7f:e5:da:45:9a:73:21:95:76:97:cc:cf:25:93:d6:76:
         3a:c6:4e:cf:7d:82:d0:c8:0a:72:95:ef:f9:93:26:27:ea:95:
         6c:bf:a3:54:04:ab:a1:b1:7d:c2:38:27:ea:82:e2:88:e9:66:
         6f:cd:e5:b8:c1:4b:18:84:74:0f:29:34:0f:ce:14:27:a8:fb:
         6b:4a:dc:00:cb:03:0a:67:d9:29:aa:e3:9f:c9:83:79:8a:05:
         94:07:17:32:b0:83:ba:c1:ba:27:f0:9b:ec:64:91:9b:9d:80:
         15:ee:0a:81:c9:da:fd:32:86:8f:50:e2:82:4b:c5:62:66:7f:
         1d:72:0e:d3:41:16:27:67:a2:a8:e4:13:fb:d4:b8:2b:d6:7d:
         53:fb:d5:43
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYHaVNw0LLOSkVCoyO8MGoyEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNDVhOWEwMzUzYTMzYzZhNGY5MzYwOGY5ZDI1ZjI3Yzg1
OTQ4YjcwHhcNMjIwNzA3MjAyMzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGY4NTIzYjExMjZiZDQ2ZGNkMDg0MjFjNTk2ZDQ5YzZlOGVhZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJYLMIfL+irSIynj5jAic14qDUkn
07rlYxCW64dSVM5/QKzEtOeMHQrcMMb8sQF7HasZm0Vc3Pdz5T1FLlm+lM5ZnEUl
MUtT6Faatv+xuWnLMUXaBckejkb98Gg/Tjgww1ubfB01uUyW4szO6HblQ/9axZXw
zf+pULVa/7bICLVFly7BTEckdtwAjnuJ3rn1qp/ZF78slscKhD0zyeDrhQSS4Y29
iBPdzCykaHoaEA8d+4rdq8zSaQ3mUEPkaveGqkGrKqKmSDBts2K3VKUn/VHkOoVr
GLOS+/Y94eoT4wVot7Nm8s5pQ9QvOba3R/B38e6uJBSxg4B398QoWmEb1QIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFJT4UjsRJr1G3NCEIcWW1Jxujq6YMB8GA1UdIwQY
MBaAFH5FqaA1OjPGpPk2CPnSXyfIWUi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2Qt
MzdhNjBjMzM1YTVkLzEvbFBoU094RW12VWJjMElRaHhaYlVuRzZPcnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2QtMzdhNjBjMzM1YTVk
LzEvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCBYWsAwQD
LucIAwQFVV8gAwQAW9GOAwQCW9bkAwQEl/lAAwQCuSz4AwQCuXEAAwQCuaiQAwQE
0SOAMA0EAgACMAcDBQAqAVZAMA0GCSqGSIb3DQEBCwUAA4IBAQBRAWzRlITgs4s9
kAIytedhw3p4VrERvZqsICueRCdDjKOSX0+5YMXXe4h/KNq6U/yBRQGZTRY//1bJ
ebZNFwkqWP1oGh1Q2KcQtcmm0WH0+SaJz0m3rqJkJjiX25r5FTFXn+bdtOmrv7cu
zk3j13/l2kWacyGVdpfMzyWT1nY6xk7PfYLQyApyle/5kyYn6pVsv6NUBKuhsX3C
OCfqguKI6WZvzeW4wUsYhHQPKTQPzhQnqPtrStwAywMKZ9kpquOfyYN5igWUBxcy
sIO6wbon8JvsZJGbnYAV7gqBydr9MoaPUOKCS8ViZn8dcg7TQRYnZ6Ko5BP71Lgr
1n1T+9VD
-----END CERTIFICATE-----