Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/1-2VrDO_epK3nMeRMMfazeD8vLn0.roa
File:                     1-2VrDO_epK3nMeRMMfazeD8vLn0.roa (raw, json)
Hash identifier:          E6xQRO560OZamMP2VTNJLxlbFRpHm4kicc/a2l40pPs=
Subject key identifier:   FB:65:6B:0C:EF:DE:A4:AD:E7:31:E4:4C:31:F6:B3:78:3F:2F:2E:7D
Certificate issuer:       /CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
Certificate serial:       37BBB17C
Authority key identifier: 4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/1-2VrDO_epK3nMeRMMfazeD8vLn0.roa
Signing time:             Sat 01 Jan 2022 12:06:53 +0000
ROA not before:           Sat 01 Jan 2022 12:06:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8508
IP address blocks:        83.230.64.0/21 maxlen: 21
                          83.230.64.0/20 maxlen: 20
                          213.227.96.0/19 maxlen: 19
                          213.227.80.0/20 maxlen: 20
                          213.227.88.0/21 maxlen: 21
                          185.126.188.0/22 maxlen: 22
                          83.230.96.0/19 maxlen: 19
                          83.230.110.0/24 maxlen: 24
                          83.230.118.0/23 maxlen: 23
                          157.158.0.0/16 maxlen: 16
                          83.230.123.0/24 maxlen: 24
                          212.106.176.0/20 maxlen: 20
                          212.106.184.0/22 maxlen: 22
                          212.106.183.0/24 maxlen: 24
                          2a01:1d8::/30 maxlen: 30
                          2a01:1de::/32 maxlen: 32
                          2a01:1dd::/32 maxlen: 32
                          2a01:1dc::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 935047548 (0x37bbb17c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
        Validity
            Not Before: Jan  1 12:06:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fb656b0cefdea4ade731e44c31f6b3783f2f2e7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e0:3b:ca:06:78:85:3e:25:21:f3:47:01:9b:
                    ae:ca:57:8b:62:8a:2e:c7:5e:43:c1:8a:5d:3b:b4:
                    d8:6d:89:c5:67:0f:54:cd:74:0d:db:6f:3d:91:48:
                    a9:3c:2f:6d:ec:e4:7a:d6:bb:44:07:5e:27:0d:8c:
                    ab:43:ef:72:eb:46:e7:e2:84:c2:d2:28:64:51:23:
                    59:f0:dd:26:4b:ae:3c:c6:f1:4b:d6:aa:ab:00:b6:
                    2c:58:b1:38:56:0a:b5:18:11:d6:8c:d2:70:9c:57:
                    1a:05:17:e7:9b:ed:cb:db:e4:ad:78:6c:9a:67:a9:
                    21:70:e3:3a:75:a0:00:f3:36:31:e0:ce:29:6b:97:
                    db:b2:e5:3f:f1:df:81:b9:70:79:91:d3:fd:d7:95:
                    01:e4:3c:33:03:e1:ea:61:8c:23:7a:ef:a7:3f:9c:
                    05:63:72:0c:99:af:df:c5:7f:4b:1b:05:4e:28:e5:
                    05:38:3d:16:c5:22:71:de:74:f7:5b:48:ee:cf:0f:
                    12:4d:96:63:fd:b2:93:91:fd:f4:5f:cf:46:81:ed:
                    a2:30:7a:16:d6:14:0f:63:11:28:a7:06:2e:bf:87:
                    06:67:58:14:64:68:13:5d:7b:55:c3:83:c3:b2:30:
                    39:c2:23:2f:5c:32:40:47:17:0a:ac:dc:84:28:93:
                    82:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:65:6B:0C:EF:DE:A4:AD:E7:31:E4:4C:31:F6:B3:78:3F:2F:2E:7D
            X509v3 Authority Key Identifier:
                keyid:4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/1-2VrDO_epK3nMeRMMfazeD8vLn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.230.64.0/20
                  83.230.96.0/19
                  157.158.0.0/16
                  185.126.188.0/22
                  212.106.176.0/20
                  213.227.80.0-213.227.127.255
                IPv6:
                  2a01:1d8::-2a01:1de:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         19:58:e1:e8:58:b9:61:1d:df:6e:3d:b1:8c:bf:7a:a7:26:ba:
         28:b8:57:01:62:8a:25:3d:11:d7:ce:43:7a:e2:70:b3:75:5b:
         f6:85:7f:b9:76:c1:ac:cc:e0:02:0e:8c:45:3e:c9:68:20:d3:
         8c:2f:f9:f9:66:71:45:c1:3a:f7:d3:42:85:f6:57:9d:fc:77:
         78:dd:08:29:1c:14:3c:68:a3:72:5c:7e:c6:c4:aa:6d:e9:6d:
         37:05:53:e1:4e:8a:13:c4:e7:48:4f:d2:9a:aa:52:f3:0c:6e:
         9d:bc:45:b9:6a:3a:01:26:45:ca:c7:32:62:5d:18:a1:a8:1d:
         d3:12:07:7c:ec:15:f8:9d:95:c5:a6:d5:d9:ec:db:be:2a:d1:
         2c:d2:d1:b9:b4:56:cc:09:01:29:59:b7:95:12:c0:61:d8:eb:
         18:17:a0:48:85:13:b3:0e:49:78:c9:f8:b0:45:cf:71:d9:59:
         16:8f:2b:2e:19:52:56:f2:f5:96:49:1a:92:84:c8:cc:12:d3:
         26:75:74:a9:63:13:7b:96:1c:ed:fa:40:15:c9:11:d5:34:3e:
         ac:77:81:91:63:40:c1:83:b5:39:c0:01:39:aa:57:6c:a9:fb:
         00:59:65:2f:ec:58:58:19:75:86:28:09:d4:8b:b8:1d:d1:69:
         ec:ab:14:63
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIEN7uxfDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
YjQwNWNhYWIzNGJiZmRlNmI4ZWU2NmM2MDA4NjBjNmNlOTZmMzJiMB4XDTIyMDEw
MTEyMDY1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmI2NTZiMGNlZmRl
YTRhZGU3MzFlNDRjMzFmNmIzNzgzZjJmMmU3ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALngO8oGeIU+JSHzRwGbrspXi2KKLsdeQ8GKXTu02G2JxWcP
VM10DdtvPZFIqTwvbezketa7RAdeJw2Mq0PvcutG5+KEwtIoZFEjWfDdJkuuPMbx
S9aqqwC2LFixOFYKtRgR1ozScJxXGgUX55vty9vkrXhsmmepIXDjOnWgAPM2MeDO
KWuX27LlP/HfgblweZHT/deVAeQ8MwPh6mGMI3rvpz+cBWNyDJmv38V/SxsFTijl
BTg9FsUicd5091tI7s8PEk2WY/2yk5H99F/PRoHtojB6FtYUD2MRKKcGLr+HBmdY
FGRoE117VcODw7IwOcIjL1wyQEcXCqzchCiTgs8CAwEAAaOCAkcwggJDMB0GA1Ud
DgQWBBT7ZWsM796krecx5Ewx9rN4Py8ufTAfBgNVHSMEGDAWgBRLQFyqs0u/3muO
5mxgCGDGzpbzKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1MwQmNxck5Mdjk1cmp1WnNZQWhneHM2Vzh5cy5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzEvOTE0ZDM5LTMwMjAtNGI3OS1hZDI2LWQ4N2FmZmI4YmM2MS8x
LzEtMlZyRE9fZXBLM25NZVJNTWZhemVEOHZMbjAucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcx
LzkxNGQzOS0zMDIwLTRiNzktYWQyNi1kODdhZmZiOGJjNjEvMS9TMEJjcXJOTHY5
NXJqdVpzWUFoZ3hzNlc4eXMuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
XAYIKwYBBQUHAQcBAf8ETTBLMDEEAgABMCsDBART5kADBAVT5mADAwCdngMEArl+
vAMEBNRqsDAMAwQE1eNQAwQH1eMAMBYEAgACMBAwDgMFAyoBAdgDBQAqAQHeMA0G
CSqGSIb3DQEBCwUAA4IBAQAZWOHoWLlhHd9uPbGMv3qnJroouFcBYoolPRHXzkN6
4nCzdVv2hX+5dsGszOACDoxFPsloINOML/n5ZnFFwTr300KF9led/Hd43QgpHBQ8
aKNyXH7GxKpt6W03BVPhTooTxOdIT9KaqlLzDG6dvEW5ajoBJkXKxzJiXRihqB3T
Egd87BX4nZXFptXZ7Nu+KtEs0tG5tFbMCQEpWbeVEsBh2OsYF6BIhROzDkl4yfiw
Rc9x2VkWjysuGVJW8vWWSRqShMjMEtMmdXSpYxN7lhzt+kAVyRHVND6sd4GRY0DB
g7U5wAE5qldsqfsAWWUv7FhYGXWGKAnUi7gd0WnsqxRj
-----END CERTIFICATE-----