Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/nhLK2cttQSmODWXNKR7njWZXhkI.roa
File:                     nhLK2cttQSmODWXNKR7njWZXhkI.roa (raw, json)
Hash identifier:          o3c1FsLynJQ9PXVNbaXSoLeIuaW5XK7I/FEM2KteioI=
Subject key identifier:   9E:12:CA:D9:CB:6D:41:29:8E:0D:65:CD:29:1E:E7:8D:66:57:86:42
Certificate issuer:       /CN=679252b9e21df8176cc538027895f7f4585666ab
Certificate serial:       0182F91C1179494A3EB77CA2060DC6890086
Authority key identifier: 67:92:52:B9:E2:1D:F8:17:6C:C5:38:02:78:95:F7:F4:58:56:66:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5JSueId-BdsxTgCeJX39FhWZqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/nhLK2cttQSmODWXNKR7njWZXhkI.roa
Signing time:             Thu 01 Sep 2022 12:52:22 +0000
ROA not before:           Thu 01 Sep 2022 12:52:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51468
IP address blocks:        185.164.12.0/22 maxlen: 22
                          193.202.110.0/24 maxlen: 24
                          91.198.169.0/24 maxlen: 24
                          77.111.240.0/22 maxlen: 22
                          185.10.11.0/24 maxlen: 24
                          195.47.247.0/24 maxlen: 24
                          46.30.208.0/21 maxlen: 21
                          104.37.32.0/21 maxlen: 21
                          195.206.121.0/24 maxlen: 24
                          2001:67c:28cc::/48 maxlen: 48
                          2a02:2350::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f9:1c:11:79:49:4a:3e:b7:7c:a2:06:0d:c6:89:00:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=679252b9e21df8176cc538027895f7f4585666ab
        Validity
            Not Before: Sep  1 12:52:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9e12cad9cb6d41298e0d65cd291ee78d66578642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:0d:49:d2:80:91:f6:8a:0d:1f:a9:bc:50:a8:
                    fc:1a:5b:cc:5e:2d:ea:07:71:d3:28:e5:7d:7c:f9:
                    ed:7a:de:96:fa:08:ec:8e:f6:49:ce:93:5a:40:0f:
                    08:18:9b:33:95:25:81:2c:7e:6f:47:f7:4f:95:ba:
                    59:6c:84:e6:6d:f2:04:41:f0:26:ae:95:84:f5:a2:
                    d2:cf:72:14:ac:93:55:1f:0a:5b:60:fe:1e:5f:85:
                    94:fb:3b:1c:74:fd:a2:a1:85:0a:9c:90:71:0d:d5:
                    1e:bb:07:11:26:a4:ff:7f:5d:a4:56:50:1e:97:45:
                    25:05:a8:9c:27:c3:99:d1:78:e1:e5:6e:83:1b:01:
                    da:9c:5e:de:26:d2:ce:ba:db:ca:f0:45:f7:7e:00:
                    5c:bc:7a:ed:bd:05:ce:0f:b8:89:38:ba:38:c3:ba:
                    9f:9a:59:71:6d:10:60:d5:d9:f5:3e:90:e1:ad:91:
                    64:ef:42:4e:2b:df:7f:35:5b:82:5c:25:59:19:88:
                    10:70:98:bb:a6:3c:64:5b:ca:9d:d9:be:44:a0:84:
                    75:c1:1d:45:81:34:f3:6b:6c:60:be:43:84:6f:33:
                    cd:52:74:b2:d3:f8:fc:b7:8d:de:30:bf:4f:69:69:
                    76:0d:fe:6b:e8:01:a6:27:a6:8c:32:79:55:a8:1e:
                    67:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:12:CA:D9:CB:6D:41:29:8E:0D:65:CD:29:1E:E7:8D:66:57:86:42
            X509v3 Authority Key Identifier:
                keyid:67:92:52:B9:E2:1D:F8:17:6C:C5:38:02:78:95:F7:F4:58:56:66:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5JSueId-BdsxTgCeJX39FhWZqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/nhLK2cttQSmODWXNKR7njWZXhkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/Z5JSueId-BdsxTgCeJX39FhWZqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.208.0/21
                  77.111.240.0/22
                  91.198.169.0/24
                  104.37.32.0/21
                  185.10.11.0/24
                  185.164.12.0/22
                  193.202.110.0/24
                  195.47.247.0/24
                  195.206.121.0/24
                IPv6:
                  2001:67c:28cc::/48
                  2a02:2350::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:93:36:39:d1:13:35:ac:d4:80:89:db:7b:77:08:d8:3e:ec:
         10:e3:3c:82:f5:a8:d2:2d:e4:b7:33:75:ac:6e:5e:22:cd:ed:
         66:61:a7:e7:35:e9:ff:c7:02:65:63:5c:f8:d5:39:d3:a5:55:
         8f:02:b4:96:da:c5:a6:64:a5:13:6d:48:cc:e6:c1:0c:b7:95:
         9c:09:a0:de:75:79:59:60:14:f9:ba:5b:a3:0c:aa:df:46:5d:
         45:ee:d5:4e:6d:4e:bf:19:09:54:ed:7c:15:0f:d3:15:92:cc:
         14:9f:dc:d5:b0:45:ac:b1:95:03:6f:62:cb:34:d3:12:9b:73:
         39:a1:34:04:46:e3:19:74:2d:0e:81:68:68:4e:18:fc:49:6a:
         03:4f:eb:a8:b3:40:4e:56:bb:95:f0:0a:68:97:2c:fe:40:d6:
         e5:32:42:64:ee:45:0f:9e:7d:0c:03:2b:22:e5:07:94:51:9a:
         2b:dd:f4:4c:d4:b3:81:42:83:6d:5d:61:8e:a5:f0:06:41:bf:
         90:a6:c5:1a:bb:65:4c:39:b5:4d:4b:6a:61:b5:0a:b1:3b:bd:
         a8:30:24:13:df:d4:e0:83:ae:f1:42:65:e9:4c:c0:b0:7d:54:
         eb:7a:b6:2c:81:c2:0e:7e:29:8a:12:26:c8:df:88:ca:0d:f2:
         c2:a7:61:bc
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYL5HBF5SUo+t3yiBg3GiQCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTI1MmI5ZTIxZGY4MTc2Y2M1MzgwMjc4OTVmN2Y0NTg1
NjY2YWIwHhcNMjIwOTAxMTI1MjIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTEyY2FkOWNiNmQ0MTI5OGUwZDY1Y2QyOTFlZTc4ZDY2NTc4NjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiA1J0oCR9ooNH6m8UKj8GlvMXi3q
B3HTKOV9fPntet6W+gjsjvZJzpNaQA8IGJszlSWBLH5vR/dPlbpZbITmbfIEQfAm
rpWE9aLSz3IUrJNVHwpbYP4eX4WU+zscdP2ioYUKnJBxDdUeuwcRJqT/f12kVlAe
l0UlBaicJ8OZ0Xjh5W6DGwHanF7eJtLOutvK8EX3fgBcvHrtvQXOD7iJOLo4w7qf
mllxbRBg1dn1PpDhrZFk70JOK99/NVuCXCVZGYgQcJi7pjxkW8qd2b5EoIR1wR1F
gTTza2xgvkOEbzPNUnSy0/j8t43eML9PaWl2Df5r6AGmJ6aMMnlVqB5nRwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFJ4SytnLbUEpjg1lzSke541mV4ZCMB8GA1UdIwQY
MBaAFGeSUrniHfgXbMU4AniV9/RYVmarMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVKU3VlSWQtQmRzeFRnQ2VKWDM5RmhXWnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8zMWMyNjctZjJlMy00ZmE5LTlkNDEt
MzM2ZTViM2RkMDcxLzEvbmhMSzJjdHRRU21PRFdYTktSN25qV1pYaGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8zMWMyNjctZjJlMy00ZmE5LTlkNDEtMzM2ZTViM2RkMDcx
LzEvWjVKU3VlSWQtQmRzeFRnQ2VKWDM5RmhXWnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA8BAIAATA2AwQDLh7QAwQC
TW/wAwQAW8apAwQDaCUgAwQAuQoLAwQCuaQMAwQAwcpuAwQAwy/3AwQAw855MBYE
AgACMBADBwAgAQZ8KMwDBQAqAiNQMA0GCSqGSIb3DQEBCwUAA4IBAQBZkzY50RM1
rNSAidt7dwjYPuwQ4zyC9ajSLeS3M3Wsbl4ize1mYafnNen/xwJlY1z41TnTpVWP
ArSW2sWmZKUTbUjM5sEMt5WcCaDedXlZYBT5ulujDKrfRl1F7tVObU6/GQlU7XwV
D9MVkswUn9zVsEWssZUDb2LLNNMSm3M5oTQERuMZdC0OgWhoThj8SWoDT+uos0BO
VruV8Apolyz+QNblMkJk7kUPnn0MAysi5QeUUZor3fRM1LOBQoNtXWGOpfAGQb+Q
psUau2VMObVNS2phtQqxO72oMCQT39Tgg67xQmXpTMCwfVTrerYsgcIOfimKEibI
34jKDfLCp2G8
-----END CERTIFICATE-----