Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/BXWwEhHkDrxFL2JlP943nfd0D3s.roa
File:                     BXWwEhHkDrxFL2JlP943nfd0D3s.roa (raw, json)
Hash identifier:          qh/afRRW1zjXqisxoCC5p2+A9yQ/vK6543EhI715ebo=
Subject key identifier:   05:75:B0:12:11:E4:0E:BC:45:2F:62:65:3F:DE:37:9D:F7:74:0F:7B
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       19E17344
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/BXWwEhHkDrxFL2JlP943nfd0D3s.roa
Signing time:             Sat 01 Jan 2022 02:57:57 +0000
ROA not before:           Sat 01 Jan 2022 02:57:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     33932
IP address blocks:        217.150.212.0/24 maxlen: 24
                          217.150.213.0/24 maxlen: 24
                          217.150.211.0/24 maxlen: 24
                          217.150.209.0/24 maxlen: 24
                          217.150.208.0/20 maxlen: 24
                          217.150.210.0/24 maxlen: 24
                          217.150.208.0/24 maxlen: 24
                          185.228.172.0/24 maxlen: 24
                          185.228.175.0/24 maxlen: 24
                          185.228.173.0/24 maxlen: 24
                          185.228.174.0/24 maxlen: 24
                          2a0d:2e00:4000::/36 maxlen: 36
                          2a0d:2e00:3000::/36 maxlen: 36
                          2a0d:2e00:2000::/36 maxlen: 36
                          2a0d:2e00:1000::/36 maxlen: 36
                          2a0d:2e00:4000::/48 maxlen: 48
                          2a0d:2e00:3000::/48 maxlen: 48
                          2a0d:2e00:2000::/48 maxlen: 48
                          2a0d:2e00:1000::/48 maxlen: 48
                          2a0d:2e00::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 434205508 (0x19e17344)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jan  1 02:57:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0575b01211e40ebc452f62653fde379df7740f7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:31:37:cb:df:7e:db:d4:86:7b:ac:71:f5:cc:
                    e5:24:bc:3d:ba:21:be:c8:49:09:3b:bb:3c:9b:38:
                    2f:2a:e1:fa:01:1e:bc:eb:f3:fb:a9:c2:67:de:44:
                    93:df:e1:79:1e:a1:6a:56:c1:35:49:bd:06:2b:3d:
                    42:ff:2f:00:d7:f8:68:44:23:c1:42:dc:d1:c2:66:
                    38:a6:5a:b4:86:33:10:4e:aa:a4:a2:ea:7a:ae:a8:
                    e9:7e:86:ff:81:67:06:68:34:d6:83:37:7c:46:db:
                    65:71:8d:cf:9b:1a:f5:20:d2:ba:2a:ad:3f:8f:46:
                    67:60:3b:6d:77:75:37:a0:86:10:21:cf:b5:1b:eb:
                    32:6b:46:df:3e:dc:21:86:56:21:86:46:cd:7d:b9:
                    76:68:3b:6b:1b:62:57:5d:67:0d:81:69:92:94:a9:
                    e4:4c:30:ab:1f:c4:5d:4f:3a:02:5d:f9:4b:b0:9e:
                    ad:95:3d:32:c8:1e:1a:f7:1d:6d:da:64:c8:3b:7c:
                    e1:93:48:87:c5:c1:08:7f:ad:85:87:4a:f4:25:8f:
                    79:dd:f8:e1:f6:ac:ee:07:36:53:bc:15:8c:ab:ca:
                    cd:46:f7:bb:55:0c:6a:9c:d0:60:a1:71:7b:b2:cd:
                    05:7b:92:45:1a:30:f4:a2:f1:7c:2a:ec:e9:24:40:
                    bb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:75:B0:12:11:E4:0E:BC:45:2F:62:65:3F:DE:37:9D:F7:74:0F:7B
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/BXWwEhHkDrxFL2JlP943nfd0D3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.172.0/22
                  217.150.208.0/20
                IPv6:
                  2a0d:2e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:23:8e:ef:7c:63:f7:a1:1e:48:f1:2d:ed:21:22:0e:e7:97:
         e0:bb:26:0b:d3:8e:fd:85:01:b7:b0:a6:01:96:3a:da:93:c0:
         0b:4e:ad:c2:cb:2d:59:b9:60:46:1f:4d:2e:c8:5d:74:18:45:
         3d:9b:49:70:02:9d:c8:80:8c:ee:7c:fc:27:71:24:74:cb:27:
         12:78:f0:07:80:45:64:f4:25:dc:2d:49:3f:33:99:89:15:e6:
         9e:7b:8f:9f:d1:c0:42:0a:23:5f:43:42:04:33:97:98:b8:90:
         d1:d9:85:1e:0d:b0:20:e2:2d:0c:d7:4c:a9:e9:d5:81:b6:a5:
         1d:94:92:78:05:d5:b5:cc:9a:35:6f:79:2a:d2:46:70:6e:04:
         6e:85:3f:58:d5:43:35:d7:04:b5:9e:9c:95:32:09:d6:05:56:
         70:f1:21:28:db:99:30:a8:eb:e4:d2:12:d1:5c:ff:ee:88:6b:
         38:34:02:3d:57:ce:05:6f:d5:1a:5e:e9:d5:a7:cd:68:60:15:
         db:d1:dc:1d:00:6c:d6:62:bf:a0:73:44:b4:9e:a1:b2:69:5e:
         1c:17:6f:32:21:9b:07:9e:32:d6:fe:b3:6f:25:e5:d0:fb:b5:
         6e:6c:5d:8e:d9:7d:98:af:15:3f:02:ce:cd:6a:eb:08:6c:3d:
         25:83:52:75
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEGeFzRDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZDg2MjY3NDljYmY4NGJjZjQyZWJiMjk4NWI4NmRlZTgzMGU1YzE0MB4XDTIyMDEw
MTAyNTc1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDU3NWIwMTIxMWU0
MGViYzQ1MmY2MjY1M2ZkZTM3OWRmNzc0MGY3YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMYxN8vfftvUhnuscfXM5SS8PbohvshJCTu7PJs4Lyrh+gEe
vOvz+6nCZ95Ek9/heR6halbBNUm9Bis9Qv8vANf4aEQjwULc0cJmOKZatIYzEE6q
pKLqeq6o6X6G/4FnBmg01oM3fEbbZXGNz5sa9SDSuiqtP49GZ2A7bXd1N6CGECHP
tRvrMmtG3z7cIYZWIYZGzX25dmg7axtiV11nDYFpkpSp5Ewwqx/EXU86Al35S7Ce
rZU9MsgeGvcdbdpkyDt84ZNIh8XBCH+thYdK9CWPed344fas7gc2U7wVjKvKzUb3
u1UMapzQYKFxe7LNBXuSRRow9KLxfCrs6SRAu9kCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQFdbASEeQOvEUvYmU/3jed93QPezAfBgNVHSMEGDAWgBQdhiZ0nL+EvPQu
uymFuG3ugw5cFDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hZWW1kSnlfaEx6MExyc3BoYmh0N29NT1hCUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzcvOTUxYzhlLTRhODYtNGM4ZS05OTg2LTBiZmJhZDQ4NDljZC8x
L0JYV3dFaEhrRHJ4RkwySmxQOTQzbmZkMEQzcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzcv
OTUxYzhlLTRhODYtNGM4ZS05OTg2LTBiZmJhZDQ4NDljZC8xL0hZWW1kSnlfaEx6
MExyc3BoYmh0N29NT1hCUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArnkrAMEBNmW0DANBAIAAjAHAwUD
Kg0uADANBgkqhkiG9w0BAQsFAAOCAQEAOSOO73xj96EeSPEt7SEiDueX4LsmC9OO
/YUBt7CmAZY62pPAC06twsstWblgRh9NLshddBhFPZtJcAKdyICM7nz8J3EkdMsn
EnjwB4BFZPQl3C1JPzOZiRXmnnuPn9HAQgojX0NCBDOXmLiQ0dmFHg2wIOItDNdM
qenVgbalHZSSeAXVtcyaNW95KtJGcG4EboU/WNVDNdcEtZ6clTIJ1gVWcPEhKNuZ
MKjr5NIS0Vz/7ohrODQCPVfOBW/VGl7p1afNaGAV29HcHQBs1mK/oHNEtJ6hsmle
HBdvMiGbB54y1v6zbyXl0Pu1bmxdjtl9mK8VPwLOzWrrCGw9JYNSdQ==
-----END CERTIFICATE-----