Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/T_qB0_4EhhgcVFeVrVfOw3qNSEc.roa
File:                     T_qB0_4EhhgcVFeVrVfOw3qNSEc.roa (raw, json)
Hash identifier:          2zc8csWYCoh+VdGrpVjaHT3ZfKEzFvErMtkPGB8jlSg=
Subject key identifier:   4F:FA:81:D3:FE:04:86:18:1C:54:57:95:AD:57:CE:C3:7A:8D:48:47
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018505012A421276C7699BBFAEEAC88B36B2
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/T_qB0_4EhhgcVFeVrVfOw3qNSEc.roa
Signing time:             Mon 12 Dec 2022 06:24:00 +0000
ROA not before:           Mon 12 Dec 2022 06:24:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        37.34.88.0/21 maxlen: 24
                          185.86.142.0/23 maxlen: 24
                          185.86.140.0/23 maxlen: 24
                          37.218.216.0/21 maxlen: 24
                          188.215.120.0/22 maxlen: 24
                          188.215.124.0/22 maxlen: 24
                          89.46.180.0/22 maxlen: 24
                          130.255.64.0/22 maxlen: 24
                          130.255.68.0/22 maxlen: 24
                          31.186.180.0/22 maxlen: 24
                          46.20.210.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:05:01:2a:42:12:76:c7:69:9b:bf:ae:ea:c8:8b:36:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Dec 12 06:24:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4ffa81d3fe0486181c545795ad57cec37a8d4847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1c:6f:04:5a:7b:6d:d9:f5:15:da:0e:be:e3:
                    2f:34:fc:b4:56:a3:5b:37:5b:1b:7a:a0:34:b1:cd:
                    ae:b7:01:a1:98:dc:72:55:6d:a6:ac:5f:b7:9c:7b:
                    d4:3f:ce:af:45:0f:b0:ce:ed:b5:36:cc:ae:82:80:
                    bf:59:78:5c:31:e9:f0:1d:7a:ba:73:48:30:67:f3:
                    fd:65:6f:a5:b3:09:44:c9:90:1e:ed:4a:b6:4c:8c:
                    7e:0c:6e:31:2b:d7:d7:a1:27:95:21:78:4b:0e:c3:
                    2d:9e:28:04:0c:f6:db:c5:89:aa:ad:be:4c:15:b3:
                    6d:20:f1:1b:df:1f:1d:a7:01:50:e9:6b:db:82:9c:
                    5c:86:2e:e4:f5:33:17:25:96:45:1f:83:6e:b4:72:
                    cc:bc:d2:c2:90:4a:a1:7a:45:bb:c8:58:97:4e:b4:
                    bd:23:37:76:70:1b:c0:9f:13:35:2a:cb:80:09:6a:
                    3d:7b:6f:6d:ce:64:d9:95:8c:f9:aa:9b:2a:79:17:
                    08:9d:23:fe:23:db:7c:bc:f2:4f:03:56:5e:65:85:
                    34:9b:60:de:f8:82:6b:5a:de:cc:ad:02:2c:7a:56:
                    24:a0:e4:2a:33:9b:5d:21:38:06:15:47:97:7c:ef:
                    96:4c:08:61:b8:bc:c3:e4:4b:bd:08:ab:cd:6b:4a:
                    18:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FA:81:D3:FE:04:86:18:1C:54:57:95:AD:57:CE:C3:7A:8D:48:47
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/T_qB0_4EhhgcVFeVrVfOw3qNSEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.180.0/22
                  37.34.88.0/21
                  37.218.216.0/21
                  46.20.210.0/23
                  89.46.180.0/22
                  130.255.64.0/21
                  185.86.140.0/22
                  188.215.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:ad:76:a8:01:62:6d:3e:cb:51:de:3b:45:60:54:b1:96:f0:
         d0:29:e4:f2:82:73:70:49:b8:e2:1f:e2:cb:17:2e:80:81:0d:
         7c:b1:b4:be:b0:e9:51:97:5f:a3:21:81:64:ef:a6:11:ae:13:
         ec:bd:d2:26:9b:d5:ce:11:72:85:fa:a8:eb:78:cb:6f:0e:d4:
         d7:2f:d9:18:f5:41:17:e8:14:89:d8:c4:f2:3a:92:77:5d:e1:
         6f:8b:1e:0b:3a:46:c1:f1:83:10:e6:84:7d:44:8f:7e:bf:03:
         ce:97:46:36:03:61:92:fb:40:f7:98:0f:ba:2a:7c:88:66:28:
         6c:de:c8:57:76:59:d6:ca:99:86:b8:35:95:87:cb:30:a7:19:
         41:5e:da:fd:74:c4:18:24:db:d0:d8:67:15:a8:50:85:bf:ad:
         d1:0d:96:af:af:66:3b:19:77:fd:0c:73:05:f3:11:a4:85:5b:
         dd:64:b8:56:b3:4b:81:53:da:2c:2d:51:cc:fb:6e:ed:bf:78:
         5a:7d:03:d6:5a:66:b8:f6:f0:6f:2f:2d:42:4e:65:94:3e:2b:
         e7:0b:24:da:2d:2d:db:62:96:1d:0c:8f:f1:bc:96:5f:5e:66:
         af:f3:c0:5a:56:a2:97:89:d1:d0:cf:14:dc:40:11:e7:cf:44:
         ea:97:61:c0
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYUFASpCEnbHaZu/rurIizayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjIxMjEyMDYyNDAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZhODFkM2ZlMDQ4NjE4MWM1NDU3OTVhZDU3Y2VjMzdhOGQ0ODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhxvBFp7bdn1FdoOvuMvNPy0VqNb
N1sbeqA0sc2utwGhmNxyVW2mrF+3nHvUP86vRQ+wzu21NsyugoC/WXhcMenwHXq6
c0gwZ/P9ZW+lswlEyZAe7Uq2TIx+DG4xK9fXoSeVIXhLDsMtnigEDPbbxYmqrb5M
FbNtIPEb3x8dpwFQ6Wvbgpxchi7k9TMXJZZFH4NutHLMvNLCkEqhekW7yFiXTrS9
Izd2cBvAnxM1KsuACWo9e29tzmTZlYz5qpsqeRcInSP+I9t8vPJPA1ZeZYU0m2De
+IJrWt7MrQIselYkoOQqM5tdITgGFUeXfO+WTAhhuLzD5Eu9CKvNa0oYkQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFE/6gdP+BIYYHFRXla1XzsN6jUhHMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvVF9xQjBfNEVoaGdjVkZlVnJWZk93M3FOU0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCH7q0AwQD
JSJYAwQDJdrYAwQBLhTSAwQCWS60AwQDgv9AAwQCuVaMAwQDvNd4MA0GCSqGSIb3
DQEBCwUAA4IBAQAErXaoAWJtPstR3jtFYFSxlvDQKeTygnNwSbjiH+LLFy6AgQ18
sbS+sOlRl1+jIYFk76YRrhPsvdImm9XOEXKF+qjreMtvDtTXL9kY9UEX6BSJ2MTy
OpJ3XeFvix4LOkbB8YMQ5oR9RI9+vwPOl0Y2A2GS+0D3mA+6KnyIZihs3shXdlnW
ypmGuDWVh8swpxlBXtr9dMQYJNvQ2GcVqFCFv63RDZavr2Y7GXf9DHMF8xGkhVvd
ZLhWs0uBU9osLVHM+27tv3hafQPWWma49vBvLy1CTmWUPivnCyTaLS3bYpYdDI/x
vJZfXmav88BaVqKXidHQzxTcQBHnz0Tql2HA
-----END CERTIFICATE-----