Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/Z9MN1iPwecmtZgt2fe0z1vtgE6I.roa
File:                     Z9MN1iPwecmtZgt2fe0z1vtgE6I.roa (raw, json)
Hash identifier:          YyTkIxp66MebdWwSJlgn8gTGijmJw+Ur74IfiwbWT0I=
Subject key identifier:   67:D3:0D:D6:23:F0:79:C9:AD:66:0B:76:7D:ED:33:D6:FB:60:13:A2
Certificate issuer:       /CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
Certificate serial:       018336FCF1213A5BBC5A52115F88734C91DD
Authority key identifier: EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/Z9MN1iPwecmtZgt2fe0z1vtgE6I.roa
Signing time:             Tue 13 Sep 2022 13:14:49 +0000
ROA not before:           Tue 13 Sep 2022 13:14:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15954
IP address blocks:        37.247.120.0/21 maxlen: 21
                          91.216.219.0/24 maxlen: 24
                          185.49.184.0/22 maxlen: 22
                          217.18.32.0/20 maxlen: 20
                          31.24.120.0/21 maxlen: 21
                          194.176.119.0/24 maxlen: 24
                          185.203.224.0/22 maxlen: 22
                          185.57.196.0/22 maxlen: 22
                          31.47.72.0/21 maxlen: 21
                          2a02:2810::/32 maxlen: 32
                          2a01:a940::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:36:fc:f1:21:3a:5b:bc:5a:52:11:5f:88:73:4c:91:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
        Validity
            Not Before: Sep 13 13:14:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=67d30dd623f079c9ad660b767ded33d6fb6013a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:72:2b:19:6a:c8:97:cb:bc:3e:e8:b3:b4:29:
                    4a:3e:25:73:21:d0:06:82:ff:ea:ed:b7:9d:ed:ed:
                    72:99:1f:e0:d1:8d:44:fa:95:2a:f5:67:81:a7:f6:
                    2b:23:90:95:f7:40:24:0a:98:45:12:3a:b3:18:67:
                    db:9b:f6:f3:bf:28:7f:78:b7:29:81:ad:92:6e:0d:
                    75:f5:a0:1d:c8:23:cf:1b:1e:49:60:36:f8:f4:95:
                    c7:36:30:ce:3d:4e:18:41:8d:ed:d0:55:3f:ae:3e:
                    ce:35:04:eb:32:2a:1d:f8:c8:cc:4f:12:ff:97:a3:
                    d2:1a:50:10:38:62:ae:74:5f:b2:6e:8e:8c:fa:6a:
                    70:43:8f:33:ff:ed:75:84:05:6b:52:7e:d8:5d:fe:
                    b1:bb:8a:94:46:4f:c1:b9:46:f3:89:4f:88:06:d2:
                    15:2f:dc:fe:5d:90:9a:49:3c:5f:ee:9d:0a:61:27:
                    55:ac:c9:81:27:78:51:af:e5:1c:97:8a:c0:d4:90:
                    f0:47:2d:41:19:46:da:35:a4:11:cb:65:05:71:24:
                    04:48:84:ce:a5:af:31:54:bd:d9:82:13:0b:91:29:
                    fc:63:07:69:1a:3d:81:b3:dc:d4:2f:35:cd:f7:85:
                    de:2a:2e:25:41:d5:5a:07:ed:0a:08:57:42:02:fe:
                    ac:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D3:0D:D6:23:F0:79:C9:AD:66:0B:76:7D:ED:33:D6:FB:60:13:A2
            X509v3 Authority Key Identifier:
                keyid:EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/Z9MN1iPwecmtZgt2fe0z1vtgE6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/7094lHNBzlWIi36_NpAUOwy_89Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.120.0/21
                  31.47.72.0/21
                  37.247.120.0/21
                  91.216.219.0/24
                  185.49.184.0/22
                  185.57.196.0/22
                  185.203.224.0/22
                  194.176.119.0/24
                  217.18.32.0/20
                IPv6:
                  2a01:a940::/32
                  2a02:2810::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:da:23:18:68:df:de:6d:2d:4d:01:63:1b:d9:09:35:6f:db:
         27:0f:79:68:5a:83:1a:9f:c6:d4:22:ae:ce:49:de:8d:7a:46:
         3f:f0:de:85:01:1c:b3:c5:86:ff:74:e8:44:ed:78:9a:10:e8:
         08:7f:9f:18:43:fb:6f:c7:b6:8c:c9:e3:de:d3:e8:e0:88:9f:
         74:e3:10:ac:fe:9c:0b:d5:3f:fc:d1:de:e6:4e:d7:b8:4d:fb:
         4f:e6:50:bc:71:8e:70:78:6b:07:60:c5:4c:76:a1:5b:b4:db:
         ca:be:de:2d:9c:f2:a7:67:90:37:7d:97:ec:e9:92:cb:76:b6:
         27:33:f8:c8:8a:a5:9f:5c:45:10:d5:d9:4d:e2:02:92:ca:b2:
         12:06:93:02:4b:ea:2b:7a:42:06:0d:ae:8f:32:c2:4f:57:b6:
         c1:ce:d0:26:4a:50:6f:c0:14:3e:56:ad:2c:f6:1f:66:e4:b0:
         01:3a:3d:79:10:45:99:1a:b5:75:09:c9:59:86:b6:7a:91:56:
         4c:42:b9:24:e6:a6:f4:7c:d3:1a:a2:3e:71:17:cd:73:d7:8c:
         64:a7:e9:7f:0b:cf:8c:15:00:4a:79:6b:9a:8d:96:69:f1:ec:
         37:d7:41:88:fb:09:8b:eb:20:75:d0:53:1a:6e:55:05:d7:61:
         95:1b:30:70
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYM2/PEhOlu8WlIRX4hzTJHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNGY3ODk0NzM0MWNlNTU4ODhiN2ViZjM2OTAxNDNiMGNi
ZmYzZDYwHhcNMjIwOTEzMTMxNDQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2QzMGRkNjIzZjA3OWM5YWQ2NjBiNzY3ZGVkMzNkNmZiNjAxM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinIrGWrIl8u8PuiztClKPiVzIdAG
gv/q7bed7e1ymR/g0Y1E+pUq9WeBp/YrI5CV90AkCphFEjqzGGfbm/bzvyh/eLcp
ga2Sbg119aAdyCPPGx5JYDb49JXHNjDOPU4YQY3t0FU/rj7ONQTrMiod+MjMTxL/
l6PSGlAQOGKudF+ybo6M+mpwQ48z/+11hAVrUn7YXf6xu4qURk/BuUbziU+IBtIV
L9z+XZCaSTxf7p0KYSdVrMmBJ3hRr+Ucl4rA1JDwRy1BGUbaNaQRy2UFcSQESITO
pa8xVL3ZghMLkSn8YwdpGj2Bs9zULzXN94XeKi4lQdVaB+0KCFdCAv6sZwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFGfTDdYj8HnJrWYLdn3tM9b7YBOiMB8GA1UdIwQY
MBaAFO9PeJRzQc5ViIt+vzaQFDsMv/PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzA5NGxITkJ6bFdJaTM2X05wQVVPd3lfODlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wMDVjOWUtZmU3Yy00NjlhLWI2ZjAt
OWJhYTY2Y2ExNDA0LzEvWjlNTjFpUHdlY210Wmd0MmZlMHoxdnRnRTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wMDVjOWUtZmU3Yy00NjlhLWI2ZjAtOWJhYTY2Y2ExNDA0
LzEvNzA5NGxITkJ6bFdJaTM2X05wQVVPd3lfODlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDHxh4AwQD
Hy9IAwQDJfd4AwQAW9jbAwQCuTG4AwQCuTnEAwQCucvgAwQAwrB3AwQE2RIgMBQE
AgACMA4DBQAqAalAAwUAKgIoEDANBgkqhkiG9w0BAQsFAAOCAQEAKtojGGjf3m0t
TQFjG9kJNW/bJw95aFqDGp/G1CKuzknejXpGP/DehQEcs8WG/3ToRO14mhDoCH+f
GEP7b8e2jMnj3tPo4IifdOMQrP6cC9U//NHe5k7XuE37T+ZQvHGOcHhrB2DFTHah
W7Tbyr7eLZzyp2eQN32X7OmSy3a2JzP4yIqln1xFENXZTeICksqyEgaTAkvqK3pC
Bg2ujzLCT1e2wc7QJkpQb8AUPlatLPYfZuSwATo9eRBFmRq1dQnJWYa2epFWTEK5
JOam9HzTGqI+cRfNc9eMZKfpfwvPjBUASnlrmo2WafHsN9dBiPsJi+sgddBTGm5V
BddhlRswcA==
-----END CERTIFICATE-----