Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/lHSfBpVmgfizEoIMJrJwQn7M1Gs.roa
File:                     lHSfBpVmgfizEoIMJrJwQn7M1Gs.roa (raw, json)
Hash identifier:          3KShXLFYW4rrgYoQez51rMHqiCpAyRw+YYUVYoUrB/Q=
Subject key identifier:   94:74:9F:06:95:66:81:F8:B3:12:82:0C:26:B2:70:42:7E:CC:D4:6B
Certificate issuer:       /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial:       1126D51E
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/lHSfBpVmgfizEoIMJrJwQn7M1Gs.roa
Signing time:             Thu 17 Feb 2022 00:06:25 +0000
ROA not before:           Thu 17 Feb 2022 00:06:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     134433
IP address blocks:        185.71.229.0/24 maxlen: 24
                          185.71.230.0/24 maxlen: 24
                          185.71.228.0/24 maxlen: 24
                          193.0.180.0/24 maxlen: 24
                          185.125.86.0/24 maxlen: 24
                          193.0.182.0/24 maxlen: 24
                          193.0.183.0/24 maxlen: 24
                          2a05:3343:4::/48 maxlen: 48
                          2a05:3340:140::/42 maxlen: 48
                          2a05:3340::/42 maxlen: 42
                          2a05:3343:5::/48 maxlen: 48
                          2a05:3343:a::/48 maxlen: 48
                          2a05:3340::/29 maxlen: 64
                          2a05:3343:c::/48 maxlen: 48
                          2a05:3343:6::/48 maxlen: 48
                          2a05:3343:b::/48 maxlen: 48
                          2a05:3343:7::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 287757598 (0x1126d51e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
        Validity
            Not Before: Feb 17 00:06:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=94749f06956681f8b312820c26b270427eccd46b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cd:9d:60:a7:3b:0e:5a:ad:3c:a4:5b:f2:3d:
                    0a:6d:7e:98:99:41:89:b8:44:a4:0a:b1:2a:09:2f:
                    9c:34:d3:e5:ab:55:00:9f:c5:db:51:69:e0:9b:bb:
                    50:40:62:17:73:10:fe:00:32:27:d5:2f:6a:be:c2:
                    fd:2c:29:99:f2:30:f8:07:2a:23:17:40:c9:17:16:
                    a0:63:cb:d6:7e:24:56:d4:d8:df:75:c3:56:ce:b1:
                    b8:97:67:78:f0:c5:7f:38:b7:a5:3d:f9:84:a8:6b:
                    8a:b1:6d:a6:2e:8d:b9:63:db:1a:68:f7:fa:e4:f7:
                    1e:50:6e:07:50:b7:09:53:1f:bb:cb:38:a1:a7:81:
                    6f:f8:22:c0:10:55:e6:f8:f6:cf:f5:83:8d:15:b8:
                    79:11:5e:22:d2:40:3d:dc:39:29:55:6b:51:8c:ab:
                    a5:b4:a2:2e:fe:dd:0d:26:94:38:ab:81:7e:5b:68:
                    98:94:06:fd:0f:77:54:07:e3:71:34:d7:fa:dc:f7:
                    0e:18:e4:a6:ab:fd:7b:4f:c6:35:4e:7a:69:04:0f:
                    d9:76:24:be:75:90:f9:da:ef:ab:cb:89:50:8f:41:
                    bb:a2:1f:80:93:60:57:4b:dd:9b:f8:62:72:6a:6a:
                    26:2c:78:c2:f2:4f:7a:53:a9:3f:da:c7:d3:ff:3b:
                    88:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:74:9F:06:95:66:81:F8:B3:12:82:0C:26:B2:70:42:7E:CC:D4:6B
            X509v3 Authority Key Identifier:
                keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/lHSfBpVmgfizEoIMJrJwQn7M1Gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.228.0-185.71.230.255
                  185.125.86.0/24
                  193.0.180.0/24
                  193.0.182.0/23
                IPv6:
                  2a05:3340::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:e6:1e:bc:3d:3f:fd:7e:5d:ad:77:ff:9f:49:36:fb:56:2b:
         50:8b:e3:16:32:4e:77:25:1f:78:10:1b:f7:cf:9e:09:e2:9d:
         a8:aa:5b:e7:09:80:7b:01:05:9f:4a:b8:c8:89:30:27:a7:81:
         0c:34:b7:5e:8a:c2:9f:46:6f:99:b9:36:97:e4:cf:2b:df:45:
         6f:50:95:c7:4a:13:13:68:55:ac:58:8b:23:17:f6:65:e3:6a:
         2f:bd:3f:5d:8e:cc:09:b5:7c:3a:d7:b2:b8:70:75:ef:67:43:
         f8:90:a4:8c:c0:57:0b:1a:e0:c6:62:86:ff:11:c5:b0:32:c6:
         85:b5:d9:aa:6e:57:c4:23:a3:a5:1e:de:5b:3a:bd:7a:cc:d2:
         83:19:ca:d3:1d:cc:c0:87:fb:9f:52:fc:a9:fd:95:48:b1:4d:
         c9:ae:98:ed:c5:f8:e6:f5:dd:bb:81:62:31:3e:5a:56:1c:2a:
         2e:9c:43:03:6c:7a:82:b6:b5:36:af:49:b3:ac:c7:26:80:6f:
         1c:da:8c:e4:14:1e:11:a5:2f:b8:87:62:9c:99:d7:cf:ea:c5:
         2b:37:14:a1:d9:38:ee:a8:46:a3:2c:8f:74:2b:98:38:5d:06:
         75:87:9e:1c:c3:e8:82:7a:82:27:85:2f:ca:c1:b8:15:f2:e9:
         a4:78:ea:8f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIEESbVHjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZTI0YzdlY2ZhMzdkMjQ4NzE1MmZiOWJiYmFiNTBiZTc5ZGUyNjE5MB4XDTIyMDIx
NzAwMDYyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTQ3NDlmMDY5NTY2
ODFmOGIzMTI4MjBjMjZiMjcwNDI3ZWNjZDQ2YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALfNnWCnOw5arTykW/I9Cm1+mJlBibhEpAqxKgkvnDTT5atV
AJ/F21Fp4Ju7UEBiF3MQ/gAyJ9Uvar7C/SwpmfIw+AcqIxdAyRcWoGPL1n4kVtTY
33XDVs6xuJdnePDFfzi3pT35hKhrirFtpi6NuWPbGmj3+uT3HlBuB1C3CVMfu8s4
oaeBb/giwBBV5vj2z/WDjRW4eRFeItJAPdw5KVVrUYyrpbSiLv7dDSaUOKuBflto
mJQG/Q93VAfjcTTX+tz3Dhjkpqv9e0/GNU56aQQP2XYkvnWQ+drvq8uJUI9Bu6If
gJNgV0vdm/hicmpqJix4wvJPelOpP9rH0/87iCECAwEAAaOCAjIwggIuMB0GA1Ud
DgQWBBSUdJ8GlWaB+LMSggwmsnBCfszUazAfBgNVHSMEGDAWgBQ+JMfs+jfSSHFS
+5u7q1C+ed4mGTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BpVEg3UG8zMGtoeFV2dWJ1NnRRdm5uZUpoay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2EvMzlhNWZjLWQyNmUtNGQ1My05MWUzLTQ5M2Q3NzRhYTFmZi8x
L2xIU2ZCcFZtZ2ZpekVvSU1Kckp3UW43TTFHcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Ev
MzlhNWZjLWQyNmUtNGQ1My05MWUzLTQ5M2Q3NzRhYTFmZi8xL1BpVEg3UG8zMGto
eFV2dWJ1NnRRdm5uZUpoay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBI
BggrBgEFBQcBBwEB/wQ5MDcwJgQCAAEwIDAMAwQCuUfkAwQAuUfmAwQAuX1WAwQA
wQC0AwQBwQC2MA0EAgACMAcDBQMqBTNAMA0GCSqGSIb3DQEBCwUAA4IBAQBu5h68
PT/9fl2td/+fSTb7VitQi+MWMk53JR94EBv3z54J4p2oqlvnCYB7AQWfSrjIiTAn
p4EMNLdeisKfRm+ZuTaX5M8r30VvUJXHShMTaFWsWIsjF/Zl42ovvT9djswJtXw6
17K4cHXvZ0P4kKSMwFcLGuDGYob/EcWwMsaFtdmqblfEI6OlHt5bOr16zNKDGcrT
HczAh/ufUvyp/ZVIsU3Jrpjtxfjm9d27gWIxPlpWHCounEMDbHqCtrU2r0mzrMcm
gG8c2ozkFB4RpS+4h2KcmdfP6sUrNxSh2TjuqEajLI90K5g4XQZ1h54cw+iCeoIn
hS/KwbgV8umkeOqP
-----END CERTIFICATE-----