Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/SDZfwXRjz35yX-Niojuta8z6g3g.roa
File:                     SDZfwXRjz35yX-Niojuta8z6g3g.roa (raw, json)
Hash identifier:          eBttbjQx+8nPq5DGhGvQvufDVHnpLyK36IfwGlubTCM=
Subject key identifier:   48:36:5F:C1:74:63:CF:7E:72:5F:E3:62:A2:3B:AD:6B:CC:FA:83:78
Certificate issuer:       /CN=c74ca0855178a0cdd71914bcf223aa31af6369a4
Certificate serial:       2DA147
Authority key identifier: C7:4C:A0:85:51:78:A0:CD:D7:19:14:BC:F2:23:AA:31:AF:63:69:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0yghVF4oM3XGRS88iOqMa9jaaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/SDZfwXRjz35yX-Niojuta8z6g3g.roa
Signing time:             Sat 01 Jan 2022 02:01:59 +0000
ROA not before:           Sat 01 Jan 2022 02:01:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59790
IP address blocks:        194.135.200.0/21 maxlen: 21
                          5.183.208.0/24 maxlen: 24
                          94.176.100.0/22 maxlen: 22
                          193.32.11.0/24 maxlen: 24
                          195.216.136.0/22 maxlen: 22
                          185.107.24.0/22 maxlen: 22
                          93.92.116.0/22 maxlen: 22
                          193.124.144.0/21 maxlen: 21
                          5.154.233.0/24 maxlen: 24
                          185.224.116.0/22 maxlen: 22
                          185.125.36.0/22 maxlen: 22
                          193.124.76.0/22 maxlen: 22
                          185.35.232.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2990407 (0x2da147)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74ca0855178a0cdd71914bcf223aa31af6369a4
        Validity
            Not Before: Jan  1 02:01:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=48365fc17463cf7e725fe362a23bad6bccfa8378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:66:92:27:07:04:2a:50:78:90:f9:9a:e0:59:
                    20:32:2e:43:22:43:a5:28:94:3c:a1:cc:02:bb:09:
                    ca:d7:7c:b9:64:ce:d0:b6:5e:17:15:40:61:59:a6:
                    24:d0:d7:2e:26:77:4d:93:00:75:d0:a6:b7:e7:08:
                    e8:f5:09:9a:af:d1:65:1e:9f:4d:89:20:d8:cb:fe:
                    89:2f:a0:49:87:53:0d:b0:6f:1d:fe:a0:c0:0f:d4:
                    18:ac:16:47:52:0a:89:d6:14:0f:b9:8a:a0:98:34:
                    a5:d8:30:42:c7:81:d0:24:af:e2:03:f6:fd:eb:74:
                    23:03:46:84:42:29:36:50:75:6f:76:21:fc:39:b5:
                    5d:e4:18:d3:08:a2:c0:cd:84:da:9f:ba:0a:b1:47:
                    ac:80:e3:c7:3e:f8:54:99:09:f4:4f:e6:60:53:7f:
                    0d:8b:bb:18:12:5f:19:c1:e8:af:79:0e:d2:d1:32:
                    5d:b2:f2:d6:06:29:8d:9f:4e:80:69:cf:6d:85:7a:
                    c9:f0:37:d0:04:56:2e:1a:11:6c:6e:5f:b5:fb:0f:
                    70:ad:13:a8:55:01:e3:c4:ec:b7:e5:5c:e3:12:a6:
                    06:80:d4:ba:6a:4e:b6:ca:28:ef:cb:72:2b:a8:c4:
                    b4:be:1c:f9:e8:12:45:54:17:8c:9f:a5:b6:bd:58:
                    5e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:36:5F:C1:74:63:CF:7E:72:5F:E3:62:A2:3B:AD:6B:CC:FA:83:78
            X509v3 Authority Key Identifier:
                keyid:C7:4C:A0:85:51:78:A0:CD:D7:19:14:BC:F2:23:AA:31:AF:63:69:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0yghVF4oM3XGRS88iOqMa9jaaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/SDZfwXRjz35yX-Niojuta8z6g3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/x0yghVF4oM3XGRS88iOqMa9jaaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.233.0/24
                  5.183.208.0/24
                  93.92.116.0/22
                  94.176.100.0/22
                  185.35.232.0/22
                  185.107.24.0/22
                  185.125.36.0/22
                  185.224.116.0/22
                  193.32.11.0/24
                  193.124.76.0/22
                  193.124.144.0/21
                  194.135.200.0/21
                  195.216.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:cc:f9:84:97:85:22:b5:4b:95:d8:0a:7c:52:e6:5e:06:16:
         21:50:2a:17:f9:02:77:62:c7:7f:64:ef:c2:ce:0b:c0:78:09:
         8a:0f:75:5f:6f:b8:95:58:3d:ee:f1:38:7b:b9:5b:7a:05:8b:
         7c:8e:be:80:c0:a3:49:19:4b:d8:e1:1f:1c:db:93:9c:9f:6a:
         38:28:1b:6b:32:76:3c:09:7a:b8:6b:89:77:be:b7:cd:7c:3c:
         68:49:98:b3:08:e7:ca:35:27:97:e5:7e:7e:41:c9:f9:ce:7b:
         25:a4:be:94:ae:d4:a2:0c:79:bc:52:d6:a6:29:e8:bc:0d:50:
         9b:60:cf:c1:52:8d:e6:d7:e7:bb:1f:00:dc:6b:58:e8:fe:48:
         53:8f:f5:31:3a:b1:a2:ef:9b:8c:15:14:11:88:bb:c3:bb:2d:
         0a:37:d0:79:1f:53:f9:1b:72:ee:e2:74:2f:a6:72:70:65:1b:
         04:17:71:d4:c9:29:38:40:f9:5e:39:20:aa:6b:7c:06:51:f3:
         09:11:9c:26:82:9f:15:d1:a5:a1:b3:05:2c:4c:4a:2b:4f:f0:
         6c:b1:bd:07:04:f6:37:6c:11:6b:d0:a7:4b:b2:c1:19:e0:98:
         81:72:91:96:df:80:70:d9:69:0d:95:0f:fb:ce:64:8a:33:c2:
         bd:95:0e:fc
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIDLaFHMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGM3
NGNhMDg1NTE3OGEwY2RkNzE5MTRiY2YyMjNhYTMxYWY2MzY5YTQwHhcNMjIwMTAx
MDIwMTU5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg0ODM2NWZjMTc0NjNj
ZjdlNzI1ZmUzNjJhMjNiYWQ2YmNjZmE4Mzc4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAmGaSJwcEKlB4kPma4FkgMi5DIkOlKJQ8ocwCuwnK13y5ZM7Q
tl4XFUBhWaYk0NcuJndNkwB10Ka35wjo9Qmar9FlHp9NiSDYy/6JL6BJh1MNsG8d
/qDAD9QYrBZHUgqJ1hQPuYqgmDSl2DBCx4HQJK/iA/b963QjA0aEQik2UHVvdiH8
ObVd5BjTCKLAzYTan7oKsUesgOPHPvhUmQn0T+ZgU38Ni7sYEl8ZweiveQ7S0TJd
svLWBimNn06Aac9thXrJ8DfQBFYuGhFsbl+1+w9wrROoVQHjxOy35VzjEqYGgNS6
ak62yijvy3IrqMS0vhz56BJFVBeMn6W2vVheTwIDAQABo4ICUTCCAk0wHQYDVR0O
BBYEFEg2X8F0Y89+cl/jYqI7rWvM+oN4MB8GA1UdIwQYMBaAFMdMoIVReKDN1xkU
vPIjqjGvY2mkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
eDB5Z2hWRjRvTTNYR1JTODhpT3FNYTlqYWFRLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC83ZC9mMjIwYTAtZGY4MS00MmZiLWI3MTQtZGVkZDM1MjkzMjMwLzEv
U0RaZndYUmp6MzV5WC1OaW9qdXRhOHo2ZzNnLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9m
MjIwYTAtZGY4MS00MmZiLWI3MTQtZGVkZDM1MjkzMjMwLzEveDB5Z2hWRjRvTTNY
R1JTODhpT3FNYTlqYWFRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGcG
CCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQABZrpAwQABbfQAwQCXVx0AwQCXrBk
AwQCuSPoAwQCuWsYAwQCuX0kAwQCueB0AwQAwSALAwQCwXxMAwQDwXyQAwQDwofI
AwQCw9iIMA0GCSqGSIb3DQEBCwUAA4IBAQByzPmEl4UitUuV2Ap8UuZeBhYhUCoX
+QJ3Ysd/ZO/CzgvAeAmKD3Vfb7iVWD3u8Th7uVt6BYt8jr6AwKNJGUvY4R8c25Oc
n2o4KBtrMnY8CXq4a4l3vrfNfDxoSZizCOfKNSeX5X5+Qcn5znslpL6UrtSiDHm8
UtamKei8DVCbYM/BUo3m1+e7HwDca1jo/khTj/UxOrGi75uMFRQRiLvDuy0KN9B5
H1P5G3Lu4nQvpnJwZRsEF3HUySk4QPleOSCqa3wGUfMJEZwmgp8V0aWhswUsTEor
T/Bssb0HBPY3bBFr0KdLssEZ4JiBcpGW34Bw2WkNlQ/7zmSKM8K9lQ78
-----END CERTIFICATE-----