Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/6a272b-8b6f-4fe3-8f29-f0029816097e/1/LPlkd8gguF0sRmw9rEEnuoZJS6w.roa
File:                     LPlkd8gguF0sRmw9rEEnuoZJS6w.roa (raw, json)
Hash identifier:          zAS6qMcdvbdnw1q9GG1tJkgNErcXbCYfpR/2doRO+ko=
Subject key identifier:   2C:F9:64:77:C8:20:B8:5D:2C:46:6C:3D:AC:41:27:BA:86:49:4B:AC
Certificate issuer:       /CN=c7c1fdbaf9ac0e5adeec60a0923c4dd4a01e92dc
Certificate serial:       018466B44E8FB47848D7961139CA0B01FB6D
Authority key identifier: C7:C1:FD:BA:F9:AC:0E:5A:DE:EC:60:A0:92:3C:4D:D4:A0:1E:92:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x8H9uvmsDlre7GCgkjxN1KAektw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/6a272b-8b6f-4fe3-8f29-f0029816097e/1/LPlkd8gguF0sRmw9rEEnuoZJS6w.roa
Signing time:             Fri 11 Nov 2022 12:40:03 +0000
ROA not before:           Fri 11 Nov 2022 12:40:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62336
IP address blocks:        91.198.32.0/24 maxlen: 24
                          37.228.144.0/22 maxlen: 22
                          5.63.32.0/19 maxlen: 20
                          91.200.108.0/22 maxlen: 22
                          91.211.8.0/22 maxlen: 22
                          91.191.176.0/22 maxlen: 22
                          195.230.108.0/24 maxlen: 24
                          185.39.84.0/22 maxlen: 22
                          2a01:41e1::/32 maxlen: 32
                          2a01:41e0::/32 maxlen: 32
                          2a01:41e3::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:66:b4:4e:8f:b4:78:48:d7:96:11:39:ca:0b:01:fb:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7c1fdbaf9ac0e5adeec60a0923c4dd4a01e92dc
        Validity
            Not Before: Nov 11 12:40:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2cf96477c820b85d2c466c3dac4127ba86494bac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cb:3c:b2:de:81:a8:f7:5f:62:72:57:f4:5d:
                    5f:37:70:21:b1:c0:52:9c:3a:93:89:75:d0:63:03:
                    a5:3f:a4:fb:45:62:09:00:1e:01:88:d8:3b:9e:47:
                    eb:21:d5:d3:57:62:b1:7d:e2:65:fc:62:6b:54:89:
                    9c:06:89:5e:1d:84:d9:9c:80:83:dc:04:3f:aa:71:
                    f4:06:cd:93:fe:7d:4e:ed:d9:88:ab:83:7f:ea:ba:
                    b1:16:8f:29:ec:21:ac:44:95:04:b0:a8:06:4c:cc:
                    2c:39:34:ac:94:a7:68:28:d7:62:37:b9:51:52:9f:
                    5e:2b:f8:85:bd:c9:45:bc:3b:1f:30:6d:cd:d0:a6:
                    21:12:cf:29:55:10:0b:53:ce:1b:30:59:97:ea:ce:
                    f4:bb:53:e9:07:32:d0:b4:a4:43:f0:8b:8c:ee:e0:
                    6f:f1:ed:33:09:b1:20:ec:4d:27:4a:d7:c1:a0:b6:
                    88:4f:4f:b3:2e:07:d5:4d:f5:fd:0c:20:8d:e0:4e:
                    40:20:3d:14:23:65:59:9c:2b:43:45:96:85:db:ec:
                    2f:6b:45:60:4a:06:48:60:6c:fd:6b:d7:9c:51:58:
                    a1:b3:89:d6:14:18:30:ae:8f:21:6a:3f:0d:02:99:
                    94:98:38:9c:2f:34:37:55:6c:29:99:cb:dc:20:b8:
                    af:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:F9:64:77:C8:20:B8:5D:2C:46:6C:3D:AC:41:27:BA:86:49:4B:AC
            X509v3 Authority Key Identifier:
                keyid:C7:C1:FD:BA:F9:AC:0E:5A:DE:EC:60:A0:92:3C:4D:D4:A0:1E:92:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x8H9uvmsDlre7GCgkjxN1KAektw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/6a272b-8b6f-4fe3-8f29-f0029816097e/1/LPlkd8gguF0sRmw9rEEnuoZJS6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/6a272b-8b6f-4fe3-8f29-f0029816097e/1/x8H9uvmsDlre7GCgkjxN1KAektw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.32.0/19
                  37.228.144.0/22
                  91.191.176.0/22
                  91.198.32.0/24
                  91.200.108.0/22
                  91.211.8.0/22
                  185.39.84.0/22
                  195.230.108.0/24
                IPv6:
                  2a01:41e0::/31
                  2a01:41e3::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:bb:ac:db:27:11:e5:fe:a3:4b:16:b0:ef:c6:a7:46:40:d4:
         e8:c2:7b:e5:2c:82:9f:36:99:b6:1c:32:5c:82:3b:a7:93:12:
         56:43:37:35:44:ff:88:91:e1:32:3f:c9:1a:43:26:3e:b6:ce:
         43:ad:ba:6e:4c:f8:4b:5c:b8:26:c9:85:57:24:f9:90:a1:38:
         37:b6:ff:7b:dc:49:6d:28:90:25:2c:c3:04:31:89:dc:fb:a9:
         5d:22:9a:e6:f0:3f:b2:ea:39:fc:80:5e:6a:bf:c2:18:02:77:
         49:15:79:ce:1e:ae:ea:e3:ba:cd:35:23:1a:01:fb:40:3b:19:
         b9:57:27:a1:21:5d:fb:fd:89:e1:ba:86:1a:e7:83:84:2f:c2:
         15:b0:b4:ae:8f:06:79:ed:f5:40:95:f9:b8:fe:78:e6:8a:fb:
         88:75:e0:13:d7:d3:d5:af:40:a8:99:98:f5:23:5e:b5:64:fe:
         b7:6c:a2:dd:77:c9:b1:67:ec:bf:91:b8:d3:d5:a3:f0:fe:0d:
         cc:bc:3d:e0:e5:b4:5b:61:34:2a:5f:fc:9d:0e:95:23:eb:6d:
         dc:e8:08:3c:92:15:0e:1f:ac:9b:c8:54:fd:66:f5:32:aa:04:
         19:b8:55:cc:9c:18:14:bb:37:36:aa:51:22:28:bc:c8:80:11:
         a7:38:a5:88
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYRmtE6PtHhI15YROcoLAfttMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YzFmZGJhZjlhYzBlNWFkZWVjNjBhMDkyM2M0ZGQ0YTAx
ZTkyZGMwHhcNMjIxMTExMTI0MDAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2Y5NjQ3N2M4MjBiODVkMmM0NjZjM2RhYzQxMjdiYTg2NDk0YmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Ms8st6BqPdfYnJX9F1fN3AhscBS
nDqTiXXQYwOlP6T7RWIJAB4BiNg7nkfrIdXTV2KxfeJl/GJrVImcBoleHYTZnICD
3AQ/qnH0Bs2T/n1O7dmIq4N/6rqxFo8p7CGsRJUEsKgGTMwsOTSslKdoKNdiN7lR
Up9eK/iFvclFvDsfMG3N0KYhEs8pVRALU84bMFmX6s70u1PpBzLQtKRD8IuM7uBv
8e0zCbEg7E0nStfBoLaIT0+zLgfVTfX9DCCN4E5AID0UI2VZnCtDRZaF2+wva0Vg
SgZIYGz9a9ecUVihs4nWFBgwro8haj8NApmUmDicLzQ3VWwpmcvcILivUQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFCz5ZHfIILhdLEZsPaxBJ7qGSUusMB8GA1UdIwQY
MBaAFMfB/br5rA5a3uxgoJI8TdSgHpLcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDhIOXV2bXNEbHJlN0dDZ2tqeE4xS0Fla3R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi82YTI3MmItOGI2Zi00ZmUzLThmMjkt
ZjAwMjk4MTYwOTdlLzEvTFBsa2Q4Z2d1RjBzUm13OXJFRW51b1pKUzZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi82YTI3MmItOGI2Zi00ZmUzLThmMjktZjAwMjk4MTYwOTdl
LzEveDhIOXV2bXNEbHJlN0dDZ2tqeE4xS0Fla3R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQFBT8gAwQC
JeSQAwQCW7+wAwQAW8YgAwQCW8hsAwQCW9MIAwQCuSdUAwQAw+ZsMBQEAgACMA4D
BQEqAUHgAwUAKgFB4zANBgkqhkiG9w0BAQsFAAOCAQEAubus2ycR5f6jSxaw78an
RkDU6MJ75SyCnzaZthwyXII7p5MSVkM3NUT/iJHhMj/JGkMmPrbOQ626bkz4S1y4
JsmFVyT5kKE4N7b/e9xJbSiQJSzDBDGJ3PupXSKa5vA/suo5/IBear/CGAJ3SRV5
zh6u6uO6zTUjGgH7QDsZuVcnoSFd+/2J4bqGGueDhC/CFbC0ro8Gee31QJX5uP54
5or7iHXgE9fT1a9AqJmY9SNetWT+t2yi3XfJsWfsv5G409Wj8P4NzLw94OW0W2E0
Kl/8nQ6VI+tt3OgIPJIVDh+sm8hU/Wb1MqoEGbhVzJwYFLs3NqpRIii8yIARpzil
iA==
-----END CERTIFICATE-----