Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ehiXI2P1qbNnYRy5gsVkjTlKHhE.roa
File:                     ehiXI2P1qbNnYRy5gsVkjTlKHhE.roa (raw, json)
Hash identifier:          5i/AHjsf64K2PIFGvcGN/FBLPcMq8gb5oxlWtqhcwmE=
Subject key identifier:   7A:18:97:23:63:F5:A9:B3:67:61:1C:B9:82:C5:64:8D:39:4A:1E:11
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01828C1DD5D74E8D3A5E4F52F834D8F0CB19
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ehiXI2P1qbNnYRy5gsVkjTlKHhE.roa
Signing time:             Thu 11 Aug 2022 08:55:41 +0000
ROA not before:           Thu 11 Aug 2022 08:55:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207326
IP address blocks:        81.168.35.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:8c:1d:d5:d7:4e:8d:3a:5e:4f:52:f8:34:d8:f0:cb:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 11 08:55:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7a18972363f5a9b367611cb982c5648d394a1e11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:33:d3:95:51:97:67:d2:69:2f:3b:c9:02:15:
                    f2:a0:e4:f6:49:1e:bc:50:9d:3a:a9:1e:b0:8c:e1:
                    e0:fe:70:58:81:75:ff:bf:bc:e6:95:a5:0f:9e:42:
                    f9:f6:a8:1c:e3:89:09:d5:2e:88:22:bc:2c:3a:c4:
                    d9:d2:3b:d2:fb:75:10:ec:61:52:a4:36:e6:b2:dc:
                    4d:57:72:32:fb:d1:0f:f4:af:16:93:f8:65:d4:42:
                    a6:70:88:82:65:e3:68:78:91:e8:03:9d:81:2c:3f:
                    3b:2d:b5:ba:6f:58:ab:5e:e6:b0:4c:d6:df:9f:7f:
                    13:95:2d:52:0e:48:67:06:0a:7d:ab:66:1d:d1:89:
                    2e:d4:3f:cb:8c:8c:bb:04:7b:5e:68:9c:e8:bc:25:
                    e8:f6:c2:c5:1d:a1:da:7e:30:36:ad:e4:52:26:71:
                    1d:21:6a:35:18:1a:98:cb:46:46:8a:eb:e0:4f:9a:
                    f1:21:af:98:b4:5b:b7:33:0e:5b:45:cc:c6:20:48:
                    fa:e9:6e:43:ad:33:19:aa:9c:56:67:1e:39:e6:d7:
                    b6:93:0b:1d:11:56:dc:88:94:0d:17:61:a5:ee:6b:
                    c2:eb:9d:1c:b7:47:c6:4a:2d:ba:91:9e:37:4d:4a:
                    b0:eb:1f:7c:ba:36:ff:f9:cd:74:ef:dd:ba:a6:e7:
                    86:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:18:97:23:63:F5:A9:B3:67:61:1C:B9:82:C5:64:8D:39:4A:1E:11
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ehiXI2P1qbNnYRy5gsVkjTlKHhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:bd:d4:30:4a:62:cb:1d:4f:9a:43:d9:e7:fb:7d:85:63:1f:
         4d:eb:9b:d3:7f:da:e9:62:ce:78:ca:9c:75:e6:a1:5c:cf:5c:
         15:45:09:8b:87:bb:f6:a3:67:94:0c:55:3a:fc:99:53:fd:cc:
         cc:38:66:dd:c2:6b:c5:a5:06:fc:56:ac:60:5b:b2:41:08:ca:
         4f:de:5a:9a:2f:c9:e7:dd:18:56:71:69:b7:a1:d4:a4:82:15:
         ff:a6:17:4d:ec:f1:c1:73:5f:29:b6:90:ae:64:41:18:58:e2:
         a9:6d:f9:a5:ef:e5:50:73:ee:03:01:3c:82:da:af:87:90:b0:
         a7:d2:5b:0c:33:01:cc:f3:e3:9b:bf:69:f3:ce:9e:65:34:b8:
         6b:dc:30:37:6c:41:7c:93:a4:29:b4:e3:f0:c0:e3:77:84:f1:
         1e:c6:cd:9d:8f:3d:c8:39:9f:fe:4e:a2:27:bb:c3:10:37:b2:
         60:8d:3f:62:2e:1b:e2:6e:09:23:8b:5c:a2:a1:21:a8:d3:8f:
         7d:db:43:be:da:43:69:23:58:9c:6e:65:bd:fb:79:ec:b0:8d:
         57:ee:3e:1d:73:d6:e7:a4:66:4c:32:02:46:dd:ef:07:03:b7:
         19:49:3d:d9:80:c8:06:03:44:aa:8c:29:ca:b9:f9:c5:44:82:
         54:ab:82:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYKMHdXXTo06Xk9S+DTY8MsZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIwODExMDg1NTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTE4OTcyMzYzZjVhOWIzNjc2MTFjYjk4MmM1NjQ4ZDM5NGExZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTPTlVGXZ9JpLzvJAhXyoOT2SR68
UJ06qR6wjOHg/nBYgXX/v7zmlaUPnkL59qgc44kJ1S6IIrwsOsTZ0jvS+3UQ7GFS
pDbmstxNV3Iy+9EP9K8Wk/hl1EKmcIiCZeNoeJHoA52BLD87LbW6b1irXuawTNbf
n38TlS1SDkhnBgp9q2Yd0Yku1D/LjIy7BHteaJzovCXo9sLFHaHafjA2reRSJnEd
IWo1GBqYy0ZGiuvgT5rxIa+YtFu3Mw5bRczGIEj66W5DrTMZqpxWZx455te2kwsd
EVbciJQNF2Gl7mvC650ct0fGSi26kZ43TUqw6x98ujb/+c107926pueGMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoYlyNj9amzZ2EcuYLFZI05Sh4RMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZWhpWEkyUDFxYk5uWVJ5NWdzVmtqVGxLSGhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUagjMA0G
CSqGSIb3DQEBCwUAA4IBAQAhvdQwSmLLHU+aQ9nn+32FYx9N65vTf9rpYs54ypx1
5qFcz1wVRQmLh7v2o2eUDFU6/JlT/czMOGbdwmvFpQb8VqxgW7JBCMpP3lqaL8nn
3RhWcWm3odSkghX/phdN7PHBc18ptpCuZEEYWOKpbfml7+VQc+4DATyC2q+HkLCn
0lsMMwHM8+Obv2nzzp5lNLhr3DA3bEF8k6QptOPwwON3hPEexs2djz3IOZ/+TqIn
u8MQN7JgjT9iLhvibgkji1yioSGo049920O+2kNpI1icbmW9+3nssI1X7j4dc9bn
pGZMMgJG3e8HA7cZST3ZgMgGA0SqjCnKufnFRIJUq4IF
-----END CERTIFICATE-----