Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/7Z3eu84vd9tAS9yFvkh5qrDBJfs.roa
File:                     7Z3eu84vd9tAS9yFvkh5qrDBJfs.roa (raw, json)
Hash identifier:          tQktpLmyV6wNA9qbl6r2Jwgt8rnEaATT/FSXOyOfP6M=
Subject key identifier:   ED:9D:DE:BB:CE:2F:77:DB:40:4B:DC:85:BE:48:79:AA:B0:C1:25:FB
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       018438B4D78D0CF4827DDDE2501F8CC14A3E
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/7Z3eu84vd9tAS9yFvkh5qrDBJfs.roa
Signing time:             Wed 02 Nov 2022 14:18:06 +0000
ROA not before:           Wed 02 Nov 2022 14:18:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12310
IP address blocks:        195.95.228.0/23 maxlen: 23
                          89.42.16.0/21 maxlen: 21
                          89.149.0.0/18 maxlen: 18
                          188.240.216.0/22 maxlen: 22
                          83.166.192.0/19 maxlen: 19
                          188.240.8.0/22 maxlen: 22
                          194.102.203.0/24 maxlen: 24
                          80.86.96.0/20 maxlen: 20
                          80.86.96.0/19 maxlen: 19
                          84.247.64.0/18 maxlen: 18
                          2a02:2a00::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:38:b4:d7:8d:0c:f4:82:7d:dd:e2:50:1f:8c:c1:4a:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Nov  2 14:18:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ed9ddebbce2f77db404bdc85be4879aab0c125fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:af:fa:95:57:09:2d:76:d3:38:d8:f7:e8:b4:
                    52:e4:80:13:3e:a3:03:65:ff:40:4d:72:de:1a:58:
                    de:ec:df:f4:53:7a:9a:80:c1:c6:86:4a:ef:b9:69:
                    36:1d:5f:00:74:f1:e0:a1:dd:b5:0e:a2:37:4e:01:
                    9a:19:49:91:fa:b4:cb:4b:f4:1e:49:59:2a:c8:29:
                    11:52:31:91:81:9c:17:01:7a:5c:87:6a:bb:ce:0d:
                    81:61:ea:74:e9:74:82:76:6b:f7:15:c4:30:48:f0:
                    a0:81:09:e4:08:10:7f:4a:bd:85:7e:6a:0e:a4:30:
                    e1:7b:6e:d7:19:18:bf:cc:c9:bd:08:13:4d:38:0c:
                    60:9b:05:4e:65:ff:11:cd:c0:bd:f0:38:e3:98:f0:
                    84:db:81:ff:7a:94:a9:f1:dc:96:9a:22:0f:e4:c2:
                    69:95:fc:d1:07:94:12:25:6d:1c:4b:5d:f8:2e:ba:
                    ce:f4:d0:72:2b:8a:e6:66:d6:80:e8:6a:a2:9b:09:
                    a7:3f:ac:9e:44:69:72:93:49:51:3f:d0:9c:da:47:
                    65:bc:82:06:8e:1d:e2:a3:4c:08:25:51:97:0d:3a:
                    7a:b7:4c:bd:1c:b5:64:14:22:b3:24:bc:f4:2d:93:
                    c1:5f:ed:67:f5:4d:e9:f2:f9:9c:36:c8:0c:f3:10:
                    ce:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:9D:DE:BB:CE:2F:77:DB:40:4B:DC:85:BE:48:79:AA:B0:C1:25:FB
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/7Z3eu84vd9tAS9yFvkh5qrDBJfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.86.96.0/19
                  83.166.192.0/19
                  84.247.64.0/18
                  89.42.16.0/21
                  89.149.0.0/18
                  188.240.8.0/22
                  188.240.216.0/22
                  194.102.203.0/24
                  195.95.228.0/23
                IPv6:
                  2a02:2a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:03:30:70:9a:e1:91:73:47:bb:f2:aa:19:a3:04:5d:4d:19:
         65:44:6d:4e:b7:3c:c7:07:4d:87:b8:ac:36:0c:fc:89:74:3b:
         ec:b6:f4:bb:2f:ac:75:5d:ae:a2:03:d9:2a:2c:c4:2a:f2:14:
         22:df:de:58:d5:7c:68:bb:6d:69:ab:a4:d6:b5:e5:38:cd:0a:
         08:2b:2c:4f:81:b7:d6:f8:a1:ce:de:99:91:6b:36:a0:a1:d3:
         93:c3:25:34:98:08:21:46:3c:41:2f:4a:7c:f5:7b:c3:f8:75:
         01:5b:79:91:8e:e4:d5:95:a9:7f:b1:0f:00:43:7b:3a:7a:58:
         6d:be:36:12:3d:60:2f:34:db:e7:16:61:84:fa:4b:59:09:d5:
         25:c7:f6:a0:c9:34:da:0b:ef:9f:89:0e:cc:52:c0:73:c2:24:
         cb:e1:a8:06:5a:18:03:ed:48:42:fc:71:c2:88:5e:fd:6b:4d:
         3b:d3:ec:ce:d6:4e:7d:82:0b:2f:f6:9c:fe:87:f4:e2:39:12:
         73:ff:be:93:32:cf:65:51:fe:34:b6:77:f0:e5:7e:e6:0e:cb:
         7f:a2:10:a4:4d:68:89:bb:ff:42:51:65:e4:5f:2d:2a:7f:63:
         cd:61:b9:61:44:c1:c6:c4:11:21:93:09:f9:d7:41:6b:cf:e0:
         19:fc:39:55
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYQ4tNeNDPSCfd3iUB+MwUo+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjIxMTAyMTQxODA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDlkZGViYmNlMmY3N2RiNDA0YmRjODViZTQ4NzlhYWIwYzEyNWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmK/6lVcJLXbTONj36LRS5IATPqMD
Zf9ATXLeGlje7N/0U3qagMHGhkrvuWk2HV8AdPHgod21DqI3TgGaGUmR+rTLS/Qe
SVkqyCkRUjGRgZwXAXpch2q7zg2BYep06XSCdmv3FcQwSPCggQnkCBB/Sr2FfmoO
pDDhe27XGRi/zMm9CBNNOAxgmwVOZf8RzcC98DjjmPCE24H/epSp8dyWmiIP5MJp
lfzRB5QSJW0cS134LrrO9NByK4rmZtaA6GqimwmnP6yeRGlyk0lRP9Cc2kdlvIIG
jh3io0wIJVGXDTp6t0y9HLVkFCKzJLz0LZPBX+1n9U3p8vmcNsgM8xDOawIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFO2d3rvOL3fbQEvchb5IeaqwwSX7MB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvN1ozZXU4NHZkOXRBUzl5RnZraDVxckRCSmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQFUFZgAwQF
U6bAAwQGVPdAAwQDWSoQAwQGWZUAAwQCvPAIAwQCvPDYAwQAwmbLAwQBw1/kMA0E
AgACMAcDBQAqAioAMA0GCSqGSIb3DQEBCwUAA4IBAQAcAzBwmuGRc0e78qoZowRd
TRllRG1OtzzHB02HuKw2DPyJdDvstvS7L6x1Xa6iA9kqLMQq8hQi395Y1Xxou21p
q6TWteU4zQoIKyxPgbfW+KHO3pmRazagodOTwyU0mAghRjxBL0p89XvD+HUBW3mR
juTVlal/sQ8AQ3s6elhtvjYSPWAvNNvnFmGE+ktZCdUlx/agyTTaC++fiQ7MUsBz
wiTL4agGWhgD7UhC/HHCiF79a0070+zO1k59ggsv9pz+h/TiORJz/76TMs9lUf40
tnfw5X7mDst/ohCkTWiJu/9CUWXkXy0qf2PNYblhRMHGxBEhkwn510Frz+AZ/DlV
-----END CERTIFICATE-----