Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/Of0GhxEXu0wqEs07NgB0ZF1Uo-o.roa
File:                     Of0GhxEXu0wqEs07NgB0ZF1Uo-o.roa (raw, json)
Hash identifier:          XLm2wlyTJe1NkHaPZ+0ewgVBoG7QT0hkVxvhelhN+MQ=
Subject key identifier:   39:FD:06:87:11:17:BB:4C:2A:12:CD:3B:36:00:74:64:5D:54:A3:EA
Certificate issuer:       /CN=9da140e8028e6d537600e0888a9af5a971c5db46
Certificate serial:       0185160B3DFBA67273098BF474FC2DC7BBE7
Authority key identifier: 9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/Of0GhxEXu0wqEs07NgB0ZF1Uo-o.roa
Signing time:             Thu 15 Dec 2022 13:48:33 +0000
ROA not before:           Thu 15 Dec 2022 13:48:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     719
IP address blocks:        194.137.159.0/24 maxlen: 24
                          192.58.49.0/24 maxlen: 24
                          192.103.94.0/24 maxlen: 24
                          192.103.93.0/24 maxlen: 24
                          192.103.98.0/24 maxlen: 24
                          192.103.101.0/24 maxlen: 24
                          192.103.109.0/24 maxlen: 24
                          192.103.108.0/24 maxlen: 24
                          192.103.87.0/24 maxlen: 24
                          194.137.11.0/24 maxlen: 24
                          192.103.90.0/24 maxlen: 24
                          192.103.89.0/24 maxlen: 24
                          192.103.88.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:16:0b:3d:fb:a6:72:73:09:8b:f4:74:fc:2d:c7:bb:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da140e8028e6d537600e0888a9af5a971c5db46
        Validity
            Not Before: Dec 15 13:48:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=39fd06871117bb4c2a12cd3b360074645d54a3ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0a:a1:be:e3:a8:64:4c:55:9c:c6:53:7d:fe:
                    14:8c:76:f8:30:b2:bf:d1:3d:50:83:02:80:62:30:
                    c0:29:90:d8:c4:04:7f:7e:32:d7:30:5d:a5:d3:99:
                    31:86:07:99:81:35:2e:b1:00:50:f8:44:c1:a9:06:
                    3b:72:0e:d9:5c:5f:28:46:f0:c4:2f:3a:91:9b:8d:
                    56:6a:88:4f:01:58:75:4c:86:c2:d0:a0:b1:86:7d:
                    65:44:fd:23:7c:48:f6:6e:6f:64:b4:55:ba:90:93:
                    05:80:e8:c4:5d:59:7a:2f:5b:47:78:bc:00:1f:fc:
                    39:08:fd:f3:3b:4d:d3:89:4d:03:49:4f:1c:66:81:
                    bd:ec:85:c5:ce:a6:5b:57:b4:39:16:d6:22:c6:19:
                    c8:48:f2:7d:41:1f:38:24:15:0f:f9:36:0b:43:38:
                    db:2d:64:59:9d:84:68:ee:a9:46:99:ad:34:49:4e:
                    9e:77:7c:3a:f5:68:c5:02:fe:96:0e:07:6f:b4:d5:
                    3c:19:de:3b:5f:10:14:3d:ed:8d:14:cc:8a:3a:a1:
                    92:dd:a1:14:32:68:49:a9:c7:91:ca:af:8f:32:4d:
                    43:37:c4:44:18:ce:6f:b3:d9:f8:06:7d:ff:2a:3c:
                    64:4b:75:0d:13:11:58:08:e6:45:c1:eb:4e:26:f5:
                    7d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:FD:06:87:11:17:BB:4C:2A:12:CD:3B:36:00:74:64:5D:54:A3:EA
            X509v3 Authority Key Identifier:
                keyid:9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/Of0GhxEXu0wqEs07NgB0ZF1Uo-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.58.49.0/24
                  192.103.87.0-192.103.90.255
                  192.103.93.0-192.103.94.255
                  192.103.98.0/24
                  192.103.101.0/24
                  192.103.108.0/23
                  194.137.11.0/24
                  194.137.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:28:63:a7:44:df:37:8b:b6:38:81:8d:3f:0b:ed:f0:58:d2:
         48:be:04:51:fc:14:ec:61:d0:fd:04:21:29:91:1d:c5:0a:ed:
         e2:64:cc:4e:79:a8:4e:49:a4:1c:c3:9f:d5:b9:b5:d9:da:7c:
         79:a1:c5:0f:67:93:54:40:0b:8d:74:61:38:81:e8:6f:0d:6d:
         fc:11:6a:0f:b6:8f:c2:b8:b4:f8:da:ab:da:0f:33:08:e8:75:
         87:b7:fa:44:b6:c3:5b:00:66:1d:99:3f:a8:48:bf:bc:c1:66:
         03:80:2e:94:44:c8:19:d1:66:e8:5f:a2:93:a5:68:6e:94:c4:
         11:f6:87:2a:51:d0:0e:3b:73:b5:e9:15:53:c2:d3:e6:b6:e8:
         d0:6d:79:59:54:5f:9a:f8:2e:a1:3f:e1:dd:48:64:93:54:ed:
         21:6f:66:20:e5:a0:7b:05:a3:47:36:1c:60:b9:f8:13:b4:11:
         12:db:aa:5e:c5:9c:4e:5f:c2:83:ad:40:5b:94:cf:5d:d6:88:
         f2:00:e3:f5:c0:0d:d7:39:f1:45:4c:a2:62:8b:4a:15:a4:04:
         04:37:fd:b5:4f:ed:d4:d3:e2:18:f5:f8:59:0a:6b:a1:86:4c:
         0b:f5:d3:df:07:18:f0:61:28:fd:6e:8b:7e:a1:81:ed:f0:62:
         ac:db:96:16
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYUWCz37pnJzCYv0dPwtx7vnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYTE0MGU4MDI4ZTZkNTM3NjAwZTA4ODhhOWFmNWE5NzFj
NWRiNDYwHhcNMjIxMjE1MTM0ODMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWZkMDY4NzExMTdiYjRjMmExMmNkM2IzNjAwNzQ2NDVkNTRhM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwqhvuOoZExVnMZTff4UjHb4MLK/
0T1QgwKAYjDAKZDYxAR/fjLXMF2l05kxhgeZgTUusQBQ+ETBqQY7cg7ZXF8oRvDE
LzqRm41WaohPAVh1TIbC0KCxhn1lRP0jfEj2bm9ktFW6kJMFgOjEXVl6L1tHeLwA
H/w5CP3zO03TiU0DSU8cZoG97IXFzqZbV7Q5FtYixhnISPJ9QR84JBUP+TYLQzjb
LWRZnYRo7qlGma00SU6ed3w69WjFAv6WDgdvtNU8Gd47XxAUPe2NFMyKOqGS3aEU
MmhJqceRyq+PMk1DN8REGM5vs9n4Bn3/KjxkS3UNExFYCOZFwetOJvV9EwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFDn9BocRF7tMKhLNOzYAdGRdVKPqMB8GA1UdIwQY
MBaAFJ2hQOgCjm1TdgDgiIqa9alxxdtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgt
YTRjYThiOWMyMDViLzEvT2YwR2h4RVh1MHdxRXMwN05nQjBaRjFVby1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgtYTRjYThiOWMyMDVi
LzEvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQAwDoxMAwD
BADAZ1cDBADAZ1owDAMEAMBnXQMEAMBnXgMEAMBnYgMEAMBnZQMEAcBnbAMEAMKJ
CwMEAMKJnzANBgkqhkiG9w0BAQsFAAOCAQEAZShjp0TfN4u2OIGNPwvt8FjSSL4E
UfwU7GHQ/QQhKZEdxQrt4mTMTnmoTkmkHMOf1bm12dp8eaHFD2eTVEALjXRhOIHo
bw1t/BFqD7aPwri0+Nqr2g8zCOh1h7f6RLbDWwBmHZk/qEi/vMFmA4AulETIGdFm
6F+ik6VobpTEEfaHKlHQDjtztekVU8LT5rbo0G15WVRfmvguoT/h3Uhkk1TtIW9m
IOWgewWjRzYcYLn4E7QREtuqXsWcTl/Cg61AW5TPXdaI8gDj9cAN1znxRUyiYotK
FaQEBDf9tU/t1NPiGPX4WQproYZMC/XT3wcY8GEo/W6LfqGB7fBirNuWFg==
-----END CERTIFICATE-----