Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/FZEHo9CJzlPHWpDGPH0JBycpkQ0.roa
File:                     FZEHo9CJzlPHWpDGPH0JBycpkQ0.roa (raw, json)
Hash identifier:          I1fX2cJeUukfz35MFGruPvMy8mKmPM9IML2pqv7sFfs=
Subject key identifier:   15:91:07:A3:D0:89:CE:53:C7:5A:90:C6:3C:7D:09:07:27:29:91:0D
Certificate issuer:       /CN=1201cc343074102efa7f0c30f29499e1ad56e29f
Certificate serial:       412ADC27
Authority key identifier: 12:01:CC:34:30:74:10:2E:FA:7F:0C:30:F2:94:99:E1:AD:56:E2:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EgHMNDB0EC76fwww8pSZ4a1W4p8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/FZEHo9CJzlPHWpDGPH0JBycpkQ0.roa
Signing time:             Sat 01 Jan 2022 12:59:36 +0000
ROA not before:           Sat 01 Jan 2022 12:59:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42442
IP address blocks:        130.0.77.0/24 maxlen: 24
                          130.0.72.0/21 maxlen: 32
                          130.0.73.0/24 maxlen: 24
                          195.137.170.0/24 maxlen: 24
                          185.165.16.0/22 maxlen: 22
                          46.167.160.0/19 maxlen: 24
                          194.50.164.0/24 maxlen: 24
                          91.208.160.0/24 maxlen: 24
                          195.137.170.121/32 maxlen: 32
                          46.167.169.20/32 maxlen: 32
                          195.137.170.122/32 maxlen: 32
                          2a03:9480:302::/48 maxlen: 48
                          2a03:9480::/32 maxlen: 32
                          2a03:9480:200::/40 maxlen: 40
                          2a03:9480:300::/40 maxlen: 40
                          2a03:9480:301::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1093327911 (0x412adc27)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1201cc343074102efa7f0c30f29499e1ad56e29f
        Validity
            Not Before: Jan  1 12:59:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=159107a3d089ce53c75a90c63c7d09072729910d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:3e:f0:c3:c6:19:bc:63:1e:44:b3:e8:ba:b8:
                    6e:1a:95:c2:24:71:97:f8:d3:78:1e:c7:5e:2b:41:
                    4b:db:0c:13:98:0b:e5:c8:bc:3f:29:ef:dc:04:f4:
                    86:32:dc:57:22:f1:71:24:f3:dc:49:a7:1b:c6:c7:
                    60:c4:22:31:8b:ca:b6:ee:3b:97:68:96:25:b9:e8:
                    40:4d:7e:54:2a:e7:2c:dc:54:f1:b1:23:4d:a0:04:
                    e3:a5:0d:44:9e:53:7a:f2:74:a9:db:e1:13:6c:76:
                    64:51:cf:ad:76:60:23:48:64:fb:49:82:99:e3:77:
                    72:b1:ef:db:58:57:4a:63:22:9e:37:a1:1b:20:ad:
                    26:67:ef:fa:c7:09:c8:98:1e:91:3c:4b:a9:38:bb:
                    f4:00:4b:e2:21:59:74:49:fe:52:01:12:79:22:03:
                    a5:be:fd:49:d6:21:b6:3b:44:9f:86:67:7b:30:37:
                    9a:1c:e9:57:a9:f5:98:ba:ee:c3:ba:fd:06:6b:3c:
                    09:63:ec:38:95:90:f7:f0:d8:1a:58:cb:06:aa:3a:
                    04:ba:c1:3e:0b:dd:c5:25:38:1e:60:85:b7:12:fd:
                    df:22:99:8a:28:a8:3c:59:20:dc:e7:0e:7a:0c:97:
                    81:3f:86:3a:ec:0f:34:e1:81:48:ae:2e:d5:76:2a:
                    72:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:91:07:A3:D0:89:CE:53:C7:5A:90:C6:3C:7D:09:07:27:29:91:0D
            X509v3 Authority Key Identifier:
                keyid:12:01:CC:34:30:74:10:2E:FA:7F:0C:30:F2:94:99:E1:AD:56:E2:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EgHMNDB0EC76fwww8pSZ4a1W4p8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/FZEHo9CJzlPHWpDGPH0JBycpkQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/EgHMNDB0EC76fwww8pSZ4a1W4p8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.167.160.0/19
                  91.208.160.0/24
                  130.0.72.0/21
                  185.165.16.0/22
                  194.50.164.0/24
                  195.137.170.0/24
                IPv6:
                  2a03:9480::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:df:f7:1b:f0:2b:3a:e1:06:35:3a:88:47:d8:e6:91:c0:d1:
         ea:e6:7f:6f:f6:bf:f0:36:66:54:e7:54:fc:4e:a7:3b:06:f4:
         1a:f4:ce:b9:28:d3:ae:8d:61:19:28:f7:fc:2c:42:1c:0e:fd:
         bf:52:78:d3:d7:0a:6c:a7:c5:e3:31:68:ad:87:39:06:fc:f3:
         af:12:c3:0c:b2:73:15:70:28:96:16:e1:bd:34:d1:00:63:72:
         84:49:e3:da:d0:57:58:60:5f:16:91:b9:14:a4:c4:4d:71:38:
         b6:5d:0e:32:3e:84:77:8c:56:d5:40:37:b8:ee:22:37:e0:61:
         24:79:9b:20:28:48:aa:90:97:2a:2d:97:5e:c2:2b:fa:4f:d6:
         8e:c0:c4:6e:40:eb:94:cb:25:b3:ae:34:48:c4:dc:91:7e:fb:
         64:2b:61:4d:47:3e:56:02:99:be:50:3e:33:6d:5c:52:d3:6d:
         2d:db:b5:5b:80:7c:9c:2b:50:de:b5:da:2f:98:5d:b8:46:b2:
         93:75:7a:0c:5e:72:9c:a7:e6:4c:3d:aa:f2:9b:b6:83:2f:73:
         e1:7b:8a:fa:e1:dc:1d:74:b7:46:b6:49:dd:51:69:eb:80:28:
         6f:95:71:01:23:01:63:08:63:e5:0b:8b:5d:80:dd:5e:fe:12:
         64:db:e4:ae
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIEQSrcJzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MjAxY2MzNDMwNzQxMDJlZmE3ZjBjMzBmMjk0OTllMWFkNTZlMjlmMB4XDTIyMDEw
MTEyNTkzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTU5MTA3YTNkMDg5
Y2U1M2M3NWE5MGM2M2M3ZDA5MDcyNzI5OTEwZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPI+8MPGGbxjHkSz6Lq4bhqVwiRxl/jTeB7HXitBS9sME5gL
5ci8Pynv3AT0hjLcVyLxcSTz3EmnG8bHYMQiMYvKtu47l2iWJbnoQE1+VCrnLNxU
8bEjTaAE46UNRJ5TevJ0qdvhE2x2ZFHPrXZgI0hk+0mCmeN3crHv21hXSmMinjeh
GyCtJmfv+scJyJgekTxLqTi79ABL4iFZdEn+UgESeSIDpb79SdYhtjtEn4ZnezA3
mhzpV6n1mLruw7r9Bms8CWPsOJWQ9/DYGljLBqo6BLrBPgvdxSU4HmCFtxL93yKZ
iiioPFkg3OcOegyXgT+GOuwPNOGBSK4u1XYqcmUCAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBQVkQej0InOU8dakMY8fQkHJymRDTAfBgNVHSMEGDAWgBQSAcw0MHQQLvp/
DDDylJnhrVbinzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VnSE1OREIwRUM3NmZ3d3c4cFNaNGExVzRwOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTEvZDE2MjhhLTMzYzgtNGU0Ny1iZmVkLTk5ZWQ2NzMwZjg0YS8x
L0ZaRUhvOUNKemxQSFdwREdQSDBKQnljcGtRMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEv
ZDE2MjhhLTMzYzgtNGU0Ny1iZmVkLTk5ZWQ2NzMwZjg0YS8xL0VnSE1OREIwRUM3
NmZ3d3c4cFNaNGExVzRwOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEBS6noAMEAFvQoAMEA4IASAMEArml
EAMEAMIypAMEAMOJqjANBAIAAjAHAwUAKgOUgDANBgkqhkiG9w0BAQsFAAOCAQEA
b9/3G/ArOuEGNTqIR9jmkcDR6uZ/b/a/8DZmVOdU/E6nOwb0GvTOuSjTro1hGSj3
/CxCHA79v1J409cKbKfF4zForYc5BvzzrxLDDLJzFXAolhbhvTTRAGNyhEnj2tBX
WGBfFpG5FKTETXE4tl0OMj6Ed4xW1UA3uO4iN+BhJHmbIChIqpCXKi2XXsIr+k/W
jsDEbkDrlMsls640SMTckX77ZCthTUc+VgKZvlA+M21cUtNtLdu1W4B8nCtQ3rXa
L5hduEayk3V6DF5ynKfmTD2q8pu2gy9z4XuK+uHcHXS3RrZJ3VFp64Aob5VxASMB
Ywhj5QuLXYDdXv4SZNvkrg==
-----END CERTIFICATE-----