Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/ZH7ILjmRXiPegx9VcnN1BGQuI_o.roa
File:                     ZH7ILjmRXiPegx9VcnN1BGQuI_o.roa (raw, json)
Hash identifier:          nMzjz98fSQbA/hryz2jxcp1RTJflYxEaO1pNqxxqypM=
Subject key identifier:   64:7E:C8:2E:39:91:5E:23:DE:83:1F:55:72:73:75:04:64:2E:23:FA
Certificate issuer:       /CN=1201cc343074102efa7f0c30f29499e1ad56e29f
Certificate serial:       423C683C
Authority key identifier: 12:01:CC:34:30:74:10:2E:FA:7F:0C:30:F2:94:99:E1:AD:56:E2:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EgHMNDB0EC76fwww8pSZ4a1W4p8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/ZH7ILjmRXiPegx9VcnN1BGQuI_o.roa
Signing time:             Fri 06 May 2022 08:02:04 +0000
ROA not before:           Fri 06 May 2022 08:02:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42442
IP address blocks:        130.0.77.0/24 maxlen: 24
                          130.0.72.0/21 maxlen: 32
                          130.0.73.0/24 maxlen: 24
                          195.137.170.0/24 maxlen: 32
                          185.165.16.0/22 maxlen: 22
                          46.167.160.0/19 maxlen: 24
                          194.50.164.0/24 maxlen: 32
                          91.208.160.0/24 maxlen: 24
                          195.137.170.121/32 maxlen: 32
                          46.167.169.20/32 maxlen: 32
                          195.137.170.122/32 maxlen: 32
                          2a03:9480:302::/48 maxlen: 48
                          2a03:9480::/32 maxlen: 32
                          2a03:9480:300::/40 maxlen: 40
                          2a03:9480:200::/40 maxlen: 40
                          2a03:9480:301::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1111255100 (0x423c683c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1201cc343074102efa7f0c30f29499e1ad56e29f
        Validity
            Not Before: May  6 08:02:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=647ec82e39915e23de831f5572737504642e23fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b9:1e:95:ce:6c:42:3b:4b:fa:2c:c5:1a:3f:
                    fb:b7:13:4d:f0:f7:17:d8:fc:bd:80:b2:22:d6:59:
                    5b:29:69:e2:b2:65:fa:00:af:fe:05:f2:e0:bb:a4:
                    aa:66:88:40:c1:51:23:9c:f0:cd:47:2a:0c:f7:0d:
                    a6:e2:cd:c8:a9:e3:22:89:96:d0:84:ae:b1:81:4b:
                    95:dd:ee:23:94:48:a1:97:7a:6c:dd:00:17:75:5a:
                    27:26:81:cd:17:e0:33:f3:04:3e:64:ec:3b:34:b8:
                    4b:10:94:7d:0e:0c:8d:b7:67:bb:d6:d5:99:55:b1:
                    c9:09:14:bd:b0:5f:7e:fc:7d:b8:19:1b:6a:7b:d9:
                    d9:c0:ab:ea:ad:50:ce:50:12:dd:42:95:0f:8c:01:
                    92:1b:8d:64:a1:77:fb:f8:80:12:cc:de:d5:2c:6f:
                    80:68:64:6e:d6:b7:23:32:7e:33:8c:2c:2d:68:2e:
                    c8:63:bd:02:00:cf:66:df:9c:c5:69:a8:2e:32:3e:
                    4d:df:4a:3a:10:fd:33:9c:2e:e5:0b:89:e5:d5:7b:
                    6c:e3:6d:e8:80:a1:d2:2b:6e:de:4f:b9:6d:f5:4e:
                    77:36:81:4b:37:56:6e:43:6a:14:1c:15:0d:b0:98:
                    31:c5:04:ca:92:28:60:b4:be:f9:df:4a:e6:eb:1d:
                    5d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:7E:C8:2E:39:91:5E:23:DE:83:1F:55:72:73:75:04:64:2E:23:FA
            X509v3 Authority Key Identifier:
                keyid:12:01:CC:34:30:74:10:2E:FA:7F:0C:30:F2:94:99:E1:AD:56:E2:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EgHMNDB0EC76fwww8pSZ4a1W4p8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/ZH7ILjmRXiPegx9VcnN1BGQuI_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d1628a-33c8-4e47-bfed-99ed6730f84a/1/EgHMNDB0EC76fwww8pSZ4a1W4p8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.167.160.0/19
                  91.208.160.0/24
                  130.0.72.0/21
                  185.165.16.0/22
                  194.50.164.0/24
                  195.137.170.0/24
                IPv6:
                  2a03:9480::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:45:c3:16:3e:5f:46:ff:a7:d3:46:ef:6c:76:60:89:5e:bd:
         b6:ee:6c:0e:de:ac:44:7e:3d:f8:b6:5b:e9:62:ee:a8:69:34:
         66:a9:db:c0:51:d9:90:38:a5:fc:bc:44:b7:98:11:2b:27:18:
         54:b0:f5:52:c1:62:c4:1f:d6:18:98:78:0c:e6:66:46:51:63:
         6d:7f:07:f5:ce:81:dc:66:20:45:85:3a:f5:7f:b9:10:14:58:
         8d:ca:cf:c4:3d:de:38:8f:ce:89:17:fa:7e:0b:91:01:3c:c2:
         f2:c9:19:e7:8c:d1:02:31:4f:5c:b9:70:22:85:6f:56:60:56:
         92:0b:63:14:6f:5e:1d:e8:6d:bc:7e:3c:c7:25:64:dd:c5:ae:
         c1:bd:d1:9e:06:be:3c:22:7b:5e:5c:29:07:01:ca:bd:b3:2f:
         bc:df:38:7d:52:3c:13:38:5b:a9:4e:8d:68:02:01:f9:a6:11:
         29:b6:41:4d:61:90:c2:8f:f9:9e:3a:70:3b:2a:df:ef:1c:65:
         45:44:51:53:ca:c1:5c:9f:a3:23:ef:9e:1b:d1:e6:1a:e9:13:
         65:8c:77:40:50:81:95:86:17:a7:0b:48:68:66:b9:92:05:06:
         0f:0c:c5:65:03:db:b1:80:52:81:57:d8:a2:f7:82:31:f4:cf:
         b5:80:e3:15
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIEQjxoPDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MjAxY2MzNDMwNzQxMDJlZmE3ZjBjMzBmMjk0OTllMWFkNTZlMjlmMB4XDTIyMDUw
NjA4MDIwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjQ3ZWM4MmUzOTkx
NWUyM2RlODMxZjU1NzI3Mzc1MDQ2NDJlMjNmYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMC5HpXObEI7S/osxRo/+7cTTfD3F9j8vYCyItZZWylp4rJl
+gCv/gXy4LukqmaIQMFRI5zwzUcqDPcNpuLNyKnjIomW0ISusYFLld3uI5RIoZd6
bN0AF3VaJyaBzRfgM/MEPmTsOzS4SxCUfQ4Mjbdnu9bVmVWxyQkUvbBffvx9uBkb
anvZ2cCr6q1QzlAS3UKVD4wBkhuNZKF3+/iAEsze1SxvgGhkbta3IzJ+M4wsLWgu
yGO9AgDPZt+cxWmoLjI+Td9KOhD9M5wu5QuJ5dV7bONt6ICh0itu3k+5bfVOdzaB
SzdWbkNqFBwVDbCYMcUEypIoYLS++d9K5usdXVUCAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBRkfsguOZFeI96DH1Vyc3UEZC4j+jAfBgNVHSMEGDAWgBQSAcw0MHQQLvp/
DDDylJnhrVbinzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VnSE1OREIwRUM3NmZ3d3c4cFNaNGExVzRwOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTEvZDE2MjhhLTMzYzgtNGU0Ny1iZmVkLTk5ZWQ2NzMwZjg0YS8x
L1pIN0lMam1SWGlQZWd4OVZjbk4xQkdRdUlfby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEv
ZDE2MjhhLTMzYzgtNGU0Ny1iZmVkLTk5ZWQ2NzMwZjg0YS8xL0VnSE1OREIwRUM3
NmZ3d3c4cFNaNGExVzRwOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEBS6noAMEAFvQoAMEA4IASAMEArml
EAMEAMIypAMEAMOJqjANBAIAAjAHAwUAKgOUgDANBgkqhkiG9w0BAQsFAAOCAQEA
CUXDFj5fRv+n00bvbHZgiV69tu5sDt6sRH49+LZb6WLuqGk0ZqnbwFHZkDil/LxE
t5gRKycYVLD1UsFixB/WGJh4DOZmRlFjbX8H9c6B3GYgRYU69X+5EBRYjcrPxD3e
OI/OiRf6fguRATzC8skZ54zRAjFPXLlwIoVvVmBWkgtjFG9eHehtvH48xyVk3cWu
wb3Rnga+PCJ7XlwpBwHKvbMvvN84fVI8EzhbqU6NaAIB+aYRKbZBTWGQwo/5njpw
Oyrf7xxlRURRU8rBXJ+jI++eG9HmGukTZYx3QFCBlYYXpwtIaGa5kgUGDwzFZQPb
sYBSgVfYoveCMfTPtYDjFQ==
-----END CERTIFICATE-----