Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/llRyq1y4ZFpzKsMLsCodqkpULUE.roa
File:                     llRyq1y4ZFpzKsMLsCodqkpULUE.roa (raw, json)
Hash identifier:          r2ll/3tsMjvyUBb6/GFkU6UFQ/tA82oFGaSLyds34do=
Subject key identifier:   96:54:72:AB:5C:B8:64:5A:73:2A:C3:0B:B0:2A:1D:AA:4A:54:2D:41
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01847AACA0236876549222F1BA271F91511B
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/llRyq1y4ZFpzKsMLsCodqkpULUE.roa
Signing time:             Tue 15 Nov 2022 09:44:04 +0000
ROA not before:           Tue 15 Nov 2022 09:44:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204650
IP address blocks:        185.215.231.0/24 maxlen: 24
                          185.124.172.0/22 maxlen: 24
                          185.26.34.0/23 maxlen: 24
                          185.124.173.0/24 maxlen: 24
                          185.124.174.0/24 maxlen: 24
                          185.124.175.0/24 maxlen: 24
                          37.32.44.0/24 maxlen: 24
                          37.32.44.0/22 maxlen: 22
                          37.32.47.0/24 maxlen: 24
                          37.32.45.0/24 maxlen: 24
                          185.243.48.0/23 maxlen: 23
                          185.243.48.0/22 maxlen: 22
                          5.57.32.0/24 maxlen: 24
                          178.239.150.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:7a:ac:a0:23:68:76:54:92:22:f1:ba:27:1f:91:51:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Nov 15 09:44:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=965472ab5cb8645a732ac30bb02a1daa4a542d41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:50:0d:7c:74:54:20:bf:8a:0c:ec:94:78:bb:
                    96:85:a1:9c:b6:29:7d:18:e3:8b:8e:10:98:aa:93:
                    86:94:ac:f4:76:b7:f7:0e:15:4e:4c:55:1a:8b:88:
                    ff:a5:2a:bb:26:13:2d:bb:df:79:bc:46:73:bb:7f:
                    77:21:96:0b:0c:58:e3:ed:87:43:70:c1:ba:72:87:
                    06:50:0e:d6:f9:af:bf:d0:f1:23:d4:b6:33:fd:46:
                    22:7f:c3:f9:03:d7:ae:2a:d7:55:bc:90:19:33:31:
                    12:8e:39:4d:96:33:7e:2d:d9:ee:36:29:86:74:6d:
                    e7:75:33:71:2c:ef:9a:1f:90:10:7e:2f:c8:9f:a0:
                    c3:52:ea:35:19:e1:72:ad:3e:90:86:ed:21:9b:a0:
                    20:54:f7:8a:da:27:53:bd:f3:bd:09:bb:1a:e5:73:
                    b9:8f:64:24:01:77:8e:36:65:ef:9a:9d:cd:8f:0f:
                    b2:6f:ff:ff:74:d4:3e:72:64:e1:5f:41:59:e7:0f:
                    67:f7:5c:5f:6f:ad:0d:11:da:77:eb:17:f6:fd:98:
                    8d:bc:de:6b:a3:dd:e6:80:29:12:ef:d0:a2:46:a0:
                    ba:26:7e:14:0c:ab:33:f3:9f:a3:82:30:43:91:97:
                    56:16:f3:77:10:24:23:ae:fc:b0:71:db:da:1a:7f:
                    df:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:54:72:AB:5C:B8:64:5A:73:2A:C3:0B:B0:2A:1D:AA:4A:54:2D:41
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/llRyq1y4ZFpzKsMLsCodqkpULUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.32.0/24
                  37.32.44.0/22
                  178.239.150.0/24
                  185.26.34.0/23
                  185.124.172.0/22
                  185.215.231.0/24
                  185.243.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:ec:9c:fa:fb:e8:97:46:d9:85:c1:f5:b6:b0:8c:de:e2:60:
         e6:82:30:2d:64:74:40:09:a5:0f:16:aa:5e:db:2c:71:ec:b2:
         d1:4f:6e:d1:b6:1a:15:e3:ea:88:ca:d3:f8:25:48:c8:46:1d:
         bf:7a:49:69:28:33:dd:13:45:cc:f1:b0:50:4e:d4:65:af:4b:
         54:45:5b:05:c9:51:9d:24:1b:e3:f1:ef:5d:2f:45:40:46:c9:
         07:32:1e:d4:00:c4:dc:c9:b3:f8:dd:32:a0:c5:a9:52:56:3a:
         57:5c:53:6a:38:55:9a:69:f7:97:c3:4c:48:c2:2c:56:c0:ee:
         c6:04:5d:71:66:c6:e0:6a:04:ed:87:37:ba:50:d6:e2:61:7f:
         83:f0:06:0b:cb:89:5a:a2:14:68:a9:b4:9c:4f:a1:7b:93:b1:
         d4:0c:b1:3c:a2:13:16:d6:26:c0:17:c3:6f:6a:fb:b8:16:7a:
         cd:13:f1:1b:5d:14:10:c1:1a:22:f6:2f:90:3a:1a:38:c3:61:
         d6:4f:6a:2a:93:19:13:cc:71:3b:ba:1b:a1:71:8b:26:20:8c:
         0d:c0:dd:1c:80:6c:99:a5:f1:4c:9d:05:80:21:8c:d8:f2:da:
         b9:e4:6e:2a:05:e2:e5:b1:29:8e:24:11:2d:c6:2c:5e:6e:aa:
         0a:3e:6e:75
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYR6rKAjaHZUkiLxuicfkVEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjIxMTE1MDk0NDA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjU0NzJhYjVjYjg2NDVhNzMyYWMzMGJiMDJhMWRhYTRhNTQyZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1ANfHRUIL+KDOyUeLuWhaGctil9
GOOLjhCYqpOGlKz0drf3DhVOTFUai4j/pSq7JhMtu995vEZzu393IZYLDFjj7YdD
cMG6cocGUA7W+a+/0PEj1LYz/UYif8P5A9euKtdVvJAZMzESjjlNljN+LdnuNimG
dG3ndTNxLO+aH5AQfi/In6DDUuo1GeFyrT6Qhu0hm6AgVPeK2idTvfO9Cbsa5XO5
j2QkAXeONmXvmp3Njw+yb///dNQ+cmThX0FZ5w9n91xfb60NEdp36xf2/ZiNvN5r
o93mgCkS79CiRqC6Jn4UDKsz85+jgjBDkZdWFvN3ECQjrvywcdvaGn/f6QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJZUcqtcuGRacyrDC7AqHapKVC1BMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvbGxSeXExeTRaRnB6S3NNTHNDb2Rxa3BVTFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQABTkgAwQC
JSAsAwQAsu+WAwQBuRoiAwQCuXysAwQAudfnAwQCufMwMA0GCSqGSIb3DQEBCwUA
A4IBAQCw7Jz6++iXRtmFwfW2sIze4mDmgjAtZHRACaUPFqpe2yxx7LLRT27RthoV
4+qIytP4JUjIRh2/eklpKDPdE0XM8bBQTtRlr0tURVsFyVGdJBvj8e9dL0VARskH
Mh7UAMTcybP43TKgxalSVjpXXFNqOFWaafeXw0xIwixWwO7GBF1xZsbgagTthze6
UNbiYX+D8AYLy4laohRoqbScT6F7k7HUDLE8ohMW1ibAF8Nvavu4FnrNE/EbXRQQ
wRoi9i+QOho4w2HWT2oqkxkTzHE7uhuhcYsmIIwNwN0cgGyZpfFMnQWAIYzY8tq5
5G4qBeLlsSmOJBEtxixebqoKPm51
-----END CERTIFICATE-----