Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/2516e2-9e22-4e06-8a44-fa5ef4f53fbb/1/PN56NimBBZlraINRSlrgvoMzNA8.roa
File:                     PN56NimBBZlraINRSlrgvoMzNA8.roa (raw, json)
Hash identifier:          NLyjZzkHCZGFyp7xtPs9KpKLZk7jfje79qLdnf6THbU=
Subject key identifier:   3C:DE:7A:36:29:81:05:99:6B:68:83:51:4A:5A:E0:BE:83:33:34:0F
Certificate issuer:       /CN=9e394498e4798729ce9950be34b459a9ef29f5e8
Certificate serial:       0184323B7CF21AB3709A3564800F693D4F77
Authority key identifier: 9E:39:44:98:E4:79:87:29:CE:99:50:BE:34:B4:59:A9:EF:29:F5:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njlEmOR5hynOmVC-NLRZqe8p9eg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/2516e2-9e22-4e06-8a44-fa5ef4f53fbb/1/PN56NimBBZlraINRSlrgvoMzNA8.roa
Signing time:             Tue 01 Nov 2022 08:07:50 +0000
ROA not before:           Tue 01 Nov 2022 08:07:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     38999
IP address blocks:        212.98.134.0/24 maxlen: 24
                          185.76.176.64/26 maxlen: 26
                          185.76.177.0/24 maxlen: 24
                          185.76.176.0/25 maxlen: 25
                          185.76.176.0/24 maxlen: 24
                          185.76.178.0/24 maxlen: 24
                          185.76.177.192/27 maxlen: 27
                          185.76.177.224/28 maxlen: 28
                          5.57.0.0/24 maxlen: 24
                          2a05:5b81::/32 maxlen: 32
                          2a05:5b84::/32 maxlen: 32
                          2a05:5b82::/32 maxlen: 32
                          2a05:5b83::/32 maxlen: 32
                          2a05:5b80::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:32:3b:7c:f2:1a:b3:70:9a:35:64:80:0f:69:3d:4f:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e394498e4798729ce9950be34b459a9ef29f5e8
        Validity
            Not Before: Nov  1 08:07:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3cde7a36298105996b6883514a5ae0be8333340f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bf:1d:d0:db:df:93:e4:77:05:5a:01:e5:2d:
                    b8:5d:44:b7:82:9e:8a:fb:7d:87:dc:70:9d:c6:74:
                    57:59:6f:9b:7e:9f:b0:e1:99:a0:8a:00:84:dd:6d:
                    9b:1b:aa:e1:fa:52:a8:eb:40:d7:d9:63:53:68:e9:
                    3f:c9:10:17:ed:68:64:1b:30:60:bb:c4:92:6b:ff:
                    fd:d7:a6:f1:a9:9a:d4:31:6d:2d:10:45:ad:f6:74:
                    87:c3:5b:2e:b0:78:88:60:28:47:cd:d2:1e:a7:76:
                    95:55:eb:9c:8d:c6:69:e3:5e:d8:d8:44:43:cc:b0:
                    5f:9a:ae:ba:fb:d8:8d:1d:fa:3e:f7:46:8a:e1:cb:
                    e7:98:b4:9b:95:f6:4e:61:9f:32:1c:3b:e9:99:55:
                    bc:38:9d:fb:46:5e:d2:db:8c:b5:7e:6a:72:b5:c0:
                    fa:ae:f4:3e:3c:98:b8:19:50:f1:d7:ff:8b:6c:bc:
                    32:a6:1f:fa:56:65:d8:19:82:e1:e8:34:27:cc:20:
                    eb:0a:9d:4e:64:01:04:2b:5f:79:4e:a8:e4:ab:46:
                    d5:c5:92:a5:d3:aa:5c:64:0a:65:1b:ff:50:72:65:
                    c2:f4:44:7d:78:d2:5d:16:0d:fa:47:06:cb:71:73:
                    d8:48:b1:25:46:01:0c:6a:6c:b3:d1:18:95:5b:eb:
                    52:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:DE:7A:36:29:81:05:99:6B:68:83:51:4A:5A:E0:BE:83:33:34:0F
            X509v3 Authority Key Identifier:
                keyid:9E:39:44:98:E4:79:87:29:CE:99:50:BE:34:B4:59:A9:EF:29:F5:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njlEmOR5hynOmVC-NLRZqe8p9eg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2516e2-9e22-4e06-8a44-fa5ef4f53fbb/1/PN56NimBBZlraINRSlrgvoMzNA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2516e2-9e22-4e06-8a44-fa5ef4f53fbb/1/njlEmOR5hynOmVC-NLRZqe8p9eg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.0.0/24
                  185.76.176.0-185.76.178.255
                  212.98.134.0/24
                IPv6:
                  2a05:5b80::-2a05:5b84:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         19:5b:88:50:c0:63:3c:37:33:f0:24:ab:ce:cd:e6:e7:1d:80:
         9b:fd:40:da:8f:f9:22:2b:e9:34:49:89:28:b1:79:22:4f:7a:
         a5:9e:41:cc:3f:86:a5:2f:b4:10:85:b1:c1:d7:c4:b6:ca:fc:
         b2:fd:ee:6c:35:a2:3a:79:64:8a:bd:ff:a6:0e:ff:ce:8c:06:
         bb:69:3f:ac:f2:eb:c1:cb:4d:06:52:02:af:d0:96:96:f1:7d:
         d9:6d:37:e6:c9:6b:41:c7:71:c1:d3:50:5a:56:9e:cf:b2:37:
         a3:c8:f0:e9:5b:0f:94:b0:b0:67:6a:03:b2:41:5a:6e:d8:13:
         14:5b:f6:04:08:f3:6a:14:6c:05:a6:54:76:26:44:41:df:1a:
         0c:37:28:6f:a2:a9:03:41:7c:3a:20:38:06:80:15:ca:75:3b:
         3c:ad:18:6d:17:67:fd:c7:59:2c:e7:73:da:35:fd:b5:5e:c5:
         3f:67:a8:58:be:95:d0:f8:bf:f8:dd:46:1c:55:1e:3e:d3:ff:
         e1:70:44:1c:92:fe:db:28:8a:da:03:c4:a8:d2:f4:81:8f:f6:
         dc:65:0c:8f:19:98:96:ba:a2:75:8f:c2:f9:38:07:8f:a1:e8:
         97:80:d7:ec:cd:8b:b7:a4:b9:e6:86:79:97:3a:96:4b:18:28:
         5c:26:b8:10
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYQyO3zyGrNwmjVkgA9pPU93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzk0NDk4ZTQ3OTg3MjljZTk5NTBiZTM0YjQ1OWE5ZWYy
OWY1ZTgwHhcNMjIxMTAxMDgwNzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2RlN2EzNjI5ODEwNTk5NmI2ODgzNTE0YTVhZTBiZTgzMzMzNDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoL8d0Nvfk+R3BVoB5S24XUS3gp6K
+32H3HCdxnRXWW+bfp+w4ZmgigCE3W2bG6rh+lKo60DX2WNTaOk/yRAX7WhkGzBg
u8SSa//916bxqZrUMW0tEEWt9nSHw1susHiIYChHzdIep3aVVeucjcZp417Y2ERD
zLBfmq66+9iNHfo+90aK4cvnmLSblfZOYZ8yHDvpmVW8OJ37Rl7S24y1fmpytcD6
rvQ+PJi4GVDx1/+LbLwyph/6VmXYGYLh6DQnzCDrCp1OZAEEK195Tqjkq0bVxZKl
06pcZAplG/9QcmXC9ER9eNJdFg36RwbLcXPYSLElRgEMamyz0RiVW+tSGwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDzeejYpgQWZa2iDUUpa4L6DMzQPMB8GA1UdIwQY
MBaAFJ45RJjkeYcpzplQvjS0WanvKfXoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpsRW1PUjVoeW5PbVZDLU5MUlpxZThwOWVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8yNTE2ZTItOWUyMi00ZTA2LThhNDQt
ZmE1ZWY0ZjUzZmJiLzEvUE41Nk5pbUJCWmxyYUlOUlNscmd2b016TkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8yNTE2ZTItOWUyMi00ZTA2LThhNDQtZmE1ZWY0ZjUzZmJi
LzEvbmpsRW1PUjVoeW5PbVZDLU5MUlpxZThwOWVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAgBAIAATAaAwQABTkAMAwD
BAS5TLADBAC5TLIDBADUYoYwFgQCAAIwEDAOAwUHKgVbgAMFACoFW4QwDQYJKoZI
hvcNAQELBQADggEBABlbiFDAYzw3M/Akq87N5ucdgJv9QNqP+SIr6TRJiSixeSJP
eqWeQcw/hqUvtBCFscHXxLbK/LL97mw1ojp5ZIq9/6YO/86MBrtpP6zy68HLTQZS
Aq/QlpbxfdltN+bJa0HHccHTUFpWns+yN6PI8OlbD5SwsGdqA7JBWm7YExRb9gQI
82oUbAWmVHYmREHfGgw3KG+iqQNBfDogOAaAFcp1OzytGG0XZ/3HWSznc9o1/bVe
xT9nqFi+ldD4v/jdRhxVHj7T/+FwRByS/tsoitoDxKjS9IGP9txlDI8ZmJa6onWP
wvk4B4+h6JeA1+zNi7ekueaGeZc6lksYKFwmuBA=
-----END CERTIFICATE-----