Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8ee451-f626-4324-98fe-41d2cc7b7034/1/X912oyNvQwbhdDXTmBUuW88uaJ0.roa
File:                     X912oyNvQwbhdDXTmBUuW88uaJ0.roa (raw, json)
Hash identifier:          i7q0y6t5lbCMXf7TjFJfnr37oe4iv+pJHsgMp7DsH1g=
Subject key identifier:   5F:DD:76:A3:23:6F:43:06:E1:74:35:D3:98:15:2E:5B:CF:2E:68:9D
Certificate issuer:       /CN=eeac122a92917cf953ff5c5de6a1ffe1199f122c
Certificate serial:       10BA6DD1
Authority key identifier: EE:AC:12:2A:92:91:7C:F9:53:FF:5C:5D:E6:A1:FF:E1:19:9F:12:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qwSKpKRfPlT_1xd5qH_4RmfEiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8ee451-f626-4324-98fe-41d2cc7b7034/1/X912oyNvQwbhdDXTmBUuW88uaJ0.roa
Signing time:             Sat 01 Jan 2022 13:02:49 +0000
ROA not before:           Sat 01 Jan 2022 13:02:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198651
IP address blocks:        185.153.200.0/24 maxlen: 24
                          185.153.202.0/24 maxlen: 24
                          185.153.203.0/24 maxlen: 24
                          2a07:8980::/29 maxlen: 29
                          2a07:8980:102::/48 maxlen: 48
                          2a07:8982::/32 maxlen: 32
                          2a07:8980:18::/48 maxlen: 48
                          2a07:8983::/36 maxlen: 36
                          2a07:8983:1000::/36 maxlen: 36
                          2a07:8980:101::/48 maxlen: 48
                          2a07:8981::/32 maxlen: 32
                          2a07:8980:1a::/48 maxlen: 48
                          2a07:8980::/32 maxlen: 32
                          2a07:8980:1000::/48 maxlen: 48
                          2a07:8980:6000::/48 maxlen: 48
                          2a07:8980:43::/48 maxlen: 48
                          2a07:8980:44::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 280653265 (0x10ba6dd1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeac122a92917cf953ff5c5de6a1ffe1199f122c
        Validity
            Not Before: Jan  1 13:02:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5fdd76a3236f4306e17435d398152e5bcf2e689d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3d:1c:ff:49:bf:89:c1:04:19:b7:e8:e2:79:
                    5b:ae:a7:9a:47:13:f6:04:bc:31:a5:ac:8d:3c:d0:
                    94:0b:e4:7f:ef:d2:bd:72:13:f2:38:27:de:3f:dd:
                    d4:41:7a:f1:0b:e9:df:1e:da:54:5e:2b:27:59:ff:
                    6a:81:39:b5:40:e3:7c:68:87:cb:be:3d:e1:20:94:
                    72:f2:1a:91:5c:67:56:8e:56:0f:d1:57:a2:97:5b:
                    5f:b2:95:39:ef:04:bf:54:c8:24:28:3d:d2:3a:07:
                    78:31:21:9e:a9:aa:b5:cd:55:37:cf:e0:c0:ef:e6:
                    a1:44:b5:3e:5b:5c:b7:55:2d:c9:9c:80:fb:58:70:
                    93:9b:2e:4a:13:84:4c:b7:3a:b4:d7:61:68:fc:d3:
                    fd:34:8b:2e:83:5e:a8:07:cd:2d:fd:ac:7d:20:7b:
                    d1:c3:6c:86:e1:9d:05:e8:cc:c0:56:f4:60:c8:4d:
                    5d:20:6a:0f:35:df:56:f5:7d:24:d4:5f:1c:59:ae:
                    ac:0a:8b:32:33:5e:b9:11:46:35:ea:24:1c:36:73:
                    ec:b3:e5:27:4c:0b:cd:23:be:7c:e6:6d:f0:79:3f:
                    d6:8e:b2:af:81:cd:a6:42:de:14:93:c8:3c:f9:96:
                    e2:c3:e8:43:0c:90:82:a9:52:32:29:f3:81:b2:b0:
                    df:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:DD:76:A3:23:6F:43:06:E1:74:35:D3:98:15:2E:5B:CF:2E:68:9D
            X509v3 Authority Key Identifier:
                keyid:EE:AC:12:2A:92:91:7C:F9:53:FF:5C:5D:E6:A1:FF:E1:19:9F:12:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qwSKpKRfPlT_1xd5qH_4RmfEiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8ee451-f626-4324-98fe-41d2cc7b7034/1/X912oyNvQwbhdDXTmBUuW88uaJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8ee451-f626-4324-98fe-41d2cc7b7034/1/7qwSKpKRfPlT_1xd5qH_4RmfEiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.200.0/24
                  185.153.202.0/23
                IPv6:
                  2a07:8980::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:0e:23:23:33:0f:89:b9:28:68:71:c1:5a:3d:c7:fc:4a:52:
         3d:ad:33:97:b4:09:cc:db:a2:a9:ec:fd:37:69:83:44:7f:81:
         20:b7:5e:4c:1c:0e:18:37:55:9d:0c:54:19:6f:8e:3b:53:78:
         27:cb:3d:19:6f:52:b8:a1:ea:da:5f:d8:1d:01:0b:19:31:e4:
         05:1b:62:69:fa:a4:0c:f3:0b:9d:d8:68:3c:ec:9b:71:24:98:
         22:e7:ff:6a:89:8d:b2:2d:5d:1c:b8:94:be:33:08:e5:56:58:
         46:78:b1:1d:e3:8a:f2:e6:bb:ba:e4:3d:dd:fe:03:86:b9:f2:
         7c:92:dd:5b:49:bf:73:be:1e:83:de:fa:a8:4a:c3:ff:dd:6c:
         5b:63:58:bf:74:4e:96:28:c1:76:d2:fc:01:95:5a:0a:d4:0e:
         62:1b:e4:a4:0f:57:4b:25:7c:c3:66:45:5d:d2:6a:ff:f8:f4:
         ee:cd:38:40:0b:df:9b:b7:f9:fd:7c:af:fe:2e:2a:48:39:09:
         64:fa:bf:b3:e9:89:4f:53:60:fa:dc:0d:21:c8:29:41:42:66:
         f3:35:ba:d6:df:3c:32:fd:eb:02:d1:f0:c5:85:81:81:59:d4:
         1e:b6:ad:28:db:98:2c:72:cb:0b:d8:6f:ba:b0:cc:46:8d:3b:
         b9:43:ea:39
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEELpt0TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ZWFjMTIyYTkyOTE3Y2Y5NTNmZjVjNWRlNmExZmZlMTE5OWYxMjJjMB4XDTIyMDEw
MTEzMDI0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWZkZDc2YTMyMzZm
NDMwNmUxNzQzNWQzOTgxNTJlNWJjZjJlNjg5ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL49HP9Jv4nBBBm36OJ5W66nmkcT9gS8MaWsjTzQlAvkf+/S
vXIT8jgn3j/d1EF68Qvp3x7aVF4rJ1n/aoE5tUDjfGiHy7494SCUcvIakVxnVo5W
D9FXopdbX7KVOe8Ev1TIJCg90joHeDEhnqmqtc1VN8/gwO/moUS1Pltct1UtyZyA
+1hwk5suShOETLc6tNdhaPzT/TSLLoNeqAfNLf2sfSB70cNshuGdBejMwFb0YMhN
XSBqDzXfVvV9JNRfHFmurAqLMjNeuRFGNeokHDZz7LPlJ0wLzSO+fOZt8Hk/1o6y
r4HNpkLeFJPIPPmW4sPoQwyQgqlSMinzgbKw31UCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBRf3XajI29DBuF0NdOYFS5bzy5onTAfBgNVHSMEGDAWgBTurBIqkpF8+VP/
XF3mof/hGZ8SLDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
Lzdxd1NLcEtSZlBsVF8xeGQ1cUhfNFJtZkVpdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTgvOGVlNDUxLWY2MjYtNDMyNC05OGZlLTQxZDJjYzdiNzAzNC8x
L1g5MTJveU52UXdiaGREWFRtQlV1Vzg4dWFKMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgv
OGVlNDUxLWY2MjYtNDMyNC05OGZlLTQxZDJjYzdiNzAzNC8xLzdxd1NLcEtSZlBs
VF8xeGQ1cUhfNFJtZkVpdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEALmZyAMEAbmZyjANBAIAAjAHAwUD
KgeJgDANBgkqhkiG9w0BAQsFAAOCAQEAdg4jIzMPibkoaHHBWj3H/EpSPa0zl7QJ
zNuiqez9N2mDRH+BILdeTBwOGDdVnQxUGW+OO1N4J8s9GW9SuKHq2l/YHQELGTHk
BRtiafqkDPMLndhoPOybcSSYIuf/aomNsi1dHLiUvjMI5VZYRnixHeOK8ua7uuQ9
3f4DhrnyfJLdW0m/c74eg976qErD/91sW2NYv3ROlijBdtL8AZVaCtQOYhvkpA9X
SyV8w2ZFXdJq//j07s04QAvfm7f5/Xyv/i4qSDkJZPq/s+mJT1Ng+twNIcgpQUJm
8zW61t88Mv3rAtHwxYWBgVnUHratKNuYLHLLC9hvurDMRo07uUPqOQ==
-----END CERTIFICATE-----