Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/wcmjBZavC6UtPh0GrzcY5HlveIQ.roa
File:                     wcmjBZavC6UtPh0GrzcY5HlveIQ.roa (raw, json)
Hash identifier:          tOKRM+WfdSVqPDYR1+4UiXJkl3bNLYHJ04lNUyOmpFw=
Subject key identifier:   C1:C9:A3:05:96:AF:0B:A5:2D:3E:1D:06:AF:37:18:E4:79:6F:78:84
Certificate issuer:       /CN=9fcc2f3ee6b5c3ff6dc5346a7535506fa824123e
Certificate serial:       0184E940AB9EF67561FA3F469C67446366C5
Authority key identifier: 9F:CC:2F:3E:E6:B5:C3:FF:6D:C5:34:6A:75:35:50:6F:A8:24:12:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n8wvPua1w_9txTRqdTVQb6gkEj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/wcmjBZavC6UtPh0GrzcY5HlveIQ.roa
Signing time:             Tue 06 Dec 2022 21:04:00 +0000
ROA not before:           Tue 06 Dec 2022 21:04:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42892
IP address blocks:        94.45.192.0/19 maxlen: 19
                          94.45.192.0/22 maxlen: 22
                          94.45.196.0/22 maxlen: 22
                          94.45.199.0/24 maxlen: 24
                          94.45.204.0/22 maxlen: 22
                          94.45.200.0/22 maxlen: 22
                          94.45.201.0/24 maxlen: 24
                          94.45.208.0/22 maxlen: 22
                          94.45.212.0/22 maxlen: 22
                          94.45.220.0/22 maxlen: 22
                          91.193.222.0/23 maxlen: 23
                          91.193.220.0/22 maxlen: 22
                          176.120.224.0/21 maxlen: 21
                          176.120.224.0/19 maxlen: 19
                          176.120.239.0/24 maxlen: 24
                          176.120.237.0/24 maxlen: 24
                          176.120.238.0/24 maxlen: 24
                          176.120.236.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e9:40:ab:9e:f6:75:61:fa:3f:46:9c:67:44:63:66:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fcc2f3ee6b5c3ff6dc5346a7535506fa824123e
        Validity
            Not Before: Dec  6 21:04:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c1c9a30596af0ba52d3e1d06af3718e4796f7884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f0:f5:9e:86:bd:bd:41:0d:18:82:df:96:f1:
                    1e:b7:8a:81:fc:26:af:32:71:de:e0:3d:04:29:6d:
                    60:b4:48:65:dd:5d:84:5c:f5:a8:34:83:46:ba:d3:
                    1a:94:77:39:27:5f:a6:d8:8d:fa:83:5d:56:93:b0:
                    b6:ee:06:94:2b:e5:18:e8:97:c4:31:28:0d:61:84:
                    29:70:96:0f:66:85:fc:29:09:d7:2d:34:bd:61:76:
                    1f:ef:fd:62:77:23:6d:90:1e:9d:bc:4b:88:e8:ea:
                    cf:cf:ba:96:04:c5:4b:84:5b:ce:73:0d:b7:44:f6:
                    f6:54:06:1e:f0:63:9c:3f:58:51:d7:c6:b9:b7:65:
                    75:ae:58:27:88:57:3c:00:1d:fc:ba:2a:17:3e:c1:
                    d0:60:6b:c9:00:12:a2:40:e0:7e:c5:1c:d3:e5:5d:
                    3f:c9:02:81:9c:dd:dd:52:d7:c3:56:78:38:7d:6a:
                    f5:e3:b5:f8:87:a5:fe:fd:1a:9f:b0:11:c3:8f:dd:
                    1b:e5:f6:b4:3f:e5:56:09:1b:6c:96:4f:8f:a5:23:
                    84:fd:9e:2f:7a:65:99:ad:14:fb:e6:b5:93:6c:63:
                    6c:7f:40:ca:26:5f:a5:7a:82:2b:6f:36:b0:95:0c:
                    8d:12:2b:1d:91:4c:8c:2f:b0:09:a5:82:f5:14:0c:
                    6f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C9:A3:05:96:AF:0B:A5:2D:3E:1D:06:AF:37:18:E4:79:6F:78:84
            X509v3 Authority Key Identifier:
                keyid:9F:CC:2F:3E:E6:B5:C3:FF:6D:C5:34:6A:75:35:50:6F:A8:24:12:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n8wvPua1w_9txTRqdTVQb6gkEj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/wcmjBZavC6UtPh0GrzcY5HlveIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/n8wvPua1w_9txTRqdTVQb6gkEj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.220.0/22
                  94.45.192.0/19
                  176.120.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         97:37:ec:bf:65:be:1b:90:67:ca:3a:ec:75:15:49:36:bd:c8:
         c0:3e:ea:f1:c7:b7:ce:de:87:c3:3c:ab:39:b1:2a:7e:69:fc:
         26:21:17:75:34:42:82:c9:01:3e:10:f6:6e:26:5a:de:70:e8:
         44:4f:d6:18:b6:f9:37:45:4f:61:2b:e7:26:18:2c:7e:63:d3:
         73:8f:2a:1e:f7:24:6b:c9:70:5a:86:1a:fd:64:6a:25:15:ec:
         0d:c7:76:70:0b:8f:00:46:71:4b:4d:c1:b8:73:b0:2d:2b:dc:
         06:b5:21:24:ee:aa:59:cf:ff:4e:71:30:38:6c:c1:31:65:98:
         2d:ac:a1:9a:40:91:24:f5:ad:0d:7a:ec:53:ba:d1:6a:7a:e9:
         ca:af:03:2e:93:79:24:1c:7d:08:a7:ee:eb:59:f2:8f:6a:18:
         c8:4a:9b:cd:17:0a:4c:15:a5:dd:1d:b6:ce:0f:0b:83:dd:bc:
         69:80:ee:98:df:8f:1f:45:e5:5c:30:e6:48:e5:c7:28:f6:aa:
         bb:b3:dc:cb:87:1f:1d:11:d4:83:ca:df:ee:10:5e:c1:68:81:
         17:f6:4e:84:0b:f7:99:a2:49:5d:4a:6e:fc:2b:af:96:94:c5:
         f6:01:f5:ce:3a:00:e4:32:a5:9e:54:35:57:cc:99:a7:aa:0b:
         55:d9:9f:b3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYTpQKue9nVh+j9GnGdEY2bFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmY2MyZjNlZTZiNWMzZmY2ZGM1MzQ2YTc1MzU1MDZmYTgy
NDEyM2UwHhcNMjIxMjA2MjEwNDAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWM5YTMwNTk2YWYwYmE1MmQzZTFkMDZhZjM3MThlNDc5NmY3ODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvD1noa9vUENGILflvEet4qB/Cav
MnHe4D0EKW1gtEhl3V2EXPWoNINGutMalHc5J1+m2I36g11Wk7C27gaUK+UY6JfE
MSgNYYQpcJYPZoX8KQnXLTS9YXYf7/1idyNtkB6dvEuI6OrPz7qWBMVLhFvOcw23
RPb2VAYe8GOcP1hR18a5t2V1rlgniFc8AB38uioXPsHQYGvJABKiQOB+xRzT5V0/
yQKBnN3dUtfDVng4fWr147X4h6X+/RqfsBHDj90b5fa0P+VWCRtslk+PpSOE/Z4v
emWZrRT75rWTbGNsf0DKJl+leoIrbzawlQyNEisdkUyML7AJpYL1FAxv/QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMHJowWWrwulLT4dBq83GOR5b3iEMB8GA1UdIwQY
MBaAFJ/MLz7mtcP/bcU0anU1UG+oJBI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjh3dlB1YTF3Xzl0eFRScWRUVlFiNmdrRWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy83Zjg0MGQtM2JkNC00ZmFkLTlhMTUt
OGJmMDRhZjRiMmI0LzEvd2NtakJaYXZDNlV0UGgwR3J6Y1k1SGx2ZUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy83Zjg0MGQtM2JkNC00ZmFkLTlhMTUtOGJmMDRhZjRiMmI0
LzEvbjh3dlB1YTF3Xzl0eFRScWRUVlFiNmdrRWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8HcAwQF
Xi3AAwQFsHjgMA0GCSqGSIb3DQEBCwUAA4IBAQCXN+y/Zb4bkGfKOux1FUk2vcjA
Purxx7fO3ofDPKs5sSp+afwmIRd1NEKCyQE+EPZuJlrecOhET9YYtvk3RU9hK+cm
GCx+Y9Nzjyoe9yRryXBahhr9ZGolFewNx3ZwC48ARnFLTcG4c7AtK9wGtSEk7qpZ
z/9OcTA4bMExZZgtrKGaQJEk9a0NeuxTutFqeunKrwMuk3kkHH0Ip+7rWfKPahjI
SpvNFwpMFaXdHbbODwuD3bxpgO6Y348fReVcMOZI5cco9qq7s9zLhx8dEdSDyt/u
EF7BaIEX9k6EC/eZokldSm78K6+WlMX2AfXOOgDkMqWeVDVXzJmnqgtV2Z+z
-----END CERTIFICATE-----