Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/EFTGa85d9h2J0_8nAzF4YGLpfPs.roa
File:                     EFTGa85d9h2J0_8nAzF4YGLpfPs.roa (raw, json)
Hash identifier:          fEbTZ6MAyEJ1M2imHv0s5qJ9CflPNSaoyp4jiwGo/S4=
Subject key identifier:   10:54:C6:6B:CE:5D:F6:1D:89:D3:FF:27:03:31:78:60:62:E9:7C:FB
Certificate issuer:       /CN=bb830630f23b070a2b7bdf529f73948c97eacd40
Certificate serial:       018512DD573205ACCAC3BD3617955E14C658
Authority key identifier: BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/EFTGa85d9h2J0_8nAzF4YGLpfPs.roa
Signing time:             Wed 14 Dec 2022 22:59:33 +0000
ROA not before:           Wed 14 Dec 2022 22:59:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44477
IP address blocks:        185.242.84.0/24 maxlen: 24
                          185.242.85.0/24 maxlen: 24
                          185.242.87.0/24 maxlen: 24
                          185.250.149.0/24 maxlen: 24
                          185.250.148.0/24 maxlen: 24
                          45.67.231.0/24 maxlen: 24
                          45.67.230.0/24 maxlen: 24
                          45.67.229.0/24 maxlen: 24
                          45.67.228.0/24 maxlen: 24
                          80.92.206.0/24 maxlen: 24
                          74.119.195.0/24 maxlen: 24
                          2a09:7c44::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:12:dd:57:32:05:ac:ca:c3:bd:36:17:95:5e:14:c6:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb830630f23b070a2b7bdf529f73948c97eacd40
        Validity
            Not Before: Dec 14 22:59:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1054c66bce5df61d89d3ff270331786062e97cfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0b:c3:48:35:3e:d4:92:89:40:cf:c0:8e:30:
                    78:60:df:e9:b0:75:5b:b2:52:75:a6:8f:7f:0d:ba:
                    33:76:f6:12:8f:47:54:df:a7:c5:0a:96:ba:0b:af:
                    6c:87:8f:36:95:1b:d3:76:da:a8:1c:26:02:38:c9:
                    be:1b:04:a8:96:e5:9a:df:c7:49:bc:92:ea:af:0d:
                    ff:22:41:22:a4:73:9a:64:bd:eb:37:36:f4:7e:53:
                    8c:24:e9:9b:77:5e:2c:32:55:a9:f2:51:34:44:d3:
                    8c:b2:a2:be:65:86:d7:42:e6:1e:94:43:17:0a:31:
                    87:ff:12:71:31:b6:aa:c1:1e:91:b0:33:7c:fc:47:
                    64:4e:08:19:79:f4:ce:a6:a4:ca:79:37:0a:cc:e3:
                    9d:37:a2:4e:80:00:f5:8a:65:ce:6f:52:ca:67:1a:
                    39:3f:b8:41:19:82:6e:4e:be:b4:d5:fe:49:b0:49:
                    c8:50:12:8a:9c:ae:07:5a:60:b4:47:84:c1:94:d3:
                    5b:87:bf:81:5d:f7:35:9f:f2:f1:b1:8e:e6:94:5e:
                    81:47:6a:b1:a9:22:16:71:17:de:96:52:a5:98:5f:
                    82:19:50:7b:9f:5c:5d:71:85:29:1d:0e:e6:4c:21:
                    d1:3c:68:6c:70:91:1a:15:c5:bc:e3:55:bd:e5:c3:
                    48:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:54:C6:6B:CE:5D:F6:1D:89:D3:FF:27:03:31:78:60:62:E9:7C:FB
            X509v3 Authority Key Identifier:
                keyid:BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/EFTGa85d9h2J0_8nAzF4YGLpfPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.228.0/22
                  74.119.195.0/24
                  80.92.206.0/24
                  185.242.84.0/23
                  185.242.87.0/24
                  185.250.148.0/23
                IPv6:
                  2a09:7c44::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:42:45:95:f8:93:bc:10:8a:0a:33:a5:98:0b:22:c5:5b:2d:
         70:19:53:e9:09:87:c9:17:a6:91:7c:18:7a:f3:ce:56:a6:00:
         9a:0a:e5:82:8b:24:0b:48:0f:15:90:3d:70:7b:7e:ae:6f:dc:
         51:29:e3:e3:2b:4c:79:9e:4c:68:77:d1:ce:35:00:6b:6e:c1:
         81:d1:2d:41:fa:4f:d6:6f:92:74:67:c5:71:07:ab:66:20:ef:
         56:e6:37:a4:d3:d0:1e:fe:5c:28:b3:37:c4:28:08:70:c0:1b:
         7c:0b:a0:3b:6b:70:a2:8f:27:b8:37:00:7c:5c:a4:8d:97:ce:
         e8:03:ec:60:05:78:f4:d8:4a:d8:d9:6b:d8:59:52:d2:ce:07:
         80:9b:5c:a9:0a:81:1c:bc:ca:53:d3:a9:f9:8a:b0:9d:19:88:
         9a:46:c1:aa:98:8f:bb:03:c5:6e:b6:a8:bd:23:9e:78:9e:95:
         2f:d7:4f:dd:aa:c7:10:96:dd:81:d3:89:3a:22:a0:bc:44:d3:
         97:e1:e0:c5:85:1f:24:5c:30:2a:b4:a2:91:85:4b:aa:fa:78:
         9d:28:b1:88:8d:1b:d2:3b:ec:74:22:6c:77:ef:77:7e:30:cc:
         9a:be:ce:2a:f9:a1:21:f3:c6:21:47:7f:b3:87:08:ff:bf:17:
         c0:ff:88:05
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYUS3VcyBazKw702F5VeFMZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMwNjMwZjIzYjA3MGEyYjdiZGY1MjlmNzM5NDhjOTdl
YWNkNDAwHhcNMjIxMjE0MjI1OTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDU0YzY2YmNlNWRmNjFkODlkM2ZmMjcwMzMxNzg2MDYyZTk3Y2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQvDSDU+1JKJQM/AjjB4YN/psHVb
slJ1po9/DbozdvYSj0dU36fFCpa6C69sh482lRvTdtqoHCYCOMm+GwSoluWa38dJ
vJLqrw3/IkEipHOaZL3rNzb0flOMJOmbd14sMlWp8lE0RNOMsqK+ZYbXQuYelEMX
CjGH/xJxMbaqwR6RsDN8/EdkTggZefTOpqTKeTcKzOOdN6JOgAD1imXOb1LKZxo5
P7hBGYJuTr601f5JsEnIUBKKnK4HWmC0R4TBlNNbh7+BXfc1n/LxsY7mlF6BR2qx
qSIWcRfellKlmF+CGVB7n1xdcYUpHQ7mTCHRPGhscJEaFcW841W95cNIHwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFBBUxmvOXfYdidP/JwMxeGBi6Xz7MB8GA1UdIwQY
MBaAFLuDBjDyOwcKK3vfUp9zlIyX6s1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMt
MTE5ZWZjYmIyMDIzLzEvRUZUR2E4NWQ5aDJKMF84bkF6RjRZR0xwZlBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMtMTE5ZWZjYmIyMDIz
LzEvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCLUPkAwQA
SnfDAwQAUFzOAwQBufJUAwQAufJXAwQBufqUMA0EAgACMAcDBQAqCXxEMA0GCSqG
SIb3DQEBCwUAA4IBAQAfQkWV+JO8EIoKM6WYCyLFWy1wGVPpCYfJF6aRfBh6885W
pgCaCuWCiyQLSA8VkD1we36ub9xRKePjK0x5nkxod9HONQBrbsGB0S1B+k/Wb5J0
Z8VxB6tmIO9W5jek09Ae/lwoszfEKAhwwBt8C6A7a3Cijye4NwB8XKSNl87oA+xg
BXj02ErY2WvYWVLSzgeAm1ypCoEcvMpT06n5irCdGYiaRsGqmI+7A8Vutqi9I554
npUv10/dqscQlt2B04k6IqC8RNOX4eDFhR8kXDAqtKKRhUuq+nidKLGIjRvSO+x0
Imx373d+MMyavs4q+aEh88YhR3+zhwj/vxfA/4gF
-----END CERTIFICATE-----