Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/76f921-6217-4e95-b445-10cd20fab386/1/cUbE-z_HsM6LW8uryOmXfrvyZaQ.roa
File:                     cUbE-z_HsM6LW8uryOmXfrvyZaQ.roa (raw, json)
Hash identifier:          YjM2XrJxJwtXHMMyRneOqs0dntHJD8QxeUyrKREuvd8=
Subject key identifier:   71:46:C4:FB:3F:C7:B0:CE:8B:5B:CB:AB:C8:E9:97:7E:BB:F2:65:A4
Certificate issuer:       /CN=150b7ff9bc1962ebcec0be435ccc272d751a1c16
Certificate serial:       0183564A2317E85125D74FEE1FB69C019007
Authority key identifier: 15:0B:7F:F9:BC:19:62:EB:CE:C0:BE:43:5C:CC:27:2D:75:1A:1C:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQt_-bwZYuvOwL5DXMwnLXUaHBY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/76f921-6217-4e95-b445-10cd20fab386/1/cUbE-z_HsM6LW8uryOmXfrvyZaQ.roa
Signing time:             Mon 19 Sep 2022 15:07:22 +0000
ROA not before:           Mon 19 Sep 2022 15:07:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197825
IP address blocks:        176.10.56.0/24 maxlen: 24
                          176.10.57.0/24 maxlen: 24
                          176.10.58.0/24 maxlen: 24
                          176.10.59.0/24 maxlen: 24
                          176.10.60.0/24 maxlen: 24
                          176.10.61.0/24 maxlen: 24
                          176.10.62.0/24 maxlen: 24
                          176.10.63.0/24 maxlen: 24
                          2a06:2083::/32 maxlen: 32
                          2a06:2087::/32 maxlen: 32
                          2a06:2080::/32 maxlen: 32
                          2a06:2086::/32 maxlen: 32
                          2a06:2081::/32 maxlen: 32
                          2a06:2085::/32 maxlen: 32
                          2a06:2084::/32 maxlen: 32
                          2a06:2082::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:56:4a:23:17:e8:51:25:d7:4f:ee:1f:b6:9c:01:90:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=150b7ff9bc1962ebcec0be435ccc272d751a1c16
        Validity
            Not Before: Sep 19 15:07:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7146c4fb3fc7b0ce8b5bcbabc8e9977ebbf265a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f2:82:30:2d:c5:45:ce:5b:39:63:a6:a3:ad:
                    9b:58:e7:e4:da:c3:9b:0b:20:9a:a9:98:15:90:54:
                    74:b3:f1:c1:47:c3:55:5d:48:52:dd:35:8d:de:44:
                    56:ff:80:5d:10:01:f9:b1:e1:1f:12:ec:03:09:1c:
                    87:40:8f:0f:ce:81:0f:b9:31:f7:4e:42:7d:9f:d5:
                    94:b5:6f:6e:2a:16:64:bc:67:c3:cc:7d:d8:b6:eb:
                    e7:56:f4:57:b0:3a:4e:50:ef:66:43:dd:73:b5:fe:
                    00:88:f5:bf:3d:63:63:7e:cd:7b:af:b6:5d:0e:c6:
                    bd:b5:8d:bc:66:0b:e3:f3:c8:2b:55:63:e8:8d:61:
                    43:75:77:13:b3:d9:10:d0:4e:9d:5b:c6:3f:a8:f8:
                    f5:9a:bd:6c:15:5c:de:4e:8c:b8:39:95:28:22:56:
                    cd:12:ba:0e:91:b4:7b:03:aa:9b:1a:b8:c4:08:40:
                    bd:2e:39:22:5a:8c:01:25:46:c9:9e:00:08:24:ce:
                    cb:0b:39:0f:3b:90:33:52:4a:3e:74:66:f0:28:b3:
                    12:d0:b1:94:10:24:c9:53:33:d0:90:c8:cf:27:a5:
                    22:d4:da:14:a8:61:bc:01:bb:72:2c:9e:c5:80:a6:
                    16:12:ac:6f:d1:6a:32:83:78:22:77:fb:80:da:be:
                    cb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:46:C4:FB:3F:C7:B0:CE:8B:5B:CB:AB:C8:E9:97:7E:BB:F2:65:A4
            X509v3 Authority Key Identifier:
                keyid:15:0B:7F:F9:BC:19:62:EB:CE:C0:BE:43:5C:CC:27:2D:75:1A:1C:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQt_-bwZYuvOwL5DXMwnLXUaHBY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/76f921-6217-4e95-b445-10cd20fab386/1/cUbE-z_HsM6LW8uryOmXfrvyZaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/76f921-6217-4e95-b445-10cd20fab386/1/FQt_-bwZYuvOwL5DXMwnLXUaHBY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.10.56.0/21
                IPv6:
                  2a06:2080::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:21:5e:16:5e:5f:ee:fb:97:80:2e:d0:73:14:e5:26:bb:f4:
         de:81:d5:21:29:d6:43:7e:47:88:e3:c2:a9:f9:7b:d3:c5:12:
         6c:fd:22:4e:71:85:9f:28:6c:74:3d:79:86:9c:f9:27:d6:7b:
         a0:54:b0:c5:3b:68:0b:0c:47:8a:db:a8:68:df:c8:a9:d8:cc:
         ec:02:84:29:ac:7b:d7:10:08:cd:2e:2d:bb:36:08:78:34:ad:
         b3:cf:c9:2b:53:b4:58:54:ba:18:e5:db:6e:bd:52:19:d7:37:
         32:24:5b:e8:63:63:31:23:b2:9d:48:5f:a2:a0:cc:5b:63:87:
         7d:a8:df:26:c8:8b:a4:4c:0f:15:70:61:39:09:c1:15:75:18:
         e0:01:c0:c0:5f:a5:b3:a2:d3:cd:cf:d6:df:42:7e:57:6f:c2:
         c4:d5:d1:45:c5:20:40:9b:cd:2a:56:5a:c6:2a:ac:fc:f4:f9:
         ab:9a:a4:85:9b:44:d7:a6:19:06:38:c4:57:ff:5b:8e:58:7d:
         7c:8d:71:f9:b7:e1:71:03:41:5c:f1:19:48:3b:e0:bf:25:23:
         25:39:19:2a:59:f8:06:e5:1e:9e:6c:42:91:12:ef:a9:be:7f:
         6c:05:69:5e:6e:47:13:90:a7:42:87:c3:28:e7:1c:4d:a8:6a:
         fd:44:42:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYNWSiMX6FEl10/uH7acAZAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MGI3ZmY5YmMxOTYyZWJjZWMwYmU0MzVjY2MyNzJkNzUx
YTFjMTYwHhcNMjIwOTE5MTUwNzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTQ2YzRmYjNmYzdiMGNlOGI1YmNiYWJjOGU5OTc3ZWJiZjI2NWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPKCMC3FRc5bOWOmo62bWOfk2sOb
CyCaqZgVkFR0s/HBR8NVXUhS3TWN3kRW/4BdEAH5seEfEuwDCRyHQI8PzoEPuTH3
TkJ9n9WUtW9uKhZkvGfDzH3YtuvnVvRXsDpOUO9mQ91ztf4AiPW/PWNjfs17r7Zd
Dsa9tY28Zgvj88grVWPojWFDdXcTs9kQ0E6dW8Y/qPj1mr1sFVzeToy4OZUoIlbN
EroOkbR7A6qbGrjECEC9LjkiWowBJUbJngAIJM7LCzkPO5AzUko+dGbwKLMS0LGU
ECTJUzPQkMjPJ6Ui1NoUqGG8AbtyLJ7FgKYWEqxv0Woyg3gid/uA2r7LsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHFGxPs/x7DOi1vLq8jpl3678mWkMB8GA1UdIwQY
MBaAFBULf/m8GWLrzsC+Q1zMJy11GhwWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlF0Xy1id1pZdXZPd0w1RFhNd25MWFVhSEJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS83NmY5MjEtNjIxNy00ZTk1LWI0NDUt
MTBjZDIwZmFiMzg2LzEvY1ViRS16X0hzTTZMVzh1cnlPbVhmcnZ5WmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS83NmY5MjEtNjIxNy00ZTk1LWI0NDUtMTBjZDIwZmFiMzg2
LzEvRlF0Xy1id1pZdXZPd0w1RFhNd25MWFVhSEJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDsAo4MA0E
AgACMAcDBQMqBiCAMA0GCSqGSIb3DQEBCwUAA4IBAQAWIV4WXl/u+5eALtBzFOUm
u/TegdUhKdZDfkeI48Kp+XvTxRJs/SJOcYWfKGx0PXmGnPkn1nugVLDFO2gLDEeK
26ho38ip2MzsAoQprHvXEAjNLi27Ngh4NK2zz8krU7RYVLoY5dtuvVIZ1zcyJFvo
Y2MxI7KdSF+ioMxbY4d9qN8myIukTA8VcGE5CcEVdRjgAcDAX6WzotPNz9bfQn5X
b8LE1dFFxSBAm80qVlrGKqz89PmrmqSFm0TXphkGOMRX/1uOWH18jXH5t+FxA0Fc
8RlIO+C/JSMlORkqWfgG5R6ebEKREu+pvn9sBWlebkcTkKdCh8Mo5xxNqGr9RELs
-----END CERTIFICATE-----