Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/knnt6Q8_zyhObMIm58miwhq3fYg.roa
File:                     knnt6Q8_zyhObMIm58miwhq3fYg.roa (raw, json)
Hash identifier:          Zg6oZBgY+7hEwieIy9295G3KF6l0dHSUnpWZ82lBlog=
Subject key identifier:   92:79:ED:E9:0F:3F:CF:28:4E:6C:C2:26:E7:C9:A2:C2:1A:B7:7D:88
Certificate issuer:       /CN=3618be04417a6bcb9f33942a631518be533ffaf4
Certificate serial:       018538FAAFE364748E1437A80850CAD6EADD
Authority key identifier: 36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/knnt6Q8_zyhObMIm58miwhq3fYg.roa
Signing time:             Thu 22 Dec 2022 08:37:11 +0000
ROA not before:           Thu 22 Dec 2022 08:37:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42346
IP address blocks:        83.137.24.0/21 maxlen: 21
                          185.93.216.0/22 maxlen: 22
                          194.63.148.0/22 maxlen: 22
                          109.106.32.0/21 maxlen: 21
                          109.106.40.0/22 maxlen: 22
                          185.127.172.0/22 maxlen: 22
                          195.60.192.0/22 maxlen: 22
                          212.120.32.0/19 maxlen: 19
                          213.213.160.0/19 maxlen: 19
                          2a02:ab0::/29 maxlen: 29
                          2a00:5480::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:38:fa:af:e3:64:74:8e:14:37:a8:08:50:ca:d6:ea:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3618be04417a6bcb9f33942a631518be533ffaf4
        Validity
            Not Before: Dec 22 08:37:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9279ede90f3fcf284e6cc226e7c9a2c21ab77d88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:09:96:7e:5f:6c:86:1e:d3:80:78:0e:2c:23:
                    14:67:bd:95:84:47:fd:75:a2:99:30:03:b1:50:77:
                    e1:77:48:10:78:95:8a:34:1f:ca:48:d4:f9:7a:7a:
                    28:d9:53:06:fe:86:41:b4:03:08:69:59:70:ee:ef:
                    f2:d5:4d:78:5f:51:5e:ed:cb:ba:92:47:74:4f:13:
                    45:f5:07:53:b3:67:31:e8:99:a7:8b:41:f2:52:c8:
                    a0:de:42:1f:d3:81:31:81:3c:69:2d:6c:c2:89:bb:
                    c7:16:2e:3a:0d:51:2e:78:ef:8b:5a:53:7b:06:ee:
                    eb:62:f3:b7:30:a1:e8:2e:85:f1:e1:8d:38:3c:44:
                    7a:0b:10:71:ab:d3:0a:31:29:aa:fe:96:2d:cd:70:
                    cd:b5:23:7f:bb:b4:6b:a1:ef:71:1c:42:b7:88:0d:
                    c0:c0:93:eb:68:3a:30:ee:0e:69:e0:43:3f:ff:e7:
                    13:ed:4c:58:f6:89:4c:39:1d:dd:15:f4:3a:90:0b:
                    5e:0c:a5:fb:e5:93:d2:b8:f2:c8:66:7e:8c:b1:ca:
                    09:dc:54:6c:8d:8f:8d:d9:82:59:40:53:e5:1c:e4:
                    16:e0:c9:54:73:d8:f8:25:d6:7e:67:d4:9b:36:47:
                    35:85:6e:ed:b1:c1:03:bb:7d:12:1d:0a:ed:2f:ae:
                    c4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:79:ED:E9:0F:3F:CF:28:4E:6C:C2:26:E7:C9:A2:C2:1A:B7:7D:88
            X509v3 Authority Key Identifier:
                keyid:36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/knnt6Q8_zyhObMIm58miwhq3fYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.24.0/21
                  109.106.32.0-109.106.43.255
                  185.93.216.0/22
                  185.127.172.0/22
                  194.63.148.0/22
                  195.60.192.0/22
                  212.120.32.0/19
                  213.213.160.0/19
                IPv6:
                  2a00:5480::/29
                  2a02:ab0::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:45:f4:05:07:89:c6:d4:17:af:77:38:21:7c:c5:49:62:d4:
         11:4e:82:a4:0a:4c:67:81:78:e8:c9:f5:4d:94:03:e1:30:93:
         fa:66:85:e3:7e:11:a0:75:06:73:dd:f4:23:c3:bd:43:f3:b3:
         d0:75:b0:63:e2:03:0c:10:97:58:f4:5c:98:f1:6f:1b:19:53:
         6b:04:e5:a5:d9:16:4f:85:86:dc:4c:2e:af:e5:b2:40:36:3d:
         ab:2f:54:09:95:4b:9d:b9:c9:36:42:31:4a:75:ef:b6:0a:39:
         f4:e1:74:a7:cb:73:32:05:61:ae:a8:e8:19:62:ff:b3:41:bc:
         3e:1c:27:6a:4f:cb:3f:0a:e7:e5:45:5e:48:78:4b:f0:97:b6:
         4c:d2:31:74:ff:c5:60:06:51:44:3a:e8:d2:b0:a4:1c:fd:ec:
         04:89:a2:9b:9b:ff:67:79:97:cd:e1:42:88:24:42:6d:f9:f3:
         bd:88:07:f7:74:63:81:1c:5f:2f:af:33:ed:72:8d:bc:cc:a3:
         4e:e1:33:32:87:5e:94:d0:ae:e7:a3:f0:69:0d:e8:51:91:41:
         04:b8:97:17:f1:46:b0:6d:e1:15:3a:66:9f:81:d3:8b:e3:41:
         1b:7f:15:4e:c2:2b:ae:93:39:72:0c:6f:47:94:fe:96:5d:bd:
         7e:6a:29:cb
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYU4+q/jZHSOFDeoCFDK1urdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MThiZTA0NDE3YTZiY2I5ZjMzOTQyYTYzMTUxOGJlNTMz
ZmZhZjQwHhcNMjIxMjIyMDgzNzExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjc5ZWRlOTBmM2ZjZjI4NGU2Y2MyMjZlN2M5YTJjMjFhYjc3ZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4AmWfl9shh7TgHgOLCMUZ72VhEf9
daKZMAOxUHfhd0gQeJWKNB/KSNT5enoo2VMG/oZBtAMIaVlw7u/y1U14X1Fe7cu6
kkd0TxNF9QdTs2cx6Jmni0HyUsig3kIf04ExgTxpLWzCibvHFi46DVEueO+LWlN7
Bu7rYvO3MKHoLoXx4Y04PER6CxBxq9MKMSmq/pYtzXDNtSN/u7Rroe9xHEK3iA3A
wJPraDow7g5p4EM//+cT7UxY9olMOR3dFfQ6kAteDKX75ZPSuPLIZn6MscoJ3FRs
jY+N2YJZQFPlHOQW4MlUc9j4JdZ+Z9SbNkc1hW7tscEDu30SHQrtL67E9wIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFJJ57ekPP88oTmzCJufJosIat32IMB8GA1UdIwQY
MBaAFDYYvgRBemvLnzOUKmMVGL5TP/r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMt
MjI2OGU5N2E4YmMxLzEva25udDZROF96eWhPYk1JbTU4bWl3aHEzZllnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMtMjI2OGU5N2E4YmMx
LzEvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQDU4kYMAwD
BAVtaiADBAJtaigDBAK5XdgDBAK5f6wDBALCP5QDBALDPMADBAXUeCADBAXV1aAw
FAQCAAIwDgMFAyoAVIADBQMqAgqwMA0GCSqGSIb3DQEBCwUAA4IBAQA1RfQFB4nG
1BevdzghfMVJYtQRToKkCkxngXjoyfVNlAPhMJP6ZoXjfhGgdQZz3fQjw71D87PQ
dbBj4gMMEJdY9FyY8W8bGVNrBOWl2RZPhYbcTC6v5bJANj2rL1QJlUuduck2QjFK
de+2Cjn04XSny3MyBWGuqOgZYv+zQbw+HCdqT8s/CuflRV5IeEvwl7ZM0jF0/8Vg
BlFEOujSsKQc/ewEiaKbm/9neZfN4UKIJEJt+fO9iAf3dGOBHF8vrzPtco28zKNO
4TMyh16U0K7no/BpDehRkUEEuJcX8UawbeEVOmafgdOL40EbfxVOwiuukzlyDG9H
lP6WXb1+ainL
-----END CERTIFICATE-----