Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/R_-AecWIEPiUjRf-O3RPyhY0zwc.roa
File:                     R_-AecWIEPiUjRf-O3RPyhY0zwc.roa (raw, json)
Hash identifier:          krfENtnVQnHUNKsJ/zHVdgr+3oKLoZPuW4oMan9UtYg=
Subject key identifier:   47:FF:80:79:C5:88:10:F8:94:8D:17:FE:3B:74:4F:CA:16:34:CF:07
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       041E7887
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/R_-AecWIEPiUjRf-O3RPyhY0zwc.roa
Signing time:             Tue 18 Jan 2022 08:07:50 +0000
ROA not before:           Tue 18 Jan 2022 08:07:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12679
IP address blocks:        212.8.224.0/22 maxlen: 22
                          212.8.228.0/24 maxlen: 24
                          2a07:505::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a07:500::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 69105799 (0x41e7887)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Jan 18 08:07:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=47ff8079c58810f8948d17fe3b744fca1634cf07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:da:4b:7d:f6:c0:5e:49:8a:a3:91:34:6f:d0:
                    79:45:ed:22:2e:ce:62:53:02:c9:3c:d4:3f:0d:35:
                    df:1b:ad:62:1f:80:70:5f:28:84:38:b8:f2:d1:85:
                    ac:f2:12:6d:8d:31:b4:e8:b2:80:fe:88:31:87:b2:
                    2e:4a:e1:cb:19:85:0f:05:a9:7d:fa:93:ba:d1:91:
                    b4:69:89:a7:36:0e:5a:5c:28:9b:d6:af:b9:1b:cd:
                    ea:d7:c4:fe:53:fc:1f:6e:4e:b5:f2:7f:fb:8c:ff:
                    09:11:d8:6e:60:92:a0:2e:98:65:b8:b8:53:dc:e5:
                    37:21:12:9d:b3:2b:28:2c:29:db:76:2f:d3:11:65:
                    e7:94:e9:13:ad:72:56:2e:12:cb:72:05:c1:3c:00:
                    f0:05:60:09:13:a8:bb:fa:7c:f2:b5:bd:24:5a:0d:
                    d2:4e:2b:0c:47:64:db:5c:45:9a:36:3b:7b:7c:e9:
                    bd:4a:4c:2d:78:2d:a1:33:bc:20:5a:26:b7:a0:98:
                    b8:5a:05:05:10:b3:bd:43:24:64:f1:54:34:7f:14:
                    89:43:d3:7a:b6:e9:0d:20:c0:df:27:ce:3b:cd:2c:
                    f7:8c:36:f6:c6:5b:aa:ca:fd:fb:61:38:b5:59:d3:
                    d3:24:e8:11:e5:bf:43:99:6f:f9:ca:21:87:b1:3d:
                    ac:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:FF:80:79:C5:88:10:F8:94:8D:17:FE:3B:74:4F:CA:16:34:CF:07
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/R_-AecWIEPiUjRf-O3RPyhY0zwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.8.224.0-212.8.228.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:5a:c3:50:cf:0e:8c:85:88:4c:53:52:58:c1:67:57:ef:b0:
         2c:f2:23:3a:91:4b:fc:fc:17:16:d8:2d:5b:5f:44:63:b6:8c:
         d2:fa:dc:94:f9:b8:32:63:9d:40:7f:c6:48:f0:63:c2:e3:1c:
         0e:bf:0d:78:1b:16:87:2d:a9:f7:c9:61:7e:90:db:56:9a:10:
         d6:bc:8c:b5:e2:8b:ac:cf:93:d5:7f:b9:71:2e:10:6f:d3:e1:
         3d:9c:f0:c3:74:da:55:ed:5a:01:e9:37:ef:ed:7d:36:85:01:
         51:8d:7a:c5:c0:aa:90:35:4d:9a:2c:0f:f6:a6:91:2d:f4:3a:
         cc:28:24:50:d4:bd:c6:b3:b5:21:9e:b6:be:e3:64:73:58:0c:
         a2:1d:75:80:85:aa:57:0d:1f:30:fc:ea:c6:f7:73:4f:39:fc:
         ac:5b:87:fa:36:5c:e8:d4:7e:20:46:7b:f4:0c:98:7b:4d:a0:
         c9:03:fc:59:51:d2:1f:01:df:d3:13:50:82:5b:e0:3d:a8:4a:
         54:1c:ae:b8:c3:6e:63:44:80:9a:87:28:d5:5c:83:6f:12:ec:
         90:b2:d7:2b:b4:0d:5c:16:83:cd:8c:0e:6e:a0:7f:31:a6:30:
         ff:88:56:64:07:2a:99:cf:c3:35:ce:61:85:86:d3:67:81:6b:
         04:b8:89:47
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEBB54hzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NjE2OTcxNmQwYWU2NDA2ODcwMzE0MGFhMzczMGUzNzg4ZmRkNGM2MB4XDTIyMDEx
ODA4MDc1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDdmZjgwNzljNTg4
MTBmODk0OGQxN2ZlM2I3NDRmY2ExNjM0Y2YwNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALHaS332wF5JiqORNG/QeUXtIi7OYlMCyTzUPw013xutYh+A
cF8ohDi48tGFrPISbY0xtOiygP6IMYeyLkrhyxmFDwWpffqTutGRtGmJpzYOWlwo
m9avuRvN6tfE/lP8H25OtfJ/+4z/CRHYbmCSoC6YZbi4U9zlNyESnbMrKCwp23Yv
0xFl55TpE61yVi4Sy3IFwTwA8AVgCROou/p88rW9JFoN0k4rDEdk21xFmjY7e3zp
vUpMLXgtoTO8IFomt6CYuFoFBRCzvUMkZPFUNH8UiUPTerbpDSDA3yfOO80s94w2
9sZbqsr9+2E4tVnT0yToEeW/Q5lv+cohh7E9rCkCAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBRH/4B5xYgQ+JSNF/47dE/KFjTPBzAfBgNVHSMEGDAWgBTGFpcW0K5kBocD
FAqjcw43iP3UxjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hoYVhGdEN1WkFhSEF4UUtvM01PTjRqOTFNWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWQvNDAwNjg1LWY0OGUtNGFiOS04ZTNmLTA0MjQ0NmI3MGZiMS8x
L1JfLUFlY1dJRVBpVWpSZi1PM1JQeWhZMHp3Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWQv
NDAwNjg1LWY0OGUtNGFiOS04ZTNmLTA0MjQ0NmI3MGZiMS8xL3hoYVhGdEN1WkFh
SEF4UUtvM01PTjRqOTFNWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwFAQCAAEwDjAMAwQF1AjgAwQA1AjkMBQEAgACMA4D
BQMqBwUAAwUDKg58QDANBgkqhkiG9w0BAQsFAAOCAQEACFrDUM8OjIWITFNSWMFn
V++wLPIjOpFL/PwXFtgtW19EY7aM0vrclPm4MmOdQH/GSPBjwuMcDr8NeBsWhy2p
98lhfpDbVpoQ1ryMteKLrM+T1X+5cS4Qb9PhPZzww3TaVe1aAek37+19NoUBUY16
xcCqkDVNmiwP9qaRLfQ6zCgkUNS9xrO1IZ62vuNkc1gMoh11gIWqVw0fMPzqxvdz
Tzn8rFuH+jZc6NR+IEZ79AyYe02gyQP8WVHSHwHf0xNQglvgPahKVByuuMNuY0SA
moco1VyDbxLskLLXK7QNXBaDzYwObqB/MaYw/4hWZAcqmc/DNc5hhYbTZ4FrBLiJ
Rw==
-----END CERTIFICATE-----