Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/t7FDE_02ioZIV7hcEpgkXcLoigA.roa
File:                     t7FDE_02ioZIV7hcEpgkXcLoigA.roa (raw, json)
Hash identifier:          z2882QsjgJFQxQlahRBQ5pkbVwXmpBToN9JkoEWQBO4=
Subject key identifier:   B7:B1:43:13:FD:36:8A:86:48:57:B8:5C:12:98:24:5D:C2:E8:8A:00
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       049D530D
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/t7FDE_02ioZIV7hcEpgkXcLoigA.roa
Signing time:             Tue 15 Mar 2022 06:14:33 +0000
ROA not before:           Tue 15 Mar 2022 06:14:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12679
IP address blocks:        45.134.13.0/24 maxlen: 24
                          45.134.15.0/24 maxlen: 24
                          45.134.14.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.229.0/24 maxlen: 24
                          212.8.228.0/24 maxlen: 24
                          2a07:505::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a07:500::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 77419277 (0x49d530d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Mar 15 06:14:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b7b14313fd368a864857b85c1298245dc2e88a00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:57:7a:6c:a7:dc:0c:17:6a:99:50:97:a3:91:
                    45:56:f9:fe:b7:10:5b:93:ac:e3:8e:81:fd:f3:db:
                    2b:9b:8a:22:89:60:02:5f:58:c5:e9:54:0e:68:3e:
                    59:92:e8:07:9a:6b:00:e0:cb:74:c3:a6:6c:81:f2:
                    fc:c0:fe:40:fc:a6:dc:5e:c2:1a:45:94:86:c9:18:
                    e2:45:0a:b3:6d:f3:3f:e2:60:5d:96:09:9a:bd:83:
                    0f:cd:84:f1:3c:1a:74:0c:72:5f:82:3e:32:a0:fc:
                    a2:97:84:5f:b3:3f:42:9c:29:85:8b:9b:54:75:5e:
                    4c:f7:f7:7e:55:99:d2:0c:72:f8:8c:8e:83:b5:64:
                    9f:b3:58:d3:26:1a:9b:a1:1c:88:c9:6a:88:de:ff:
                    bb:30:b1:9b:ae:67:70:f3:bc:50:b2:a3:d6:a1:ff:
                    14:12:f1:08:35:e4:45:e6:cd:94:46:5c:88:68:19:
                    22:56:d6:c2:38:97:f2:05:91:9c:db:52:e2:7b:24:
                    a6:be:45:12:d9:9c:84:38:17:9b:24:2a:55:80:ca:
                    42:bd:93:85:24:15:c4:84:ca:bc:11:9a:b7:2b:00:
                    30:53:b5:5b:7b:dd:93:cb:14:51:75:27:3b:1d:d5:
                    27:a5:ee:63:13:d1:be:38:02:72:fc:20:11:7a:9c:
                    e7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:B1:43:13:FD:36:8A:86:48:57:B8:5C:12:98:24:5D:C2:E8:8A:00
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/t7FDE_02ioZIV7hcEpgkXcLoigA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.13.0-45.134.15.255
                  212.8.224.0-212.8.229.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:0e:78:ee:15:2b:d2:4f:76:8d:dc:80:15:17:27:b1:53:18:
         4b:97:01:f9:4f:d3:c1:bf:b6:83:75:7a:c6:1e:78:e8:89:ff:
         d4:3d:17:9a:ea:bc:4f:b6:0e:50:a0:4e:1c:48:b1:24:63:b5:
         50:cb:07:0f:b4:15:4f:52:5a:02:7c:a1:b2:57:a0:f4:f4:3b:
         73:48:ee:fa:33:1c:64:c3:96:20:f3:21:66:71:4b:d2:e7:6d:
         b5:4c:2d:19:ad:d9:72:cc:c9:30:64:e3:1e:af:5a:f6:26:0e:
         f2:f8:02:71:9a:b9:9d:a6:07:2c:79:38:fa:58:8d:7f:89:4a:
         ad:d3:bb:9a:8b:33:7e:a9:31:d0:cb:16:61:01:22:77:8e:81:
         e9:eb:ce:7f:02:ec:87:6e:bc:95:5c:96:71:2f:1d:85:44:32:
         5a:7f:7b:ad:7b:0c:1e:9d:12:49:85:96:cb:36:26:a2:4d:f8:
         f8:ae:22:fd:9d:18:e2:f7:5e:e2:3e:c0:e0:f2:c1:96:9c:75:
         e5:ef:46:b7:36:61:0f:85:ed:87:3d:86:04:44:09:2e:73:24:
         52:1e:c3:13:8b:b4:db:df:fc:73:ce:43:c0:84:42:09:8e:51:
         b3:31:25:ce:c8:fe:7d:c3:8c:8b:c8:b3:c8:17:85:86:27:7e:
         68:35:64:cd
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgIEBJ1TDTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NjE2OTcxNmQwYWU2NDA2ODcwMzE0MGFhMzczMGUzNzg4ZmRkNGM2MB4XDTIyMDMx
NTA2MTQzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjdiMTQzMTNmZDM2
OGE4NjQ4NTdiODVjMTI5ODI0NWRjMmU4OGEwMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALhXemyn3AwXaplQl6ORRVb5/rcQW5Os446B/fPbK5uKIolg
Al9YxelUDmg+WZLoB5prAODLdMOmbIHy/MD+QPym3F7CGkWUhskY4kUKs23zP+Jg
XZYJmr2DD82E8TwadAxyX4I+MqD8opeEX7M/QpwphYubVHVeTPf3flWZ0gxy+IyO
g7Vkn7NY0yYam6EciMlqiN7/uzCxm65ncPO8ULKj1qH/FBLxCDXkRebNlEZciGgZ
IlbWwjiX8gWRnNtS4nskpr5FEtmchDgXmyQqVYDKQr2ThSQVxITKvBGatysAMFO1
W3vdk8sUUXUnOx3VJ6XuYxPRvjgCcvwgEXqc5xECAwEAAaOCAjUwggIxMB0GA1Ud
DgQWBBS3sUMT/TaKhkhXuFwSmCRdwuiKADAfBgNVHSMEGDAWgBTGFpcW0K5kBocD
FAqjcw43iP3UxjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hoYVhGdEN1WkFhSEF4UUtvM01PTjRqOTFNWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWQvNDAwNjg1LWY0OGUtNGFiOS04ZTNmLTA0MjQ0NmI3MGZiMS8x
L3Q3RkRFXzAyaW9aSVY3aGNFcGdrWGNMb2lnQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWQv
NDAwNjg1LWY0OGUtNGFiOS04ZTNmLTA0MjQ0NmI3MGZiMS8xL3hoYVhGdEN1WkFh
SEF4UUtvM01PTjRqOTFNWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBL
BggrBgEFBQcBBwEB/wQ8MDowIgQCAAEwHDAMAwQALYYNAwQELYYAMAwDBAXUCOAD
BAHUCOQwFAQCAAIwDgMFAyoHBQADBQMqDnxAMA0GCSqGSIb3DQEBCwUAA4IBAQCD
DnjuFSvST3aN3IAVFyexUxhLlwH5T9PBv7aDdXrGHnjoif/UPRea6rxPtg5QoE4c
SLEkY7VQywcPtBVPUloCfKGyV6D09DtzSO76Mxxkw5Yg8yFmcUvS5221TC0Zrdly
zMkwZOMer1r2Jg7y+AJxmrmdpgcseTj6WI1/iUqt07uaizN+qTHQyxZhASJ3joHp
685/AuyHbryVXJZxLx2FRDJaf3utewwenRJJhZbLNiaiTfj4riL9nRji917iPsDg
8sGWnHXl70a3NmEPhe2HPYYERAkucyRSHsMTi7Tb3/xzzkPAhEIJjlGzMSXOyP59
w4yLyLPIF4WGJ35oNWTN
-----END CERTIFICATE-----