Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/fzhQ2-sNHN3AqNcMA0DXP6Vgve8.roa
File:                     fzhQ2-sNHN3AqNcMA0DXP6Vgve8.roa (raw, json)
Hash identifier:          HOYbmJFs0ec3QQQVJxyJbEYH2semUK6HHrb1dI9h1aE=
Subject key identifier:   7F:38:50:DB:EB:0D:1C:DD:C0:A8:D7:0C:03:40:D7:3F:A5:60:BD:EF
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       01821A91917E01E696D04D8F1726E9A491EF
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/fzhQ2-sNHN3AqNcMA0DXP6Vgve8.roa
Signing time:             Wed 20 Jul 2022 07:45:23 +0000
ROA not before:           Wed 20 Jul 2022 07:45:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16305
IP address blocks:        80.75.40.0/21 maxlen: 21
                          80.75.48.0/22 maxlen: 22
                          80.75.36.0/22 maxlen: 22
                          80.75.32.0/24 maxlen: 24
                          80.75.33.0/24 maxlen: 24
                          80.75.35.0/24 maxlen: 24
                          194.48.124.0/22 maxlen: 22
                          194.48.128.0/24 maxlen: 24
                          194.48.129.0/24 maxlen: 24
                          194.48.130.0/24 maxlen: 24
                          194.48.131.0/24 maxlen: 24
                          194.48.132.0/22 maxlen: 22
                          194.48.137.0/24 maxlen: 24
                          194.48.138.0/24 maxlen: 24
                          194.48.139.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:1a:91:91:7e:01:e6:96:d0:4d:8f:17:26:e9:a4:91:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jul 20 07:45:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7f3850dbeb0d1cddc0a8d70c0340d73fa560bdef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6f:e7:8c:19:db:8a:6b:1b:53:f5:1f:77:bb:
                    90:39:78:e9:b7:fe:93:c2:db:65:12:06:95:13:c6:
                    70:cb:9a:09:84:cf:c7:5a:96:c6:ab:35:c5:58:44:
                    8d:7d:cd:d7:25:eb:a4:17:e7:db:bb:fc:12:3a:f2:
                    69:73:37:17:c2:6c:f3:6d:77:6d:e2:3b:c6:4e:92:
                    05:ce:4f:ac:a0:87:7d:d8:05:d6:8b:09:cc:f3:27:
                    4e:a1:ab:51:af:b1:7c:45:76:f1:5a:72:02:16:d0:
                    d0:43:c3:59:4f:aa:8a:f1:75:99:a9:fb:16:a4:19:
                    f1:97:b1:96:29:bd:ef:23:b0:eb:57:6c:7b:37:c2:
                    0b:1b:99:37:1b:9b:10:b4:b8:19:4c:60:83:96:77:
                    a8:c9:e5:38:d8:a5:4a:f7:75:29:79:13:ea:f6:a3:
                    12:7a:04:55:5d:d5:c8:50:a4:84:95:81:b5:16:0b:
                    4f:4b:ce:e0:e6:ac:ca:5a:a1:eb:57:2a:af:b4:32:
                    68:fb:20:ee:03:22:70:f4:02:33:57:5c:6a:03:21:
                    74:07:dd:9b:d2:38:c9:eb:e7:a8:fd:b3:cf:d3:c2:
                    2e:04:2f:c6:11:c8:fa:34:6a:4d:8c:44:d5:22:c8:
                    e1:67:25:ce:1c:dd:a0:3a:39:b8:21:d1:83:6f:f2:
                    d9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:38:50:DB:EB:0D:1C:DD:C0:A8:D7:0C:03:40:D7:3F:A5:60:BD:EF
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/fzhQ2-sNHN3AqNcMA0DXP6Vgve8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.32.0/23
                  80.75.35.0-80.75.51.255
                  194.48.124.0-194.48.135.255
                  194.48.137.0-194.48.139.255

    Signature Algorithm: sha256WithRSAEncryption
         51:91:f8:dc:ce:14:a4:ad:56:3e:6c:ff:d2:74:2a:6b:7e:ae:
         b7:a4:66:13:e3:b0:50:49:34:12:ca:c9:c2:a7:55:b6:62:8b:
         6a:fc:6c:41:9e:30:22:49:63:f9:2c:52:15:f5:d8:93:99:23:
         fb:39:ce:ae:79:db:2b:75:a6:91:ec:18:5a:63:19:2a:1d:a3:
         ce:78:e9:bf:c0:ec:81:e9:da:25:95:82:3b:28:84:d5:54:16:
         27:24:f0:98:e0:ed:cf:33:17:7a:8f:52:12:47:f3:87:3a:c6:
         e8:44:ed:c8:24:19:e2:21:36:f7:4d:67:b5:0c:e6:67:ad:47:
         c4:0e:e8:4f:00:d2:49:59:c1:60:3b:e6:6e:6a:da:b7:e7:2e:
         0e:79:63:1f:bb:06:c4:2d:3c:5b:80:14:21:a2:0d:91:84:43:
         2f:da:3f:2b:5c:ad:2b:de:e6:94:a1:53:ee:d0:b5:cf:f5:f8:
         dc:c1:d5:14:79:e1:c8:01:23:ff:6b:ed:04:56:66:49:3a:f0:
         8f:6e:f9:c3:5d:34:59:af:f1:bd:2c:8b:36:84:56:b3:d7:4a:
         87:58:61:3c:c8:73:b9:1a:49:e9:5a:4c:d3:3c:46:59:70:4b:
         49:10:0f:32:58:5c:6a:82:fb:8a:af:7b:a3:ba:7c:a8:25:f6:
         e8:c6:9b:6c
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYIakZF+AeaW0E2PFybppJHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjIwNzIwMDc0NTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjM4NTBkYmViMGQxY2RkYzBhOGQ3MGMwMzQwZDczZmE1NjBiZGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlG/njBnbimsbU/Ufd7uQOXjpt/6T
wttlEgaVE8Zwy5oJhM/HWpbGqzXFWESNfc3XJeukF+fbu/wSOvJpczcXwmzzbXdt
4jvGTpIFzk+soId92AXWiwnM8ydOoatRr7F8RXbxWnICFtDQQ8NZT6qK8XWZqfsW
pBnxl7GWKb3vI7DrV2x7N8ILG5k3G5sQtLgZTGCDlneoyeU42KVK93UpeRPq9qMS
egRVXdXIUKSElYG1FgtPS87g5qzKWqHrVyqvtDJo+yDuAyJw9AIzV1xqAyF0B92b
0jjJ6+eo/bPP08IuBC/GEcj6NGpNjETVIsjhZyXOHN2gOjm4IdGDb/LZmwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFH84UNvrDRzdwKjXDANA1z+lYL3vMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvZnpoUTItc05ITjNBcU5jTUEwRFhQNlZndmU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBUEsgMAwD
BABQSyMDBAJQSzAwDAMEAsIwfAMEA8IwgDAMAwQAwjCJAwQCwjCIMA0GCSqGSIb3
DQEBCwUAA4IBAQBRkfjczhSkrVY+bP/SdCprfq63pGYT47BQSTQSysnCp1W2Yotq
/GxBnjAiSWP5LFIV9diTmSP7Oc6uedsrdaaR7BhaYxkqHaPOeOm/wOyB6dollYI7
KITVVBYnJPCY4O3PMxd6j1ISR/OHOsboRO3IJBniITb3TWe1DOZnrUfEDuhPANJJ
WcFgO+Zuatq35y4OeWMfuwbELTxbgBQhog2RhEMv2j8rXK0r3uaUoVPu0LXP9fjc
wdUUeeHIASP/a+0EVmZJOvCPbvnDXTRZr/G9LIs2hFaz10qHWGE8yHO5GknpWkzT
PEZZcEtJEA8yWFxqgvuKr3ujunyoJfboxpts
-----END CERTIFICATE-----