Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/i_i_Urx-1cGykc4As6K37JyxDac.roa
File:                     i_i_Urx-1cGykc4As6K37JyxDac.roa (raw, json)
Hash identifier:          5BVzsqKWMYvxgCl40laMNMKLGSFtGhRZsa4Y41ifFQU=
Subject key identifier:   8B:F8:BF:52:BC:7E:D5:C1:B2:91:CE:00:B3:A2:B7:EC:9C:B1:0D:A7
Certificate issuer:       /CN=72b8d533e2519b68adcb3b7be359b93357e2b1cb
Certificate serial:       01838872CCE5D4D1846982C6A2D82987E806
Authority key identifier: 72:B8:D5:33:E2:51:9B:68:AD:CB:3B:7B:E3:59:B9:33:57:E2:B1:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crjVM-JRm2ityzt741m5M1fiscs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/i_i_Urx-1cGykc4As6K37JyxDac.roa
Signing time:             Thu 29 Sep 2022 08:52:48 +0000
ROA not before:           Thu 29 Sep 2022 08:52:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48635
IP address blocks:        128.140.216.0/21 maxlen: 24
                          185.231.200.0/22 maxlen: 24
                          62.84.240.0/21 maxlen: 24
                          91.203.76.0/22 maxlen: 24
                          109.70.0.0/21 maxlen: 24
                          46.17.0.0/21 maxlen: 24
                          185.89.4.0/22 maxlen: 24
                          185.27.140.0/22 maxlen: 24
                          2a02:2968::/29 maxlen: 48
                          2a05:cfc0::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:88:72:cc:e5:d4:d1:84:69:82:c6:a2:d8:29:87:e8:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b8d533e2519b68adcb3b7be359b93357e2b1cb
        Validity
            Not Before: Sep 29 08:52:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8bf8bf52bc7ed5c1b291ce00b3a2b7ec9cb10da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:90:42:f7:a8:07:d6:82:d4:a9:82:20:d1:9b:
                    4d:1d:28:41:c8:69:57:13:f1:43:1f:3c:99:6e:b5:
                    7b:f0:5f:ef:5f:00:31:66:cf:67:94:32:d0:9e:d3:
                    3a:e4:1b:47:82:9a:0f:e1:99:e2:37:e6:0d:db:bf:
                    8c:db:7e:67:34:0f:12:40:61:51:dc:4e:33:6d:0d:
                    fe:a6:b8:10:fb:4d:7b:88:9d:06:e1:f2:31:b7:b6:
                    29:8b:ca:b6:6b:d1:03:b7:f4:d3:f7:79:34:47:18:
                    20:8b:8f:e4:88:c6:b8:ee:71:ad:d9:8a:2b:ce:32:
                    87:ec:58:f6:f3:43:6b:38:17:df:48:da:79:1b:3f:
                    e4:34:d6:47:e6:d9:d6:17:be:41:cc:78:5d:cc:d6:
                    a4:92:b4:f0:0d:76:15:19:88:05:28:2f:41:48:7b:
                    79:1c:40:42:f9:7e:8d:2c:71:26:97:9c:0f:14:0b:
                    ab:50:f9:75:61:dd:82:87:3f:5b:43:db:e1:4f:fa:
                    a7:f5:d7:20:2f:2e:7b:aa:dc:cb:42:bf:6b:0c:d0:
                    41:fe:47:72:6a:44:11:06:91:98:b4:3e:38:b1:c0:
                    da:6b:9e:a4:83:e2:6a:fb:1d:6f:a2:19:1a:fa:31:
                    69:fb:7f:e0:31:60:e2:d2:80:c6:79:2f:ce:f3:e0:
                    c2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F8:BF:52:BC:7E:D5:C1:B2:91:CE:00:B3:A2:B7:EC:9C:B1:0D:A7
            X509v3 Authority Key Identifier:
                keyid:72:B8:D5:33:E2:51:9B:68:AD:CB:3B:7B:E3:59:B9:33:57:E2:B1:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crjVM-JRm2ityzt741m5M1fiscs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/i_i_Urx-1cGykc4As6K37JyxDac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/crjVM-JRm2ityzt741m5M1fiscs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.0.0/21
                  62.84.240.0/21
                  91.203.76.0/22
                  109.70.0.0/21
                  128.140.216.0/21
                  185.27.140.0/22
                  185.89.4.0/22
                  185.231.200.0/22
                IPv6:
                  2a02:2968::/29
                  2a05:cfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:d1:b7:ca:8d:23:12:0d:63:f4:7b:da:ef:10:3c:b4:8c:86:
         c3:45:48:5f:5e:e3:3e:7a:5a:89:c1:8a:bc:66:6c:2b:67:85:
         f8:f1:3d:7e:72:4c:77:58:63:69:7c:3e:be:fe:07:4b:de:7f:
         f1:07:d0:c9:98:88:60:8c:41:e4:36:32:c5:5e:4f:fc:41:62:
         dc:a4:32:0f:7b:3b:8b:44:bf:ee:6d:e8:e9:f6:5a:48:6c:69:
         d5:33:10:46:17:9d:58:b2:fd:24:2c:28:4c:ac:a2:f7:95:1a:
         78:e7:b4:52:1b:c3:ee:c4:29:2e:44:f3:46:68:5e:d0:26:03:
         29:2c:ef:e6:ec:44:cc:c1:6c:39:8f:ce:5b:e6:89:68:bd:d7:
         be:4f:3f:73:df:c4:d1:fa:9a:40:35:2f:e6:21:0c:a0:56:02:
         b8:7e:21:da:1b:5a:76:df:69:df:c5:07:72:6e:5f:72:3d:6a:
         ec:b0:8f:21:8a:20:0e:1f:98:bd:bf:db:0b:81:31:07:24:25:
         97:f6:87:72:a8:f0:49:00:4b:c7:f7:69:cc:15:e2:09:b5:32:
         e5:86:83:1d:99:da:dd:6d:a3:e3:c4:eb:43:37:0f:79:39:57:
         58:c8:1c:47:b7:fb:3d:34:88:c6:fc:75:6c:f5:0d:8d:f1:1b:
         bd:41:02:b0
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYOIcszl1NGEaYLGotgph+gGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjhkNTMzZTI1MTliNjhhZGNiM2I3YmUzNTliOTMzNTdl
MmIxY2IwHhcNMjIwOTI5MDg1MjQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY4YmY1MmJjN2VkNWMxYjI5MWNlMDBiM2EyYjdlYzljYjEwZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZBC96gH1oLUqYIg0ZtNHShByGlX
E/FDHzyZbrV78F/vXwAxZs9nlDLQntM65BtHgpoP4ZniN+YN27+M235nNA8SQGFR
3E4zbQ3+prgQ+017iJ0G4fIxt7Ypi8q2a9EDt/TT93k0Rxggi4/kiMa47nGt2Yor
zjKH7Fj280NrOBffSNp5Gz/kNNZH5tnWF75BzHhdzNakkrTwDXYVGYgFKC9BSHt5
HEBC+X6NLHEml5wPFAurUPl1Yd2Chz9bQ9vhT/qn9dcgLy57qtzLQr9rDNBB/kdy
akQRBpGYtD44scDaa56kg+Jq+x1vohka+jFp+3/gMWDi0oDGeS/O8+DCNQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFIv4v1K8ftXBspHOALOit+ycsQ2nMB8GA1UdIwQY
MBaAFHK41TPiUZtorcs7e+NZuTNX4rHLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JqVk0tSlJtMml0eXp0NzQxbTVNMWZpc2NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83MjA3MjAtMjdiNy00NWNhLWE5Yzgt
ZTE1YmQ3OWMzOWMzLzEvaV9pX1VyeC0xY0d5a2M0QXM2SzM3Snl4RGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83MjA3MjAtMjdiNy00NWNhLWE5YzgtZTE1YmQ3OWMzOWMz
LzEvY3JqVk0tSlJtMml0eXp0NzQxbTVNMWZpc2NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDLhEAAwQD
PlTwAwQCW8tMAwQDbUYAAwQDgIzYAwQCuRuMAwQCuVkEAwQCuefIMBQEAgACMA4D
BQMqAiloAwUDKgXPwDANBgkqhkiG9w0BAQsFAAOCAQEAZ9G3yo0jEg1j9Hva7xA8
tIyGw0VIX17jPnpaicGKvGZsK2eF+PE9fnJMd1hjaXw+vv4HS95/8QfQyZiIYIxB
5DYyxV5P/EFi3KQyD3s7i0S/7m3o6fZaSGxp1TMQRhedWLL9JCwoTKyi95UaeOe0
UhvD7sQpLkTzRmhe0CYDKSzv5uxEzMFsOY/OW+aJaL3Xvk8/c9/E0fqaQDUv5iEM
oFYCuH4h2htadt9p38UHcm5fcj1q7LCPIYogDh+Yvb/bC4ExByQll/aHcqjwSQBL
x/dpzBXiCbUy5YaDHZna3W2j48TrQzcPeTlXWMgcR7f7PTSIxvx1bPUNjfEbvUEC
sA==
-----END CERTIFICATE-----