Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/7b45b9-990b-4614-a64e-0f52ea5229fc/1/3FtXeSVxb0LXM_PSJtwFGibipzQ.roa
File:                     3FtXeSVxb0LXM_PSJtwFGibipzQ.roa (raw, json)
Hash identifier:          GGlse+26jOTTjwhSTez94hYtMTIfEb9qWATJ9w9wiKk=
Subject key identifier:   DC:5B:57:79:25:71:6F:42:D7:33:F3:D2:26:DC:05:1A:26:E2:A7:34
Certificate issuer:       /CN=9256db3487b4c5bacb300177057cf3174cf77477
Certificate serial:       0183B42DB52368F9E2CE9A5A3FF6BD0C757E
Authority key identifier: 92:56:DB:34:87:B4:C5:BA:CB:30:01:77:05:7C:F3:17:4C:F7:74:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klbbNIe0xbrLMAF3BXzzF0z3dHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/7b45b9-990b-4614-a64e-0f52ea5229fc/1/3FtXeSVxb0LXM_PSJtwFGibipzQ.roa
Signing time:             Fri 07 Oct 2022 20:40:37 +0000
ROA not before:           Fri 07 Oct 2022 20:40:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51263
IP address blocks:        62.56.176.0/20 maxlen: 20
                          178.251.178.0/24 maxlen: 24
                          178.251.177.0/24 maxlen: 24
                          178.251.176.0/24 maxlen: 24
                          178.251.176.0/21 maxlen: 21
                          178.251.179.0/24 maxlen: 24
                          178.251.183.0/24 maxlen: 24
                          178.251.182.0/24 maxlen: 24
                          178.251.181.0/24 maxlen: 24
                          178.251.180.0/24 maxlen: 24
                          185.25.56.0/22 maxlen: 22
                          213.244.200.0/21 maxlen: 21
                          2a03:e240::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b4:2d:b5:23:68:f9:e2:ce:9a:5a:3f:f6:bd:0c:75:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9256db3487b4c5bacb300177057cf3174cf77477
        Validity
            Not Before: Oct  7 20:40:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dc5b577925716f42d733f3d226dc051a26e2a734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:aa:34:bd:d7:27:35:48:39:4a:96:e0:a0:f2:
                    46:65:f8:2b:0e:6a:da:9a:93:dd:06:a5:7a:c5:3e:
                    32:b9:d8:ae:4b:23:96:5a:0c:82:f1:b0:fb:d2:92:
                    24:0c:ce:36:08:07:df:61:f9:45:28:26:ad:99:9d:
                    5b:c2:e2:23:44:cb:6b:d7:40:4f:76:a9:17:1e:ef:
                    45:18:b8:12:9d:95:52:1f:e6:da:f1:82:0e:0d:6f:
                    b3:3a:c9:70:8f:96:3a:35:c8:83:5a:c2:33:18:e2:
                    b4:68:ce:ac:22:66:3f:27:92:dc:0d:0c:da:21:51:
                    0c:dd:4f:9d:e5:a0:8b:69:3b:22:3d:bc:88:55:75:
                    ec:bd:6a:59:6a:d8:d0:aa:65:09:88:f4:18:82:cc:
                    8d:d9:cc:ca:f9:eb:b0:9b:26:cb:b8:1f:01:a9:ac:
                    e2:cf:93:50:65:54:d7:42:cf:93:e1:9e:24:0a:6d:
                    ae:20:a6:f4:2b:8f:30:04:50:1d:43:89:c3:31:56:
                    cf:2d:19:73:cc:e7:5b:d3:65:92:e1:c4:66:6d:1f:
                    ed:10:53:56:93:3c:af:4b:3b:1d:12:24:f9:ab:0d:
                    29:27:36:99:02:20:86:42:88:7c:cb:db:d6:d0:40:
                    4a:bb:12:3d:a6:a4:22:9b:c7:ae:0a:08:1e:9b:1a:
                    a1:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:5B:57:79:25:71:6F:42:D7:33:F3:D2:26:DC:05:1A:26:E2:A7:34
            X509v3 Authority Key Identifier:
                keyid:92:56:DB:34:87:B4:C5:BA:CB:30:01:77:05:7C:F3:17:4C:F7:74:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klbbNIe0xbrLMAF3BXzzF0z3dHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/7b45b9-990b-4614-a64e-0f52ea5229fc/1/3FtXeSVxb0LXM_PSJtwFGibipzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/7b45b9-990b-4614-a64e-0f52ea5229fc/1/klbbNIe0xbrLMAF3BXzzF0z3dHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.56.176.0/20
                  178.251.176.0/21
                  185.25.56.0/22
                  213.244.200.0/21
                IPv6:
                  2a03:e240::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:7d:ed:bf:d5:ba:69:61:f7:8c:21:2b:1e:c4:bb:1f:33:b1:
         0f:b0:6b:2e:5d:d2:2f:d3:b7:4d:8c:d2:57:04:a9:03:4d:06:
         a0:5e:b4:cd:a1:2a:e3:b7:92:b2:cf:2e:8a:e1:2b:8d:7f:0b:
         d1:fb:d0:96:85:c3:af:fd:2e:b7:3e:f1:4a:9a:d2:6f:70:ad:
         6b:38:8a:12:4f:ec:8d:31:49:16:8a:10:03:89:a6:1b:16:f0:
         b2:c6:fa:87:37:d0:60:de:93:ed:20:3e:46:9f:7e:74:46:c3:
         5f:69:6a:91:92:e3:a0:69:db:4c:98:24:b1:17:c0:34:7e:62:
         b4:50:e7:40:73:99:5c:8b:77:8e:28:a3:d5:4b:7b:1a:f0:58:
         f4:9d:66:2d:4a:52:7d:81:b2:80:40:3d:bf:62:34:c4:87:87:
         8e:74:c2:ce:05:52:cd:d4:cf:51:f1:a5:61:2d:10:d3:c5:c1:
         24:09:9d:d5:d4:46:4e:39:73:6a:95:43:ea:c6:ed:53:e7:ce:
         2b:82:eb:f2:a7:84:13:44:3e:09:31:06:9e:9c:7c:72:4f:a9:
         de:42:b1:04:6b:c9:39:4e:c9:6f:8b:d8:db:40:31:58:88:b5:
         1a:6e:db:b0:77:3a:2f:38:e5:48:2f:a9:5b:fd:76:3e:0c:24:
         ec:ed:6e:26
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYO0LbUjaPnizppaP/a9DHV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTZkYjM0ODdiNGM1YmFjYjMwMDE3NzA1N2NmMzE3NGNm
Nzc0NzcwHhcNMjIxMDA3MjA0MDM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzViNTc3OTI1NzE2ZjQyZDczM2YzZDIyNmRjMDUxYTI2ZTJhNzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6o0vdcnNUg5SpbgoPJGZfgrDmra
mpPdBqV6xT4yudiuSyOWWgyC8bD70pIkDM42CAffYflFKCatmZ1bwuIjRMtr10BP
dqkXHu9FGLgSnZVSH+ba8YIODW+zOslwj5Y6NciDWsIzGOK0aM6sImY/J5LcDQza
IVEM3U+d5aCLaTsiPbyIVXXsvWpZatjQqmUJiPQYgsyN2czK+euwmybLuB8Bqazi
z5NQZVTXQs+T4Z4kCm2uIKb0K48wBFAdQ4nDMVbPLRlzzOdb02WS4cRmbR/tEFNW
kzyvSzsdEiT5qw0pJzaZAiCGQoh8y9vW0EBKuxI9pqQim8euCggemxqhqwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFNxbV3klcW9C1zPz0ibcBRom4qc0MB8GA1UdIwQY
MBaAFJJW2zSHtMW6yzABdwV88xdM93R3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xiYk5JZTB4YnJMTUFGM0JYenpGMHozZEhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83YjQ1YjktOTkwYi00NjE0LWE2NGUt
MGY1MmVhNTIyOWZjLzEvM0Z0WGVTVnhiMExYTV9QU0p0d0ZHaWJpcHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83YjQ1YjktOTkwYi00NjE0LWE2NGUtMGY1MmVhNTIyOWZj
LzEva2xiYk5JZTB4YnJMTUFGM0JYenpGMHozZEhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEPjiwAwQD
svuwAwQCuRk4AwQD1fTIMA0EAgACMAcDBQAqA+JAMA0GCSqGSIb3DQEBCwUAA4IB
AQATfe2/1bppYfeMISsexLsfM7EPsGsuXdIv07dNjNJXBKkDTQagXrTNoSrjt5Ky
zy6K4SuNfwvR+9CWhcOv/S63PvFKmtJvcK1rOIoST+yNMUkWihADiaYbFvCyxvqH
N9Bg3pPtID5Gn350RsNfaWqRkuOgadtMmCSxF8A0fmK0UOdAc5lci3eOKKPVS3sa
8Fj0nWYtSlJ9gbKAQD2/YjTEh4eOdMLOBVLN1M9R8aVhLRDTxcEkCZ3V1EZOOXNq
lUPqxu1T584rguvyp4QTRD4JMQaenHxyT6neQrEEa8k5Tslvi9jbQDFYiLUabtuw
dzovOOVIL6lb/XY+DCTs7W4m
-----END CERTIFICATE-----