Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/DaJrOX09--2JR2JW3gN7QTq3FXA.roa
File:                     DaJrOX09--2JR2JW3gN7QTq3FXA.roa (raw, json)
Hash identifier:          SH2G8dj1CT5v2OmBFYKfbBnEwysMgVgu3S313iC2MYw=
Subject key identifier:   0D:A2:6B:39:7D:3D:FB:ED:89:47:62:56:DE:03:7B:41:3A:B7:15:70
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       21817B6E
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/DaJrOX09--2JR2JW3gN7QTq3FXA.roa
Signing time:             Tue 08 Feb 2022 12:15:42 +0000
ROA not before:           Tue 08 Feb 2022 12:15:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48037
IP address blocks:        147.181.98.0/24 maxlen: 24
                          147.181.96.0/24 maxlen: 24
                          147.181.97.0/24 maxlen: 24
                          147.181.99.0/24 maxlen: 24
                          147.181.103.0/24 maxlen: 24
                          147.181.112.0/24 maxlen: 24
                          147.181.109.0/24 maxlen: 24
                          147.181.108.0/24 maxlen: 24
                          147.181.113.0/24 maxlen: 24
                          147.181.114.0/24 maxlen: 24
                          147.181.117.0/24 maxlen: 24
                          147.181.40.0/22 maxlen: 22
                          2a04:9a03:1010::/44 maxlen: 44
                          2a04:9a00:1004::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 562133870 (0x21817b6e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Feb  8 12:15:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0da26b397d3dfbed89476256de037b413ab71570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:07:8c:38:61:55:fe:2f:49:07:b7:7f:e0:7c:
                    17:ba:a3:6a:b7:ed:8c:3c:44:65:7b:73:f3:76:c0:
                    e8:9b:e0:6d:8a:2c:51:91:8f:9c:72:4e:1d:9c:f2:
                    47:52:66:c0:01:d9:7c:18:44:c6:95:cc:d2:aa:19:
                    0b:f1:31:94:67:6e:11:15:9f:e8:f9:8e:3e:e3:e8:
                    13:52:60:30:82:5d:01:d2:88:a3:aa:3d:5e:85:3f:
                    04:96:20:05:0e:ee:f8:62:bf:86:ed:2b:d7:df:da:
                    d6:1a:2e:5e:7b:fe:9a:80:fe:b1:48:73:77:e5:ca:
                    e9:07:24:69:66:40:ad:84:27:a1:ac:93:6e:19:b1:
                    a0:60:01:b6:42:32:cf:ef:10:0e:cd:6f:80:ad:53:
                    2a:d5:f4:bd:87:f4:42:ad:77:59:15:2f:42:28:55:
                    0b:bc:b0:23:50:d0:0c:43:19:1b:34:38:5a:db:b6:
                    85:7e:50:74:0e:17:3d:5d:14:80:d3:cc:3b:28:15:
                    d5:da:34:82:9d:4b:f6:43:dc:53:be:32:32:9f:5b:
                    a0:ad:46:8c:82:2a:a7:8b:22:79:29:6f:b4:4c:51:
                    e9:5a:ef:57:9d:34:70:9e:b1:29:86:4c:80:8a:46:
                    99:48:f6:e0:20:b7:e1:4d:37:2f:82:b5:e5:e4:4f:
                    f3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:A2:6B:39:7D:3D:FB:ED:89:47:62:56:DE:03:7B:41:3A:B7:15:70
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/DaJrOX09--2JR2JW3gN7QTq3FXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.181.40.0/22
                  147.181.96.0/22
                  147.181.103.0/24
                  147.181.108.0/23
                  147.181.112.0-147.181.114.255
                  147.181.117.0/24
                IPv6:
                  2a04:9a00:1004::/48
                  2a04:9a03:1010::/44

    Signature Algorithm: sha256WithRSAEncryption
         4a:59:a3:e8:35:d8:66:16:e2:59:0f:a4:25:08:14:08:a1:c8:
         77:17:18:56:96:34:50:14:9c:e4:dc:31:55:aa:91:7b:78:be:
         27:3f:82:ed:9b:42:93:8a:9b:70:13:26:a6:6f:bd:93:1d:26:
         6a:57:48:d0:d4:80:40:67:eb:2d:8c:b9:c1:cc:b7:69:76:59:
         89:aa:26:01:a2:0a:f9:f9:53:57:e3:cb:78:f2:7b:eb:c5:67:
         b2:cd:f7:9f:85:20:38:2f:70:34:79:c5:e1:10:18:00:9f:e0:
         c3:5e:bc:c3:be:4f:74:31:48:4c:f0:62:f4:34:52:46:12:a2:
         ae:17:35:cb:39:bb:8a:c0:8e:49:c2:4b:bd:d4:27:6d:26:4f:
         d8:f5:5a:79:22:f2:fd:75:d7:7a:c3:3a:7f:64:64:87:dc:44:
         7d:26:1c:0a:72:b4:d5:f2:34:f7:e7:7d:b4:98:de:7e:fb:79:
         63:2d:b3:5b:e8:c2:75:97:05:04:75:a5:a0:91:54:73:ca:e0:
         da:bf:b0:77:3b:34:35:e3:a0:71:37:51:9c:0a:1c:f5:98:29:
         83:29:9e:f5:ec:08:7a:ce:38:d5:df:86:a9:34:fc:a2:52:f0:
         e7:93:c5:4b:1f:85:96:f8:0c:c8:d3:3c:09:f0:25:20:9a:bb:
         05:b8:cd:e8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEIYF7bjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MDVkMjhkMTY2MjZiYzVkY2FiZjJlOTE1NDM1NzgyYjk2ZTE0MDcxMB4XDTIyMDIw
ODEyMTU0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGRhMjZiMzk3ZDNk
ZmJlZDg5NDc2MjU2ZGUwMzdiNDEzYWI3MTU3MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALYHjDhhVf4vSQe3f+B8F7qjarftjDxEZXtz83bA6JvgbYos
UZGPnHJOHZzyR1JmwAHZfBhExpXM0qoZC/ExlGduERWf6PmOPuPoE1JgMIJdAdKI
o6o9XoU/BJYgBQ7u+GK/hu0r19/a1houXnv+moD+sUhzd+XK6QckaWZArYQnoayT
bhmxoGABtkIyz+8QDs1vgK1TKtX0vYf0Qq13WRUvQihVC7ywI1DQDEMZGzQ4Wtu2
hX5QdA4XPV0UgNPMOygV1do0gp1L9kPcU74yMp9boK1GjIIqp4sieSlvtExR6Vrv
V500cJ6xKYZMgIpGmUj24CC34U03L4K15eRP85sCAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBQNoms5fT377YlHYlbeA3tBOrcVcDAfBgNVHSMEGDAWgBSwXSjRZia8Xcq/
LpFUNXgrluFAcTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NGMG8wV1ltdkYzS3Z5NlJWRFY0SzViaFFIRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzMvYmJhOTczLTdjOWYtNGIxMS1iNjExLWFkNTc1NTIyYjM2NS8x
L0RhSnJPWDA5LS0ySlIySlczZ043UVRxM0ZYQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMv
YmJhOTczLTdjOWYtNGIxMS1iNjExLWFkNTc1NTIyYjM2NS8xL3NGMG8wV1ltdkYz
S3Z5NlJWRFY0SzViaFFIRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wMgQCAAEwLAMEApO1KAMEApO1YAMEAJO1ZwMEAZO1
bDAMAwQEk7VwAwQAk7VyAwQAk7V1MBgEAgACMBIDBwAqBJoAEAQDBwQqBJoDEBAw
DQYJKoZIhvcNAQELBQADggEBAEpZo+g12GYW4lkPpCUIFAihyHcXGFaWNFAUnOTc
MVWqkXt4vic/gu2bQpOKm3ATJqZvvZMdJmpXSNDUgEBn6y2MucHMt2l2WYmqJgGi
Cvn5U1fjy3jye+vFZ7LN95+FIDgvcDR5xeEQGACf4MNevMO+T3QxSEzwYvQ0UkYS
oq4XNcs5u4rAjknCS73UJ20mT9j1Wnki8v1113rDOn9kZIfcRH0mHApytNXyNPfn
fbSY3n77eWMts1vownWXBQR1paCRVHPK4Nq/sHc7NDXjoHE3UZwKHPWYKYMpnvXs
CHrOONXfhqk0/KJS8OeTxUsfhZb4DMjTPAnwJSCauwW4zeg=
-----END CERTIFICATE-----