Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/tW7JeEPmVFgl2DKFZctOQTXL1JY.roa
File:                     tW7JeEPmVFgl2DKFZctOQTXL1JY.roa (raw, json)
Hash identifier:          DP2J4f4aTECLruedTblte0MjQNTSQyoKRMNufVVawHU=
Subject key identifier:   B5:6E:C9:78:43:E6:54:58:25:D8:32:85:65:CB:4E:41:35:CB:D4:96
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018505AE335796365BA0E5A862A320DCC040
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/tW7JeEPmVFgl2DKFZctOQTXL1JY.roa
Signing time:             Mon 12 Dec 2022 09:33:00 +0000
ROA not before:           Mon 12 Dec 2022 09:33:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6854
IP address blocks:        193.201.228.0/22 maxlen: 24
                          212.69.96.0/19 maxlen: 19
                          213.243.64.0/18 maxlen: 18
                          188.162.0.0/16 maxlen: 24
                          195.230.64.0/19 maxlen: 19
                          80.253.0.0/20 maxlen: 20
                          195.16.96.0/19 maxlen: 24
                          83.222.192.0/19 maxlen: 19
                          195.5.128.0/19 maxlen: 24
                          83.229.128.0/17 maxlen: 17
                          62.64.16.0/20 maxlen: 20
                          62.64.24.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:05:ae:33:57:96:36:5b:a0:e5:a8:62:a3:20:dc:c0:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Dec 12 09:33:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b56ec97843e6545825d8328565cb4e4135cbd496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c3:64:f2:b8:31:38:5c:34:7f:45:b7:1e:29:
                    91:5b:05:7b:e5:f0:5c:12:76:74:66:27:a3:b7:a1:
                    52:48:dc:59:6e:b3:a6:2e:28:60:58:06:d9:d1:ed:
                    50:76:fc:23:d4:69:dd:5c:48:fe:d7:2f:9d:63:73:
                    26:b3:13:33:ad:03:7c:bf:a3:8d:be:04:7a:21:0c:
                    c0:98:b9:28:7c:5e:72:03:3c:4a:0a:13:1b:eb:c4:
                    2c:85:de:26:e8:cd:68:e1:16:d7:d5:80:db:8d:db:
                    f8:73:1c:fa:d2:53:65:67:46:65:34:dd:e0:39:2b:
                    a1:12:3c:55:03:d5:d3:ed:55:f0:58:68:8f:a8:0c:
                    85:53:84:fd:27:81:b0:87:b4:bc:e0:00:49:d0:21:
                    d7:d7:01:90:88:8b:57:1c:86:a4:ea:16:3f:07:00:
                    70:88:cf:fe:24:63:df:d4:c2:bc:96:68:7a:8d:07:
                    01:dc:da:22:84:b9:5c:0a:e2:28:c9:84:55:53:d6:
                    6d:83:62:28:75:ee:12:30:17:27:91:d9:49:e5:90:
                    ff:47:35:1c:1f:fc:d0:f5:cf:96:1a:c0:fe:3e:01:
                    6e:81:cf:27:9b:9e:d7:d7:a4:e5:4b:e1:80:1e:d3:
                    e9:83:35:9c:57:8f:e3:22:a4:67:a9:36:0c:9a:84:
                    41:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:6E:C9:78:43:E6:54:58:25:D8:32:85:65:CB:4E:41:35:CB:D4:96
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/tW7JeEPmVFgl2DKFZctOQTXL1JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.64.16.0/20
                  80.253.0.0/20
                  83.222.192.0/19
                  83.229.128.0/17
                  188.162.0.0/16
                  193.201.228.0/22
                  195.5.128.0/19
                  195.16.96.0/19
                  195.230.64.0/19
                  212.69.96.0/19
                  213.243.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         31:da:3a:63:4f:9b:b1:dd:c3:72:f0:75:4e:70:14:2e:3a:7b:
         bc:37:f5:d8:50:37:86:3d:07:fa:ea:2d:24:53:50:42:8c:a9:
         58:2d:66:8a:76:1e:e6:2b:88:fa:28:05:b7:1d:25:77:92:6d:
         7b:78:db:bd:98:0e:78:2d:b9:93:bf:05:9f:21:c9:8a:71:53:
         6d:7a:55:c5:20:2f:b8:a3:01:4f:ee:93:26:2b:31:b9:83:33:
         1e:36:30:a5:66:be:f3:7c:ab:24:d6:b8:3f:b2:5b:e0:b5:01:
         b3:be:fc:3d:64:64:5a:e2:cb:e8:cb:02:50:1b:5e:34:22:b0:
         96:31:71:25:2d:61:57:ea:ae:0f:c0:d7:ec:bb:83:36:dd:18:
         70:e3:c4:85:1b:a2:7e:03:06:22:17:a0:a6:6a:1e:7d:4e:6d:
         15:b5:48:9a:7c:b4:90:b3:e6:ec:81:63:e5:47:ed:49:95:b1:
         80:e3:85:0e:1b:f5:d4:4c:61:15:a6:07:ed:5f:7b:cb:d5:97:
         51:f6:a7:9b:f9:f9:ee:d1:93:95:28:9f:7e:10:1b:65:82:e0:
         e7:bb:9b:11:04:3b:31:39:87:e1:9a:55:5a:98:2f:72:84:4e:
         30:4b:dd:dd:f5:f9:a1:2c:b2:44:1f:fb:b6:9c:b4:39:46:ff:
         ee:f9:38:de
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYUFrjNXljZboOWoYqMg3MBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMjEyMDkzMzAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTZlYzk3ODQzZTY1NDU4MjVkODMyODU2NWNiNGU0MTM1Y2JkNDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8Nk8rgxOFw0f0W3HimRWwV75fBc
EnZ0Ziejt6FSSNxZbrOmLihgWAbZ0e1Qdvwj1GndXEj+1y+dY3MmsxMzrQN8v6ON
vgR6IQzAmLkofF5yAzxKChMb68Qshd4m6M1o4RbX1YDbjdv4cxz60lNlZ0ZlNN3g
OSuhEjxVA9XT7VXwWGiPqAyFU4T9J4Gwh7S84ABJ0CHX1wGQiItXHIak6hY/BwBw
iM/+JGPf1MK8lmh6jQcB3NoihLlcCuIoyYRVU9Ztg2Iode4SMBcnkdlJ5ZD/RzUc
H/zQ9c+WGsD+PgFugc8nm57X16TlS+GAHtPpgzWcV4/jIqRnqTYMmoRBpQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFLVuyXhD5lRYJdgyhWXLTkE1y9SWMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvdFc3SmVFUG1WRmdsMkRLRlpjdE9RVFhMMUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTBHBAIAATBBAwQEPkAQAwQE
UP0AAwQFU97AAwQHU+WAAwMAvKIDBALByeQDBAXDBYADBAXDEGADBAXD5kADBAXU
RWADBAbV80AwDQYJKoZIhvcNAQELBQADggEBADHaOmNPm7Hdw3LwdU5wFC46e7w3
9dhQN4Y9B/rqLSRTUEKMqVgtZop2HuYriPooBbcdJXeSbXt4272YDngtuZO/BZ8h
yYpxU216VcUgL7ijAU/ukyYrMbmDMx42MKVmvvN8qyTWuD+yW+C1AbO+/D1kZFri
y+jLAlAbXjQisJYxcSUtYVfqrg/A1+y7gzbdGHDjxIUbon4DBiIXoKZqHn1ObRW1
SJp8tJCz5uyBY+VH7UmVsYDjhQ4b9dRMYRWmB+1fe8vVl1H2p5v5+e7Rk5Uon34Q
G2WC4Oe7mxEEOzE5h+GaVVqYL3KETjBL3d31+aEsskQf+7actDlG/+75ON4=
-----END CERTIFICATE-----