Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/059d1a-ef94-4729-bf6d-42ae75b7957d/1/3cabAtwYOvHqIYEcvj0IRS7Ao-4.roa
File:                     3cabAtwYOvHqIYEcvj0IRS7Ao-4.roa (raw, json)
Hash identifier:          oyzShFy0YLs9/J8U76M773Q/R5yrVs2Xk4Fvsyla4Xo=
Subject key identifier:   DD:C6:9B:02:DC:18:3A:F1:EA:21:81:1C:BE:3D:08:45:2E:C0:A3:EE
Certificate issuer:       /CN=0d7a912569b787d92e5355fffaed581fe50a29c0
Certificate serial:       0181EDA0D7F1203308B72ECBCE5DA95D23AB
Authority key identifier: 0D:7A:91:25:69:B7:87:D9:2E:53:55:FF:FA:ED:58:1F:E5:0A:29:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXqRJWm3h9kuU1X_-u1YH-UKKcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/059d1a-ef94-4729-bf6d-42ae75b7957d/1/3cabAtwYOvHqIYEcvj0IRS7Ao-4.roa
Signing time:             Mon 11 Jul 2022 14:19:09 +0000
ROA not before:           Mon 11 Jul 2022 14:19:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43942
IP address blocks:        212.84.55.0/24 maxlen: 24
                          212.84.54.0/24 maxlen: 24
                          212.84.52.0/24 maxlen: 24
                          212.84.53.0/24 maxlen: 24
                          91.200.130.0/24 maxlen: 24
                          91.200.129.0/24 maxlen: 24
                          91.200.131.0/24 maxlen: 24
                          91.200.128.0/24 maxlen: 24
                          91.200.128.0/22 maxlen: 22
                          212.84.48.0/24 maxlen: 24
                          212.84.48.0/21 maxlen: 21
                          212.84.50.0/24 maxlen: 24
                          212.84.49.0/24 maxlen: 24
                          212.84.51.0/24 maxlen: 24
                          91.223.155.0/24 maxlen: 24
                          2a01:4840::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:ed:a0:d7:f1:20:33:08:b7:2e:cb:ce:5d:a9:5d:23:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7a912569b787d92e5355fffaed581fe50a29c0
        Validity
            Not Before: Jul 11 14:19:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ddc69b02dc183af1ea21811cbe3d08452ec0a3ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:7f:ac:34:19:d1:8b:39:23:df:d2:4e:b1:53:
                    ad:88:1c:cb:01:a6:be:e2:9d:97:9b:6e:3f:d1:8b:
                    b8:4c:93:43:dd:bc:50:b5:3b:e0:0e:40:d6:dc:a8:
                    ee:4e:5b:71:0e:e0:f1:21:57:e2:e6:11:cf:6c:f8:
                    24:e2:4b:09:b5:54:c4:4a:d8:da:02:a1:53:03:c8:
                    5b:49:5e:3f:9e:45:e2:57:b5:4a:cb:30:6c:b9:cf:
                    2e:1c:f3:d1:56:cd:10:0a:0b:92:7b:26:c0:22:91:
                    b2:b8:bd:c0:f0:01:2f:20:20:66:b2:91:e1:ad:7e:
                    ce:70:ad:30:3e:52:4a:57:24:a8:28:91:08:d2:32:
                    e9:fd:90:18:84:bc:36:66:8c:d1:ff:f8:8e:30:e2:
                    20:67:14:98:50:76:ec:a4:0d:96:27:ea:40:06:13:
                    c5:6c:90:e2:4e:68:7e:6e:a0:b0:e3:f8:65:66:98:
                    2a:9d:54:c8:db:b3:f8:da:2c:e9:74:91:5b:c7:18:
                    5a:a8:bf:ab:fb:5c:d2:c4:b6:c0:50:8e:84:94:28:
                    56:2d:f1:02:b1:7b:08:b4:47:b8:b4:08:7e:0b:21:
                    56:fa:59:7b:ef:4a:3b:08:63:57:5e:d6:4e:06:5c:
                    43:5c:f1:36:04:0f:7e:cb:cc:66:98:1f:99:e8:ca:
                    66:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:C6:9B:02:DC:18:3A:F1:EA:21:81:1C:BE:3D:08:45:2E:C0:A3:EE
            X509v3 Authority Key Identifier:
                keyid:0D:7A:91:25:69:B7:87:D9:2E:53:55:FF:FA:ED:58:1F:E5:0A:29:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXqRJWm3h9kuU1X_-u1YH-UKKcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/059d1a-ef94-4729-bf6d-42ae75b7957d/1/3cabAtwYOvHqIYEcvj0IRS7Ao-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/059d1a-ef94-4729-bf6d-42ae75b7957d/1/DXqRJWm3h9kuU1X_-u1YH-UKKcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.128.0/22
                  91.223.155.0/24
                  212.84.48.0/21
                IPv6:
                  2a01:4840::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:e8:4a:38:92:0c:dd:e2:18:ad:2d:46:9f:9c:df:c6:c6:56:
         ed:7d:01:92:d1:8a:1f:67:d2:fb:15:95:d2:90:d3:c9:3a:17:
         91:36:05:5a:78:48:05:93:cf:df:94:46:c9:0b:49:82:e1:cf:
         45:7f:68:a7:f8:98:ad:50:7f:c1:43:49:fe:44:35:0c:73:05:
         4c:27:46:84:8d:42:b6:48:e8:b1:27:c9:f2:e6:f0:1c:35:8d:
         73:89:c2:76:55:98:f6:1d:5a:13:fa:cc:92:24:8f:af:95:99:
         bd:4d:da:3b:e6:b6:76:b8:ce:68:9f:be:a7:b7:d7:2f:49:09:
         ba:38:e8:2c:88:1d:95:8c:ba:a0:51:d9:c4:91:0a:f5:2e:1c:
         e4:46:c7:22:2d:45:da:e1:22:d9:0e:03:30:bc:e1:6b:d6:01:
         7d:b4:29:c0:c1:3f:0b:d6:bd:eb:ae:36:bb:66:98:28:35:f4:
         d6:de:16:4f:cd:63:ac:0e:ce:73:39:50:61:42:e8:90:ac:3f:
         d1:24:cd:d1:6e:5b:d7:b7:02:ea:f4:fd:21:e9:44:0b:a1:00:
         4c:a0:fc:d8:3d:e9:75:ec:85:cf:e1:fd:d1:c3:83:e2:8c:63:
         fc:f8:d5:04:2e:d7:fb:ac:6a:ca:f1:7d:32:de:78:6c:aa:9a:
         d3:c7:f1:50
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYHtoNfxIDMIty7Lzl2pXSOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkN2E5MTI1NjliNzg3ZDkyZTUzNTVmZmZhZWQ1ODFmZTUw
YTI5YzAwHhcNMjIwNzExMTQxOTA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGM2OWIwMmRjMTgzYWYxZWEyMTgxMWNiZTNkMDg0NTJlYzBhM2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+X+sNBnRizkj39JOsVOtiBzLAaa+
4p2Xm24/0Yu4TJND3bxQtTvgDkDW3KjuTltxDuDxIVfi5hHPbPgk4ksJtVTEStja
AqFTA8hbSV4/nkXiV7VKyzBsuc8uHPPRVs0QCguSeybAIpGyuL3A8AEvICBmspHh
rX7OcK0wPlJKVySoKJEI0jLp/ZAYhLw2ZozR//iOMOIgZxSYUHbspA2WJ+pABhPF
bJDiTmh+bqCw4/hlZpgqnVTI27P42izpdJFbxxhaqL+r+1zSxLbAUI6ElChWLfEC
sXsItEe4tAh+CyFW+ll770o7CGNXXtZOBlxDXPE2BA9+y8xmmB+Z6MpmOwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFN3GmwLcGDrx6iGBHL49CEUuwKPuMB8GA1UdIwQY
MBaAFA16kSVpt4fZLlNV//rtWB/lCinAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhxUkpXbTNoOWt1VTFYXy11MVlILVVLS2NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8wNTlkMWEtZWY5NC00NzI5LWJmNmQt
NDJhZTc1Yjc5NTdkLzEvM2NhYkF0d1lPdkhxSVlFY3ZqMElSUzdBby00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8wNTlkMWEtZWY5NC00NzI5LWJmNmQtNDJhZTc1Yjc5NTdk
LzEvRFhxUkpXbTNoOWt1VTFYXy11MVlILVVLS2NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCW8iAAwQA
W9+bAwQD1FQwMA0EAgACMAcDBQAqAUhAMA0GCSqGSIb3DQEBCwUAA4IBAQCs6Eo4
kgzd4hitLUafnN/GxlbtfQGS0YofZ9L7FZXSkNPJOheRNgVaeEgFk8/flEbJC0mC
4c9Ff2in+JitUH/BQ0n+RDUMcwVMJ0aEjUK2SOixJ8ny5vAcNY1zicJ2VZj2HVoT
+sySJI+vlZm9Tdo75rZ2uM5on76nt9cvSQm6OOgsiB2VjLqgUdnEkQr1LhzkRsci
LUXa4SLZDgMwvOFr1gF9tCnAwT8L1r3rrja7ZpgoNfTW3hZPzWOsDs5zOVBhQuiQ
rD/RJM3RblvXtwLq9P0h6UQLoQBMoPzYPel17IXP4f3Rw4PijGP8+NUELtf7rGrK
8X0y3nhsqprTx/FQ
-----END CERTIFICATE-----