Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/BQw8sVvrh__plsVq7eudvQYGIb4.roa
File:                     BQw8sVvrh__plsVq7eudvQYGIb4.roa (raw, json)
Hash identifier:          85EWu/FtgZ77nFXysPHe39i/Ks5NiDeKBVwDxdOqPoA=
Subject key identifier:   05:0C:3C:B1:5B:EB:87:FF:E9:96:C5:6A:ED:EB:9D:BD:06:06:21:BE
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018200F19D1A953AC6B85D7FF54DE384DCBE
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/BQw8sVvrh__plsVq7eudvQYGIb4.roa
Signing time:             Fri 15 Jul 2022 08:20:10 +0000
ROA not before:           Fri 15 Jul 2022 08:20:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3348
IP address blocks:        193.0.164.0/23 maxlen: 24
                          93.92.224.0/22 maxlen: 24
                          185.81.132.0/22 maxlen: 24
                          185.119.236.0/22 maxlen: 24
                          85.117.244.0/22 maxlen: 24
                          45.144.12.0/22 maxlen: 24
                          188.208.20.0/22 maxlen: 24
                          93.187.132.0/22 maxlen: 24
                          193.0.146.0/23 maxlen: 24
                          2a06:8840::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:00:f1:9d:1a:95:3a:c6:b8:5d:7f:f5:4d:e3:84:dc:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jul 15 08:20:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=050c3cb15beb87ffe996c56aedeb9dbd060621be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:60:a1:ca:02:71:e2:e8:57:3c:e9:db:6f:7f:
                    92:3c:ca:c7:f4:95:56:de:58:e9:75:43:94:48:46:
                    02:37:11:7e:43:dc:ca:77:c7:11:31:c1:31:37:a8:
                    d7:7e:78:92:9d:b8:88:87:58:10:e4:49:a1:46:3c:
                    e0:03:39:07:ed:6e:80:ad:bc:54:b4:cd:dd:8c:fc:
                    7b:e6:a2:2e:66:36:61:0a:55:06:df:a7:81:d8:88:
                    c7:0c:bf:7c:b3:64:bf:86:59:eb:20:81:e2:94:40:
                    dd:b4:10:32:96:29:eb:15:16:b1:b1:5b:61:b1:16:
                    c0:52:32:76:c4:f9:d7:cd:c3:86:97:a4:aa:7c:5e:
                    ab:5c:83:67:f9:c3:48:c5:10:75:90:d9:4d:4b:9f:
                    6f:cf:98:0f:10:d8:90:0d:6a:75:3f:0e:3b:45:16:
                    9e:13:36:80:60:ba:84:8a:0b:cd:e8:9c:50:a6:4e:
                    19:45:14:8a:4c:64:28:10:57:ee:f4:23:07:46:2d:
                    4d:b5:b8:4f:ef:d4:19:a0:f7:e2:ff:39:9d:df:6c:
                    74:ca:e1:6c:f4:5b:ab:f9:90:87:e3:6a:99:5e:9c:
                    c1:a5:db:cd:52:84:5e:19:88:b4:35:a6:76:05:94:
                    04:6b:db:e2:6c:74:f9:7b:2d:c2:8b:24:d5:ab:fe:
                    ef:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:0C:3C:B1:5B:EB:87:FF:E9:96:C5:6A:ED:EB:9D:BD:06:06:21:BE
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/BQw8sVvrh__plsVq7eudvQYGIb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.12.0/22
                  85.117.244.0/22
                  93.92.224.0/22
                  93.187.132.0/22
                  185.81.132.0/22
                  185.119.236.0/22
                  188.208.20.0/22
                  193.0.146.0/23
                  193.0.164.0/23
                IPv6:
                  2a06:8840::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:d5:79:8b:8b:2a:49:af:8a:77:42:a0:d8:89:59:2c:5b:f9:
         d7:9f:a7:d4:d7:c4:4a:c0:f8:e7:75:eb:e9:8f:cc:b5:2c:31:
         5c:7a:4d:f2:83:29:de:95:97:d6:1f:c3:e0:ae:42:98:12:75:
         b2:db:3c:1a:9d:6d:14:1d:59:03:f1:ec:bf:1d:c2:10:69:dc:
         da:8e:07:1f:b6:c1:93:9a:09:07:f5:58:b2:b5:ef:47:ea:7c:
         75:e7:70:2e:bd:17:64:b7:2f:27:ea:18:38:eb:04:84:59:80:
         1a:47:99:f3:37:27:be:ac:db:2a:dd:c3:3a:42:6b:d1:94:8b:
         9e:50:33:f6:ed:37:a7:e8:20:f3:ea:eb:ce:65:eb:88:f6:93:
         ed:7f:71:d3:2e:de:ff:13:0f:fd:f9:fd:ce:31:6d:02:68:47:
         9f:29:4f:a7:c8:1e:b4:6e:8d:9a:52:4d:54:54:8f:62:fd:a8:
         b4:64:40:dd:58:d9:40:f0:2f:69:0e:94:f6:49:2d:c9:9e:c1:
         de:e8:a1:12:ae:1f:79:9b:83:ea:3e:d7:1a:f7:f3:6c:06:9d:
         02:7a:59:52:7f:b0:25:81:a6:60:65:f3:ec:37:fd:ee:4b:44:
         eb:94:87:45:fd:32:f6:91:58:4d:58:ed:1a:64:5e:44:57:02:
         f3:aa:84:fa
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYIA8Z0alTrGuF1/9U3jhNy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjIwNzE1MDgyMDEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTBjM2NiMTViZWI4N2ZmZTk5NmM1NmFlZGViOWRiZDA2MDYyMWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2ChygJx4uhXPOnbb3+SPMrH9JVW
3ljpdUOUSEYCNxF+Q9zKd8cRMcExN6jXfniSnbiIh1gQ5EmhRjzgAzkH7W6ArbxU
tM3djPx75qIuZjZhClUG36eB2IjHDL98s2S/hlnrIIHilEDdtBAylinrFRaxsVth
sRbAUjJ2xPnXzcOGl6SqfF6rXINn+cNIxRB1kNlNS59vz5gPENiQDWp1Pw47RRae
EzaAYLqEigvN6JxQpk4ZRRSKTGQoEFfu9CMHRi1NtbhP79QZoPfi/zmd32x0yuFs
9Fur+ZCH42qZXpzBpdvNUoReGYi0NaZ2BZQEa9vibHT5ey3CiyTVq/7vGQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFAUMPLFb64f/6ZbFau3rnb0GBiG+MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvQlF3OHNWdnJoX19wbHNWcTdldWR2UVlHSWI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCLZAMAwQC
VXX0AwQCXVzgAwQCXbuEAwQCuVGEAwQCuXfsAwQCvNAUAwQBwQCSAwQBwQCkMA0E
AgACMAcDBQMqBohAMA0GCSqGSIb3DQEBCwUAA4IBAQCN1XmLiypJr4p3QqDYiVks
W/nXn6fU18RKwPjndevpj8y1LDFcek3ygynelZfWH8PgrkKYEnWy2zwanW0UHVkD
8ey/HcIQadzajgcftsGTmgkH9Viyte9H6nx153AuvRdkty8n6hg46wSEWYAaR5nz
Nye+rNsq3cM6QmvRlIueUDP27Ten6CDz6uvOZeuI9pPtf3HTLt7/Ew/9+f3OMW0C
aEefKU+nyB60bo2aUk1UVI9i/ai0ZEDdWNlA8C9pDpT2SS3JnsHe6KESrh95m4Pq
Ptca9/NsBp0CellSf7AlgaZgZfPsN/3uS0TrlIdF/TL2kVhNWO0aZF5EVwLzqoT6
-----END CERTIFICATE-----