Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/PaEeCPAXPzvWWxc8TRV8uJyxvWU.roa
File:                     PaEeCPAXPzvWWxc8TRV8uJyxvWU.roa (raw, json)
Hash identifier:          lbydTvqceRJWvIp2CfO3N27lMPQV3yJdGtWgfg0i11Y=
Subject key identifier:   3D:A1:1E:08:F0:17:3F:3B:D6:5B:17:3C:4D:15:7C:B8:9C:B1:BD:65
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018558D303738CEC96DFB722A4C708FEF1B5
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/PaEeCPAXPzvWWxc8TRV8uJyxvWU.roa
Signing time:             Wed 28 Dec 2022 13:01:41 +0000
ROA not before:           Wed 28 Dec 2022 13:01:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201337
IP address blocks:        185.75.200.0/22 maxlen: 24
                          185.77.168.0/22 maxlen: 24
                          86.105.31.0/24 maxlen: 24
                          86.105.28.0/22 maxlen: 24
                          86.105.28.0/24 maxlen: 24
                          89.47.4.0/22 maxlen: 24
                          89.47.6.0/23 maxlen: 24
                          188.240.205.0/24 maxlen: 24
                          195.82.122.0/24 maxlen: 24
                          195.82.120.0/24 maxlen: 24
                          188.240.204.0/24 maxlen: 24
                          188.240.206.0/24 maxlen: 24
                          195.82.121.0/24 maxlen: 24
                          188.240.206.0/23 maxlen: 24
                          195.82.120.0/22 maxlen: 24
                          86.106.184.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:58:d3:03:73:8c:ec:96:df:b7:22:a4:c7:08:fe:f1:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Dec 28 13:01:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3da11e08f0173f3bd65b173c4d157cb89cb1bd65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:41:5a:e2:08:46:e9:9f:a8:b8:a9:35:21:86:
                    8c:26:6f:0e:ae:a5:59:46:25:98:dc:fc:dd:f4:47:
                    c8:dc:f0:a4:2f:88:23:2d:18:3b:a6:ee:2d:c0:17:
                    5f:12:0f:b8:54:c3:1e:5d:ad:70:cd:51:73:fe:05:
                    b6:70:c9:44:4e:a3:a2:b6:fc:b4:20:75:c7:3b:64:
                    ce:7c:3e:fc:68:b1:bd:5c:d0:de:64:42:fa:93:f3:
                    9b:0f:be:df:02:0f:bd:bd:1c:a3:ad:34:b5:90:30:
                    e5:49:2e:86:f3:0f:59:9e:d7:9f:e3:d1:b9:10:9f:
                    2c:83:b0:04:33:54:cc:ea:2b:59:99:5a:b5:05:8a:
                    4b:89:6a:65:75:48:15:5e:cd:c5:66:57:3b:4d:88:
                    38:8a:70:c0:7f:93:5f:65:b5:32:25:40:b1:bd:f3:
                    1d:29:5c:25:71:f3:6f:c4:80:c8:26:c6:ba:b3:f6:
                    11:1d:27:9e:b6:e9:a6:ce:c0:9d:91:a1:77:49:75:
                    68:c3:e0:db:6c:53:8f:c1:50:28:e0:68:fb:d3:39:
                    f6:4e:47:73:9c:24:c8:76:34:be:80:d9:41:4e:d0:
                    ff:26:af:d4:ce:58:c5:e7:52:ec:c1:0d:c3:c4:18:
                    a6:6d:6a:f0:67:08:13:e2:73:54:9b:ab:39:93:59:
                    4a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A1:1E:08:F0:17:3F:3B:D6:5B:17:3C:4D:15:7C:B8:9C:B1:BD:65
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/PaEeCPAXPzvWWxc8TRV8uJyxvWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.28.0/22
                  86.106.184.0/22
                  89.47.4.0/22
                  185.75.200.0/22
                  185.77.168.0/22
                  188.240.204.0/22
                  195.82.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:a2:60:c5:cd:30:83:61:4e:a2:ef:0b:eb:cd:6c:d7:b2:30:
         d8:f0:41:be:c7:ed:c8:d0:cb:ab:e2:8d:a0:ae:a0:f6:eb:16:
         c8:09:b1:72:cc:b3:06:a9:48:50:05:01:4a:41:8d:43:d1:8e:
         04:ee:21:bf:cc:32:ea:f6:62:c9:2f:c8:b7:12:3e:8c:05:f7:
         36:28:3a:b2:d9:10:8b:be:51:77:d8:fb:39:d9:1f:7e:25:18:
         fe:44:71:5d:2c:41:ec:44:5e:7d:28:a9:d9:2e:07:0e:21:d3:
         00:6d:d0:d9:33:8c:c7:54:cd:0f:e2:d7:88:c2:d3:30:53:cb:
         5f:02:d4:db:12:d4:4e:75:ac:8f:e7:9e:40:1a:4f:78:4f:10:
         76:9f:46:3f:e5:f4:3d:55:85:ff:a0:c3:fd:4a:d9:6d:63:43:
         28:d9:0a:8b:56:77:cd:26:ef:18:73:9c:ac:67:ec:ca:49:6e:
         26:88:54:41:c3:28:8d:99:3e:b3:b1:a1:ce:e6:ca:ce:fa:15:
         30:21:3d:68:40:44:c3:f9:a9:e7:1b:0c:d4:8a:06:35:bd:7b:
         58:e2:22:eb:de:47:79:55:cb:a5:31:b7:31:c1:8f:bd:51:df:
         f5:fd:89:4b:f3:b9:5f:97:e5:2d:b3:a9:36:cd:b0:60:a1:a8:
         3c:d6:d8:41
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVY0wNzjOyW37cipMcI/vG1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjIxMjI4MTMwMTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGExMWUwOGYwMTczZjNiZDY1YjE3M2M0ZDE1N2NiODljYjFiZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkFa4ghG6Z+ouKk1IYaMJm8OrqVZ
RiWY3Pzd9EfI3PCkL4gjLRg7pu4twBdfEg+4VMMeXa1wzVFz/gW2cMlETqOitvy0
IHXHO2TOfD78aLG9XNDeZEL6k/ObD77fAg+9vRyjrTS1kDDlSS6G8w9Zntef49G5
EJ8sg7AEM1TM6itZmVq1BYpLiWpldUgVXs3FZlc7TYg4inDAf5NfZbUyJUCxvfMd
KVwlcfNvxIDIJsa6s/YRHSeetummzsCdkaF3SXVow+DbbFOPwVAo4Gj70zn2Tkdz
nCTIdjS+gNlBTtD/Jq/UzljF51LswQ3DxBimbWrwZwgT4nNUm6s5k1lKMwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFD2hHgjwFz871lsXPE0VfLicsb1lMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvUGFFZUNQQVhQenZXV3hjOFRSVjh1Snl4dldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCVmkcAwQC
Vmq4AwQCWS8EAwQCuUvIAwQCuU2oAwQCvPDMAwQCw1J4MA0GCSqGSIb3DQEBCwUA
A4IBAQAcomDFzTCDYU6i7wvrzWzXsjDY8EG+x+3I0Mur4o2grqD26xbICbFyzLMG
qUhQBQFKQY1D0Y4E7iG/zDLq9mLJL8i3Ej6MBfc2KDqy2RCLvlF32Ps52R9+JRj+
RHFdLEHsRF59KKnZLgcOIdMAbdDZM4zHVM0P4teIwtMwU8tfAtTbEtROdayP555A
Gk94TxB2n0Y/5fQ9VYX/oMP9StltY0Mo2QqLVnfNJu8Yc5ysZ+zKSW4miFRBwyiN
mT6zsaHO5srO+hUwIT1oQETD+annGwzUigY1vXtY4iLr3kd5VculMbcxwY+9Ud/1
/YlL87lfl+Uts6k2zbBgoag81thB
-----END CERTIFICATE-----