Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/l57LpoleqiYWd0iyZQ5nduls6lY.roa
File:                     l57LpoleqiYWd0iyZQ5nduls6lY.roa (raw, json)
Hash identifier:          +PQBszkH+Ovy80wIY/whkktHiTv4H2YKLbXrTG5gL8c=
Subject key identifier:   97:9E:CB:A6:89:5E:AA:26:16:77:48:B2:65:0E:67:76:E9:6C:EA:56
Certificate issuer:       /CN=797a48cc13e200e2d3f38af83318d1bcaf6f6331
Certificate serial:       092F2B43
Authority key identifier: 79:7A:48:CC:13:E2:00:E2:D3:F3:8A:F8:33:18:D1:BC:AF:6F:63:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXpIzBPiAOLT84r4MxjRvK9vYzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/l57LpoleqiYWd0iyZQ5nduls6lY.roa
Signing time:             Sat 01 Jan 2022 07:02:39 +0000
ROA not before:           Sat 01 Jan 2022 07:02:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41678
IP address blocks:        89.185.129.0/24 maxlen: 24
                          89.185.128.0/21 maxlen: 21
                          194.46.152.0/22 maxlen: 22
                          89.185.136.0/21 maxlen: 21
                          89.185.144.0/20 maxlen: 20
                          89.185.143.0/24 maxlen: 24
                          194.46.160.0/24 maxlen: 24
                          194.46.164.0/22 maxlen: 22
                          89.185.154.0/24 maxlen: 24
                          89.185.157.0/24 maxlen: 24
                          212.108.64.0/20 maxlen: 20
                          212.108.77.0/24 maxlen: 24
                          194.46.0.0/19 maxlen: 19
                          212.108.94.0/24 maxlen: 24
                          212.108.92.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 154086211 (0x92f2b43)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=797a48cc13e200e2d3f38af83318d1bcaf6f6331
        Validity
            Not Before: Jan  1 07:02:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=979ecba6895eaa26167748b2650e6776e96cea56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f5:0c:8a:d7:29:59:c2:f5:8a:82:07:bd:28:
                    75:df:42:25:90:07:8b:2b:b3:86:22:dd:a0:14:ea:
                    54:8a:40:72:f8:33:b7:dd:33:c0:f7:18:4d:3d:38:
                    40:3c:d2:cc:e2:c8:c4:f4:fa:7e:49:f4:b8:be:7a:
                    03:d5:89:63:d1:db:d7:01:71:2d:8d:23:6c:55:32:
                    9c:65:bc:e0:5a:90:3d:5d:a8:5a:d5:ce:99:11:d8:
                    15:30:77:10:02:db:eb:93:31:ca:80:14:a2:d8:ed:
                    13:1c:c7:f1:02:23:9d:fd:8b:2f:27:50:2f:e0:c8:
                    9b:bb:02:95:3e:8f:6c:16:39:80:16:f5:d4:bd:da:
                    f8:8d:13:9f:fe:46:b7:71:d7:19:e5:ba:fb:da:58:
                    48:bf:9a:70:fe:9a:2f:b9:a1:a7:53:d9:a7:bb:ca:
                    6c:b7:28:6d:01:54:7f:0d:52:ed:86:13:bb:5d:a1:
                    a0:c1:69:3a:22:70:d7:cc:9b:9f:19:11:33:c3:2e:
                    e5:06:2c:a7:2f:5c:58:20:24:c9:28:43:f6:08:2a:
                    cc:d4:45:c0:b3:c1:c6:69:75:17:5d:2c:73:f3:05:
                    0a:b0:6d:b3:ed:e1:17:b0:7d:f7:64:4e:c9:c2:30:
                    0e:8f:0b:26:8d:eb:13:47:58:c3:09:b2:2d:ef:8e:
                    f0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:9E:CB:A6:89:5E:AA:26:16:77:48:B2:65:0E:67:76:E9:6C:EA:56
            X509v3 Authority Key Identifier:
                keyid:79:7A:48:CC:13:E2:00:E2:D3:F3:8A:F8:33:18:D1:BC:AF:6F:63:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXpIzBPiAOLT84r4MxjRvK9vYzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/l57LpoleqiYWd0iyZQ5nduls6lY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/eXpIzBPiAOLT84r4MxjRvK9vYzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.128.0/19
                  194.46.0.0/19
                  194.46.152.0/22
                  194.46.160.0/24
                  194.46.164.0/22
                  212.108.64.0/20
                  212.108.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:3e:19:62:46:5e:8e:5e:7e:3d:73:c9:21:16:0e:58:d5:2e:
         b4:9c:60:a3:e9:bf:71:96:69:ac:e8:8e:2f:00:78:8d:61:99:
         50:8d:7e:36:43:d7:36:46:88:17:5e:98:dd:e8:e8:82:ea:3b:
         2a:b1:de:9e:7c:bc:9e:40:d3:83:c6:f3:67:74:cf:37:b3:bf:
         47:cf:e7:80:4a:71:5c:6c:80:f2:63:81:45:55:3c:a5:4a:ae:
         bf:d6:8e:a9:03:69:8e:54:f6:18:47:17:e1:68:9c:1d:ab:9a:
         a4:8d:cc:b5:5c:8c:f1:4b:d8:4c:ab:5a:2c:6d:74:aa:ce:65:
         ef:36:a5:53:62:e0:4f:a4:64:5e:14:b6:8f:8f:f5:a2:0c:1a:
         df:a9:69:ef:7d:10:9d:c4:d4:ea:96:8f:aa:ca:17:c8:bc:6d:
         90:92:17:14:fd:27:7e:0a:17:2c:83:58:dc:63:1b:9d:df:72:
         28:88:fc:7e:73:31:7c:5d:7e:ce:b4:ab:2b:99:c5:87:b6:4b:
         fc:ba:da:64:96:ca:18:d4:80:ef:83:5f:60:de:fb:5b:c1:9c:
         5a:4e:1c:d7:47:78:83:11:54:3e:43:44:d7:a2:1f:9b:80:3c:
         32:77:35:82:57:df:18:f8:c6:c6:63:e4:d2:16:f7:44:b3:19:
         ec:69:1b:77
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIECS8rQzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
OTdhNDhjYzEzZTIwMGUyZDNmMzhhZjgzMzE4ZDFiY2FmNmY2MzMxMB4XDTIyMDEw
MTA3MDIzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTc5ZWNiYTY4OTVl
YWEyNjE2Nzc0OGIyNjUwZTY3NzZlOTZjZWE1NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALj1DIrXKVnC9YqCB70odd9CJZAHiyuzhiLdoBTqVIpAcvgz
t90zwPcYTT04QDzSzOLIxPT6fkn0uL56A9WJY9Hb1wFxLY0jbFUynGW84FqQPV2o
WtXOmRHYFTB3EALb65MxyoAUotjtExzH8QIjnf2LLydQL+DIm7sClT6PbBY5gBb1
1L3a+I0Tn/5Gt3HXGeW6+9pYSL+acP6aL7mhp1PZp7vKbLcobQFUfw1S7YYTu12h
oMFpOiJw18ybnxkRM8Mu5QYspy9cWCAkyShD9ggqzNRFwLPBxml1F10sc/MFCrBt
s+3hF7B992ROycIwDo8LJo3rE0dYwwmyLe+O8GkCAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBSXnsumiV6qJhZ3SLJlDmd26WzqVjAfBgNVHSMEGDAWgBR5ekjME+IA4tPz
ivgzGNG8r29jMTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2VYcEl6QlBpQU9MVDg0cjRNeGpSdks5dll6RS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2MvYjljZWEwLTY5MjgtNDU4NC1iMzIxLTdkN2Y0YjYzNDg0OS8x
L2w1N0xwb2xlcWlZV2QwaXlaUTVuZHVsczZsWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Mv
YjljZWEwLTY5MjgtNDU4NC1iMzIxLTdkN2Y0YjYzNDg0OS8xL2VYcEl6QlBpQU9M
VDg0cjRNeGpSdks5dll6RS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEBVm5gAMEBcIuAAMEAsIumAMEAMIu
oAMEAsIupAMEBNRsQAMEAtRsXDANBgkqhkiG9w0BAQsFAAOCAQEADz4ZYkZejl5+
PXPJIRYOWNUutJxgo+m/cZZprOiOLwB4jWGZUI1+NkPXNkaIF16Y3ejoguo7KrHe
nny8nkDTg8bzZ3TPN7O/R8/ngEpxXGyA8mOBRVU8pUquv9aOqQNpjlT2GEcX4Wic
HauapI3MtVyM8UvYTKtaLG10qs5l7zalU2LgT6RkXhS2j4/1ogwa36lp730QncTU
6paPqsoXyLxtkJIXFP0nfgoXLINY3GMbnd9yKIj8fnMxfF1+zrSrK5nFh7ZL/Lra
ZJbKGNSA74NfYN77W8GcWk4c10d4gxFUPkNE16Ifm4A8Mnc1glffGPjGxmPk0hb3
RLMZ7Gkbdw==
-----END CERTIFICATE-----