Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-dvQfg96Lr8CD1AWmasDX1XIx8k.roa
File:                     1-dvQfg96Lr8CD1AWmasDX1XIx8k.roa (raw, json)
Hash identifier:          JZ4CDCVMnLMPVMNTmOmtuq3CGhtbT9rp1vcGXGNLU6s=
Subject key identifier:   F9:DB:D0:7E:0F:7A:2E:BF:02:0F:50:16:99:AB:03:5F:55:C8:C7:C9
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       084E54FB
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-dvQfg96Lr8CD1AWmasDX1XIx8k.roa
Signing time:             Wed 15 Jun 2022 10:17:48 +0000
ROA not before:           Wed 15 Jun 2022 10:17:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        185.230.52.0/23 maxlen: 24
                          185.255.124.0/24 maxlen: 24
                          185.121.12.0/22 maxlen: 24
                          185.206.251.0/24 maxlen: 24
                          185.206.248.0/24 maxlen: 24
                          185.234.20.0/22 maxlen: 24
                          185.234.23.0/24 maxlen: 24
                          185.194.28.0/22 maxlen: 24
                          185.194.29.0/24 maxlen: 24
                          185.223.153.0/24 maxlen: 24
                          185.240.120.0/23 maxlen: 24
                          45.8.20.0/22 maxlen: 24
                          185.246.112.0/22 maxlen: 24
                          185.238.228.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 139351291 (0x84e54fb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 15 10:17:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f9dbd07e0f7a2ebf020f501699ab035f55c8c7c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8f:38:3e:c5:9f:92:de:96:d0:c8:01:6e:80:
                    4b:a8:33:d2:d1:a1:d9:4a:01:37:7a:94:ab:12:d7:
                    2f:3f:02:8d:2e:24:6a:85:7e:80:3b:5d:4f:11:f7:
                    b9:2f:ee:82:9c:00:ae:0b:74:e4:5f:98:9c:64:b3:
                    fd:ba:36:fe:c1:91:30:07:f3:db:1e:4d:be:a5:0a:
                    5b:f1:a4:6b:8e:8c:8f:38:ea:eb:a0:c2:59:83:68:
                    37:32:d4:ba:13:8c:5e:ba:69:e7:03:48:6a:d2:e4:
                    02:c0:27:b7:c6:3f:9c:7f:01:c9:3e:62:b3:fb:72:
                    bb:9e:bb:2f:a9:1b:a0:50:7a:d9:bb:db:43:1a:2c:
                    ef:cd:f7:52:01:f1:1c:00:0c:88:d1:6b:bf:8f:a3:
                    ed:77:5f:8c:20:83:da:97:b6:74:58:57:cb:1c:9a:
                    35:d1:fd:c4:69:a2:5f:b8:60:c6:e7:2c:f8:a9:6f:
                    98:c3:4a:19:99:ff:91:1e:d0:66:bf:2a:63:50:0b:
                    ff:d9:c2:29:13:7f:60:22:5a:7c:23:f7:85:6a:4c:
                    45:2e:86:9d:22:7d:7b:25:61:8e:1c:c2:18:cb:db:
                    b5:a3:9a:b8:ad:f0:d6:50:4c:5f:67:8a:f2:dc:a6:
                    53:e0:7a:d8:11:ef:dc:03:bf:eb:44:fe:bf:86:42:
                    7c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:DB:D0:7E:0F:7A:2E:BF:02:0F:50:16:99:AB:03:5F:55:C8:C7:C9
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-dvQfg96Lr8CD1AWmasDX1XIx8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.20.0/22
                  185.121.12.0/22
                  185.194.28.0/22
                  185.206.248.0/24
                  185.206.251.0/24
                  185.223.153.0/24
                  185.230.52.0/23
                  185.234.20.0/22
                  185.238.228.0/22
                  185.240.120.0/23
                  185.246.112.0/22
                  185.255.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:de:2d:76:17:d7:ea:24:7d:cc:63:da:de:91:6a:79:c9:a0:
         c0:9d:89:ee:5e:7d:bc:bc:b8:db:ac:ff:ce:9e:c7:0b:0a:19:
         30:3f:8a:0a:50:ed:d5:d6:a3:90:77:3e:70:50:91:a3:23:6d:
         c8:f8:04:80:d3:f7:81:3b:30:d9:5f:68:0b:2a:c9:62:92:16:
         39:4d:0a:63:bd:5a:f5:4d:46:d8:89:56:aa:01:42:88:9a:8e:
         77:ec:2b:f6:b7:73:4e:da:aa:1e:c1:ae:fa:41:26:48:d8:9e:
         9a:d8:07:06:06:82:e7:c9:ec:51:8f:68:ec:76:dc:e9:ab:76:
         9b:1c:83:d3:c4:e1:a5:f2:02:29:9d:2e:e0:16:ff:7a:cd:5e:
         ab:24:22:02:50:76:42:67:64:96:a4:b4:62:fc:9b:6d:aa:d7:
         23:48:87:0f:f6:9e:ec:a0:90:8f:31:1f:6c:10:ca:a3:3f:cc:
         a7:11:8d:46:a7:77:8f:93:80:4f:16:10:bf:53:91:c1:8f:f2:
         fd:be:ff:80:05:4b:63:35:dd:55:51:33:fc:91:3c:35:48:2a:
         d8:76:43:c3:57:34:d6:1c:69:54:ce:ca:e9:e2:01:79:40:33:
         ce:38:85:17:61:96:09:9a:af:2f:b4:a0:4b:1a:30:e1:e9:cb:
         1a:9a:2d:a3
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIECE5U+zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MDY3ODRjMTA1MDg1YjlkNmFkNWY3M2EwM2IyMGQ5YTVjMTE0Y2FmMB4XDTIyMDYx
NTEwMTc0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjlkYmQwN2UwZjdh
MmViZjAyMGY1MDE2OTlhYjAzNWY1NWM4YzdjOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKiPOD7Fn5LeltDIAW6AS6gz0tGh2UoBN3qUqxLXLz8CjS4k
aoV+gDtdTxH3uS/ugpwArgt05F+YnGSz/bo2/sGRMAfz2x5NvqUKW/Gka46Mjzjq
66DCWYNoNzLUuhOMXrpp5wNIatLkAsAnt8Y/nH8ByT5is/tyu567L6kboFB62bvb
Qxos7833UgHxHAAMiNFrv4+j7XdfjCCD2pe2dFhXyxyaNdH9xGmiX7hgxucs+Klv
mMNKGZn/kR7QZr8qY1AL/9nCKRN/YCJafCP3hWpMRS6GnSJ9eyVhjhzCGMvbtaOa
uK3w1lBMX2eK8tymU+B62BHv3AO/60T+v4ZCfCkCAwEAAaOCAkwwggJIMB0GA1Ud
DgQWBBT529B+D3ouvwIPUBaZqwNfVcjHyTAfBgNVHSMEGDAWgBRgZ4TBBQhbnWrV
9zoDsg2aXBFMrzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lHZUV3UVVJVzUxcTFmYzZBN0lObWx3UlRLOC5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvMmI4MzRlLWJhZDItNDlmZi1iYTM4LWI0MzQyYmE5MWFiYy8x
LzEtZHZRZmc5NkxyOENEMUFXbWFzRFgxWEl4OGsucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Qw
LzJiODM0ZS1iYWQyLTQ5ZmYtYmEzOC1iNDM0MmJhOTFhYmMvMS9ZR2VFd1FVSVc1
MXExZmM2QTdJTm1sd1JUSzguY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
YQYIKwYBBQUHAQcBAf8EUjBQME4EAgABMEgDBAItCBQDBAK5eQwDBAK5whwDBAC5
zvgDBAC5zvsDBAC535kDBAG55jQDBAK56hQDBAK57uQDBAG58HgDBAK59nADBAC5
/3wwDQYJKoZIhvcNAQELBQADggEBAKjeLXYX1+okfcxj2t6RannJoMCdie5efby8
uNus/86exwsKGTA/igpQ7dXWo5B3PnBQkaMjbcj4BIDT94E7MNlfaAsqyWKSFjlN
CmO9WvVNRtiJVqoBQoiajnfsK/a3c07aqh7BrvpBJkjYnprYBwYGgufJ7FGPaOx2
3Omrdpscg9PE4aXyAimdLuAW/3rNXqskIgJQdkJnZJaktGL8m22q1yNIhw/2nuyg
kI8xH2wQyqM/zKcRjUand4+TgE8WEL9TkcGP8v2+/4AFS2M13VVRM/yRPDVIKth2
Q8NXNNYcaVTOyuniAXlAM844hRdhlgmary+0oEsaMOHpyxqaLaM=
-----END CERTIFICATE-----