Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/r3SnIv8AzfSVLn0d1CEALyKvVWo.roa
File:                     r3SnIv8AzfSVLn0d1CEALyKvVWo.roa (raw, json)
Hash identifier:          1FoyGyMuri7QVVn5IMxHUZyOuDwl6dG4aosRvk7YkaY=
Subject key identifier:   AF:74:A7:22:FF:00:CD:F4:95:2E:7D:1D:D4:21:00:2F:22:AF:55:6A
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       05AA70B3
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/r3SnIv8AzfSVLn0d1CEALyKvVWo.roa
Signing time:             Fri 15 Apr 2022 09:30:40 +0000
ROA not before:           Fri 15 Apr 2022 09:30:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12444
IP address blocks:        185.118.177.0/24 maxlen: 24
                          185.118.176.0/24 maxlen: 24
                          185.118.178.0/24 maxlen: 24
                          185.118.179.0/24 maxlen: 24
                          84.17.69.0/24 maxlen: 24
                          84.17.70.0/24 maxlen: 24
                          84.17.67.0/24 maxlen: 24
                          84.17.68.0/24 maxlen: 24
                          84.17.78.0/24 maxlen: 24
                          84.17.72.0/24 maxlen: 24
                          84.17.76.0/24 maxlen: 24
                          84.17.75.0/24 maxlen: 24
                          84.17.84.0/24 maxlen: 24
                          84.17.87.0/24 maxlen: 24
                          84.17.86.0/24 maxlen: 24
                          84.17.90.0/24 maxlen: 24
                          84.17.93.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 95056051 (0x5aa70b3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Apr 15 09:30:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af74a722ff00cdf4952e7d1dd421002f22af556a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d9:e0:c7:e5:57:09:25:c7:6c:58:df:86:7f:
                    1c:ed:a0:c0:a1:cb:32:ed:d5:0c:38:af:95:61:89:
                    90:b6:6a:89:ab:e3:49:2a:bc:4f:d1:61:0d:90:59:
                    3d:29:d4:87:28:26:f5:81:b1:d6:ff:31:a7:2f:79:
                    62:f5:d0:a3:de:17:89:2b:ec:15:5b:42:3f:8c:5b:
                    00:a4:07:df:70:2e:eb:15:cb:7a:36:f8:5f:3a:08:
                    f6:73:4f:c7:b9:6f:1f:de:cd:d6:82:3e:ca:97:1f:
                    7e:ef:19:a0:ca:21:a3:7f:71:fd:a2:ec:d6:34:70:
                    fc:05:80:14:d0:c3:3d:98:a2:72:49:d7:4f:5f:64:
                    8a:f4:d5:cc:a6:6c:19:07:b4:59:7d:3a:d7:ae:01:
                    be:02:92:e5:63:34:95:19:5c:ca:50:9e:d6:32:0c:
                    d7:cf:06:be:a2:b4:66:b0:25:3a:28:9f:45:6b:e5:
                    e4:1e:37:ce:79:61:6e:8d:4f:7f:dd:2a:19:9c:b5:
                    83:b0:2b:fd:d3:5b:44:0d:7a:44:21:5e:fc:36:f8:
                    bd:c7:f1:20:62:e8:5a:87:53:27:2e:82:4c:e1:72:
                    9c:90:74:49:6e:b4:e9:f9:88:49:30:81:9c:4d:8e:
                    4d:e3:32:94:a3:c6:a8:bc:15:58:af:59:75:f8:12:
                    ae:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:74:A7:22:FF:00:CD:F4:95:2E:7D:1D:D4:21:00:2F:22:AF:55:6A
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/r3SnIv8AzfSVLn0d1CEALyKvVWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.67.0-84.17.70.255
                  84.17.72.0/24
                  84.17.75.0-84.17.76.255
                  84.17.78.0/24
                  84.17.84.0/24
                  84.17.86.0/23
                  84.17.90.0/24
                  84.17.93.0/24
                  185.118.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:5e:03:5a:df:02:7a:b4:49:77:10:ed:42:fd:b5:99:e5:cb:
         c1:7a:10:18:bb:86:1f:88:5d:05:55:54:b2:03:c9:9c:02:8d:
         e8:40:d8:98:77:ca:ba:3a:20:69:42:91:dd:30:a1:0d:32:7f:
         7a:a1:91:33:73:fc:4d:65:3a:19:4c:ab:7b:67:b6:26:87:80:
         27:a0:64:90:2a:23:3f:90:7c:a7:4f:6f:6e:be:1d:51:ae:3c:
         59:f1:b4:a6:12:cd:b9:3e:a2:ef:0a:19:4b:10:82:42:3a:53:
         d4:f3:de:0c:bd:c9:34:4c:0a:93:98:e4:93:fe:35:f3:1c:62:
         47:91:7d:ad:4e:1e:6e:c9:5b:06:33:2a:0c:0b:39:5a:e3:7f:
         93:e5:98:fb:0c:a4:6e:79:ea:25:55:e9:6d:29:80:e9:50:f7:
         89:2f:ca:74:47:49:d7:b6:26:c6:b1:60:d6:b8:bd:e3:6d:7c:
         d4:d2:40:12:58:b4:ee:4f:63:29:46:b9:27:a6:5e:a7:76:dc:
         9e:b3:5f:79:95:46:4b:fc:fa:9a:8c:a9:ef:cc:8e:f4:5d:f9:
         13:8a:eb:2d:72:32:3b:b3:f3:31:0d:38:06:ef:79:67:c6:6e:
         b6:ac:59:35:26:80:9d:64:36:d6:26:0e:72:3d:0e:3b:1b:d7:
         c9:3f:36:e8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEBapwszANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
NGI3NjI5NTBlYjc5MTY2NjhiYmZhOGQxYjg3MDU2MGIxY2E3NzM5MB4XDTIyMDQx
NTA5MzA0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWY3NGE3MjJmZjAw
Y2RmNDk1MmU3ZDFkZDQyMTAwMmYyMmFmNTU2YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANTZ4MflVwklx2xY34Z/HO2gwKHLMu3VDDivlWGJkLZqiavj
SSq8T9FhDZBZPSnUhygm9YGx1v8xpy95YvXQo94XiSvsFVtCP4xbAKQH33Au6xXL
ejb4XzoI9nNPx7lvH97N1oI+ypcffu8ZoMoho39x/aLs1jRw/AWAFNDDPZiicknX
T19kivTVzKZsGQe0WX06164BvgKS5WM0lRlcylCe1jIM188GvqK0ZrAlOiifRWvl
5B43znlhbo1Pf90qGZy1g7Ar/dNbRA16RCFe/Db4vcfxIGLoWodTJy6CTOFynJB0
SW606fmISTCBnE2OTeMylKPGqLwVWK9ZdfgSrocCAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBSvdKci/wDN9JUufR3UIQAvIq9VajAfBgNVHSMEGDAWgBT0t2KVDreRZmi7
+o0bhwVgscp3OTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzlMZGlsUTYza1dab3VfcU5HNGNGWUxIS2R6ay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDIvMGIyM2M1LTIxYjUtNGFiMy05N2EwLTJmOGRmMTg3Zjk4Yi8x
L3IzU25JdjhBemZTVkxuMGQxQ0VBTHlLdlZXby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDIv
MGIyM2M1LTIxYjUtNGFiMy05N2EwLTJmOGRmMTg3Zjk4Yi8xLzlMZGlsUTYza1da
b3VfcU5HNGNGWUxIS2R6ay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wTAQCAAEwRjAMAwQAVBFDAwQAVBFGAwQAVBFIMAwD
BABUEUsDBABUEUwDBABUEU4DBABUEVQDBAFUEVYDBABUEVoDBABUEV0DBAK5drAw
DQYJKoZIhvcNAQELBQADggEBAA9eA1rfAnq0SXcQ7UL9tZnly8F6EBi7hh+IXQVV
VLIDyZwCjehA2Jh3yro6IGlCkd0woQ0yf3qhkTNz/E1lOhlMq3tntiaHgCegZJAq
Iz+QfKdPb26+HVGuPFnxtKYSzbk+ou8KGUsQgkI6U9Tz3gy9yTRMCpOY5JP+NfMc
YkeRfa1OHm7JWwYzKgwLOVrjf5PlmPsMpG556iVV6W0pgOlQ94kvynRHSde2Jsax
YNa4veNtfNTSQBJYtO5PYylGuSemXqd23J6zX3mVRkv8+pqMqe/MjvRd+ROK6y1y
Mjuz8zENOAbveWfGbrasWTUmgJ1kNtYmDnI9Djsb18k/Nug=
-----END CERTIFICATE-----