Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/qZRvDWAvjhJITEWFAW2nK7PZQ7Q.roa
File:                     qZRvDWAvjhJITEWFAW2nK7PZQ7Q.roa (raw, json)
Hash identifier:          rCgVdeGux3gcFul/rR632JYbBvGEvVVJnF9HOYefe2w=
Subject key identifier:   A9:94:6F:0D:60:2F:8E:12:48:4C:45:85:01:6D:A7:2B:B3:D9:43:B4
Certificate issuer:       /CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
Certificate serial:       0182E9D943936A09C9A8054241808C6FA37E
Authority key identifier: D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/qZRvDWAvjhJITEWFAW2nK7PZQ7Q.roa
Signing time:             Mon 29 Aug 2022 13:45:05 +0000
ROA not before:           Mon 29 Aug 2022 13:45:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42846
IP address blocks:        185.106.211.0/24 maxlen: 24
                          185.106.210.0/24 maxlen: 24
                          185.106.209.0/24 maxlen: 24
                          185.106.208.0/24 maxlen: 24
                          89.252.179.0/24 maxlen: 24
                          89.252.178.0/24 maxlen: 24
                          89.252.181.0/24 maxlen: 24
                          89.252.180.0/24 maxlen: 24
                          45.84.188.0/24 maxlen: 24
                          45.84.191.0/24 maxlen: 24
                          45.84.190.0/24 maxlen: 24
                          2a06:41c0:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:e9:d9:43:93:6a:09:c9:a8:05:42:41:80:8c:6f:a3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
        Validity
            Not Before: Aug 29 13:45:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a9946f0d602f8e12484c4585016da72bb3d943b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8d:58:04:bb:8f:66:47:2f:9d:e5:a3:55:27:
                    a7:a1:39:ba:b9:00:ac:b8:c3:e0:6b:ae:39:6d:95:
                    de:e0:d8:e9:2c:72:bb:05:96:f6:90:9b:ec:17:7b:
                    6c:f5:6e:25:ba:60:53:72:04:9f:c5:22:4e:62:4a:
                    ea:b6:10:df:b1:bd:f5:8f:18:ad:b4:7f:74:2c:e9:
                    0e:b8:ed:ac:da:11:4c:f1:e2:41:37:ce:e4:94:88:
                    cd:bc:7e:ac:9f:0e:66:16:e0:13:25:10:14:88:43:
                    a6:ec:34:de:01:8d:cc:b5:06:93:1c:92:b4:50:48:
                    e4:e1:f7:ad:06:b5:1e:65:4b:93:d3:f8:82:e2:69:
                    da:de:22:ca:78:91:02:75:3e:48:f3:1e:c3:a9:71:
                    d0:0a:69:75:01:91:39:e3:66:2a:3a:c5:d3:f1:90:
                    7d:42:c9:10:76:01:43:33:49:6a:07:c0:cb:79:38:
                    c9:9f:25:e2:e9:17:aa:7f:ca:31:7d:e5:50:a8:3e:
                    72:4a:3c:e3:09:12:a7:27:51:b0:3b:2c:08:67:5c:
                    ba:0c:05:01:8e:f8:66:c1:22:cf:bf:76:19:01:bd:
                    37:95:50:0b:11:26:4f:c1:f3:68:63:06:d1:21:b6:
                    62:11:bc:02:46:fe:d0:9d:06:85:94:00:09:3a:f4:
                    31:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:94:6F:0D:60:2F:8E:12:48:4C:45:85:01:6D:A7:2B:B3:D9:43:B4
            X509v3 Authority Key Identifier:
                keyid:D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/qZRvDWAvjhJITEWFAW2nK7PZQ7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.188.0/24
                  45.84.190.0/23
                  89.252.178.0-89.252.181.255
                  185.106.208.0/22
                IPv6:
                  2a06:41c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:59:f1:c9:59:e1:ac:8e:45:a6:ca:63:f8:c5:2b:b7:4e:c2:
         23:25:92:b5:b5:96:6f:fd:17:7c:6a:42:16:c8:2f:96:64:4d:
         3d:17:b5:68:b8:dc:38:cd:2d:a1:94:b3:9f:e1:5e:bf:cf:1c:
         a0:4c:8d:5e:90:00:08:ec:7e:bf:29:98:49:22:3f:db:1d:e2:
         d8:0e:da:a0:ab:45:89:db:d3:86:97:aa:10:aa:17:5a:34:da:
         92:5b:fd:16:aa:18:d9:df:cf:96:be:60:3c:d0:60:d5:d8:a9:
         a3:54:cd:23:0c:5e:d8:21:e4:bc:ce:12:77:a1:85:dc:75:3e:
         9f:92:88:8e:fc:86:94:2a:3b:4e:9a:cc:33:3b:4f:5e:6a:01:
         bc:fd:e6:93:b1:0e:7c:bf:02:91:db:5b:f0:cb:22:9d:2f:cf:
         a5:49:23:57:66:ec:d9:09:60:3d:64:96:7b:ae:00:0c:f5:72:
         27:97:8c:66:91:ec:27:ae:89:71:20:d7:aa:e8:e3:55:52:01:
         da:d1:cd:1b:c3:6f:8d:4d:a1:b5:4c:cf:03:f1:79:92:8d:23:
         29:25:20:e8:99:df:ac:00:9d:3d:42:ff:ee:44:a1:1e:e5:49:
         7e:7e:e6:ca:65:b2:a3:49:fe:6f:68:06:fb:72:18:50:68:54:
         c6:c6:2d:57
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYLp2UOTagnJqAVCQYCMb6N+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2ExYTcwNmFiY2ZiZTFiODU4NjUyMzhkODQzNWVlMzNl
NzU4MjAwHhcNMjIwODI5MTM0NTA1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTk0NmYwZDYwMmY4ZTEyNDg0YzQ1ODUwMTZkYTcyYmIzZDk0M2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY1YBLuPZkcvneWjVSenoTm6uQCs
uMPga645bZXe4NjpLHK7BZb2kJvsF3ts9W4lumBTcgSfxSJOYkrqthDfsb31jxit
tH90LOkOuO2s2hFM8eJBN87klIjNvH6snw5mFuATJRAUiEOm7DTeAY3MtQaTHJK0
UEjk4fetBrUeZUuT0/iC4mna3iLKeJECdT5I8x7DqXHQCml1AZE542YqOsXT8ZB9
QskQdgFDM0lqB8DLeTjJnyXi6Reqf8oxfeVQqD5ySjzjCRKnJ1GwOywIZ1y6DAUB
jvhmwSLPv3YZAb03lVALESZPwfNoYwbRIbZiEbwCRv7QnQaFlAAJOvQxCQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFKmUbw1gL44SSExFhQFtpyuz2UO0MB8GA1UdIwQY
MBaAFNHKGnBqvPvhuFhlI42ENe4z51ggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzIt
ZThmN2ZkM2E0MDc4LzEvcVpSdkRXQXZqaEpJVEVXRkFXMm5LN1BaUTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzItZThmN2ZkM2E0MDc4
LzEvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQALVS8AwQB
LVS+MAwDBAFZ/LIDBAFZ/LQDBAK5atAwDwQCAAIwCQMHACoGQcAAATANBgkqhkiG
9w0BAQsFAAOCAQEAnlnxyVnhrI5Fpspj+MUrt07CIyWStbWWb/0XfGpCFsgvlmRN
PRe1aLjcOM0toZSzn+Fev88coEyNXpAACOx+vymYSSI/2x3i2A7aoKtFidvThpeq
EKoXWjTaklv9FqoY2d/Plr5gPNBg1dipo1TNIwxe2CHkvM4Sd6GF3HU+n5KIjvyG
lCo7TprMMztPXmoBvP3mk7EOfL8Ckdtb8MsinS/PpUkjV2bs2QlgPWSWe64ADPVy
J5eMZpHsJ66JcSDXqujjVVIB2tHNG8NvjU2htUzPA/F5ko0jKSUg6JnfrACdPUL/
7kShHuVJfn7mymWyo0n+b2gG+3IYUGhUxsYtVw==
-----END CERTIFICATE-----