Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/gyGi2nkF9EOd-B_5g0wk7q3v7qI.roa
File:                     gyGi2nkF9EOd-B_5g0wk7q3v7qI.roa (raw, json)
Hash identifier:          z/XjGY3pSyk1fUkVrclrbAHUzCY46LJ/t80ACWysSs8=
Subject key identifier:   83:21:A2:DA:79:05:F4:43:9D:F8:1F:F9:83:4C:24:EE:AD:EF:EE:A2
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       018282CCE36FC388E7F465656E64E776D1D9
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/gyGi2nkF9EOd-B_5g0wk7q3v7qI.roa
Signing time:             Tue 09 Aug 2022 13:30:41 +0000
ROA not before:           Tue 09 Aug 2022 13:30:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203020
IP address blocks:        83.229.66.0/24 maxlen: 32
                          80.240.98.0/23 maxlen: 32
                          217.194.136.0/23 maxlen: 32
                          217.194.136.0/24 maxlen: 32
                          80.240.116.0/22 maxlen: 32
                          212.103.56.0/22 maxlen: 32
                          80.240.120.0/22 maxlen: 32
                          193.47.56.0/22 maxlen: 32
                          185.18.40.0/22 maxlen: 32
                          195.216.128.0/22 maxlen: 32
                          103.14.104.0/22 maxlen: 32
                          46.149.160.0/22 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:82:cc:e3:6f:c3:88:e7:f4:65:65:6e:64:e7:76:d1:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: Aug  9 13:30:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8321a2da7905f4439df81ff9834c24eeadefeea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f4:bc:e4:be:f5:c2:8f:b2:5a:61:6f:9c:66:
                    35:5e:bc:af:5a:3d:6d:b4:67:0e:c2:ef:ff:5a:94:
                    e9:cd:e6:29:73:1f:ee:a5:96:2c:b7:95:da:ff:d1:
                    fb:4c:44:63:2b:6c:f8:94:5b:62:18:6a:7f:f8:2d:
                    eb:00:91:48:41:0e:71:f7:ab:9f:90:69:26:af:b9:
                    7e:13:c6:ef:61:f8:c2:93:09:86:89:e5:a4:d4:f8:
                    d8:23:12:e5:01:08:db:fc:24:3a:21:78:6f:e5:1b:
                    24:5a:d1:56:35:85:d5:24:15:5f:57:c7:a4:3d:4f:
                    a2:d6:07:bb:91:fa:d6:0f:3a:f0:b5:5f:98:22:08:
                    f1:d9:85:39:90:d3:b9:b0:a7:dd:90:d6:e7:4d:4c:
                    e8:73:b3:1b:1d:50:c4:98:be:d4:7c:5a:b0:ab:8d:
                    0f:1c:f7:8d:af:8f:30:6c:a6:04:9b:b9:29:14:97:
                    47:3e:f8:5b:8f:d5:d6:e4:9d:29:d8:56:46:61:3a:
                    6d:a7:e1:e0:57:f4:8c:6c:70:52:c1:09:38:23:cd:
                    f6:18:6b:09:ac:53:37:bb:ee:ed:d7:61:96:09:22:
                    a2:fa:3c:ae:47:ab:34:37:ed:08:1d:93:30:f6:80:
                    cf:f8:b0:dc:ec:f3:96:fd:0b:c5:80:ef:44:f0:f7:
                    ba:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:21:A2:DA:79:05:F4:43:9D:F8:1F:F9:83:4C:24:EE:AD:EF:EE:A2
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/gyGi2nkF9EOd-B_5g0wk7q3v7qI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.160.0/22
                  80.240.98.0/23
                  80.240.116.0-80.240.123.255
                  83.229.66.0/24
                  103.14.104.0/22
                  185.18.40.0/22
                  193.47.56.0/22
                  195.216.128.0/22
                  212.103.56.0/22
                  217.194.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:b3:9b:01:5f:89:fa:60:d5:0b:e1:df:25:f1:23:76:33:cf:
         f4:6c:e2:29:ea:46:c5:d9:77:e3:90:65:9e:f5:6f:06:55:e0:
         02:c3:4d:62:20:45:33:c8:7f:78:4d:1a:c7:fb:39:b9:10:e6:
         d3:a3:ca:26:55:22:a0:6d:f7:f2:75:84:af:38:4c:b9:7d:9a:
         e7:8c:ea:44:6b:af:08:ac:f5:b6:a2:80:8a:8d:26:5e:3c:fa:
         da:f2:69:63:b7:7c:4a:d9:3a:d1:79:57:a5:f0:0d:cf:ad:fb:
         4f:71:75:bb:8b:08:b0:ca:c2:19:cd:cf:29:93:dd:0d:7f:50:
         40:b7:20:f0:cb:29:fa:14:04:53:5d:7e:ad:a0:fe:96:a3:e3:
         68:74:ba:11:7d:5c:de:fc:b0:a5:6c:c6:b1:2c:1d:23:50:7a:
         4f:c9:bb:21:ca:f0:7c:38:fd:62:dc:ea:42:20:3e:27:f9:4a:
         e1:2e:2e:dd:38:a5:db:4f:5e:26:72:88:be:b9:11:9c:89:9a:
         4c:42:60:39:a1:3d:8a:8c:56:98:6f:10:f7:e6:8d:fb:0f:6e:
         db:c1:8f:ee:66:79:85:40:a5:8a:7b:0e:d3:39:b1:5b:6d:3d:
         f2:9f:7b:0c:dc:a9:87:d5:ca:80:70:9a:4f:26:d0:ed:ed:25:
         23:21:61:8b
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYKCzONvw4jn9GVlbmTndtHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjIwODA5MTMzMDQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzIxYTJkYTc5MDVmNDQzOWRmODFmZjk4MzRjMjRlZWFkZWZlZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfS85L71wo+yWmFvnGY1XryvWj1t
tGcOwu//WpTpzeYpcx/upZYst5Xa/9H7TERjK2z4lFtiGGp/+C3rAJFIQQ5x96uf
kGkmr7l+E8bvYfjCkwmGieWk1PjYIxLlAQjb/CQ6IXhv5RskWtFWNYXVJBVfV8ek
PU+i1ge7kfrWDzrwtV+YIgjx2YU5kNO5sKfdkNbnTUzoc7MbHVDEmL7UfFqwq40P
HPeNr48wbKYEm7kpFJdHPvhbj9XW5J0p2FZGYTptp+HgV/SMbHBSwQk4I832GGsJ
rFM3u+7t12GWCSKi+jyuR6s0N+0IHZMw9oDP+LDc7POW/QvFgO9E8Pe6vQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFIMhotp5BfRDnfgf+YNMJO6t7+6iMB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvZ3lHaTJua0Y5RU9kLUJfNWcwd2s3cTN2N3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCLpWgAwQB
UPBiMAwDBAJQ8HQDBAJQ8HgDBABT5UIDBAJnDmgDBAK5EigDBALBLzgDBALD2IAD
BALUZzgDBAHZwogwDQYJKoZIhvcNAQELBQADggEBAGOzmwFfifpg1Qvh3yXxI3Yz
z/Rs4inqRsXZd+OQZZ71bwZV4ALDTWIgRTPIf3hNGsf7ObkQ5tOjyiZVIqBt9/J1
hK84TLl9mueM6kRrrwis9baigIqNJl48+tryaWO3fErZOtF5V6XwDc+t+09xdbuL
CLDKwhnNzymT3Q1/UEC3IPDLKfoUBFNdfq2g/paj42h0uhF9XN78sKVsxrEsHSNQ
ek/JuyHK8Hw4/WLc6kIgPif5SuEuLt04pdtPXiZyiL65EZyJmkxCYDmhPYqMVphv
EPfmjfsPbtvBj+5meYVApYp7DtM5sVttPfKfewzcqYfVyoBwmk8m0O3tJSMhYYs=
-----END CERTIFICATE-----