Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/n6XEZLs3wNUAoj86caMU0APIHZs.roa
File:                     n6XEZLs3wNUAoj86caMU0APIHZs.roa (raw, json)
Hash identifier:          dDWp2+cQ6tUPqgTNgkxNqAVwQzpe/EniFPSHkYSi62s=
Subject key identifier:   9F:A5:C4:64:BB:37:C0:D5:00:A2:3F:3A:71:A3:14:D0:03:C8:1D:9B
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       0181D298581132C66CB3FDCFB3EDEE2E507B
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/n6XEZLs3wNUAoj86caMU0APIHZs.roa
Signing time:             Wed 06 Jul 2022 08:20:08 +0000
ROA not before:           Wed 06 Jul 2022 08:20:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203020
IP address blocks:        83.229.66.0/24 maxlen: 32
                          80.240.98.0/23 maxlen: 32
                          217.194.136.0/24 maxlen: 32
                          217.194.136.0/23 maxlen: 32
                          80.240.116.0/22 maxlen: 32
                          212.103.56.0/22 maxlen: 32
                          80.240.120.0/22 maxlen: 32
                          193.47.56.0/22 maxlen: 32
                          185.18.40.0/22 maxlen: 32
                          195.216.128.0/22 maxlen: 32
                          103.14.104.0/22 maxlen: 32
                          46.149.160.0/22 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:d2:98:58:11:32:c6:6c:b3:fd:cf:b3:ed:ee:2e:50:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: Jul  6 08:20:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9fa5c464bb37c0d500a23f3a71a314d003c81d9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1d:66:3b:d1:80:f2:7e:1f:b8:bd:01:96:af:
                    e1:14:73:67:59:a2:b0:ae:29:3d:41:36:99:ff:78:
                    5f:50:1a:5d:64:53:58:d8:85:c7:5a:f3:b6:08:86:
                    1a:8b:bc:85:1f:a7:8d:ee:d2:95:e4:46:68:b6:5f:
                    88:63:04:33:ee:2d:58:22:70:e3:b1:32:05:45:a8:
                    f7:79:5e:0b:a4:c1:44:51:85:34:7c:39:49:8c:c1:
                    93:09:1d:d4:f7:26:d1:05:3d:87:fb:98:39:b0:bb:
                    9f:70:4b:54:59:17:d5:f5:dc:38:cb:59:f5:15:d6:
                    59:f2:cf:7d:33:9e:72:36:99:66:e0:d6:78:25:ba:
                    d3:57:3f:e3:e0:93:13:96:51:35:ca:b0:6a:a1:ef:
                    03:7c:9d:74:e4:60:98:58:4c:f9:05:24:e9:4b:93:
                    5f:05:45:d1:d8:b0:c4:27:af:f7:76:11:ca:de:18:
                    14:b3:93:c9:4c:86:c6:27:6a:e6:93:73:86:69:21:
                    dd:50:f8:fa:41:16:7b:9b:10:69:99:e9:b2:34:da:
                    40:e9:f3:c0:8d:08:55:13:5a:1c:40:a3:d1:61:bd:
                    92:8a:eb:27:10:65:ee:6b:c9:f3:0d:98:c8:62:7e:
                    1c:1f:24:cb:ef:f1:d8:dc:9d:67:30:5c:f2:5f:9e:
                    dd:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A5:C4:64:BB:37:C0:D5:00:A2:3F:3A:71:A3:14:D0:03:C8:1D:9B
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/n6XEZLs3wNUAoj86caMU0APIHZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.160.0/22
                  80.240.98.0/23
                  80.240.116.0-80.240.123.255
                  83.229.66.0/24
                  103.14.104.0/22
                  185.18.40.0/22
                  193.47.56.0/22
                  195.216.128.0/22
                  212.103.56.0/22
                  217.194.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:37:ba:7b:8b:60:54:ed:fd:0a:da:c1:d6:3a:a6:87:c9:6d:
         5f:e9:a2:60:85:ec:0f:b9:ad:ce:6b:34:cb:eb:76:d9:d9:ac:
         1e:99:db:58:46:88:5d:94:e8:1a:ef:ba:f9:7d:6f:b1:cf:2a:
         3d:a5:1a:50:56:ad:db:56:12:7d:6b:6a:0c:a1:98:4d:17:8f:
         1f:5c:41:00:a6:04:7c:4f:ef:18:3c:bb:d8:af:c6:a1:86:0a:
         b8:ef:a6:70:df:42:1b:2f:a7:55:09:c7:1d:66:e7:a4:e4:20:
         c9:96:30:9c:7d:c9:45:a0:3e:4d:18:6a:f8:d6:b6:58:9c:95:
         94:b0:46:71:0b:3d:d6:02:48:ea:ec:3c:02:3a:3f:6e:3a:e7:
         fb:ba:de:7f:c6:f8:2d:2c:c3:d9:eb:a9:cd:91:d5:a1:9d:75:
         42:eb:ef:13:c1:43:9f:15:37:e7:1c:b6:2d:81:d7:f1:5a:35:
         7d:20:50:de:7a:2d:a5:7c:11:4b:d0:e6:53:ee:10:9b:96:62:
         41:b0:f3:49:5d:38:02:59:7f:d4:7f:0e:40:e4:14:e1:67:23:
         23:25:dc:33:55:91:97:fd:39:6b:92:a3:79:94:6b:7e:fd:cd:
         3b:61:9a:19:7e:4a:be:6f:24:e1:f5:43:65:7a:d0:fe:4d:2c:
         fb:d0:87:05
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYHSmFgRMsZss/3Ps+3uLlB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjIwNzA2MDgyMDA4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmE1YzQ2NGJiMzdjMGQ1MDBhMjNmM2E3MWEzMTRkMDAzYzgxZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB1mO9GA8n4fuL0Blq/hFHNnWaKw
rik9QTaZ/3hfUBpdZFNY2IXHWvO2CIYai7yFH6eN7tKV5EZotl+IYwQz7i1YInDj
sTIFRaj3eV4LpMFEUYU0fDlJjMGTCR3U9ybRBT2H+5g5sLufcEtUWRfV9dw4y1n1
FdZZ8s99M55yNplm4NZ4JbrTVz/j4JMTllE1yrBqoe8DfJ105GCYWEz5BSTpS5Nf
BUXR2LDEJ6/3dhHK3hgUs5PJTIbGJ2rmk3OGaSHdUPj6QRZ7mxBpmemyNNpA6fPA
jQhVE1ocQKPRYb2SiusnEGXua8nzDZjIYn4cHyTL7/HY3J1nMFzyX57dhwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJ+lxGS7N8DVAKI/OnGjFNADyB2bMB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvbjZYRVpMczN3TlVBb2o4NmNhTVUwQVBJSFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCLpWgAwQB
UPBiMAwDBAJQ8HQDBAJQ8HgDBABT5UIDBAJnDmgDBAK5EigDBALBLzgDBALD2IAD
BALUZzgDBAHZwogwDQYJKoZIhvcNAQELBQADggEBAFo3unuLYFTt/QrawdY6pofJ
bV/pomCF7A+5rc5rNMvrdtnZrB6Z21hGiF2U6Brvuvl9b7HPKj2lGlBWrdtWEn1r
agyhmE0Xjx9cQQCmBHxP7xg8u9ivxqGGCrjvpnDfQhsvp1UJxx1m56TkIMmWMJx9
yUWgPk0YavjWtliclZSwRnELPdYCSOrsPAI6P2465/u63n/G+C0sw9nrqc2R1aGd
dULr7xPBQ58VN+ccti2B1/FaNX0gUN56LaV8EUvQ5lPuEJuWYkGw80ldOAJZf9R/
DkDkFOFnIyMl3DNVkZf9OWuSo3mUa379zTthmhl+Sr5vJOH1Q2V60P5NLPvQhwU=
-----END CERTIFICATE-----