Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/e1c7c9-cc80-45d7-a6d8-af334a0a1e93/1/Lh_oRF0yp1gHB9Te2S6iN-qtnR0.roa
File:                     Lh_oRF0yp1gHB9Te2S6iN-qtnR0.roa (raw, json)
Hash identifier:          qa7L7QtoDQ1JXy0q9niyBgXwE84MEWaLjopEnQWGgDM=
Subject key identifier:   2E:1F:E8:44:5D:32:A7:58:07:07:D4:DE:D9:2E:A2:37:EA:AD:9D:1D
Certificate issuer:       /CN=8e57b1447642c14f11c04b641cf1d8de8adac784
Certificate serial:       018539095566C0A2F8F2086C1D55B52CBBC8
Authority key identifier: 8E:57:B1:44:76:42:C1:4F:11:C0:4B:64:1C:F1:D8:DE:8A:DA:C7:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jlexRHZCwU8RwEtkHPHY3orax4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/e1c7c9-cc80-45d7-a6d8-af334a0a1e93/1/Lh_oRF0yp1gHB9Te2S6iN-qtnR0.roa
Signing time:             Thu 22 Dec 2022 08:53:10 +0000
ROA not before:           Thu 22 Dec 2022 08:53:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35213
IP address blocks:        91.239.139.0/24 maxlen: 24
                          91.239.138.0/24 maxlen: 24
                          91.239.137.0/24 maxlen: 24
                          91.239.136.0/22 maxlen: 22
                          91.239.136.0/24 maxlen: 24
                          91.201.168.0/24 maxlen: 24
                          176.111.51.0/24 maxlen: 24
                          193.0.247.0/24 maxlen: 24
                          91.205.67.0/24 maxlen: 24
                          91.205.66.0/24 maxlen: 24
                          91.205.65.0/24 maxlen: 24
                          91.205.64.0/22 maxlen: 22
                          91.205.64.0/24 maxlen: 24
                          2a13:61c0::/29 maxlen: 29
                          2001:678:31c::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:39:09:55:66:c0:a2:f8:f2:08:6c:1d:55:b5:2c:bb:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e57b1447642c14f11c04b641cf1d8de8adac784
        Validity
            Not Before: Dec 22 08:53:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2e1fe8445d32a7580707d4ded92ea237eaad9d1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2c:1c:7d:3b:59:11:c8:f5:a1:4c:ca:07:f2:
                    44:a1:f8:cf:50:d2:30:41:45:25:4f:8b:df:c4:5d:
                    ce:21:0a:ef:d3:25:74:18:e6:1b:2c:82:05:49:ac:
                    94:0d:92:36:08:41:08:a4:93:7b:02:bc:b1:79:32:
                    29:a4:1c:7b:e6:44:64:4e:6b:6c:00:28:56:93:16:
                    96:01:de:30:c6:97:ed:fa:c5:3b:74:45:8e:d5:38:
                    4d:c1:e5:82:08:d9:95:8f:18:94:92:26:38:b4:6b:
                    8d:f4:b6:96:bf:b9:f3:fb:ff:f9:ae:27:a4:8c:1c:
                    75:8c:85:b5:0e:67:a5:f5:14:a6:c4:8a:f0:d5:bb:
                    cd:bd:d6:d7:d0:78:9b:c6:78:6b:0f:7d:2c:b0:c8:
                    32:68:09:e6:74:ba:e3:77:92:e9:2a:4b:c3:63:6c:
                    95:81:b9:5d:05:22:71:29:c2:35:86:07:bf:46:c0:
                    c5:34:52:48:c2:c3:c0:e5:0a:0d:9c:3e:cb:93:0a:
                    a4:6a:79:0a:50:6a:20:7a:75:5a:40:e9:53:2c:f1:
                    bc:cb:4a:54:00:f9:1b:a8:38:d5:3d:17:47:68:8d:
                    09:65:fd:16:82:38:40:97:f8:3e:14:b2:91:a6:da:
                    4e:78:d5:47:34:67:22:b9:01:c1:f8:d6:1e:f1:28:
                    3c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:1F:E8:44:5D:32:A7:58:07:07:D4:DE:D9:2E:A2:37:EA:AD:9D:1D
            X509v3 Authority Key Identifier:
                keyid:8E:57:B1:44:76:42:C1:4F:11:C0:4B:64:1C:F1:D8:DE:8A:DA:C7:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jlexRHZCwU8RwEtkHPHY3orax4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e1c7c9-cc80-45d7-a6d8-af334a0a1e93/1/Lh_oRF0yp1gHB9Te2S6iN-qtnR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e1c7c9-cc80-45d7-a6d8-af334a0a1e93/1/jlexRHZCwU8RwEtkHPHY3orax4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.168.0/24
                  91.205.64.0/22
                  91.239.136.0/22
                  176.111.51.0/24
                  193.0.247.0/24
                IPv6:
                  2001:678:31c::/48
                  2a13:61c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:80:c7:1b:85:c5:c4:3f:41:24:83:6d:9b:3f:8c:de:ea:14:
         08:9b:0a:f6:ec:41:62:1b:68:40:2b:62:88:05:76:e0:88:56:
         a2:c4:b7:ce:1a:7b:ec:c1:72:4b:e1:38:c5:3c:5b:2e:0d:71:
         07:6d:2d:78:ce:9d:b1:44:d1:4d:33:f3:ef:70:d8:6d:10:91:
         60:71:8c:59:01:59:8c:7d:dc:f6:7b:28:63:d0:27:b1:8e:65:
         34:07:f6:f9:9f:93:22:c2:ef:03:e6:71:21:e1:5f:4d:8d:10:
         32:4c:32:0c:01:68:3a:de:a0:19:7e:ea:39:8a:94:cc:10:1d:
         db:1c:48:55:19:0a:8c:67:fa:b8:77:a3:3a:3d:38:13:8e:48:
         99:18:df:ea:14:bf:c4:c9:45:f5:b5:39:78:82:9a:bf:79:c1:
         cf:fa:35:81:3e:47:9b:85:dd:1c:52:9a:a1:2f:83:b4:1f:9d:
         e1:af:6d:f8:74:1b:73:a9:61:3f:b5:90:6b:d8:fc:59:6e:ba:
         b3:ab:a7:51:34:00:65:07:e7:7c:d5:c9:1b:4e:6e:e8:c8:bc:
         17:6a:13:7f:1e:e3:b2:3f:73:d7:5c:54:8b:d8:ec:bf:48:45:
         3a:85:4e:91:c0:b6:ef:cc:53:44:f7:3d:5f:53:4b:3e:00:55:
         6d:96:05:9f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYU5CVVmwKL48ghsHVW1LLvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNTdiMTQ0NzY0MmMxNGYxMWMwNGI2NDFjZjFkOGRlOGFk
YWM3ODQwHhcNMjIxMjIyMDg1MzEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTFmZTg0NDVkMzJhNzU4MDcwN2Q0ZGVkOTJlYTIzN2VhYWQ5ZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSwcfTtZEcj1oUzKB/JEofjPUNIw
QUUlT4vfxF3OIQrv0yV0GOYbLIIFSayUDZI2CEEIpJN7AryxeTIppBx75kRkTmts
AChWkxaWAd4wxpft+sU7dEWO1ThNweWCCNmVjxiUkiY4tGuN9LaWv7nz+//5riek
jBx1jIW1Dmel9RSmxIrw1bvNvdbX0HibxnhrD30ssMgyaAnmdLrjd5LpKkvDY2yV
gbldBSJxKcI1hge/RsDFNFJIwsPA5QoNnD7LkwqkankKUGogenVaQOlTLPG8y0pU
APkbqDjVPRdHaI0JZf0WgjhAl/g+FLKRptpOeNVHNGciuQHB+NYe8Sg8FwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFC4f6ERdMqdYBwfU3tkuojfqrZ0dMB8GA1UdIwQY
MBaAFI5XsUR2QsFPEcBLZBzx2N6K2seEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamxleFJIWkN3VThSd0V0a0hQSFkzb3JheDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9lMWM3YzktY2M4MC00NWQ3LWE2ZDgt
YWYzMzRhMGExZTkzLzEvTGhfb1JGMHlwMWdIQjlUZTJTNmlOLXF0blIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9lMWM3YzktY2M4MC00NWQ3LWE2ZDgtYWYzMzRhMGExZTkz
LzEvamxleFJIWkN3VThSd0V0a0hQSFkzb3JheDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQAW8moAwQC
W81AAwQCW++IAwQAsG8zAwQAwQD3MBYEAgACMBADBwAgAQZ4AxwDBQMqE2HAMA0G
CSqGSIb3DQEBCwUAA4IBAQABgMcbhcXEP0Ekg22bP4ze6hQImwr27EFiG2hAK2KI
BXbgiFaixLfOGnvswXJL4TjFPFsuDXEHbS14zp2xRNFNM/PvcNhtEJFgcYxZAVmM
fdz2eyhj0CexjmU0B/b5n5Miwu8D5nEh4V9NjRAyTDIMAWg63qAZfuo5ipTMEB3b
HEhVGQqMZ/q4d6M6PTgTjkiZGN/qFL/EyUX1tTl4gpq/ecHP+jWBPkebhd0cUpqh
L4O0H53hr234dBtzqWE/tZBr2PxZbrqzq6dRNABlB+d81ckbTm7oyLwXahN/HuOy
P3PXXFSL2Oy/SEU6hU6RwLbvzFNE9z1fU0s+AFVtlgWf
-----END CERTIFICATE-----