Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/CW7-N-nIP3tF02fd_kiBaA4nKs4.roa
File:                     CW7-N-nIP3tF02fd_kiBaA4nKs4.roa (raw, json)
Hash identifier:          wDHv8fJQ6H2+gA3XhtZQ3wuTJnbzBhzGO5BcFiQ3edk=
Subject key identifier:   09:6E:FE:37:E9:C8:3F:7B:45:D3:67:DD:FE:48:81:68:0E:27:2A:CE
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0184B96F66D8331A8DD731C355D3F4F0EB2F
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/CW7-N-nIP3tF02fd_kiBaA4nKs4.roa
Signing time:             Sun 27 Nov 2022 14:13:16 +0000
ROA not before:           Sun 27 Nov 2022 14:13:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.231.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 22
                          88.209.227.0/24 maxlen: 24
                          83.137.152.0/24 maxlen: 24
                          83.137.154.0/23 maxlen: 24
                          88.209.204.0/22 maxlen: 24
                          88.209.200.0/22 maxlen: 32
                          88.209.205.0/24 maxlen: 24
                          88.209.206.0/24 maxlen: 24
                          88.209.226.0/24 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.151.63.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:b9:6f:66:d8:33:1a:8d:d7:31:c3:55:d3:f4:f0:eb:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Nov 27 14:13:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=096efe37e9c83f7b45d367ddfe4881680e272ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:75:cb:99:21:6c:a5:79:b3:f5:d2:65:45:92:
                    94:a0:c3:90:8a:2b:03:39:74:e6:0b:bb:e6:2c:bc:
                    43:21:72:60:c0:d2:4c:1f:1f:75:7c:4b:ee:59:4d:
                    fc:2a:50:15:14:06:45:b3:2a:5f:13:4d:c7:02:ff:
                    ef:e0:da:4f:b3:6d:9f:f6:ad:6a:36:fe:75:29:2f:
                    5c:60:dd:48:7d:17:20:b0:f2:c8:ac:06:48:c2:a6:
                    4a:d8:cb:40:49:d0:1b:f8:92:a7:3c:1e:f2:b1:57:
                    b5:c8:e4:ca:c2:e1:bd:49:c9:2d:66:6f:a2:9f:75:
                    d7:a0:b6:5c:ac:1a:13:02:d0:1c:0b:bd:b9:f8:4a:
                    c9:de:89:8b:9c:31:16:4e:e7:a4:4f:23:60:24:63:
                    ce:7b:94:67:25:02:eb:47:cf:e4:ed:1d:12:7f:37:
                    4e:db:58:7b:3b:ed:b7:77:45:a1:44:cb:56:56:b5:
                    46:71:f3:cc:fd:87:e5:08:9b:10:b0:eb:85:89:f1:
                    97:c7:58:5d:55:97:2d:05:c3:92:18:c9:b8:a0:63:
                    82:15:c1:4f:87:6c:8a:24:9f:86:06:01:d5:ca:4f:
                    fd:b4:19:3b:b9:05:a6:b3:9d:b4:2b:98:c1:17:ad:
                    2b:ed:14:45:d7:c5:a9:15:05:36:f5:12:61:2e:8c:
                    6b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:6E:FE:37:E9:C8:3F:7B:45:D3:67:DD:FE:48:81:68:0E:27:2A:CE
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/CW7-N-nIP3tF02fd_kiBaA4nKs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.152.0/24
                  83.137.154.0/23
                  88.151.61.0/24
                  88.151.63.0/24
                  88.209.200.0/21
                  88.209.226.0/23
                  88.209.231.0-88.209.235.255
                  178.210.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:0e:c6:e3:d9:e4:32:10:c9:bb:69:0f:41:54:ae:1e:0a:3a:
         b6:18:7f:14:72:97:e6:82:10:2b:6a:62:3c:e5:bf:ec:16:da:
         da:48:77:40:a7:1b:19:cb:21:3d:11:94:1e:d5:33:1b:45:e4:
         51:44:7c:42:c1:b3:66:6c:1d:4d:3d:54:56:7c:ff:d7:34:db:
         27:b4:b7:1c:8c:4c:16:de:46:46:e1:52:4b:a8:19:d8:2c:27:
         01:e7:1c:d3:6b:64:f3:9f:77:97:ad:ea:fe:b0:94:f6:ba:dd:
         05:90:da:89:aa:4e:bf:db:7b:d9:a0:81:0a:60:53:90:f6:14:
         64:b1:20:9e:2f:05:c4:39:e3:c1:b1:79:04:f7:bc:5e:20:e6:
         3d:c9:91:bd:3d:b1:34:e6:79:1c:a1:43:0a:a3:9d:bf:76:41:
         07:2d:aa:e1:4a:d4:a4:93:63:13:87:e7:e6:bd:37:5f:74:27:
         96:ce:7f:60:fa:98:8d:3b:46:51:5e:57:54:04:d2:69:73:c5:
         c0:35:b9:20:36:2f:fc:23:5c:f9:ca:2f:00:44:d9:f5:a3:a4:
         3f:4a:0e:80:0d:ce:3a:a0:a4:ad:8e:23:80:07:d3:dc:bc:a3:
         6b:20:33:81:f3:87:ca:44:4b:87:12:82:5a:c4:a8:89:c1:28:
         3c:15:39:9c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYS5b2bYMxqN1zHDVdP08OsvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMTI3MTQxMzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTZlZmUzN2U5YzgzZjdiNDVkMzY3ZGRmZTQ4ODE2ODBlMjcyYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3XLmSFspXmz9dJlRZKUoMOQiisD
OXTmC7vmLLxDIXJgwNJMHx91fEvuWU38KlAVFAZFsypfE03HAv/v4NpPs22f9q1q
Nv51KS9cYN1IfRcgsPLIrAZIwqZK2MtASdAb+JKnPB7ysVe1yOTKwuG9ScktZm+i
n3XXoLZcrBoTAtAcC725+ErJ3omLnDEWTuekTyNgJGPOe5RnJQLrR8/k7R0SfzdO
21h7O+23d0WhRMtWVrVGcfPM/YflCJsQsOuFifGXx1hdVZctBcOSGMm4oGOCFcFP
h2yKJJ+GBgHVyk/9tBk7uQWms520K5jBF60r7RRF18WpFQU29RJhLoxr8QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFAlu/jfpyD97RdNn3f5IgWgOJyrOMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvQ1c3LU4tbklQM3RGMDJmZF9raUJhQTRuS3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAU4mYAwQB
U4maAwQAWJc9AwQAWJc/AwQDWNHIAwQBWNHiMAwDBABY0ecDBAJY0egDBACy0vww
DQYJKoZIhvcNAQELBQADggEBAEkOxuPZ5DIQybtpD0FUrh4KOrYYfxRyl+aCECtq
Yjzlv+wW2tpId0CnGxnLIT0RlB7VMxtF5FFEfELBs2ZsHU09VFZ8/9c02ye0txyM
TBbeRkbhUkuoGdgsJwHnHNNrZPOfd5et6v6wlPa63QWQ2omqTr/be9mggQpgU5D2
FGSxIJ4vBcQ548GxeQT3vF4g5j3Jkb09sTTmeRyhQwqjnb92QQctquFK1KSTYxOH
5+a9N190J5bOf2D6mI07RlFeV1QE0mlzxcA1uSA2L/wjXPnKLwBE2fWjpD9KDoAN
zjqgpK2OI4AH09y8o2sgM4Hzh8pES4cSglrEqInBKDwVOZw=
-----END CERTIFICATE-----