Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ZHQ5Qy19SMd-ZawSKd-k0uq4nnY.roa
File:                     ZHQ5Qy19SMd-ZawSKd-k0uq4nnY.roa (raw, json)
Hash identifier:          r6BwWf+YjAIbU3Ay0DmCWeACoMp1JZ+/wE287macXk0=
Subject key identifier:   64:74:39:43:2D:7D:48:C7:7E:65:AC:12:29:DF:A4:D2:EA:B8:9E:76
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018205E9BD2C5AA5F9EF2F51026D4F0C6366
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ZHQ5Qy19SMd-ZawSKd-k0uq4nnY.roa
Signing time:             Sat 16 Jul 2022 07:29:40 +0000
ROA not before:           Sat 16 Jul 2022 07:29:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.230.0/24 maxlen: 24
                          92.52.214.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 22
                          88.209.229.0/24 maxlen: 24
                          88.209.244.0/23 maxlen: 23
                          88.209.252.0/24 maxlen: 24
                          83.137.152.0/24 maxlen: 24
                          88.209.255.0/24 maxlen: 24
                          88.209.204.0/24 maxlen: 32
                          88.209.204.0/22 maxlen: 32
                          88.209.200.0/22 maxlen: 32
                          5.182.114.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:05:e9:bd:2c:5a:a5:f9:ef:2f:51:02:6d:4f:0c:63:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul 16 07:29:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=647439432d7d48c77e65ac1229dfa4d2eab89e76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6a:16:e7:fd:8a:c1:ea:83:85:ba:f4:f1:ec:
                    42:6b:b5:56:74:e8:de:63:b5:05:13:9c:83:21:44:
                    f7:c1:16:3b:90:65:59:df:46:8a:5f:8b:7f:b0:05:
                    b6:86:19:79:a0:dd:60:80:ba:49:b2:45:65:9d:a0:
                    f7:34:07:7c:b5:e3:77:e8:55:f7:f8:ce:12:95:9f:
                    39:44:db:51:5c:36:5d:70:76:4f:ba:61:8c:2e:e7:
                    00:34:fc:9f:55:88:84:8f:35:4a:08:e7:81:41:95:
                    37:43:99:11:b6:9d:db:3d:e0:18:22:4e:8c:12:6d:
                    a5:b3:a9:93:52:25:88:7d:11:9b:db:bb:53:8c:65:
                    5d:63:92:cc:88:37:63:d1:41:ee:e2:4c:58:f6:2d:
                    99:97:00:17:43:ed:15:67:78:a9:dd:2d:5a:73:f0:
                    67:e5:06:c0:f6:86:6a:d1:5e:a4:0c:51:1e:a8:ff:
                    44:18:fc:2a:52:61:bd:06:3d:51:41:cf:11:12:8c:
                    6a:35:74:78:28:76:43:10:6f:83:bc:c2:f6:c0:3f:
                    b0:96:5b:af:32:d3:24:af:3f:5a:61:3d:48:50:d5:
                    b5:7c:85:1a:5b:d9:7a:a6:3a:f7:c6:6c:de:d8:c8:
                    ad:d7:d0:df:c7:a2:51:de:6c:24:e9:1e:6c:2c:06:
                    0d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:74:39:43:2D:7D:48:C7:7E:65:AC:12:29:DF:A4:D2:EA:B8:9E:76
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ZHQ5Qy19SMd-ZawSKd-k0uq4nnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.114.0/24
                  83.137.152.0/24
                  88.209.200.0/21
                  88.209.229.0-88.209.230.255
                  88.209.232.0/22
                  88.209.244.0/23
                  88.209.252.0/24
                  88.209.255.0/24
                  92.52.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:73:ca:b3:ac:1a:9d:e5:9f:e2:91:a6:10:44:9a:10:81:a7:
         63:0f:d1:a4:f3:17:24:36:b5:11:e9:94:78:aa:1b:44:63:2d:
         6d:ff:2a:6b:9d:f9:52:e1:ff:9f:43:cd:44:84:c3:f4:bb:6a:
         95:4f:b6:fb:35:58:fb:95:ee:ab:45:69:0f:6c:77:fd:9b:50:
         3d:42:d5:55:1b:59:48:aa:3d:5b:34:c2:dd:0d:08:b7:4b:e2:
         8c:23:fc:96:4f:9b:21:c7:0f:bb:91:4b:a6:f3:1e:81:36:ba:
         07:b2:04:3f:db:6e:45:44:5e:70:14:27:14:5a:79:5f:63:66:
         00:1a:8d:a5:1f:ca:fe:b1:b0:de:50:63:9e:94:f7:f4:4b:16:
         f6:39:14:26:bf:ed:e8:79:2f:00:14:0c:d6:87:73:b8:99:d1:
         14:cc:8b:a4:21:df:a8:ec:c9:b1:b1:a1:c3:c6:e5:f2:0b:2c:
         0e:1c:51:2d:11:a2:0b:5b:aa:ac:e4:38:98:16:35:67:9f:9d:
         e9:b9:6c:7b:f0:c1:c9:39:69:df:c5:c3:32:67:10:3e:ed:cd:
         87:00:b8:4b:08:d0:a7:fb:d5:4a:14:f3:09:5e:7d:fa:b5:29:
         67:44:fd:62:49:19:93:b5:7d:f9:e2:fa:31:f6:c4:94:c7:c5:
         68:7d:f2:6d
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYIF6b0sWqX57y9RAm1PDGNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwNzE2MDcyOTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDc0Mzk0MzJkN2Q0OGM3N2U2NWFjMTIyOWRmYTRkMmVhYjg5ZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmoW5/2KweqDhbr08exCa7VWdOje
Y7UFE5yDIUT3wRY7kGVZ30aKX4t/sAW2hhl5oN1ggLpJskVlnaD3NAd8teN36FX3
+M4SlZ85RNtRXDZdcHZPumGMLucANPyfVYiEjzVKCOeBQZU3Q5kRtp3bPeAYIk6M
Em2ls6mTUiWIfRGb27tTjGVdY5LMiDdj0UHu4kxY9i2ZlwAXQ+0VZ3ip3S1ac/Bn
5QbA9oZq0V6kDFEeqP9EGPwqUmG9Bj1RQc8REoxqNXR4KHZDEG+DvML2wD+wlluv
MtMkrz9aYT1IUNW1fIUaW9l6pjr3xmze2Mit19Dfx6JR3mwk6R5sLAYNFQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGR0OUMtfUjHfmWsEinfpNLquJ52MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWkhRNVF5MTlTTWQtWmF3U0tkLWswdXE0bm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABbZyAwQA
U4mYAwQDWNHIMAwDBABY0eUDBABY0eYDBAJY0egDBAFY0fQDBABY0fwDBABY0f8D
BABcNNYwDQYJKoZIhvcNAQELBQADggEBAJNzyrOsGp3ln+KRphBEmhCBp2MP0aTz
FyQ2tRHplHiqG0RjLW3/Kmud+VLh/59DzUSEw/S7apVPtvs1WPuV7qtFaQ9sd/2b
UD1C1VUbWUiqPVs0wt0NCLdL4owj/JZPmyHHD7uRS6bzHoE2ugeyBD/bbkVEXnAU
JxRaeV9jZgAajaUfyv6xsN5QY56U9/RLFvY5FCa/7eh5LwAUDNaHc7iZ0RTMi6Qh
36jsybGxocPG5fILLA4cUS0RogtbqqzkOJgWNWefnem5bHvwwck5ad/FwzJnED7t
zYcAuEsI0Kf71UoU8wleffq1KWdE/WJJGZO1ffni+jH2xJTHxWh98m0=
-----END CERTIFICATE-----