Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/mFYOpARM1PbjDBuPC3Vsi3xvs90.roa
File:                     mFYOpARM1PbjDBuPC3Vsi3xvs90.roa (raw, json)
Hash identifier:          8tpXLVIZl7cQqTkRnsmaCxhGN6xuLdLbf7z+LNWGjpo=
Subject key identifier:   98:56:0E:A4:04:4C:D4:F6:E3:0C:1B:8F:0B:75:6C:8B:7C:6F:B3:DD
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018249C944280BEC5926010FE9624A65C877
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/mFYOpARM1PbjDBuPC3Vsi3xvs90.roa
Signing time:             Fri 29 Jul 2022 11:48:23 +0000
ROA not before:           Fri 29 Jul 2022 11:48:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211619
IP address blocks:        88.209.228.0/24 maxlen: 24
                          92.52.218.0/24 maxlen: 24
                          88.209.229.0/24 maxlen: 24
                          88.209.236.0/22 maxlen: 22
                          83.137.156.0/24 maxlen: 24
                          83.137.157.0/24 maxlen: 24
                          83.137.153.0/24 maxlen: 24
                          45.9.168.0/24 maxlen: 24
                          77.242.152.0/22 maxlen: 22
                          88.151.62.0/24 maxlen: 24
                          5.182.112.0/24 maxlen: 24
                          5.182.115.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:49:c9:44:28:0b:ec:59:26:01:0f:e9:62:4a:65:c8:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul 29 11:48:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=98560ea4044cd4f6e30c1b8f0b756c8b7c6fb3dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c7:c7:53:11:6c:65:8e:cf:55:4e:53:24:45:
                    34:82:35:92:21:8c:7f:33:a9:32:a3:09:e1:c5:f5:
                    b6:19:83:90:e1:a8:0e:e1:71:7e:95:a1:72:d8:ac:
                    40:89:32:d6:8a:ff:fe:a7:f5:0a:c1:58:ed:5e:a6:
                    55:8b:37:b1:7f:e8:63:2b:a9:f6:37:d5:d4:54:d2:
                    3b:f3:78:bc:12:5c:a6:c1:5d:51:64:01:16:da:45:
                    29:dc:61:e6:9d:4f:78:a0:6b:d8:82:b1:07:a4:b4:
                    2a:d8:6f:32:ea:bf:44:10:69:fb:37:b2:29:11:90:
                    a1:2a:57:58:b8:fe:ce:30:b8:64:4b:89:5c:29:11:
                    c0:66:0f:d1:86:48:e5:6e:32:f3:f2:b7:e7:cb:77:
                    f0:8d:81:b5:2b:b5:39:21:ad:9f:7c:3e:20:63:4f:
                    b1:43:e1:a7:a1:a8:f9:2b:e9:8c:6e:fc:84:73:ec:
                    35:dc:0f:11:4d:55:57:65:68:2f:4f:31:15:29:b8:
                    28:f6:30:39:15:46:63:d0:ae:45:81:cf:e9:95:22:
                    0b:2a:e2:6b:c9:a6:21:15:93:72:24:8c:d8:79:cb:
                    ce:43:d1:3b:ed:5f:c1:3c:df:07:a9:95:90:ad:e5:
                    26:c4:98:fb:e9:a0:d9:67:c8:75:41:c4:c2:6e:c0:
                    35:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:56:0E:A4:04:4C:D4:F6:E3:0C:1B:8F:0B:75:6C:8B:7C:6F:B3:DD
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/mFYOpARM1PbjDBuPC3Vsi3xvs90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.112.0/24
                  5.182.115.0/24
                  45.9.168.0/24
                  77.242.152.0/22
                  83.137.153.0/24
                  83.137.156.0/23
                  88.151.62.0/24
                  88.209.228.0/23
                  88.209.236.0/22
                  92.52.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:55:d8:94:0d:32:e5:9a:d4:7f:5e:4b:ec:a0:a7:3d:47:28:
         18:d7:29:8c:4b:91:27:ac:fc:c9:61:8c:19:a7:86:9c:95:52:
         d7:d4:c0:12:66:f0:69:4d:86:74:de:a2:70:ad:98:27:ff:0c:
         bd:d6:49:59:c4:2d:ac:62:1a:0e:da:98:ef:55:41:6b:5b:43:
         91:49:e1:a8:73:ab:7b:ca:d4:27:aa:24:65:7a:aa:21:31:40:
         53:77:ee:36:56:d4:8c:28:cd:ee:3a:e1:de:bc:05:8b:8d:5f:
         a7:de:65:5d:e9:6f:06:23:13:8a:2c:1e:7f:4e:34:8c:02:70:
         8e:f4:84:c6:62:ed:c4:b8:c5:4d:ee:fa:8c:c7:be:ff:30:1c:
         aa:e1:dd:93:5b:7f:67:81:97:56:e5:ec:ba:11:3b:66:68:1b:
         1b:6a:d6:2d:81:5b:d1:3a:7e:d3:df:dc:bd:b3:83:92:37:85:
         75:71:97:0f:28:dc:99:0a:70:86:17:ee:0d:e8:4b:a3:06:f2:
         40:35:e8:1a:a8:36:5b:41:38:9a:fb:f1:8f:e2:a9:ac:92:b4:
         a9:ff:ea:85:fd:00:b4:1b:fd:ca:11:a2:10:42:f2:00:bf:98:
         16:c1:f3:b1:56:25:c8:dc:95:47:93:ca:33:14:24:13:32:a5:
         90:a7:3b:b2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYJJyUQoC+xZJgEP6WJKZch3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwNzI5MTE0ODIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODU2MGVhNDA0NGNkNGY2ZTMwYzFiOGYwYjc1NmM4YjdjNmZiM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcfHUxFsZY7PVU5TJEU0gjWSIYx/
M6kyownhxfW2GYOQ4agO4XF+laFy2KxAiTLWiv/+p/UKwVjtXqZVizexf+hjK6n2
N9XUVNI783i8ElymwV1RZAEW2kUp3GHmnU94oGvYgrEHpLQq2G8y6r9EEGn7N7Ip
EZChKldYuP7OMLhkS4lcKRHAZg/RhkjlbjLz8rfny3fwjYG1K7U5Ia2ffD4gY0+x
Q+Gnoaj5K+mMbvyEc+w13A8RTVVXZWgvTzEVKbgo9jA5FUZj0K5Fgc/plSILKuJr
yaYhFZNyJIzYecvOQ9E77V/BPN8HqZWQreUmxJj76aDZZ8h1QcTCbsA1nwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJhWDqQETNT24wwbjwt1bIt8b7PdMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvbUZZT3BBUk0xUGJqREJ1UEMzVnNpM3h2czkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABbZwAwQA
BbZzAwQALQmoAwQCTfKYAwQAU4mZAwQBU4mcAwQAWJc+AwQBWNHkAwQCWNHsAwQA
XDTaMA0GCSqGSIb3DQEBCwUAA4IBAQAJVdiUDTLlmtR/XkvsoKc9RygY1ymMS5En
rPzJYYwZp4aclVLX1MASZvBpTYZ03qJwrZgn/wy91klZxC2sYhoO2pjvVUFrW0OR
SeGoc6t7ytQnqiRleqohMUBTd+42VtSMKM3uOuHevAWLjV+n3mVd6W8GIxOKLB5/
TjSMAnCO9ITGYu3EuMVN7vqMx77/MByq4d2TW39ngZdW5ey6ETtmaBsbatYtgVvR
On7T39y9s4OSN4V1cZcPKNyZCnCGF+4N6EujBvJANegaqDZbQTia+/GP4qmskrSp
/+qF/QC0G/3KEaIQQvIAv5gWwfOxViXI3JVHk8ozFCQTMqWQpzuy
-----END CERTIFICATE-----