Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/8QS4XxFETpFimBBZyMPQo8mZBIE.roa
File:                     8QS4XxFETpFimBBZyMPQo8mZBIE.roa (raw, json)
Hash identifier:          Rj81FIf50zrIyDJzCeGeQv5XEXAWb4dmSux8yPa0PO0=
Subject key identifier:   F1:04:B8:5F:11:44:4E:91:62:98:10:59:C8:C3:D0:A3:C9:99:04:81
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       01826495959EF73088C4A4E5D703C81B8D0C
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/8QS4XxFETpFimBBZyMPQo8mZBIE.roa
Signing time:             Wed 03 Aug 2022 16:41:40 +0000
ROA not before:           Wed 03 Aug 2022 16:41:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     40676
IP address blocks:        94.26.89.0/24 maxlen: 24
                          93.152.206.0/24 maxlen: 24
                          93.152.210.0/24 maxlen: 24
                          93.152.212.0/24 maxlen: 24
                          93.152.217.0/24 maxlen: 24
                          93.152.218.0/24 maxlen: 24
                          94.190.195.0/24 maxlen: 24
                          93.152.226.0/24 maxlen: 24
                          93.152.222.0/24 maxlen: 24
                          93.152.227.0/24 maxlen: 24
                          212.102.105.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:64:95:95:9e:f7:30:88:c4:a4:e5:d7:03:c8:1b:8d:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Aug  3 16:41:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f104b85f11444e9162981059c8c3d0a3c9990481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e0:af:0a:51:00:67:39:06:43:92:e9:a3:21:
                    e7:1e:07:a8:d5:33:3b:eb:e7:d7:91:79:ab:40:d0:
                    fb:ec:e4:9f:61:3d:0f:33:fa:4e:a1:87:21:31:ea:
                    21:08:9a:78:ef:86:b9:02:f8:a3:52:db:05:90:4b:
                    83:ed:18:6d:c9:db:69:c1:ec:ab:8a:99:6c:d3:50:
                    42:2e:4b:7f:b6:eb:f0:37:5f:4b:6c:5f:f5:47:38:
                    ae:ae:ce:95:3c:82:06:d9:f5:c0:5a:8a:ab:39:39:
                    41:60:bc:dd:56:43:17:a4:09:af:86:3e:88:29:cd:
                    5e:bf:e3:ff:4d:53:cd:78:66:fd:c3:22:5b:4c:0d:
                    80:bd:52:b5:f2:f7:c5:79:5e:6b:69:de:08:36:08:
                    5c:a5:46:51:66:21:36:41:b2:31:75:45:51:24:df:
                    c7:1d:f3:34:31:fc:89:67:99:81:0e:49:a9:ea:68:
                    d8:64:ac:e9:42:52:07:ef:45:05:46:9d:fc:e4:7b:
                    81:23:2b:bc:61:e1:b6:96:47:19:ec:d2:06:e2:66:
                    f3:db:76:d8:d9:48:6a:bf:3d:11:01:23:de:1e:27:
                    a9:a4:69:47:66:8b:16:ba:3a:29:dc:0f:5e:72:e8:
                    38:86:b8:fd:33:61:00:b1:89:c3:88:e7:40:de:f9:
                    53:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:04:B8:5F:11:44:4E:91:62:98:10:59:C8:C3:D0:A3:C9:99:04:81
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/8QS4XxFETpFimBBZyMPQo8mZBIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.152.206.0/24
                  93.152.210.0/24
                  93.152.212.0/24
                  93.152.217.0-93.152.218.255
                  93.152.222.0/24
                  93.152.226.0/23
                  94.26.89.0/24
                  94.190.195.0/24
                  212.102.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:b7:72:2b:b9:b5:eb:dd:c7:f3:3c:81:7b:c8:bb:d0:d3:63:
         db:32:99:12:68:3c:ce:34:db:93:27:a1:b2:25:e6:e6:83:54:
         87:8f:e9:6a:2c:1d:1c:f9:f1:f3:83:41:56:ff:6d:57:a5:d3:
         aa:b2:b6:db:c1:84:ef:bd:18:7c:fd:21:50:2e:8f:71:d6:ae:
         03:09:32:f3:5a:6e:90:24:d5:6a:a2:e1:b0:91:be:d3:39:f6:
         5c:05:1d:cc:3d:cb:de:72:33:2c:8d:d3:4d:d5:c5:71:d9:29:
         87:84:3d:2b:c5:15:f8:8c:7a:0a:0f:c3:a7:e5:11:7c:20:34:
         fd:1c:cc:72:b1:86:c5:2e:00:64:48:62:f3:f9:20:ef:0d:01:
         41:50:71:40:58:53:8a:d6:e5:32:37:4c:98:7d:e8:66:f2:96:
         f0:f1:82:9b:1d:c6:9e:9b:e3:fa:77:33:d1:a5:c3:7e:cb:35:
         39:ec:85:36:b6:ea:68:02:f3:69:2b:1d:32:52:66:f6:f7:99:
         db:1f:29:b3:05:f9:1c:51:79:7d:35:45:1a:bf:c3:88:98:0f:
         38:95:62:dc:a3:15:79:ce:ed:5b:36:ca:e5:3c:fe:d4:be:0c:
         51:92:fa:c9:47:ae:ca:8e:4b:e6:3f:65:b9:10:23:2d:f3:bb:
         49:24:2e:19
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYJklZWe9zCIxKTl1wPIG40MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjIwODAzMTY0MTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTA0Yjg1ZjExNDQ0ZTkxNjI5ODEwNTljOGMzZDBhM2M5OTkwNDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+CvClEAZzkGQ5LpoyHnHgeo1TM7
6+fXkXmrQND77OSfYT0PM/pOoYchMeohCJp474a5AvijUtsFkEuD7Rhtydtpweyr
ipls01BCLkt/tuvwN19LbF/1Rziurs6VPIIG2fXAWoqrOTlBYLzdVkMXpAmvhj6I
Kc1ev+P/TVPNeGb9wyJbTA2AvVK18vfFeV5rad4INghcpUZRZiE2QbIxdUVRJN/H
HfM0MfyJZ5mBDkmp6mjYZKzpQlIH70UFRp385HuBIyu8YeG2lkcZ7NIG4mbz23bY
2Uhqvz0RASPeHieppGlHZosWujop3A9ecug4hrj9M2EAsYnDiOdA3vlTNQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPEEuF8RRE6RYpgQWcjD0KPJmQSBMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvOFFTNFh4RkVUcEZpbUJCWnlNUFFvOG1aQklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAXZjOAwQA
XZjSAwQAXZjUMAwDBABdmNkDBABdmNoDBABdmN4DBAFdmOIDBABeGlkDBABevsMD
BADUZmkwDQYJKoZIhvcNAQELBQADggEBAHO3ciu5tevdx/M8gXvIu9DTY9symRJo
PM4025MnobIl5uaDVIeP6WosHRz58fODQVb/bVel06qyttvBhO+9GHz9IVAuj3HW
rgMJMvNabpAk1Wqi4bCRvtM59lwFHcw9y95yMyyN003VxXHZKYeEPSvFFfiMegoP
w6flEXwgNP0czHKxhsUuAGRIYvP5IO8NAUFQcUBYU4rW5TI3TJh96GbylvDxgpsd
xp6b4/p3M9Glw37LNTnshTa26mgC82krHTJSZvb3mdsfKbMF+RxReX01RRq/w4iY
DziVYtyjFXnO7Vs2yuU8/tS+DFGS+slHrsqOS+Y/ZbkQIy3zu0kkLhk=
-----END CERTIFICATE-----