Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/EjYC526_AQjJau81gDiOl9WxT_w.roa
File:                     EjYC526_AQjJau81gDiOl9WxT_w.roa (raw, json)
Hash identifier:          PyLEzEGyN4LZkSk0AuySdTu9+fv3AfvOIXEvs+oIrL8=
Subject key identifier:   12:36:02:E7:6E:BF:01:08:C9:6A:EF:35:80:38:8E:97:D5:B1:4F:FC
Certificate issuer:       /CN=411dea53467b6c7143eb23d284569a8183b2e82f
Certificate serial:       0181D83D5BE3EDF5DD5D98A4EA20B1F39270
Authority key identifier: 41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/EjYC526_AQjJau81gDiOl9WxT_w.roa
Signing time:             Thu 07 Jul 2022 10:38:28 +0000
ROA not before:           Thu 07 Jul 2022 10:38:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21294
IP address blocks:        84.239.53.0/24 maxlen: 24
                          84.239.16.0/23 maxlen: 23
                          84.239.24.0/24 maxlen: 24
                          84.239.23.0/24 maxlen: 24
                          84.239.22.0/24 maxlen: 24
                          84.239.20.0/24 maxlen: 24
                          84.239.19.0/24 maxlen: 24
                          84.239.31.0/24 maxlen: 24
                          84.239.30.0/24 maxlen: 24
                          84.239.29.0/24 maxlen: 24
                          84.239.28.0/24 maxlen: 24
                          84.239.26.0/24 maxlen: 24
                          84.239.25.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:d8:3d:5b:e3:ed:f5:dd:5d:98:a4:ea:20:b1:f3:92:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411dea53467b6c7143eb23d284569a8183b2e82f
        Validity
            Not Before: Jul  7 10:38:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=123602e76ebf0108c96aef3580388e97d5b14ffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:23:e4:f6:aa:ac:86:a3:44:fd:36:9b:e9:08:
                    8d:fb:89:0b:53:c2:12:b4:68:79:a8:b9:27:cc:2e:
                    3a:03:10:85:02:cb:6e:47:b4:ec:95:5d:47:3f:0c:
                    92:eb:4d:45:7b:a3:0a:b4:de:40:b1:85:69:f1:a3:
                    29:c0:a8:8c:56:fc:57:73:83:73:96:ee:b3:a9:df:
                    b6:a0:b2:4c:bf:64:44:4f:9b:ac:2d:6e:f9:68:13:
                    23:15:2a:b7:19:54:e6:aa:ec:58:59:ce:2e:6f:fe:
                    78:3a:10:5b:b6:f4:03:0d:55:a6:7a:43:50:45:d9:
                    6a:01:dd:0c:f5:99:15:c2:7c:67:5c:9d:a0:e0:43:
                    ed:e2:8f:13:65:31:5f:66:df:8f:e5:24:57:d5:93:
                    84:01:86:75:b1:c8:12:3a:4a:43:d8:a8:c7:11:9a:
                    06:14:69:26:4d:08:e7:7a:7b:27:26:20:85:e2:a9:
                    ba:d6:16:32:6a:f0:58:d2:39:a5:d0:ab:f8:e1:ec:
                    6e:dd:d4:45:84:f5:0f:5a:fa:39:a9:cc:18:4b:bb:
                    f5:9f:08:ca:00:6c:f0:f2:8a:e2:89:71:15:93:65:
                    9f:f3:e1:33:c8:2e:67:85:2e:00:45:c2:99:fe:d8:
                    1c:b0:ed:ac:a2:85:20:4a:04:45:1b:c1:c4:f0:3c:
                    b6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:36:02:E7:6E:BF:01:08:C9:6A:EF:35:80:38:8E:97:D5:B1:4F:FC
            X509v3 Authority Key Identifier:
                keyid:41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/EjYC526_AQjJau81gDiOl9WxT_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.239.16.0/23
                  84.239.19.0-84.239.20.255
                  84.239.22.0-84.239.26.255
                  84.239.28.0/22
                  84.239.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:17:a2:86:57:47:48:95:2d:ad:64:5a:18:65:9a:4a:1c:2d:
         1b:11:02:23:2c:77:a5:bd:21:35:4b:70:d7:73:8e:f7:db:ea:
         b8:28:d9:1f:4f:a7:2c:95:69:c1:eb:a6:2a:34:bd:fa:20:f4:
         23:bd:dc:a0:a7:9e:79:56:ae:e3:db:9e:50:9b:5b:1a:d1:6b:
         d8:46:1d:6f:61:6c:fe:c9:3f:51:f1:ef:a6:c7:41:84:41:44:
         9e:df:a9:46:f0:b7:a2:45:d4:c9:30:0e:3e:d8:b7:43:a6:d9:
         aa:1d:4c:d0:2a:81:93:47:4a:b2:5c:9f:19:ac:37:25:2b:21:
         53:4b:ce:94:26:05:f3:97:7b:ab:96:12:e1:89:3d:de:46:48:
         e6:6c:80:bb:1b:41:3a:46:0f:95:5f:47:41:4b:a0:8c:fc:63:
         c2:44:d4:92:5a:4d:83:d1:a4:9c:76:ad:e3:a6:8a:5b:4c:bc:
         3c:ff:1d:ec:5a:a4:93:19:a9:57:17:45:4b:41:1a:59:97:b5:
         aa:0d:88:95:8a:c4:cf:47:9e:44:49:a0:d8:55:45:e2:e3:57:
         1c:3d:33:a9:17:00:c8:b1:01:2b:e2:99:b8:61:66:a3:fe:af:
         31:2e:a1:d1:33:f4:1a:3f:82:9d:36:c0:99:c0:e8:92:2d:a4:
         f3:3e:32:c6
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYHYPVvj7fXdXZik6iCx85JwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWRlYTUzNDY3YjZjNzE0M2ViMjNkMjg0NTY5YTgxODNi
MmU4MmYwHhcNMjIwNzA3MTAzODI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjM2MDJlNzZlYmYwMTA4Yzk2YWVmMzU4MDM4OGU5N2Q1YjE0ZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCPk9qqshqNE/Tab6QiN+4kLU8IS
tGh5qLknzC46AxCFAstuR7TslV1HPwyS601Fe6MKtN5AsYVp8aMpwKiMVvxXc4Nz
lu6zqd+2oLJMv2RET5usLW75aBMjFSq3GVTmquxYWc4ub/54OhBbtvQDDVWmekNQ
RdlqAd0M9ZkVwnxnXJ2g4EPt4o8TZTFfZt+P5SRX1ZOEAYZ1scgSOkpD2KjHEZoG
FGkmTQjnensnJiCF4qm61hYyavBY0jml0Kv44exu3dRFhPUPWvo5qcwYS7v1nwjK
AGzw8oriiXEVk2Wf8+EzyC5nhS4ARcKZ/tgcsO2sooUgSgRFG8HE8Dy2MQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFBI2AuduvwEIyWrvNYA4jpfVsU/8MB8GA1UdIwQY
MBaAFEEd6lNGe2xxQ+sj0oRWmoGDsugvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEt
NDcxMjBiOTA2OWI3LzEvRWpZQzUyNl9BUWpKYXU4MWdEaU9sOVd4VF93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEtNDcxMjBiOTA2OWI3
LzEvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBVO8QMAwD
BABU7xMDBABU7xQwDAMEAVTvFgMEAFTvGgMEAlTvHAMEAFTvNTANBgkqhkiG9w0B
AQsFAAOCAQEAbReihldHSJUtrWRaGGWaShwtGxECIyx3pb0hNUtw13OO99vquCjZ
H0+nLJVpweumKjS9+iD0I73coKeeeVau49ueUJtbGtFr2EYdb2Fs/sk/UfHvpsdB
hEFEnt+pRvC3okXUyTAOPti3Q6bZqh1M0CqBk0dKslyfGaw3JSshU0vOlCYF85d7
q5YS4Yk93kZI5myAuxtBOkYPlV9HQUugjPxjwkTUklpNg9GknHat46aKW0y8PP8d
7FqkkxmpVxdFS0EaWZe1qg2IlYrEz0eeREmg2FVF4uNXHD0zqRcAyLEBK+KZuGFm
o/6vMS6h0TP0Gj+CnTbAmcDoki2k8z4yxg==
-----END CERTIFICATE-----