Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/Q3s5wyoj-c8fJpKyKoG8B3o09_s.roa
File:                     Q3s5wyoj-c8fJpKyKoG8B3o09_s.roa (raw, json)
Hash identifier:          mxv/zvIVvU7S/vyYu2sJI1GHIKvGcylcKpS4GusAgbA=
Subject key identifier:   43:7B:39:C3:2A:23:F9:CF:1F:26:92:B2:2A:81:BC:07:7A:34:F7:FB
Certificate issuer:       /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial:       0184B390EFFD7FDFB5291E0BE14A832B08CC
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/Q3s5wyoj-c8fJpKyKoG8B3o09_s.roa
Signing time:             Sat 26 Nov 2022 10:52:11 +0000
ROA not before:           Sat 26 Nov 2022 10:52:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48847
IP address blocks:        185.12.223.0/24 maxlen: 24
                          185.12.222.0/24 maxlen: 24
                          185.12.221.0/24 maxlen: 24
                          185.12.220.0/22 maxlen: 22
                          185.12.221.152/29 maxlen: 29
                          109.233.21.92/30 maxlen: 30
                          109.233.17.0/24 maxlen: 24
                          109.233.16.0/24 maxlen: 24
                          109.233.16.0/21 maxlen: 21
                          109.233.20.0/24 maxlen: 24
                          109.233.19.128/25 maxlen: 25
                          109.233.19.0/24 maxlen: 24
                          109.233.18.0/24 maxlen: 24
                          109.233.23.0/24 maxlen: 24
                          109.233.22.0/24 maxlen: 24
                          109.233.21.0/24 maxlen: 24
                          109.233.19.128/30 maxlen: 30
                          109.233.20.196/30 maxlen: 30
                          2a03:6900::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:b3:90:ef:fd:7f:df:b5:29:1e:0b:e1:4a:83:2b:08:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
        Validity
            Not Before: Nov 26 10:52:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=437b39c32a23f9cf1f2692b22a81bc077a34f7fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a3:05:e5:7d:f1:95:fb:e0:f6:77:e3:dd:1f:
                    34:32:a1:f1:9a:15:59:35:e1:6e:42:35:b0:6b:25:
                    bf:d2:cb:5f:61:9a:61:df:d5:83:b1:7a:98:ef:b4:
                    58:35:f8:ff:9e:ab:9e:71:da:f0:f2:36:14:f0:c3:
                    24:e7:30:36:f1:6f:80:a0:8b:dc:1c:58:8d:18:05:
                    ba:f9:ca:27:e3:cd:dc:2f:3d:82:59:4c:47:b6:f4:
                    69:9b:a0:33:8b:ba:0f:9a:2e:c9:e5:af:9d:5f:15:
                    83:e4:1b:9d:b2:c0:14:75:2f:fc:59:2e:26:42:6d:
                    3a:97:8c:7e:fc:21:4f:c0:a0:8f:63:1c:cf:01:6b:
                    fc:6d:77:5c:69:d6:d4:d6:61:2a:ad:79:b9:f5:ec:
                    fc:76:d9:e7:2c:80:91:92:19:23:8f:8f:1b:41:d2:
                    98:be:39:27:3d:ab:3d:5f:6d:e6:2c:f4:55:e8:1f:
                    db:1e:d7:41:e5:64:1f:5d:b6:74:f7:de:45:ee:a8:
                    e1:d7:a7:e8:b1:48:43:f7:48:63:26:fe:90:fe:fd:
                    57:06:54:0a:55:a1:a6:0f:2b:d6:69:fc:bb:34:5e:
                    2c:51:d7:02:29:d9:29:a3:9f:b4:63:61:f7:ba:47:
                    ae:5f:cd:a7:da:38:ad:07:64:05:cd:18:da:27:d6:
                    d5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:7B:39:C3:2A:23:F9:CF:1F:26:92:B2:2A:81:BC:07:7A:34:F7:FB
            X509v3 Authority Key Identifier:
                keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/Q3s5wyoj-c8fJpKyKoG8B3o09_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.16.0/21
                  185.12.220.0/22
                IPv6:
                  2a03:6900::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:c3:58:24:21:c9:9b:8e:41:78:a6:9e:ef:ef:dd:97:06:6f:
         b7:e2:a0:97:86:e9:c4:23:71:0d:1a:8b:41:3e:9b:c9:9f:fd:
         88:c6:d2:35:98:16:b1:f4:b5:2c:3b:0a:42:12:b4:f3:ba:fa:
         ec:3a:dd:64:fd:c6:53:38:09:a0:34:ec:4e:be:0c:ac:08:11:
         ed:7b:cf:ed:ae:0b:1e:96:34:79:69:cd:f6:20:54:5c:e8:b0:
         78:61:0d:fe:c5:7c:d5:22:1d:a9:7a:50:52:0f:56:9d:95:36:
         ab:47:00:56:26:d4:73:29:96:2a:ed:90:23:fd:22:42:41:1b:
         e5:09:36:7c:e0:ca:cf:61:ba:ec:18:22:4e:cc:13:44:fa:de:
         9f:37:c0:3a:b1:c6:21:e8:cc:1f:ff:1d:47:ea:5a:4a:cd:03:
         82:c5:d8:c6:dc:ac:5c:06:37:74:91:fa:07:39:07:fc:7a:3f:
         30:55:16:6a:96:bf:30:85:1f:78:14:e4:43:83:8d:07:48:f8:
         ff:07:06:b2:7f:e2:8e:4b:26:09:82:3f:64:f4:f0:22:7d:3e:
         51:6f:51:83:c0:1f:7b:1d:f9:f7:7d:d5:9e:45:8b:de:17:33:
         dc:e5:d6:a2:56:13:54:6e:f6:29:9e:ae:f9:d7:6d:0d:d9:8c:
         c5:a9:9a:75
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYSzkO/9f9+1KR4L4UqDKwjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjIxMTI2MTA1MjExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzdiMzljMzJhMjNmOWNmMWYyNjkyYjIyYTgxYmMwNzdhMzRmN2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqMF5X3xlfvg9nfj3R80MqHxmhVZ
NeFuQjWwayW/0stfYZph39WDsXqY77RYNfj/nquecdrw8jYU8MMk5zA28W+AoIvc
HFiNGAW6+con483cLz2CWUxHtvRpm6Azi7oPmi7J5a+dXxWD5BudssAUdS/8WS4m
Qm06l4x+/CFPwKCPYxzPAWv8bXdcadbU1mEqrXm59ez8dtnnLICRkhkjj48bQdKY
vjknPas9X23mLPRV6B/bHtdB5WQfXbZ0995F7qjh16fosUhD90hjJv6Q/v1XBlQK
VaGmDyvWafy7NF4sUdcCKdkpo5+0Y2H3ukeuX82n2jitB2QFzRjaJ9bVCQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEN7OcMqI/nPHyaSsiqBvAd6NPf7MB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvUTNzNXd5b2otYzhmSnBLeUtvRzhCM28wOV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekQAwQC
uQzcMA0EAgACMAcDBQAqA2kAMA0GCSqGSIb3DQEBCwUAA4IBAQBww1gkIcmbjkF4
pp7v792XBm+34qCXhunEI3ENGotBPpvJn/2IxtI1mBax9LUsOwpCErTzuvrsOt1k
/cZTOAmgNOxOvgysCBHte8/trgseljR5ac32IFRc6LB4YQ3+xXzVIh2pelBSD1ad
lTarRwBWJtRzKZYq7ZAj/SJCQRvlCTZ84MrPYbrsGCJOzBNE+t6fN8A6scYh6Mwf
/x1H6lpKzQOCxdjG3KxcBjd0kfoHOQf8ej8wVRZqlr8whR94FORDg40HSPj/Bway
f+KOSyYJgj9k9PAifT5Rb1GDwB97Hfn3fdWeRYveFzPc5daiVhNUbvYpnq75120N
2YzFqZp1
-----END CERTIFICATE-----