Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/CPL-dZXgUyaZdIifCT8l7a6dcUo.roa
File:                     CPL-dZXgUyaZdIifCT8l7a6dcUo.roa (raw, json)
Hash identifier:          msxKl/DoSYL2tPoKY5T3aUSKELigRdsBqT6strmYIEA=
Subject key identifier:   08:F2:FE:75:95:E0:53:26:99:74:88:9F:09:3F:25:ED:AE:9D:71:4A
Certificate issuer:       /CN=cf58cbc4aae3f80c49b372911a8d44861cdfeecb
Certificate serial:       01852E93F496E0DD1AE3BD6C692B974C5227
Authority key identifier: CF:58:CB:C4:AA:E3:F8:0C:49:B3:72:91:1A:8D:44:86:1C:DF:EE:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z1jLxKrj-AxJs3KRGo1Ehhzf7ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/CPL-dZXgUyaZdIifCT8l7a6dcUo.roa
Signing time:             Tue 20 Dec 2022 08:08:46 +0000
ROA not before:           Tue 20 Dec 2022 08:08:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200924
IP address blocks:        185.75.164.0/22 maxlen: 22
                          185.44.132.0/22 maxlen: 22
                          5.83.176.0/20 maxlen: 20
                          46.167.24.0/21 maxlen: 21
                          185.27.212.0/22 maxlen: 22
                          185.37.248.0/22 maxlen: 22
                          185.6.120.0/22 maxlen: 22
                          31.22.24.0/21 maxlen: 21
                          2a01:7420::/32 maxlen: 32
                          2a05:5800::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2e:93:f4:96:e0:dd:1a:e3:bd:6c:69:2b:97:4c:52:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf58cbc4aae3f80c49b372911a8d44861cdfeecb
        Validity
            Not Before: Dec 20 08:08:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=08f2fe7595e053269974889f093f25edae9d714a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b8:7d:e9:ee:07:82:50:34:3a:41:47:e5:5a:
                    5c:e7:46:97:58:58:ef:ba:dc:9a:25:fb:0a:72:a7:
                    14:f3:84:f3:00:48:1d:32:73:cb:cb:d0:13:5c:1d:
                    97:d0:37:f2:1e:20:47:e3:3a:08:40:e8:f1:cc:44:
                    9e:f2:96:57:1c:2d:41:2e:48:17:62:85:ea:e9:06:
                    c6:da:4e:93:5e:30:72:db:47:7b:da:1b:2c:9e:9a:
                    1c:24:b1:a4:51:b9:0c:a5:01:da:05:76:53:57:de:
                    a0:ff:3c:33:d2:12:c3:91:71:2d:91:85:43:ea:16:
                    1d:13:47:8d:8c:11:d0:4a:13:a2:9d:a7:c8:b5:6a:
                    0c:84:be:4f:eb:20:03:b4:cd:ae:bf:4b:a2:27:32:
                    be:38:25:19:24:58:2e:a3:36:7a:c7:37:cd:65:4f:
                    b6:55:40:5c:2b:3b:53:e4:cd:d6:59:31:98:0e:8e:
                    d4:79:ec:52:cb:58:b1:ce:b0:1c:6e:2a:a8:56:09:
                    b5:32:70:f2:d7:90:db:ac:7e:90:4a:e0:18:11:9c:
                    9a:15:08:5c:2c:f2:ac:cd:0b:1f:2c:44:4f:c6:26:
                    84:71:5e:b4:9d:7c:0f:51:0c:a2:73:bb:02:f9:d8:
                    e4:bf:23:e1:63:df:26:13:52:f0:79:39:42:8a:89:
                    8d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F2:FE:75:95:E0:53:26:99:74:88:9F:09:3F:25:ED:AE:9D:71:4A
            X509v3 Authority Key Identifier:
                keyid:CF:58:CB:C4:AA:E3:F8:0C:49:B3:72:91:1A:8D:44:86:1C:DF:EE:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z1jLxKrj-AxJs3KRGo1Ehhzf7ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/CPL-dZXgUyaZdIifCT8l7a6dcUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5ca328-f114-4b3f-b8ba-50d7d94e2b9f/1/z1jLxKrj-AxJs3KRGo1Ehhzf7ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.176.0/20
                  31.22.24.0/21
                  46.167.24.0/21
                  185.6.120.0/22
                  185.27.212.0/22
                  185.37.248.0/22
                  185.44.132.0/22
                  185.75.164.0/22
                IPv6:
                  2a01:7420::/32
                  2a05:5800::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:2f:07:28:8a:ed:0b:9f:77:a6:23:c8:ba:1c:24:38:21:bb:
         48:4f:e1:2e:e0:26:9e:a4:49:14:18:30:e8:17:e0:0b:20:26:
         92:6f:1e:55:0e:83:c5:41:35:2a:22:db:b6:8b:07:e5:60:23:
         f1:a4:25:21:13:83:71:c4:be:51:12:8e:01:e1:cc:eb:49:3d:
         88:da:c3:89:26:41:f0:97:01:6d:28:b8:8a:ff:4a:72:af:e1:
         1b:8a:db:32:90:c1:11:0b:19:a8:44:14:eb:bc:8d:a6:69:ff:
         62:d3:ed:78:3e:db:50:55:7e:98:1c:68:96:21:b6:4d:d7:e9:
         9b:0d:8d:d9:82:7a:d3:7e:f6:32:33:22:ad:c0:9b:5b:87:0e:
         fc:b8:0c:eb:5b:a7:c4:42:42:e2:8c:f5:e3:e5:c3:ae:b2:a2:
         2c:51:fe:7b:0b:70:01:03:32:2a:12:f1:35:86:95:7d:17:f4:
         aa:5b:e7:96:1f:67:34:42:b7:e2:14:36:35:19:ea:1c:c2:d7:
         e3:6f:49:d3:89:a6:51:82:d2:c0:19:e8:4b:49:a7:d7:cb:fd:
         47:59:80:41:47:38:8c:d9:e5:86:de:a3:38:80:cb:47:f7:dd:
         12:ce:72:a3:e3:92:2b:8d:64:9c:26:26:49:16:57:dd:fa:eb:
         f2:d4:3d:67
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYUuk/SW4N0a471saSuXTFInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNThjYmM0YWFlM2Y4MGM0OWIzNzI5MTFhOGQ0NDg2MWNk
ZmVlY2IwHhcNMjIxMjIwMDgwODQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGYyZmU3NTk1ZTA1MzI2OTk3NDg4OWYwOTNmMjVlZGFlOWQ3MTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrh96e4HglA0OkFH5Vpc50aXWFjv
utyaJfsKcqcU84TzAEgdMnPLy9ATXB2X0DfyHiBH4zoIQOjxzESe8pZXHC1BLkgX
YoXq6QbG2k6TXjBy20d72hssnpocJLGkUbkMpQHaBXZTV96g/zwz0hLDkXEtkYVD
6hYdE0eNjBHQShOinafItWoMhL5P6yADtM2uv0uiJzK+OCUZJFguozZ6xzfNZU+2
VUBcKztT5M3WWTGYDo7UeexSy1ixzrAcbiqoVgm1MnDy15DbrH6QSuAYEZyaFQhc
LPKszQsfLERPxiaEcV60nXwPUQyic7sC+djkvyPhY98mE1LweTlCiomNmwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAjy/nWV4FMmmXSInwk/Je2unXFKMB8GA1UdIwQY
MBaAFM9Yy8Sq4/gMSbNykRqNRIYc3+7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejFqTHhLcmotQXhKczNLUkdvMUVoaHpmN3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81Y2EzMjgtZjExNC00YjNmLWI4YmEt
NTBkN2Q5NGUyYjlmLzEvQ1BMLWRaWGdVeWFaZElpZkNUOGw3YTZkY1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81Y2EzMjgtZjExNC00YjNmLWI4YmEtNTBkN2Q5NGUyYjlm
LzEvejFqTHhLcmotQXhKczNLUkdvMUVoaHpmN3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQEBVOwAwQD
HxYYAwQDLqcYAwQCuQZ4AwQCuRvUAwQCuSX4AwQCuSyEAwQCuUukMBQEAgACMA4D
BQAqAXQgAwUDKgVYADANBgkqhkiG9w0BAQsFAAOCAQEAZy8HKIrtC593piPIuhwk
OCG7SE/hLuAmnqRJFBgw6BfgCyAmkm8eVQ6DxUE1KiLbtosH5WAj8aQlIRODccS+
URKOAeHM60k9iNrDiSZB8JcBbSi4iv9Kcq/hG4rbMpDBEQsZqEQU67yNpmn/YtPt
eD7bUFV+mBxoliG2Tdfpmw2N2YJ60372MjMircCbW4cO/LgM61unxEJC4oz14+XD
rrKiLFH+ewtwAQMyKhLxNYaVfRf0qlvnlh9nNEK34hQ2NRnqHMLX429J04mmUYLS
wBnoS0mn18v9R1mAQUc4jNnlht6jOIDLR/fdEs5yo+OSK41knCYmSRZX3frr8tQ9
Zw==
-----END CERTIFICATE-----