Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/0gUSzpdm25xxGVE_vqGC00TMe18.roa
File:                     0gUSzpdm25xxGVE_vqGC00TMe18.roa (raw, json)
Hash identifier:          qROGYxzj6Gx6auxFddyu8U81lH3h97X7l/7JSGzXoAs=
Subject key identifier:   D2:05:12:CE:97:66:DB:9C:71:19:51:3F:BE:A1:82:D3:44:CC:7B:5F
Certificate issuer:       /CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
Certificate serial:       0182EE9B2BFE2D482EEACDE8E6180834ABD1
Authority key identifier: CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/0gUSzpdm25xxGVE_vqGC00TMe18.roa
Signing time:             Tue 30 Aug 2022 11:55:22 +0000
ROA not before:           Tue 30 Aug 2022 11:55:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47872
IP address blocks:        212.5.49.0/24 maxlen: 24
                          212.5.48.0/24 maxlen: 24
                          212.5.50.0/24 maxlen: 24
                          185.44.117.0/24 maxlen: 24
                          185.44.116.0/24 maxlen: 24
                          185.44.119.0/24 maxlen: 24
                          2a01:73e0::/36 maxlen: 36
                          2a01:73e0:e000::/36 maxlen: 36
                          2a01:73e0:d000::/36 maxlen: 36
                          2a01:73e0:c000::/36 maxlen: 36
                          2a01:73e0:b000::/36 maxlen: 36
                          2a01:73e0:a000::/36 maxlen: 36
                          2a01:73e0:f000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:ee:9b:2b:fe:2d:48:2e:ea:cd:e8:e6:18:08:34:ab:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
        Validity
            Not Before: Aug 30 11:55:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d20512ce9766db9c7119513fbea182d344cc7b5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:05:47:49:1a:32:1f:b7:0b:90:bd:c7:ed:d2:
                    af:30:64:3b:3a:aa:53:28:c8:f0:08:8a:6a:28:28:
                    41:f6:fd:a6:05:b8:b0:03:0a:e1:81:66:c5:a9:02:
                    47:8f:28:6f:31:e5:78:48:a4:c0:2a:3f:55:75:a7:
                    bd:ba:92:47:8c:da:49:4d:86:48:57:15:3a:47:10:
                    6c:e2:7e:9f:a5:cc:5a:ff:75:f8:7e:a7:ac:ee:f0:
                    c9:96:8d:44:52:8b:78:7d:2a:6c:97:de:40:4f:e0:
                    50:e5:00:e7:00:b1:38:8d:b7:d0:1f:fd:bc:30:09:
                    24:d5:5c:23:16:98:2a:0e:a7:68:b4:a8:83:75:c6:
                    74:1c:6e:c0:8a:ab:9b:33:15:eb:d8:ea:0e:e9:76:
                    78:51:c5:97:e1:6a:6d:b1:27:7b:1b:d6:95:0f:5f:
                    71:b5:00:2e:c1:e1:49:ed:ab:46:b6:a2:21:8f:60:
                    f5:a3:e5:d3:95:a1:f8:7b:97:b8:b0:3b:52:0e:ed:
                    ac:a0:1e:d8:03:c4:9b:0f:fb:3e:de:3a:21:99:63:
                    33:55:13:ea:74:66:87:38:aa:8f:e8:40:c2:15:ae:
                    5c:6c:b8:fb:6f:6f:59:d4:ae:1a:f1:fe:aa:cc:bb:
                    65:ec:53:7c:58:5a:b2:b6:f1:4c:9b:e2:6a:b4:47:
                    32:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:05:12:CE:97:66:DB:9C:71:19:51:3F:BE:A1:82:D3:44:CC:7B:5F
            X509v3 Authority Key Identifier:
                keyid:CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/0gUSzpdm25xxGVE_vqGC00TMe18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.116.0/23
                  185.44.119.0/24
                  212.5.48.0-212.5.50.255
                IPv6:
                  2a01:73e0::/36
                  2a01:73e0:a000::-2a01:73e0:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4c:27:80:37:46:11:8c:9f:14:0a:2e:4d:2e:44:dd:ab:98:86:
         97:0e:73:b1:27:44:f2:6f:69:9e:42:46:42:c9:2f:95:fd:0f:
         77:2c:07:5e:3d:06:2b:96:6b:3a:5c:ee:a6:4a:22:60:75:2f:
         70:1f:38:37:be:9f:91:78:54:eb:b6:01:09:5a:a4:7f:48:d7:
         6a:f2:6b:6b:b5:cc:c7:71:38:7c:8d:8a:37:18:c1:21:df:df:
         5b:4c:08:a9:cd:26:af:be:72:12:67:53:29:a6:76:8a:d6:e6:
         87:9e:42:ff:b8:14:a2:c7:d5:45:17:73:f6:dd:d9:45:57:12:
         ed:0a:92:f4:45:fb:97:80:62:2a:8f:5d:9a:ca:a0:32:37:dd:
         80:42:fd:b6:0a:84:da:dc:82:b3:a3:c1:68:c7:62:bf:ab:8f:
         6b:46:3c:ab:f1:fc:eb:b1:22:8d:2a:bf:59:7d:e1:32:25:dc:
         bb:f8:a6:3d:e5:96:7e:bd:20:1b:74:ce:3e:f8:c2:1b:44:81:
         a9:27:b1:03:bf:ce:92:8e:0d:93:bc:6f:b4:fc:7e:72:07:3b:
         a1:e9:17:c5:d2:bc:01:84:19:e6:75:c2:95:eb:87:05:d3:a4:
         51:28:1d:ca:ab:51:a0:3d:8e:82:0b:d1:43:99:15:b7:8e:51:
         15:06:a2:96
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYLumyv+LUgu6s3o5hgINKvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOTUyZjljMzM5Y2FiZDE0MjM0ZDAwYzg0YTI1MmQ3ZWM3
MWEyYTIwHhcNMjIwODMwMTE1NTIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjA1MTJjZTk3NjZkYjljNzExOTUxM2ZiZWExODJkMzQ0Y2M3YjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAVHSRoyH7cLkL3H7dKvMGQ7OqpT
KMjwCIpqKChB9v2mBbiwAwrhgWbFqQJHjyhvMeV4SKTAKj9Vdae9upJHjNpJTYZI
VxU6RxBs4n6fpcxa/3X4fqes7vDJlo1EUot4fSpsl95AT+BQ5QDnALE4jbfQH/28
MAkk1VwjFpgqDqdotKiDdcZ0HG7AiqubMxXr2OoO6XZ4UcWX4WptsSd7G9aVD19x
tQAuweFJ7atGtqIhj2D1o+XTlaH4e5e4sDtSDu2soB7YA8SbD/s+3johmWMzVRPq
dGaHOKqP6EDCFa5cbLj7b29Z1K4a8f6qzLtl7FN8WFqytvFMm+JqtEcy/QIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFNIFEs6XZtuccRlRP76hgtNEzHtfMB8GA1UdIwQY
MBaAFMuVL5wznKvRQjTQDISiUtfscaKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMt
ZmQyMmRmM2I1N2Y2LzEvMGdVU3pwZG0yNXh4R1ZFX3ZxR0MwMFRNZTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMtZmQyMmRmM2I1N2Y2
LzEveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAgBAIAATAaAwQBuSx0AwQA
uSx3MAwDBATUBTADBADUBTIwHwQCAAIwGQMGBCoBc+AAMA8DBgUqAXPgoAMFACoB
c+AwDQYJKoZIhvcNAQELBQADggEBAEwngDdGEYyfFAouTS5E3auYhpcOc7EnRPJv
aZ5CRkLJL5X9D3csB149BiuWazpc7qZKImB1L3AfODe+n5F4VOu2AQlapH9I12ry
a2u1zMdxOHyNijcYwSHf31tMCKnNJq++chJnUymmdorW5oeeQv+4FKLH1UUXc/bd
2UVXEu0KkvRF+5eAYiqPXZrKoDI33YBC/bYKhNrcgrOjwWjHYr+rj2tGPKvx/Oux
Io0qv1l94TIl3Lv4pj3lln69IBt0zj74whtEgaknsQO/zpKODZO8b7T8fnIHO6Hp
F8XSvAGEGeZ1wpXrhwXTpFEoHcqrUaA9joIL0UOZFbeOURUGopY=
-----END CERTIFICATE-----