Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/3vqkivAgCYENp8ilEMStG_Z-h0s.roa
File:                     3vqkivAgCYENp8ilEMStG_Z-h0s.roa (raw, json)
Hash identifier:          +EIrvHKgQP0ziGm8YXpJELL0mv45hmlBOin23dmCmHc=
Subject key identifier:   DE:FA:A4:8A:F0:20:09:81:0D:A7:C8:A5:10:C4:AD:1B:F6:7E:87:4B
Certificate issuer:       /CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
Certificate serial:       0182F80C294F75F7DCAC7965965F52881D50
Authority key identifier: CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/3vqkivAgCYENp8ilEMStG_Z-h0s.roa
Signing time:             Thu 01 Sep 2022 07:55:22 +0000
ROA not before:           Thu 01 Sep 2022 07:55:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47872
IP address blocks:        212.5.49.0/24 maxlen: 24
                          212.5.48.0/24 maxlen: 24
                          212.5.50.0/24 maxlen: 24
                          185.44.117.0/24 maxlen: 24
                          185.44.116.0/24 maxlen: 24
                          185.44.119.0/24 maxlen: 24
                          2a01:73e0::/32 maxlen: 64
                          2a01:73e0::/36 maxlen: 36
                          2a01:73e0:e000::/36 maxlen: 36
                          2a01:73e0:d000::/36 maxlen: 36
                          2a01:73e0:c000::/36 maxlen: 36
                          2a01:73e0:b000::/36 maxlen: 36
                          2a01:73e0:a000::/36 maxlen: 36
                          2a01:73e0:f000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f8:0c:29:4f:75:f7:dc:ac:79:65:96:5f:52:88:1d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
        Validity
            Not Before: Sep  1 07:55:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=defaa48af02009810da7c8a510c4ad1bf67e874b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e3:24:4d:72:4f:9e:c4:fc:f5:50:49:95:72:
                    5f:a4:40:ad:a9:c1:fa:5f:4b:05:6d:c0:8c:9f:0a:
                    a9:14:1b:0f:67:f5:bc:7f:9d:4d:06:f2:78:7a:f7:
                    34:29:dc:df:7a:5a:e2:86:e0:98:7e:8a:fd:75:c8:
                    89:df:77:73:30:1c:b9:b6:f1:d4:7b:86:46:1f:7a:
                    e7:da:9a:bd:82:5b:d4:18:41:41:14:3f:3f:c6:a1:
                    26:06:66:8a:30:20:4a:4b:e6:19:6e:2b:e0:45:6f:
                    45:d5:62:3c:ca:86:bf:ed:dc:9a:26:cd:3b:30:da:
                    64:5f:f6:e2:fc:a8:7c:d3:f7:10:80:18:9e:ed:71:
                    4a:c7:86:fd:d8:21:55:20:c3:bd:36:83:bc:ed:f5:
                    b9:47:78:34:b8:3a:77:79:a7:f4:e0:83:3c:68:65:
                    32:46:c5:bb:65:ee:4f:fe:c9:cd:99:b7:62:89:75:
                    62:ff:5b:0d:be:2f:b8:0a:59:d4:a6:e5:da:89:0c:
                    2a:fb:d1:5c:ad:4a:61:b0:06:85:a4:6d:5e:67:fb:
                    6a:6b:96:06:67:2f:7b:b8:33:ab:5b:9c:3d:32:41:
                    ae:69:da:5e:f2:5f:5d:67:29:49:15:53:35:5f:9b:
                    89:34:58:cd:33:70:cc:24:c9:97:a5:d3:46:c1:58:
                    5a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:FA:A4:8A:F0:20:09:81:0D:A7:C8:A5:10:C4:AD:1B:F6:7E:87:4B
            X509v3 Authority Key Identifier:
                keyid:CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/3vqkivAgCYENp8ilEMStG_Z-h0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.116.0/23
                  185.44.119.0/24
                  212.5.48.0-212.5.50.255
                IPv6:
                  2a01:73e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:bc:ef:70:08:ab:22:6b:71:93:ad:53:8f:4d:3a:33:03:ce:
         fb:cd:e6:01:6a:3c:44:3b:d0:bf:e3:16:f8:28:91:d8:48:bb:
         fa:66:3a:c7:cb:d9:73:5f:be:88:ee:86:16:c6:aa:76:d0:ad:
         6f:4b:3d:2e:15:51:db:37:8c:a2:e8:67:c2:22:af:9b:f8:f7:
         a5:8f:61:c2:61:84:26:25:e5:63:8b:53:cb:04:a9:0e:4b:3d:
         0b:85:ce:f5:37:eb:4a:01:82:80:6e:a9:83:52:2c:f0:f1:bd:
         b6:4f:98:a9:91:b2:95:cc:a7:5c:b2:34:2d:e4:fd:93:c4:6d:
         a1:1c:5d:13:a0:37:b7:bc:e5:86:c3:fc:de:71:8b:c1:76:8c:
         00:b9:02:80:11:d6:1b:41:1c:df:84:62:b7:6f:72:f3:5a:2d:
         18:85:ba:d8:ae:da:04:a6:1c:26:48:46:69:13:f3:ba:6a:d8:
         34:18:58:53:db:01:49:f7:76:e2:ed:da:fa:3e:de:4c:5e:05:
         39:27:c2:06:6a:8a:44:6f:ba:2b:a1:92:2d:fb:c7:00:3d:f4:
         59:5b:20:3c:7b:e8:c6:ec:51:b4:98:ea:f2:2d:e1:96:6f:20:
         92:a3:6b:cd:ca:0c:33:a4:f1:1d:d1:55:f6:ef:45:b6:ae:16:
         76:68:77:65
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYL4DClPdffcrHllll9SiB1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOTUyZjljMzM5Y2FiZDE0MjM0ZDAwYzg0YTI1MmQ3ZWM3
MWEyYTIwHhcNMjIwOTAxMDc1NTIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWZhYTQ4YWYwMjAwOTgxMGRhN2M4YTUxMGM0YWQxYmY2N2U4NzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOMkTXJPnsT89VBJlXJfpECtqcH6
X0sFbcCMnwqpFBsPZ/W8f51NBvJ4evc0KdzfelrihuCYfor9dciJ33dzMBy5tvHU
e4ZGH3rn2pq9glvUGEFBFD8/xqEmBmaKMCBKS+YZbivgRW9F1WI8yoa/7dyaJs07
MNpkX/bi/Kh80/cQgBie7XFKx4b92CFVIMO9NoO87fW5R3g0uDp3eaf04IM8aGUy
RsW7Ze5P/snNmbdiiXVi/1sNvi+4ClnUpuXaiQwq+9FcrUphsAaFpG1eZ/tqa5YG
Zy97uDOrW5w9MkGuadpe8l9dZylJFVM1X5uJNFjNM3DMJMmXpdNGwVha+wIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFN76pIrwIAmBDafIpRDErRv2fodLMB8GA1UdIwQY
MBaAFMuVL5wznKvRQjTQDISiUtfscaKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMt
ZmQyMmRmM2I1N2Y2LzEvM3Zxa2l2QWdDWUVOcDhpbEVNU3RHX1otaDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMtZmQyMmRmM2I1N2Y2
LzEveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQBuSx0AwQA
uSx3MAwDBATUBTADBADUBTIwDQQCAAIwBwMFACoBc+AwDQYJKoZIhvcNAQELBQAD
ggEBAGG873AIqyJrcZOtU49NOjMDzvvN5gFqPEQ70L/jFvgokdhIu/pmOsfL2XNf
vojuhhbGqnbQrW9LPS4VUds3jKLoZ8Iir5v496WPYcJhhCYl5WOLU8sEqQ5LPQuF
zvU360oBgoBuqYNSLPDxvbZPmKmRspXMp1yyNC3k/ZPEbaEcXROgN7e85YbD/N5x
i8F2jAC5AoAR1htBHN+EYrdvcvNaLRiFutiu2gSmHCZIRmkT87pq2DQYWFPbAUn3
duLt2vo+3kxeBTknwgZqikRvuiuhki37xwA99FlbIDx76MbsUbSY6vIt4ZZvIJKj
a83KDDOk8R3RVfbvRbauFnZod2U=
-----END CERTIFICATE-----