Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/1TOHyn0oaO9izFclPSLBB0MPt0g.roa
File:                     1TOHyn0oaO9izFclPSLBB0MPt0g.roa (raw, json)
Hash identifier:          +HiAgzqhCeuiwghKqsDIa86E1c9mGveyeNLI3FnUyX4=
Subject key identifier:   D5:33:87:CA:7D:28:68:EF:62:CC:57:25:3D:22:C1:07:43:0F:B7:48
Certificate issuer:       /CN=f2beed4df207c3609adfded80dddd9316f0a9b45
Certificate serial:       0B02C783
Authority key identifier: F2:BE:ED:4D:F2:07:C3:60:9A:DF:DE:D8:0D:DD:D9:31:6F:0A:9B:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8r7tTfIHw2Ca397YDd3ZMW8Km0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/1TOHyn0oaO9izFclPSLBB0MPt0g.roa
Signing time:             Sat 01 Jan 2022 10:58:29 +0000
ROA not before:           Sat 01 Jan 2022 10:58:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41709
IP address blocks:        176.109.176.0/21 maxlen: 21
                          176.109.184.0/21 maxlen: 21
                          176.109.224.0/20 maxlen: 20
                          193.192.37.0/24 maxlen: 24
                          193.192.36.0/24 maxlen: 24
                          94.158.32.0/21 maxlen: 21
                          94.158.40.0/21 maxlen: 21
                          185.33.142.0/23 maxlen: 23
                          185.33.140.0/23 maxlen: 23
                          194.246.94.0/23 maxlen: 23
                          194.246.92.0/23 maxlen: 23
                          176.109.240.0/20 maxlen: 20
                          2a03:a9c0::/30 maxlen: 32
                          2a0d:ec4::/30 maxlen: 30
                          2a0d:ec0::/30 maxlen: 30
                          2a03:a9c4::/30 maxlen: 30
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 184731523 (0xb02c783)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2beed4df207c3609adfded80dddd9316f0a9b45
        Validity
            Not Before: Jan  1 10:58:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d53387ca7d2868ef62cc57253d22c107430fb748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a5:e1:9e:a3:bc:f7:be:9e:82:ea:1a:06:4a:
                    f5:84:0a:6d:15:07:ed:98:9e:44:27:20:fd:de:ce:
                    da:8b:b0:3b:32:d8:28:ee:17:65:f7:f5:66:af:15:
                    a5:ac:0b:6e:84:fc:11:36:b0:eb:2a:76:7a:29:ca:
                    21:7e:33:6a:9c:99:2f:df:10:b9:26:93:8a:67:ad:
                    43:8f:a0:16:72:5d:68:11:91:45:e8:b6:0c:0d:ed:
                    40:e0:1c:ae:a9:1b:6a:45:0f:c9:4b:0b:59:37:61:
                    53:97:da:a0:2b:9d:1f:04:a9:fb:a3:41:9c:83:e0:
                    3c:68:d3:67:ec:72:d3:f7:ef:b6:74:71:bd:70:73:
                    cc:bc:82:1e:7a:ae:c2:13:ad:a9:c6:51:b9:42:26:
                    f4:33:ec:b7:ad:9a:66:69:d9:19:0c:d3:0f:7d:c6:
                    40:b8:ba:79:e0:66:34:44:85:35:47:75:d0:4c:de:
                    41:80:02:a1:ea:81:60:38:d0:88:c1:22:ad:6d:18:
                    62:c1:09:eb:87:04:7e:d3:32:09:0d:fc:cd:ea:49:
                    c1:f3:16:19:c2:f6:1b:51:52:5b:fa:52:ea:6e:99:
                    16:ae:6f:12:85:c9:86:79:ff:eb:8b:32:87:4b:27:
                    11:12:6b:b1:33:18:69:c4:2e:18:1a:be:e8:48:7a:
                    9d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:33:87:CA:7D:28:68:EF:62:CC:57:25:3D:22:C1:07:43:0F:B7:48
            X509v3 Authority Key Identifier:
                keyid:F2:BE:ED:4D:F2:07:C3:60:9A:DF:DE:D8:0D:DD:D9:31:6F:0A:9B:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8r7tTfIHw2Ca397YDd3ZMW8Km0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/1TOHyn0oaO9izFclPSLBB0MPt0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/8r7tTfIHw2Ca397YDd3ZMW8Km0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.158.32.0/20
                  176.109.176.0/20
                  176.109.224.0/19
                  185.33.140.0/22
                  193.192.36.0/23
                  194.246.92.0/22
                IPv6:
                  2a03:a9c0::/29
                  2a0d:ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:8b:29:45:41:6f:63:20:cb:b6:ca:a8:2d:fa:33:4c:08:62:
         31:72:0c:c1:88:cd:35:a9:72:ac:a2:ae:40:3a:7d:a2:d4:ba:
         a7:30:8e:3d:02:17:e9:b3:c6:49:22:49:eb:f2:11:16:a6:5e:
         b0:d0:ef:0d:29:4a:19:de:f2:f5:d3:08:ae:d9:04:1f:7c:4a:
         32:be:cf:4e:65:1f:f4:2a:d0:3a:39:46:15:5a:2c:7a:9a:8a:
         76:cd:96:cc:94:1f:b8:01:3d:46:b4:5b:cb:1f:bf:aa:13:5c:
         ce:02:d8:b6:73:ab:97:ba:d6:55:cd:24:fd:d0:db:e6:51:4c:
         e7:b1:fc:f8:b1:91:2e:db:e2:2c:e7:65:31:ff:ec:61:b0:03:
         86:38:2e:9c:be:01:30:b9:45:04:e7:60:ed:88:e7:3d:c5:1e:
         03:0b:aa:24:a6:3b:b8:53:db:f8:46:97:ae:1b:9c:ae:d6:d9:
         9b:35:e3:fc:82:64:d9:8e:81:eb:ff:7e:e3:ee:ef:01:91:1f:
         cd:94:71:72:4a:f7:2e:36:5a:66:f3:29:4c:24:45:f1:5b:76:
         15:fd:63:65:e8:b2:bf:a8:63:68:28:6e:23:d8:61:bf:0d:29:
         6b:b7:0e:e1:43:48:4c:12:4c:73:b5:f8:5b:46:2e:3b:ab:a1:
         2a:9f:25:69
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIECwLHgzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MmJlZWQ0ZGYyMDdjMzYwOWFkZmRlZDgwZGRkZDkzMTZmMGE5YjQ1MB4XDTIyMDEw
MTEwNTgyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDUzMzg3Y2E3ZDI4
NjhlZjYyY2M1NzI1M2QyMmMxMDc0MzBmYjc0ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALel4Z6jvPe+noLqGgZK9YQKbRUH7ZieRCcg/d7O2ouwOzLY
KO4XZff1Zq8VpawLboT8ETaw6yp2einKIX4zapyZL98QuSaTimetQ4+gFnJdaBGR
Rei2DA3tQOAcrqkbakUPyUsLWTdhU5faoCudHwSp+6NBnIPgPGjTZ+xy0/fvtnRx
vXBzzLyCHnquwhOtqcZRuUIm9DPst62aZmnZGQzTD33GQLi6eeBmNESFNUd10Eze
QYACoeqBYDjQiMEirW0YYsEJ64cEftMyCQ38zepJwfMWGcL2G1FSW/pS6m6ZFq5v
EoXJhnn/64syh0snERJrsTMYacQuGBq+6Eh6ndMCAwEAAaOCAj0wggI5MB0GA1Ud
DgQWBBTVM4fKfSho72LMVyU9IsEHQw+3SDAfBgNVHSMEGDAWgBTyvu1N8gfDYJrf
3tgN3dkxbwqbRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzhyN3RUZklIdzJDYTM5N1lEZDNaTVc4S20wVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTcvYzZiY2JhLWE5OTYtNGJiNS1iYTRhLWE0NjE1MzE0NWNmOC8x
LzFUT0h5bjBvYU85aXpGY2xQU0xCQjBNUHQwZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcv
YzZiY2JhLWE5OTYtNGJiNS1iYTRhLWE0NjE1MzE0NWNmOC8xLzhyN3RUZklIdzJD
YTM5N1lEZDNaTVc4S20wVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBT
BggrBgEFBQcBBwEB/wREMEIwKgQCAAEwJAMEBF6eIAMEBLBtsAMEBbBt4AMEArkh
jAMEAcHAJAMEAsL2XDAUBAIAAjAOAwUDKgOpwAMFAyoNDsAwDQYJKoZIhvcNAQEL
BQADggEBACCLKUVBb2Mgy7bKqC36M0wIYjFyDMGIzTWpcqyirkA6faLUuqcwjj0C
F+mzxkkiSevyERamXrDQ7w0pShne8vXTCK7ZBB98SjK+z05lH/Qq0Do5RhVaLHqa
inbNlsyUH7gBPUa0W8sfv6oTXM4C2LZzq5e61lXNJP3Q2+ZRTOex/PixkS7b4izn
ZTH/7GGwA4Y4Lpy+ATC5RQTnYO2I5z3FHgMLqiSmO7hT2/hGl64bnK7W2Zs14/yC
ZNmOgev/fuPu7wGRH82UcXJK9y42WmbzKUwkRfFbdhX9Y2Xosr+oY2gobiPYYb8N
KWu3DuFDSEwSTHO1+FtGLjuroSqfJWk=
-----END CERTIFICATE-----