Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/oHrNtKxXky05lq9L74OGZ_Dbvp0.roa
File:                     oHrNtKxXky05lq9L74OGZ_Dbvp0.roa (raw, json)
Hash identifier:          W8XA6LvOVmUXK5oVr5IJT5uOe+chXjbHb7fpFjbReS4=
Subject key identifier:   A0:7A:CD:B4:AC:57:93:2D:39:96:AF:4B:EF:83:86:67:F0:DB:BE:9D
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       043BAC31
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/oHrNtKxXky05lq9L74OGZ_Dbvp0.roa
Signing time:             Thu 24 Mar 2022 12:20:03 +0000
ROA not before:           Thu 24 Mar 2022 12:20:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        46.37.97.0/24 maxlen: 24
                          46.37.100.0/24 maxlen: 24
                          46.37.105.0/24 maxlen: 24
                          46.37.102.0/24 maxlen: 24
                          46.37.104.0/24 maxlen: 24
                          46.37.112.0/24 maxlen: 24
                          46.37.109.0/24 maxlen: 24
                          46.37.111.0/24 maxlen: 24
                          46.37.110.0/24 maxlen: 24
                          185.92.44.0/24 maxlen: 24
                          46.37.107.0/24 maxlen: 24
                          46.37.106.0/24 maxlen: 24
                          185.92.47.0/24 maxlen: 24
                          185.92.46.0/24 maxlen: 24
                          46.37.116.0/24 maxlen: 24
                          46.37.115.0/24 maxlen: 24
                          46.37.117.0/24 maxlen: 24
                          46.37.119.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 71019569 (0x43bac31)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Mar 24 12:20:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a07acdb4ac57932d3996af4bef838667f0dbbe9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f3:29:b5:18:8b:7f:97:5a:8c:b2:3b:43:a9:
                    4a:b7:c6:c0:a3:25:b3:5f:2b:96:0e:f9:7c:e4:f1:
                    44:f5:af:ae:21:71:10:e1:39:1a:92:b9:d5:01:13:
                    46:75:1c:29:aa:2e:df:a6:d3:e6:90:4f:94:83:56:
                    88:da:16:7d:91:22:a7:30:ef:9e:8f:c0:33:c9:0f:
                    82:ab:0c:2d:74:41:35:32:16:34:78:47:43:e0:03:
                    61:b8:00:8d:19:20:39:f2:b5:7a:1d:78:93:0f:f2:
                    f7:b6:2a:4e:06:b0:43:48:41:07:3a:24:e5:ae:f4:
                    ae:61:06:59:d8:96:d0:a0:e4:3a:e1:b7:b5:44:26:
                    ac:9b:aa:d4:dd:e3:ff:ac:30:80:be:b5:1a:4c:6a:
                    a8:f5:70:8e:1e:6b:ee:98:68:8a:b9:76:87:85:5c:
                    3b:7c:6d:ab:93:1c:f4:03:72:1e:cb:69:fc:3c:56:
                    a0:c4:1a:4a:62:87:10:48:c8:42:98:79:95:a7:4f:
                    8f:1b:68:bf:d7:62:ab:97:91:84:5e:47:1a:1b:27:
                    63:62:d2:1e:9b:db:78:c0:45:32:dc:b0:35:f2:91:
                    d1:03:ee:41:81:24:a8:92:a0:5b:71:e1:50:1f:61:
                    6c:52:6d:37:fa:57:23:98:81:1a:89:4e:05:85:f5:
                    7c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:7A:CD:B4:AC:57:93:2D:39:96:AF:4B:EF:83:86:67:F0:DB:BE:9D
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/oHrNtKxXky05lq9L74OGZ_Dbvp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.97.0/24
                  46.37.100.0/24
                  46.37.102.0/24
                  46.37.104.0/22
                  46.37.109.0-46.37.112.255
                  46.37.115.0-46.37.117.255
                  46.37.119.0/24
                  185.92.44.0/24
                  185.92.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:8e:07:f2:5e:7d:b9:57:dc:c3:55:0b:cf:44:dc:58:2e:71:
         29:19:41:6d:9e:57:18:28:ad:e0:9e:55:c1:6a:75:6b:4d:44:
         91:fe:ee:b6:f7:ff:95:71:14:60:0b:25:77:90:9a:1a:7a:a2:
         c2:79:a2:36:cf:3e:37:25:91:65:da:40:ed:18:dc:ed:f5:37:
         10:ab:42:25:eb:1e:32:42:9a:de:b7:80:4b:85:cb:7d:e9:82:
         81:b0:91:fd:0e:ba:15:16:58:12:b2:c4:a7:fe:51:13:e2:c5:
         2b:69:33:c7:0a:89:2a:1e:d8:7b:71:12:74:db:f6:1a:5d:dd:
         d9:6e:c3:3b:5b:39:89:52:d8:f2:ae:e9:5e:05:76:59:9b:20:
         2f:c0:cf:e8:f6:7a:b5:ea:2d:ce:38:4d:91:3e:70:27:2c:6c:
         16:da:6e:71:a7:41:91:e3:10:21:52:4e:ac:12:5b:b4:df:a2:
         79:56:39:7b:10:b5:c4:e5:b5:35:4f:6e:f8:8c:40:6a:f7:89:
         15:c3:39:0a:25:13:bc:55:ee:9f:44:ba:fe:19:b0:ab:28:57:
         ab:88:11:b4:54:c1:42:9a:8e:8a:ba:96:93:de:c4:88:ce:d9:
         c1:ff:b4:41:b5:2d:00:9c:6a:76:53:22:e2:38:e7:ca:87:cd:
         f1:37:75:08
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEBDusMTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
M2NmMDg4NDkxOGE1MDIzOWVmNzA1MThlZTlmYzA0ZjFhYWUxOTI5MB4XDTIyMDMy
NDEyMjAwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTA3YWNkYjRhYzU3
OTMyZDM5OTZhZjRiZWY4Mzg2NjdmMGRiYmU5ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALDzKbUYi3+XWoyyO0OpSrfGwKMls18rlg75fOTxRPWvriFx
EOE5GpK51QETRnUcKaou36bT5pBPlINWiNoWfZEipzDvno/AM8kPgqsMLXRBNTIW
NHhHQ+ADYbgAjRkgOfK1eh14kw/y97YqTgawQ0hBBzok5a70rmEGWdiW0KDkOuG3
tUQmrJuq1N3j/6wwgL61GkxqqPVwjh5r7phoirl2h4VcO3xtq5Mc9ANyHstp/DxW
oMQaSmKHEEjIQph5ladPjxtov9diq5eRhF5HGhsnY2LSHpvbeMBFMtywNfKR0QPu
QYEkqJKgW3HhUB9hbFJtN/pXI5iBGolOBYX1fGcCAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBSges20rFeTLTmWr0vvg4Zn8Nu+nTAfBgNVHSMEGDAWgBTTzwiEkYpQI573
BRjun8BPGq4ZKTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzA4OEloSkdLVUNPZTl3VVk3cF9BVHhxdUdTay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTcvY2RmZjE2LTQ1OGEtNDdjMy04ZGZhLTIzMTU0OTQwOTcyMC8x
L29Ick50S3hYa3kwNWxxOUw3NE9HWl9EYnZwMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcv
Y2RmZjE2LTQ1OGEtNDdjMy04ZGZhLTIzMTU0OTQwOTcyMC8xLzA4OEloSkdLVUNP
ZTl3VVk3cF9BVHhxdUdTay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wTAQCAAEwRgMEAC4lYQMEAC4lZAMEAC4lZgMEAi4l
aDAMAwQALiVtAwQALiVwMAwDBAAuJXMDBAEuJXQDBAAuJXcDBAC5XCwDBAG5XC4w
DQYJKoZIhvcNAQELBQADggEBAKOOB/JefblX3MNVC89E3FgucSkZQW2eVxgoreCe
VcFqdWtNRJH+7rb3/5VxFGALJXeQmhp6osJ5ojbPPjclkWXaQO0Y3O31NxCrQiXr
HjJCmt63gEuFy33pgoGwkf0OuhUWWBKyxKf+URPixStpM8cKiSoe2HtxEnTb9hpd
3dluwztbOYlS2PKu6V4FdlmbIC/Az+j2erXqLc44TZE+cCcsbBbabnGnQZHjECFS
TqwSW7TfonlWOXsQtcTltTVPbviMQGr3iRXDOQolE7xV7p9Euv4ZsKsoV6uIEbRU
wUKajoq6lpPexIjO2cH/tEG1LQCcanZTIuI458qHzfE3dQg=
-----END CERTIFICATE-----