Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/_kE1JdtfiB8QpVAlFC3XTuo71NM.roa
File:                     _kE1JdtfiB8QpVAlFC3XTuo71NM.roa (raw, json)
Hash identifier:          I6mxK+Vbfwig3gs8fMIdZN2U8l1mKlz+gsLWGOvoWxA=
Subject key identifier:   FE:41:35:25:DB:5F:88:1F:10:A5:50:25:14:2D:D7:4E:EA:3B:D4:D3
Certificate issuer:       /CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
Certificate serial:       17E97E76
Authority key identifier: 92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/_kE1JdtfiB8QpVAlFC3XTuo71NM.roa
Signing time:             Sat 01 Jan 2022 09:53:14 +0000
ROA not before:           Sat 01 Jan 2022 09:53:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6706
IP address blocks:        83.148.0.0/18 maxlen: 18
                          62.44.0.0/19 maxlen: 19
                          195.122.192.0/19 maxlen: 19
                          195.128.192.0/19 maxlen: 19
                          88.146.0.0/17 maxlen: 17
                          212.27.192.0/19 maxlen: 19
                          195.250.128.0/19 maxlen: 19
                          194.213.224.0/19 maxlen: 19
                          213.175.32.0/19 maxlen: 19
                          62.177.64.0/18 maxlen: 18
                          212.20.96.0/19 maxlen: 19
                          2001:1508::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 401178230 (0x17e97e76)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
        Validity
            Not Before: Jan  1 09:53:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fe413525db5f881f10a55025142dd74eea3bd4d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d9:a3:8d:bb:91:19:44:60:e9:ed:0d:92:38:
                    b9:bb:a5:9a:6e:3f:05:ce:13:a5:fc:96:ce:1c:68:
                    7e:c6:2e:a5:4d:f0:c6:71:c6:31:31:27:40:be:98:
                    00:8e:f1:b6:31:1d:f1:7a:c2:02:97:39:6b:66:c9:
                    37:ed:9d:80:60:ff:5d:ef:b8:f9:7d:f1:ad:02:0f:
                    75:ea:3a:07:3b:3e:34:ff:e5:fa:fc:b5:8b:ed:43:
                    d0:71:f3:a4:d1:86:4b:e6:9e:4b:0f:b8:68:37:ce:
                    3a:3a:a6:b0:ff:1c:99:3d:5a:60:ca:a6:3f:7c:6b:
                    f6:55:b4:63:d7:59:cf:79:85:17:55:ac:73:06:b6:
                    cc:6b:ae:f0:62:a5:f0:41:7d:26:59:30:15:94:f4:
                    e2:09:3e:cf:44:d8:95:a5:c5:28:9a:5d:1b:f3:d6:
                    38:32:4c:40:a2:70:02:a3:c9:fa:01:b0:37:4e:7b:
                    dc:8d:12:dd:fe:56:6f:64:3c:b9:ac:66:e2:b6:bd:
                    af:6b:2b:21:7e:9d:09:a9:c4:28:00:2b:a0:dd:66:
                    d9:b8:a0:3f:40:eb:42:d9:b5:d4:d9:40:8d:be:9b:
                    0b:17:8e:db:aa:be:0e:8d:5e:9e:ec:28:6c:b2:19:
                    08:72:45:98:28:d8:18:88:89:86:e3:67:11:38:a7:
                    d8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:41:35:25:DB:5F:88:1F:10:A5:50:25:14:2D:D7:4E:EA:3B:D4:D3
            X509v3 Authority Key Identifier:
                keyid:92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/_kE1JdtfiB8QpVAlFC3XTuo71NM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.44.0.0/19
                  62.177.64.0/18
                  83.148.0.0/18
                  88.146.0.0/17
                  194.213.224.0/19
                  195.122.192.0/19
                  195.128.192.0/19
                  195.250.128.0/19
                  212.20.96.0/19
                  212.27.192.0/19
                  213.175.32.0/19
                IPv6:
                  2001:1508::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:8a:e6:45:1c:a9:31:fb:21:98:65:39:a8:f0:cb:01:af:b0:
         74:c8:7f:c1:7c:c8:2e:28:63:4d:e0:2b:3b:7d:8a:4b:ad:c1:
         72:3b:71:22:aa:ff:12:3c:f9:c8:49:cf:32:18:06:f7:2e:cc:
         a7:16:92:42:0f:73:9d:a3:30:23:16:af:ab:47:34:8a:46:ed:
         2d:70:97:4e:0e:1f:1b:fc:4a:c9:dc:c8:51:83:e6:0f:90:8b:
         78:5c:bf:33:1b:ab:e8:35:1f:69:a6:c3:76:9e:17:39:2c:bb:
         32:06:f0:e8:4f:33:ed:f9:c4:ed:68:18:26:f8:6b:79:a4:dd:
         b8:fa:f6:a7:71:3f:3e:18:2c:74:6b:09:da:a2:7c:9d:c5:b5:
         7a:9d:1f:8a:31:ff:6d:63:cb:0c:6d:2b:98:c9:8f:bf:f3:f6:
         c8:01:d7:79:5f:07:f6:3b:2e:1b:2d:33:bc:13:9f:76:ff:7f:
         17:23:38:ca:18:80:e4:90:2a:be:5c:70:6a:8d:df:eb:f8:e3:
         bb:bf:0d:43:b5:d0:c8:b7:34:c8:82:74:37:18:27:b6:df:50:
         db:db:89:22:66:f9:c8:dc:c0:8d:ae:77:cf:48:58:1b:f8:54:
         63:df:1b:e9:36:32:67:ce:fb:c6:95:db:27:90:a7:ee:85:7b:
         67:97:a4:83
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIEF+l+djANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MjkzNTJhOGQyZGQ3MGM5MWZmY2VjOGUzMjNmZTY5ZjFlOWE0MTM5MB4XDTIyMDEw
MTA5NTMxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmU0MTM1MjVkYjVm
ODgxZjEwYTU1MDI1MTQyZGQ3NGVlYTNiZDRkMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMvZo427kRlEYOntDZI4ubulmm4/Bc4TpfyWzhxofsYupU3w
xnHGMTEnQL6YAI7xtjEd8XrCApc5a2bJN+2dgGD/Xe+4+X3xrQIPdeo6Bzs+NP/l
+vy1i+1D0HHzpNGGS+aeSw+4aDfOOjqmsP8cmT1aYMqmP3xr9lW0Y9dZz3mFF1Ws
cwa2zGuu8GKl8EF9JlkwFZT04gk+z0TYlaXFKJpdG/PWODJMQKJwAqPJ+gGwN057
3I0S3f5Wb2Q8uaxm4ra9r2srIX6dCanEKAAroN1m2bigP0DrQtm11NlAjb6bCxeO
26q+Do1enuwobLIZCHJFmCjYGIiJhuNnETin2CMCAwEAAaOCAlQwggJQMB0GA1Ud
DgQWBBT+QTUl21+IHxClUCUULddO6jvU0zAfBgNVHSMEGDAWgBSSk1Ko0t1wyR/8
7I4yP+afHppBOTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2twTlNxTkxkY01rZl9PeU9Nal9tbng2YVFUay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWIvN2I2ZWRjLWFkMjMtNGQ3My1hYjU2LTBhMWEzNTg5N2YxMC8x
L19rRTFKZHRmaUI4UXBWQWxGQzNYVHVvNzFOTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIv
N2I2ZWRjLWFkMjMtNGQ3My1hYjU2LTBhMWEzNTg5N2YxMC8xL2twTlNxTkxkY01r
Zl9PeU9Nal9tbng2YVFUay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBq
BggrBgEFBQcBBwEB/wRbMFkwSAQCAAEwQgMEBT4sAAMEBj6xQAMEBlOUAAMEB1iS
AAMEBcLV4AMEBcN6wAMEBcOAwAMEBcP6gAMEBdQUYAMEBdQbwAMEBdWvIDANBAIA
AjAHAwUAIAEVCDANBgkqhkiG9w0BAQsFAAOCAQEAXormRRypMfshmGU5qPDLAa+w
dMh/wXzILihjTeArO32KS63BcjtxIqr/Ejz5yEnPMhgG9y7MpxaSQg9znaMwIxav
q0c0ikbtLXCXTg4fG/xKydzIUYPmD5CLeFy/Mxur6DUfaabDdp4XOSy7Mgbw6E8z
7fnE7WgYJvhreaTduPr2p3E/PhgsdGsJ2qJ8ncW1ep0fijH/bWPLDG0rmMmPv/P2
yAHXeV8H9jsuGy0zvBOfdv9/FyM4yhiA5JAqvlxwao3f6/jju78NQ7XQyLc0yIJ0
Nxgntt9Q29uJImb5yNzAja53z0hYG/hUY98b6TYyZ877xpXbJ5Cn7oV7Z5ekgw==
-----END CERTIFICATE-----