Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/1-N0fnFJk2qMvkOTLb8H7yfxvWuE.roa
File:                     1-N0fnFJk2qMvkOTLb8H7yfxvWuE.roa (raw, json)
Hash identifier:          Ser+sHLZAKEzEwKyT5q/zaCQ8pdKYAEnKajj8FNTxp4=
Subject key identifier:   F8:DD:1F:9C:52:64:DA:A3:2F:90:E4:CB:6F:C1:FB:C9:FC:6F:5A:E1
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       0184196E8D87A9CAEDB0205AC5E3ACAB037A
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/1-N0fnFJk2qMvkOTLb8H7yfxvWuE.roa
Signing time:             Thu 27 Oct 2022 12:33:06 +0000
ROA not before:           Thu 27 Oct 2022 12:33:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15723
IP address blocks:        5.178.3.0/24 maxlen: 24
                          5.178.1.0/24 maxlen: 24
                          5.178.2.0/24 maxlen: 24
                          5.178.0.0/24 maxlen: 24
                          5.10.240.0/20 maxlen: 20
                          185.81.217.0/24 maxlen: 24
                          185.81.216.0/24 maxlen: 24
                          46.23.103.0/24 maxlen: 24
                          46.23.101.0/24 maxlen: 24
                          46.23.102.0/24 maxlen: 24
                          46.23.100.0/24 maxlen: 24
                          37.128.203.0/24 maxlen: 24
                          37.128.202.0/24 maxlen: 24
                          37.128.200.0/24 maxlen: 24
                          37.128.201.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:19:6e:8d:87:a9:ca:ed:b0:20:5a:c5:e3:ac:ab:03:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Oct 27 12:33:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f8dd1f9c5264daa32f90e4cb6fc1fbc9fc6f5ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b3:ae:d3:bf:45:ad:fe:48:1f:b9:52:bd:4b:
                    3d:49:cc:45:ec:be:f6:8e:7f:53:13:e0:e1:cc:a0:
                    f1:23:c4:28:e6:7b:fb:8f:ad:a9:16:15:25:4e:37:
                    d9:aa:ca:33:78:88:af:41:a2:1b:e4:e4:90:5b:ac:
                    99:a3:94:c5:b8:62:41:bd:4a:35:42:ef:f9:f7:07:
                    d3:8c:6a:f3:9b:8c:3f:8f:7e:fa:38:d5:0d:38:0f:
                    84:dd:33:6c:e3:cd:be:fc:ab:77:1f:10:d1:06:69:
                    76:86:3c:73:4d:b3:9b:ce:f8:06:5b:c1:3e:09:ba:
                    a9:75:ca:06:16:45:08:57:bb:97:e6:46:4e:d7:f2:
                    e7:8c:1a:92:20:5c:63:be:09:2e:34:98:c0:68:0d:
                    81:ad:d9:1f:a0:ab:d5:77:96:ef:ab:00:7e:f3:26:
                    ce:99:7f:b9:85:37:d3:f0:57:19:d8:70:12:a0:9f:
                    46:94:d4:52:d1:6b:4f:41:35:c3:5a:24:e0:e2:6a:
                    02:0e:c1:eb:8d:d0:e4:dc:f6:81:26:99:c0:38:61:
                    01:1f:70:09:a6:14:0f:19:6f:08:aa:15:e3:9c:74:
                    9f:1c:a0:0a:6c:81:d2:00:bd:b5:aa:df:f2:69:3b:
                    ba:63:5d:61:94:aa:b8:2d:ac:e6:cf:15:d0:c4:0b:
                    fd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:DD:1F:9C:52:64:DA:A3:2F:90:E4:CB:6F:C1:FB:C9:FC:6F:5A:E1
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/1-N0fnFJk2qMvkOTLb8H7yfxvWuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.240.0/20
                  5.178.0.0/22
                  37.128.200.0/22
                  46.23.100.0/22
                  185.81.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:22:8a:55:fd:f9:fe:92:80:63:79:4b:19:f3:a3:89:74:9d:
         35:e6:a5:5f:48:57:6b:d3:13:d8:b5:0d:d1:13:7e:73:2d:23:
         40:c9:7c:57:ba:ff:b3:a7:58:04:bd:ec:4d:70:1e:30:94:33:
         8b:b9:f1:5f:a8:b3:e4:2c:fb:89:d7:f5:76:92:f6:e4:80:41:
         6a:cc:74:07:b1:df:0e:42:8c:89:36:3b:55:77:c9:ea:2a:9a:
         87:2a:04:01:15:2f:f8:f1:b5:36:6e:46:ca:a4:0e:33:25:37:
         91:15:c2:09:a3:38:06:41:9c:c8:5d:bd:41:59:49:77:99:f4:
         e9:5c:9c:db:4d:1a:65:ac:1a:91:41:eb:b6:d7:5b:9c:df:d3:
         ef:3b:95:2b:db:43:4c:90:f7:94:eb:bc:c5:89:b6:8c:35:61:
         eb:67:c1:17:8f:9f:25:3e:c2:dd:33:ac:a8:0f:62:b4:53:c7:
         2a:41:51:86:f6:99:b4:f1:a5:31:2a:47:1f:45:87:d0:33:57:
         a1:83:3f:6f:77:8e:69:7a:aa:9f:13:d7:ab:87:ef:87:54:2f:
         86:22:ce:12:a7:7f:f7:28:17:cc:7b:32:2b:f9:3f:59:8e:2a:
         02:4a:29:b3:56:8f:18:d6:0e:29:c3:33:b6:53:20:75:6e:41:
         15:28:d5:f4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYQZbo2HqcrtsCBaxeOsqwN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjIxMDI3MTIzMzA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGRkMWY5YzUyNjRkYWEzMmY5MGU0Y2I2ZmMxZmJjOWZjNmY1YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprOu079Frf5IH7lSvUs9ScxF7L72
jn9TE+DhzKDxI8Qo5nv7j62pFhUlTjfZqsozeIivQaIb5OSQW6yZo5TFuGJBvUo1
Qu/59wfTjGrzm4w/j376ONUNOA+E3TNs482+/Kt3HxDRBml2hjxzTbObzvgGW8E+
CbqpdcoGFkUIV7uX5kZO1/LnjBqSIFxjvgkuNJjAaA2BrdkfoKvVd5bvqwB+8ybO
mX+5hTfT8FcZ2HASoJ9GlNRS0WtPQTXDWiTg4moCDsHrjdDk3PaBJpnAOGEBH3AJ
phQPGW8IqhXjnHSfHKAKbIHSAL21qt/yaTu6Y11hlKq4LazmzxXQxAv9rwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPjdH5xSZNqjL5Dky2/B+8n8b1rhMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvMS1OMGZuRkprMnFNdmtPVExiOEg3eWZ4dld1RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWMvNzgwMDJhLTRmYzAtNGRiZi04NTg1LTJjZjgwNmIyZDBm
Mi8xL2ZRYWtLN0pFYmxIeGt1bzNXOTktN0ZwUngzOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA3BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEBAUK8AME
AgWyAAMEAiWAyAMEAi4XZAMEAblR2DANBgkqhkiG9w0BAQsFAAOCAQEAriKKVf35
/pKAY3lLGfOjiXSdNealX0hXa9MT2LUN0RN+cy0jQMl8V7r/s6dYBL3sTXAeMJQz
i7nxX6iz5Cz7idf1dpL25IBBasx0B7HfDkKMiTY7VXfJ6iqahyoEARUv+PG1Nm5G
yqQOMyU3kRXCCaM4BkGcyF29QVlJd5n06Vyc200aZawakUHrttdbnN/T7zuVK9tD
TJD3lOu8xYm2jDVh62fBF4+fJT7C3TOsqA9itFPHKkFRhvaZtPGlMSpHH0WH0DNX
oYM/b3eOaXqqnxPXq4fvh1QvhiLOEqd/9ygXzHsyK/k/WY4qAkops1aPGNYOKcMz
tlMgdW5BFSjV9A==
-----END CERTIFICATE-----