Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/2DSkN1-NEIbpdcTBYAPAqjQRugI.roa
File:                     2DSkN1-NEIbpdcTBYAPAqjQRugI.roa (raw, json)
Hash identifier:          kk6so4sPDZ/BvtJy9oysyBtkHkqE9fdDNXSMCFtzzL0=
Subject key identifier:   D8:34:A4:37:5F:8D:10:86:E9:75:C4:C1:60:03:C0:AA:34:11:BA:02
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       0183EED0EB4767BEE7EF1C71AABBA3CD4E37
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/2DSkN1-NEIbpdcTBYAPAqjQRugI.roa
Signing time:             Wed 19 Oct 2022 05:56:52 +0000
ROA not before:           Wed 19 Oct 2022 05:56:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15723
IP address blocks:        85.158.146.0/24 maxlen: 24
                          5.178.3.0/24 maxlen: 24
                          5.178.1.0/24 maxlen: 24
                          5.178.2.0/24 maxlen: 24
                          5.178.0.0/24 maxlen: 24
                          5.10.240.0/20 maxlen: 20
                          185.81.216.0/22 maxlen: 22
                          46.23.103.0/24 maxlen: 24
                          46.23.101.0/24 maxlen: 24
                          46.23.102.0/24 maxlen: 24
                          46.23.100.0/24 maxlen: 24
                          164.215.100.0/24 maxlen: 24
                          37.128.203.0/24 maxlen: 24
                          37.128.202.0/24 maxlen: 24
                          37.128.200.0/24 maxlen: 24
                          37.128.201.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ee:d0:eb:47:67:be:e7:ef:1c:71:aa:bb:a3:cd:4e:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Oct 19 05:56:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d834a4375f8d1086e975c4c16003c0aa3411ba02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:99:e2:b6:fa:fd:74:79:a2:e3:fb:50:80:91:
                    6a:56:d8:c0:98:74:fa:07:6a:73:6d:98:b1:10:10:
                    0b:9e:a8:ad:86:d9:72:b9:d4:f5:48:17:ca:5d:94:
                    97:43:12:c0:eb:69:93:1e:f9:7e:e6:db:79:48:b1:
                    ab:75:0f:ff:fa:d7:31:c2:10:7b:5c:e7:83:c7:81:
                    d7:ca:df:e4:2a:55:42:fc:7c:66:6d:d6:76:1d:e4:
                    40:4e:f3:71:ea:67:ad:71:fe:cd:90:6c:f3:9f:b4:
                    63:db:53:4a:04:77:dc:0a:54:6a:0b:fd:b6:39:04:
                    14:48:c1:e6:65:0e:df:0b:e8:01:d1:d9:3c:89:c8:
                    4b:97:18:a6:2c:74:8c:56:01:87:c9:d7:97:6b:7b:
                    41:72:82:bb:b0:46:3b:eb:7c:ef:89:2b:b6:41:97:
                    86:b1:f5:c0:60:50:87:26:d8:63:47:eb:04:4c:39:
                    ce:a4:7c:bf:43:f7:c8:d1:82:72:dd:e6:72:d0:29:
                    17:98:46:dc:4b:38:b1:7a:c6:db:d8:bb:aa:1a:a7:
                    59:99:47:80:48:2b:c9:0d:3f:7f:05:c2:31:86:cd:
                    79:38:64:6f:d1:40:94:ba:7b:4f:df:92:a2:ba:26:
                    c5:f2:3a:dc:d8:da:b4:48:3a:57:fd:eb:a9:42:40:
                    b9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:34:A4:37:5F:8D:10:86:E9:75:C4:C1:60:03:C0:AA:34:11:BA:02
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/2DSkN1-NEIbpdcTBYAPAqjQRugI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.240.0/20
                  5.178.0.0/22
                  37.128.200.0/22
                  46.23.100.0/22
                  85.158.146.0/24
                  164.215.100.0/24
                  185.81.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:34:4b:c3:31:0c:83:e1:3e:6b:47:2c:03:86:ab:25:aa:6c:
         d4:e8:5f:78:dc:d1:a0:b7:19:d7:1a:3c:15:7a:c7:20:74:bc:
         df:4f:28:71:7e:3a:81:ba:4a:05:90:61:94:cc:25:69:81:3e:
         dd:0b:68:c4:1a:db:45:12:64:54:56:84:c3:4a:21:1f:f4:ea:
         a1:8f:ad:ae:73:2b:ea:f4:28:ca:cb:b6:50:9e:6a:05:87:1a:
         7d:5d:43:d0:d2:c8:8c:5b:de:ec:3b:36:5d:d0:45:37:53:29:
         6c:32:92:95:6f:c5:87:59:21:72:54:e8:3c:57:cf:84:54:bc:
         39:7e:48:bd:76:02:ae:56:bb:4f:45:69:6b:6e:54:4c:4d:87:
         71:13:0f:0a:f8:65:54:89:52:cf:b6:2d:6c:7a:f7:81:de:66:
         b6:4a:63:e2:82:ac:24:7f:d3:2c:4f:2f:40:66:f8:2d:c8:34:
         c4:10:e7:87:1c:45:d8:13:f2:fd:82:ea:71:fd:f4:7a:56:9e:
         ad:f8:91:9a:37:01:57:91:af:d5:af:86:59:6d:8d:dd:0f:11:
         32:95:98:a3:fc:4e:a9:8a:19:f2:d6:db:e8:c2:96:3b:f9:d1:
         38:81:5e:9b:c5:c8:31:c9:0e:16:da:9f:1e:47:6e:98:6e:2f:
         d7:20:3a:27
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYPu0OtHZ77n7xxxqrujzU43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjIxMDE5MDU1NjUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODM0YTQzNzVmOGQxMDg2ZTk3NWM0YzE2MDAzYzBhYTM0MTFiYTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJnitvr9dHmi4/tQgJFqVtjAmHT6
B2pzbZixEBALnqithtlyudT1SBfKXZSXQxLA62mTHvl+5tt5SLGrdQ//+tcxwhB7
XOeDx4HXyt/kKlVC/HxmbdZ2HeRATvNx6metcf7NkGzzn7Rj21NKBHfcClRqC/22
OQQUSMHmZQ7fC+gB0dk8ichLlximLHSMVgGHydeXa3tBcoK7sEY763zviSu2QZeG
sfXAYFCHJthjR+sETDnOpHy/Q/fI0YJy3eZy0CkXmEbcSzixesbb2LuqGqdZmUeA
SCvJDT9/BcIxhs15OGRv0UCUuntP35KiuibF8jrc2Nq0SDpX/eupQkC5RwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNg0pDdfjRCG6XXEwWADwKo0EboCMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvMkRTa04xLU5FSWJwZGNUQllBUEFxalFSdWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQEBQrwAwQC
BbIAAwQCJYDIAwQCLhdkAwQAVZ6SAwQApNdkAwQCuVHYMA0GCSqGSIb3DQEBCwUA
A4IBAQBTNEvDMQyD4T5rRywDhqslqmzU6F943NGgtxnXGjwVescgdLzfTyhxfjqB
ukoFkGGUzCVpgT7dC2jEGttFEmRUVoTDSiEf9Oqhj62ucyvq9CjKy7ZQnmoFhxp9
XUPQ0siMW97sOzZd0EU3UylsMpKVb8WHWSFyVOg8V8+EVLw5fki9dgKuVrtPRWlr
blRMTYdxEw8K+GVUiVLPti1seveB3ma2SmPigqwkf9MsTy9AZvgtyDTEEOeHHEXY
E/L9gupx/fR6Vp6t+JGaNwFXka/Vr4ZZbY3dDxEylZij/E6pihny1tvowpY7+dE4
gV6bxcgxyQ4W2p8eR26Ybi/XIDon
-----END CERTIFICATE-----