Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/JxIo7D8SiXDupvAXxC3ZJITmL_4.roa
File:                     JxIo7D8SiXDupvAXxC3ZJITmL_4.roa (raw, json)
Hash identifier:          k5Oi/F21Pv5b2GdWvUg+PEc1IexT0+LVzn56qH6IqWU=
Subject key identifier:   27:12:28:EC:3F:12:89:70:EE:A6:F0:17:C4:2D:D9:24:84:E6:2F:FE
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       01851A9A91C09E494E0193D01652BF9D487E
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/JxIo7D8SiXDupvAXxC3ZJITmL_4.roa
Signing time:             Fri 16 Dec 2022 11:03:35 +0000
ROA not before:           Fri 16 Dec 2022 11:03:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15723
IP address blocks:        46.23.98.0/24 maxlen: 24
                          46.23.96.0/24 maxlen: 24
                          46.23.99.0/24 maxlen: 24
                          46.23.111.0/24 maxlen: 24
                          37.128.203.0/24 maxlen: 24
                          37.128.202.0/24 maxlen: 24
                          37.128.201.0/24 maxlen: 24
                          5.10.240.0/20 maxlen: 20
                          88.151.192.0/24 maxlen: 24
                          185.81.217.0/24 maxlen: 24
                          185.81.216.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:1a:9a:91:c0:9e:49:4e:01:93:d0:16:52:bf:9d:48:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Dec 16 11:03:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=271228ec3f128970eea6f017c42dd92484e62ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3d:e8:bb:93:68:48:68:05:f0:43:fc:8c:3d:
                    df:2a:5b:0b:10:5c:cd:71:c5:c3:25:c8:e9:7c:c4:
                    51:88:5f:85:f2:7e:d4:c2:b0:79:5e:c5:49:1c:cc:
                    c4:ca:18:23:bc:19:7b:1c:82:88:a1:73:ca:c2:6f:
                    5c:ab:4a:43:07:b3:64:18:e7:0f:a6:59:13:07:1d:
                    b7:b4:8d:79:11:e6:7e:4b:9d:c3:b3:fd:cb:02:58:
                    85:5c:c8:99:e8:47:9a:32:4c:c4:79:8a:0e:22:92:
                    8d:04:7b:a1:00:1a:b3:5f:2c:3d:89:60:50:25:48:
                    8c:da:90:f3:d4:62:25:7c:94:ad:20:35:5e:76:e8:
                    21:ee:49:ba:a3:34:b5:78:da:f7:d9:a5:ad:07:1b:
                    72:6b:00:34:33:0c:82:30:62:45:60:5d:ac:12:3a:
                    9f:44:4d:54:40:bd:46:85:22:83:3a:46:49:fd:f2:
                    28:b0:24:b5:62:da:d8:fe:b4:d2:26:a3:ca:f1:b8:
                    b5:de:16:b8:d3:96:44:50:00:04:dd:fa:62:c8:7f:
                    a6:38:6c:74:1d:e9:0f:e9:18:98:ed:79:f5:23:53:
                    04:a4:16:4d:5f:c6:48:dc:e8:da:91:e7:8d:13:9f:
                    e0:1a:5f:95:95:de:19:1a:ca:ec:a1:91:95:6d:23:
                    4d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:12:28:EC:3F:12:89:70:EE:A6:F0:17:C4:2D:D9:24:84:E6:2F:FE
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/JxIo7D8SiXDupvAXxC3ZJITmL_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.240.0/20
                  37.128.201.0-37.128.203.255
                  46.23.96.0/24
                  46.23.98.0/23
                  46.23.111.0/24
                  88.151.192.0/24
                  185.81.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:9e:0e:6b:e8:88:04:1c:c6:bc:ef:3a:56:96:0d:a0:fc:b7:
         75:8b:84:14:d6:73:b7:85:97:52:f1:c2:55:33:dc:1b:12:e1:
         d1:60:02:6c:2d:cd:bd:20:52:bf:09:0f:90:06:3a:32:32:84:
         30:29:e5:db:1f:16:6b:53:3f:2e:1f:b9:43:64:03:a9:8f:87:
         eb:5d:ed:a2:2e:fc:a4:f7:8a:f0:17:94:e5:76:f0:eb:00:cf:
         03:1a:7e:c9:cd:30:73:1f:a0:b8:7d:64:73:af:bc:a0:cc:33:
         cb:e5:d6:a5:49:89:85:5f:62:68:ea:5e:bb:92:cb:32:76:c3:
         25:0d:ec:da:5d:be:9e:b9:dd:4b:09:f4:41:1f:7a:9f:21:f1:
         a4:42:ff:59:ef:f1:8c:73:57:0d:db:c3:3c:ac:48:9b:be:ff:
         49:5c:55:7b:14:9b:77:1a:00:3f:4c:a1:40:ed:9d:e0:6b:9d:
         c3:c2:8a:f8:02:e3:df:84:22:31:18:49:61:a5:c4:d7:bd:9a:
         70:54:1d:3f:4d:c8:66:b0:6c:b1:2f:07:ae:08:ed:f6:8c:a4:
         df:fb:92:b9:99:6c:52:32:ee:cc:eb:c6:c5:12:1d:90:0d:29:
         a9:f9:78:4b:74:c4:3b:fc:85:3e:ab:7e:14:d2:f4:7c:6e:8f:
         34:59:b8:88
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYUampHAnklOAZPQFlK/nUh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjIxMjE2MTEwMzM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzEyMjhlYzNmMTI4OTcwZWVhNmYwMTdjNDJkZDkyNDg0ZTYyZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhj3ou5NoSGgF8EP8jD3fKlsLEFzN
ccXDJcjpfMRRiF+F8n7UwrB5XsVJHMzEyhgjvBl7HIKIoXPKwm9cq0pDB7NkGOcP
plkTBx23tI15EeZ+S53Ds/3LAliFXMiZ6EeaMkzEeYoOIpKNBHuhABqzXyw9iWBQ
JUiM2pDz1GIlfJStIDVedugh7km6ozS1eNr32aWtBxtyawA0MwyCMGJFYF2sEjqf
RE1UQL1GhSKDOkZJ/fIosCS1YtrY/rTSJqPK8bi13ha405ZEUAAE3fpiyH+mOGx0
HekP6RiY7Xn1I1MEpBZNX8ZI3OjakeeNE5/gGl+Vld4ZGsrsoZGVbSNN5wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFCcSKOw/Eolw7qbwF8Qt2SSE5i/+MB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvSnhJbzdEOFNpWER1cHZBWHhDM1pKSVRtTF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQEBQrwMAwD
BAAlgMkDBAIlgMgDBAAuF2ADBAEuF2IDBAAuF28DBABYl8ADBAG5UdgwDQYJKoZI
hvcNAQELBQADggEBAHmeDmvoiAQcxrzvOlaWDaD8t3WLhBTWc7eFl1LxwlUz3BsS
4dFgAmwtzb0gUr8JD5AGOjIyhDAp5dsfFmtTPy4fuUNkA6mPh+td7aIu/KT3ivAX
lOV28OsAzwMafsnNMHMfoLh9ZHOvvKDMM8vl1qVJiYVfYmjqXruSyzJ2wyUN7Npd
vp653UsJ9EEfep8h8aRC/1nv8YxzVw3bwzysSJu+/0lcVXsUm3caAD9MoUDtneBr
ncPCivgC49+EIjEYSWGlxNe9mnBUHT9NyGawbLEvB64I7faMpN/7krmZbFIy7szr
xsUSHZANKan5eEt0xDv8hT6rfhTS9HxujzRZuIg=
-----END CERTIFICATE-----