Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/JoBFwBFfvfLgUj67fSkG3CsJrfY.roa
File:                     JoBFwBFfvfLgUj67fSkG3CsJrfY.roa (raw, json)
Hash identifier:          1dKamWPn8hXubEo9DDFVFeMBRRqvBs62E83XcRjGugE=
Subject key identifier:   26:80:45:C0:11:5F:BD:F2:E0:52:3E:BB:7D:29:06:DC:2B:09:AD:F6
Certificate issuer:       /CN=0d72fe2c805ed63afc9c89e9324ac94d30939aab
Certificate serial:       018335DE6BAC3248BBAC7642F8EA407C110D
Authority key identifier: 0D:72:FE:2C:80:5E:D6:3A:FC:9C:89:E9:32:4A:C9:4D:30:93:9A:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXL-LIBe1jr8nInpMkrJTTCTmqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/JoBFwBFfvfLgUj67fSkG3CsJrfY.roa
Signing time:             Tue 13 Sep 2022 08:01:52 +0000
ROA not before:           Tue 13 Sep 2022 08:01:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197423
IP address blocks:        109.245.56.0/24 maxlen: 24
                          109.245.55.0/24 maxlen: 24
                          109.245.57.0/24 maxlen: 24
                          109.245.63.0/24 maxlen: 24
                          109.245.62.0/24 maxlen: 24
                          109.245.61.0/24 maxlen: 24
                          109.106.226.0/24 maxlen: 24
                          109.106.229.0/24 maxlen: 24
                          109.245.216.0/24 maxlen: 24
                          109.106.233.0/24 maxlen: 24
                          109.106.230.0/24 maxlen: 24
                          109.106.237.0/24 maxlen: 24
                          109.106.236.0/24 maxlen: 24
                          109.106.235.0/24 maxlen: 24
                          109.106.234.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:35:de:6b:ac:32:48:bb:ac:76:42:f8:ea:40:7c:11:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d72fe2c805ed63afc9c89e9324ac94d30939aab
        Validity
            Not Before: Sep 13 08:01:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=268045c0115fbdf2e0523ebb7d2906dc2b09adf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c8:69:48:00:71:65:6b:49:47:73:30:4d:db:
                    de:59:50:48:4c:62:9b:68:69:85:be:5f:b7:05:91:
                    c8:1e:45:16:7b:b9:80:e2:fe:c2:bb:60:2c:5a:37:
                    ed:1c:44:c8:5c:cb:a7:48:cb:69:97:09:f6:e1:ee:
                    7e:ad:38:aa:46:18:70:67:1e:77:4c:a4:33:eb:11:
                    53:fe:64:3d:a0:72:c1:5f:de:fb:3c:6b:90:93:d3:
                    50:cf:b0:93:5f:e0:3a:51:47:36:ac:95:a4:95:db:
                    7d:ea:96:a6:5e:fe:5d:d0:08:33:68:fc:ef:b4:85:
                    d2:8b:55:37:bb:16:1b:e7:ae:24:79:6a:6b:f5:95:
                    45:19:54:db:8e:d6:d1:84:f9:51:fa:a6:38:01:a8:
                    c1:ac:9d:a2:e7:51:05:db:d8:60:a7:c8:04:65:52:
                    18:13:92:04:6f:59:43:b8:67:44:60:83:24:78:15:
                    79:fc:9d:c6:76:68:10:b2:b4:d4:55:6c:fa:24:00:
                    df:dc:08:6f:de:c4:a7:a5:61:23:46:97:7a:95:1a:
                    be:1e:1a:16:82:32:97:6e:33:ab:26:b8:8e:d8:f7:
                    7d:2d:cb:70:8d:cb:53:f8:a6:fe:5b:d2:0c:d3:ec:
                    56:df:41:90:1e:5e:c8:f7:49:c8:34:9c:8b:3c:13:
                    49:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:80:45:C0:11:5F:BD:F2:E0:52:3E:BB:7D:29:06:DC:2B:09:AD:F6
            X509v3 Authority Key Identifier:
                keyid:0D:72:FE:2C:80:5E:D6:3A:FC:9C:89:E9:32:4A:C9:4D:30:93:9A:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXL-LIBe1jr8nInpMkrJTTCTmqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/JoBFwBFfvfLgUj67fSkG3CsJrfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/DXL-LIBe1jr8nInpMkrJTTCTmqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.226.0/24
                  109.106.229.0-109.106.230.255
                  109.106.233.0-109.106.237.255
                  109.245.55.0-109.245.57.255
                  109.245.61.0-109.245.63.255
                  109.245.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:5d:49:67:02:fb:92:f2:0f:a4:81:b3:93:35:22:46:85:17:
         23:52:74:ed:77:ba:03:55:34:9f:97:11:0e:86:52:17:6b:0b:
         32:e6:a2:5f:40:89:07:ba:8d:2d:4f:22:62:95:c5:f7:cc:6e:
         64:88:a7:41:9a:d0:ba:42:b0:db:98:1b:94:93:27:65:72:6c:
         db:b9:11:cd:dc:1a:87:7b:d4:9f:35:b8:00:6a:da:8e:c8:ce:
         a0:b0:aa:bd:22:25:ec:9e:94:bf:6a:db:5c:60:ef:9e:2e:01:
         53:46:3f:9c:c2:e5:19:e2:6a:90:fa:53:e0:17:91:c9:9d:30:
         fd:cc:a6:f8:88:c3:d4:9a:85:49:ad:a3:f1:ca:dd:5e:15:2c:
         ec:fe:b3:63:95:d9:df:9b:9b:53:c4:7e:56:c0:69:2b:26:22:
         d7:3b:1b:6f:ad:67:39:1e:29:96:54:e4:05:49:f5:17:61:1c:
         00:0e:8a:ba:41:77:3e:c7:06:06:a7:64:99:5c:9a:b2:50:30:
         63:ae:87:6c:aa:35:71:80:f0:a9:f8:57:ce:f6:0c:b1:70:38:
         f5:c6:7a:77:bd:e3:81:e9:d4:e6:c8:1a:e9:2e:64:93:10:88:
         b9:71:31:0f:a5:2e:59:58:9a:55:18:e2:ab:cd:0f:8f:7f:84:
         cf:94:37:b4
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYM13musMki7rHZC+OpAfBENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzJmZTJjODA1ZWQ2M2FmYzljODllOTMyNGFjOTRkMzA5
MzlhYWIwHhcNMjIwOTEzMDgwMTUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjgwNDVjMDExNWZiZGYyZTA1MjNlYmI3ZDI5MDZkYzJiMDlhZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8hpSABxZWtJR3MwTdveWVBITGKb
aGmFvl+3BZHIHkUWe7mA4v7Cu2AsWjftHETIXMunSMtplwn24e5+rTiqRhhwZx53
TKQz6xFT/mQ9oHLBX977PGuQk9NQz7CTX+A6UUc2rJWkldt96pamXv5d0AgzaPzv
tIXSi1U3uxYb564keWpr9ZVFGVTbjtbRhPlR+qY4AajBrJ2i51EF29hgp8gEZVIY
E5IEb1lDuGdEYIMkeBV5/J3GdmgQsrTUVWz6JADf3Ahv3sSnpWEjRpd6lRq+HhoW
gjKXbjOrJriO2Pd9LctwjctT+Kb+W9IM0+xW30GQHl7I90nINJyLPBNJcQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCaARcARX73y4FI+u30pBtwrCa32MB8GA1UdIwQY
MBaAFA1y/iyAXtY6/JyJ6TJKyU0wk5qrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhMLUxJQmUxanI4bklucE1rckpUVENUbXFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yMmUxZDEtOTk4NC00MTU4LThkMTgt
Y2Y4MThjN2M0NTFhLzEvSm9CRndCRmZ2ZkxnVWo2N2ZTa0czQ3NKcmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yMmUxZDEtOTk4NC00MTU4LThkMTgtY2Y4MThjN2M0NTFh
LzEvRFhMLUxJQmUxanI4bklucE1rckpUVENUbXFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAbWriMAwD
BABtauUDBABtauYwDAMEAG1q6QMEAW1q7DAMAwQAbfU3AwQBbfU4MAwDBABt9T0D
BAZt9QADBABt9dgwDQYJKoZIhvcNAQELBQADggEBAHBdSWcC+5LyD6SBs5M1IkaF
FyNSdO13ugNVNJ+XEQ6GUhdrCzLmol9AiQe6jS1PImKVxffMbmSIp0Ga0LpCsNuY
G5STJ2VybNu5Ec3cGod71J81uABq2o7IzqCwqr0iJeyelL9q21xg754uAVNGP5zC
5RniapD6U+AXkcmdMP3MpviIw9SahUmto/HK3V4VLOz+s2OV2d+bm1PEflbAaSsm
Itc7G2+tZzkeKZZU5AVJ9RdhHAAOirpBdz7HBganZJlcmrJQMGOuh2yqNXGA8Kn4
V872DLFwOPXGene944Hp1ObIGukuZJMQiLlxMQ+lLllYmlUY4qvND49/hM+UN7Q=
-----END CERTIFICATE-----