Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/dVGBGHpwW_qkALXIis2OhWDfJpQ.roa
File:                     dVGBGHpwW_qkALXIis2OhWDfJpQ.roa (raw, json)
Hash identifier:          K+348Ffo5dw4i68Vh4hfAy3EtLy1I6Vm6pUKiW402gU=
Subject key identifier:   75:51:81:18:7A:70:5B:FA:A4:00:B5:C8:8A:CD:8E:85:60:DF:26:94
Certificate issuer:       /CN=0d72fe2c805ed63afc9c89e9324ac94d30939aab
Certificate serial:       018335DE6B26C9C6560A66FD47F6A2D7E4AF
Authority key identifier: 0D:72:FE:2C:80:5E:D6:3A:FC:9C:89:E9:32:4A:C9:4D:30:93:9A:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXL-LIBe1jr8nInpMkrJTTCTmqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/dVGBGHpwW_qkALXIis2OhWDfJpQ.roa
Signing time:             Tue 13 Sep 2022 08:01:52 +0000
ROA not before:           Tue 13 Sep 2022 08:01:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15958
IP address blocks:        109.245.16.0/20 maxlen: 20
                          109.245.228.0/22 maxlen: 22
                          109.245.232.0/21 maxlen: 21
                          109.245.240.0/20 maxlen: 20
                          217.65.192.0/20 maxlen: 20
                          217.65.196.0/22 maxlen: 22
                          217.65.201.0/24 maxlen: 24
                          217.65.200.0/21 maxlen: 21
                          217.65.202.0/23 maxlen: 23
                          217.65.204.0/22 maxlen: 22
                          109.245.40.0/21 maxlen: 21
                          109.245.48.0/20 maxlen: 20
                          109.245.192.0/19 maxlen: 19
                          109.106.224.0/20 maxlen: 20
                          109.245.0.0/21 maxlen: 21
                          109.245.8.0/22 maxlen: 22
                          109.245.0.0/16 maxlen: 16
                          2a01:ac80::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:35:de:6b:26:c9:c6:56:0a:66:fd:47:f6:a2:d7:e4:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d72fe2c805ed63afc9c89e9324ac94d30939aab
        Validity
            Not Before: Sep 13 08:01:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=755181187a705bfaa400b5c88acd8e8560df2694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:6d:73:f5:12:d1:34:9d:fa:1b:89:d6:c7:35:
                    fc:c8:a3:44:70:32:57:1a:20:4b:0f:de:cd:8f:2b:
                    72:73:be:9c:cf:7b:d0:05:61:3e:a1:3a:3b:29:74:
                    5e:05:0a:8b:99:61:a4:46:31:e5:8e:4e:13:33:9f:
                    59:e9:ee:78:73:b9:8a:00:1f:22:15:d8:95:31:c6:
                    f7:88:82:6a:c9:2d:b3:26:65:a9:1f:49:b2:8a:34:
                    29:9e:ec:9a:55:8d:23:d3:ef:fc:df:e8:74:e3:36:
                    c5:af:69:51:c3:26:b6:b2:05:56:f2:31:30:2d:81:
                    0c:d8:00:b0:d5:92:a7:f7:50:3d:77:37:9e:91:a7:
                    09:18:a6:b3:a3:24:9a:71:1e:62:f4:d0:4a:0d:4b:
                    40:04:80:14:45:59:72:01:e4:c1:c8:9c:c7:ff:5c:
                    4d:91:3e:89:e2:de:ad:0b:55:10:39:fd:52:d9:d6:
                    60:ce:66:e4:a1:4a:d0:af:21:31:2e:fb:c9:ad:fa:
                    f2:3d:02:e6:86:82:c6:b5:53:e8:54:8d:04:c0:b1:
                    d7:a9:33:fc:b7:ae:68:81:80:97:f1:ac:89:66:22:
                    cb:ae:14:36:22:bd:1c:26:a0:7b:af:6a:bc:54:c8:
                    4a:91:0c:f7:4d:eb:8b:2e:e4:3e:9d:9e:17:7a:f6:
                    ae:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:51:81:18:7A:70:5B:FA:A4:00:B5:C8:8A:CD:8E:85:60:DF:26:94
            X509v3 Authority Key Identifier:
                keyid:0D:72:FE:2C:80:5E:D6:3A:FC:9C:89:E9:32:4A:C9:4D:30:93:9A:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXL-LIBe1jr8nInpMkrJTTCTmqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/dVGBGHpwW_qkALXIis2OhWDfJpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/DXL-LIBe1jr8nInpMkrJTTCTmqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.224.0/20
                  109.245.0.0/16
                  217.65.192.0/20
                IPv6:
                  2a01:ac80::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:64:ec:d2:89:cb:f7:44:8a:32:48:e7:11:37:de:9b:d9:99:
         63:ed:c0:01:d4:f6:9b:9f:6b:3b:ab:b1:0f:99:77:a2:6d:6b:
         0a:fe:5c:41:c5:f2:28:3f:3c:fe:c2:c7:94:68:d3:83:fc:98:
         f6:a9:c9:04:09:da:f5:a9:29:13:da:b1:ae:9c:d2:97:c0:93:
         46:2a:1e:30:c8:f1:de:0d:2f:5b:c6:c0:a0:ee:c2:6d:86:31:
         68:89:59:e0:8f:f5:d8:3c:c4:b0:ce:07:98:31:93:ae:b7:a1:
         49:89:45:62:2a:5c:71:28:e8:fc:ff:94:f2:1a:6f:97:3b:a7:
         c0:04:4e:35:7d:c0:2b:bb:f3:76:ef:68:1e:47:16:04:5c:a8:
         30:97:58:13:52:de:54:fe:27:4f:8d:78:c7:dc:8a:ed:a1:7c:
         9c:09:0c:a1:ed:e1:59:69:c8:6e:c0:bc:2c:12:de:4c:71:e5:
         79:10:34:00:54:c3:42:90:89:83:db:26:eb:e6:19:27:4f:b3:
         d8:90:0a:7c:91:bd:e9:8a:f1:2e:94:2f:9a:5c:d3:64:99:7d:
         b9:63:29:89:ef:b0:2e:ea:9d:ef:34:34:cb:ea:4f:dd:e5:e4:
         b0:8a:50:cc:29:33:1f:e6:82:84:04:b2:39:67:a2:55:42:1c:
         b1:b9:ee:39
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYM13msmycZWCmb9R/ai1+SvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzJmZTJjODA1ZWQ2M2FmYzljODllOTMyNGFjOTRkMzA5
MzlhYWIwHhcNMjIwOTEzMDgwMTUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTUxODExODdhNzA1YmZhYTQwMGI1Yzg4YWNkOGU4NTYwZGYyNjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgm1z9RLRNJ36G4nWxzX8yKNEcDJX
GiBLD97Njytyc76cz3vQBWE+oTo7KXReBQqLmWGkRjHljk4TM59Z6e54c7mKAB8i
FdiVMcb3iIJqyS2zJmWpH0myijQpnuyaVY0j0+/83+h04zbFr2lRwya2sgVW8jEw
LYEM2ACw1ZKn91A9dzeekacJGKazoySacR5i9NBKDUtABIAURVlyAeTByJzH/1xN
kT6J4t6tC1UQOf1S2dZgzmbkoUrQryExLvvJrfryPQLmhoLGtVPoVI0EwLHXqTP8
t65ogYCX8ayJZiLLrhQ2Ir0cJqB7r2q8VMhKkQz3TeuLLuQ+nZ4XevauMQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFHVRgRh6cFv6pAC1yIrNjoVg3yaUMB8GA1UdIwQY
MBaAFA1y/iyAXtY6/JyJ6TJKyU0wk5qrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhMLUxJQmUxanI4bklucE1rckpUVENUbXFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yMmUxZDEtOTk4NC00MTU4LThkMTgt
Y2Y4MThjN2M0NTFhLzEvZFZHQkdIcHdXX3FrQUxYSWlzMk9oV0RmSnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yMmUxZDEtOTk4NC00MTU4LThkMTgtY2Y4MThjN2M0NTFh
LzEvRFhMLUxJQmUxanI4bklucE1rckpUVENUbXFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwQEbWrgAwMA
bfUDBATZQcAwDQQCAAIwBwMFACoBrIAwDQYJKoZIhvcNAQELBQADggEBAJ9k7NKJ
y/dEijJI5xE33pvZmWPtwAHU9pufazursQ+Zd6Jtawr+XEHF8ig/PP7Cx5Ro04P8
mPapyQQJ2vWpKRPasa6c0pfAk0YqHjDI8d4NL1vGwKDuwm2GMWiJWeCP9dg8xLDO
B5gxk663oUmJRWIqXHEo6Pz/lPIab5c7p8AETjV9wCu783bvaB5HFgRcqDCXWBNS
3lT+J0+NeMfciu2hfJwJDKHt4VlpyG7AvCwS3kxx5XkQNABUw0KQiYPbJuvmGSdP
s9iQCnyRvemK8S6UL5pc02SZfbljKYnvsC7qne80NMvqT93l5LCKUMwpMx/mgoQE
sjlnolVCHLG57jk=
-----END CERTIFICATE-----