Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/oJdzsdpXncVpfEQbajIRCXmRa_c.roa
File:                     oJdzsdpXncVpfEQbajIRCXmRa_c.roa (raw, json)
Hash identifier:          VG11Mn5//YQZLtUoove3eZgm3syAW6IHK71CPOZxMCA=
Subject key identifier:   A0:97:73:B1:DA:57:9D:C5:69:7C:44:1B:6A:32:11:09:79:91:6B:F7
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       01850780B34E10B62B7378A3AAD3AC300A77
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/oJdzsdpXncVpfEQbajIRCXmRa_c.roa
Signing time:             Mon 12 Dec 2022 18:02:33 +0000
ROA not before:           Mon 12 Dec 2022 18:02:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        85.133.238.0/24 maxlen: 24
                          85.133.236.0/24 maxlen: 24
                          85.133.253.0/24 maxlen: 24
                          85.133.194.0/24 maxlen: 24
                          85.133.216.0/24 maxlen: 24
                          85.133.217.0/24 maxlen: 24
                          85.133.215.0/24 maxlen: 24
                          85.133.218.0/24 maxlen: 24
                          85.133.219.0/24 maxlen: 24
                          85.133.225.0/24 maxlen: 24
                          85.133.136.0/24 maxlen: 24
                          85.133.164.0/24 maxlen: 24
                          85.133.165.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:07:80:b3:4e:10:b6:2b:73:78:a3:aa:d3:ac:30:0a:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Dec 12 18:02:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a09773b1da579dc5697c441b6a32110979916bf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e3:90:65:08:83:86:86:6d:c6:4f:4b:f4:ea:
                    a2:cf:03:cb:95:02:50:d0:d9:67:41:36:c9:74:1e:
                    a2:cf:12:fa:a0:80:89:ed:02:91:ef:26:f4:14:02:
                    a3:65:bc:ba:51:cc:f6:ab:76:22:74:0a:97:e2:75:
                    8f:8e:96:ae:7f:d7:54:be:89:25:df:db:be:bf:da:
                    58:aa:87:8a:fe:ca:70:df:8c:a0:56:5d:a7:0f:90:
                    7e:e7:7c:43:4c:66:99:9c:2a:b0:03:ff:f0:a2:48:
                    23:d1:82:48:fb:50:8c:19:cb:67:e6:3d:a4:f3:ee:
                    8e:54:f1:e8:95:7f:a7:dd:d2:f5:9c:6a:94:08:c2:
                    43:4f:86:9f:5d:1a:84:17:25:95:06:de:3b:85:96:
                    d8:0b:4f:7c:71:03:d1:f0:e3:c3:f5:0e:ee:ea:03:
                    61:ee:d7:d9:74:60:1d:27:49:87:3b:72:91:ac:52:
                    46:d2:68:0f:48:f2:f1:2c:1c:ee:ef:1e:38:a0:18:
                    92:67:b7:57:dd:1f:72:9a:5a:c9:ac:79:a1:50:c1:
                    15:ce:0d:9f:5f:02:d4:9d:1e:53:3f:a9:a9:f0:f3:
                    39:66:fc:10:f2:c1:60:3a:49:c9:ca:fd:a3:24:2b:
                    7c:c1:17:c5:0a:dd:46:66:07:78:f7:52:f3:95:5d:
                    f7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:97:73:B1:DA:57:9D:C5:69:7C:44:1B:6A:32:11:09:79:91:6B:F7
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/oJdzsdpXncVpfEQbajIRCXmRa_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.136.0/24
                  85.133.164.0/23
                  85.133.194.0/24
                  85.133.215.0-85.133.219.255
                  85.133.225.0/24
                  85.133.236.0/24
                  85.133.238.0/24
                  85.133.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:2a:45:0a:c9:9f:48:56:d1:09:e9:77:c8:f7:89:31:cf:ce:
         d9:99:91:78:74:e0:66:df:97:b7:99:51:43:cf:51:27:b5:0d:
         a2:64:64:96:c6:a2:22:be:0a:6a:ac:5c:97:3e:77:a0:5d:ac:
         24:6a:28:ec:21:5a:46:8f:3f:28:9d:a5:31:9b:59:75:39:64:
         37:3a:7a:4d:8e:2f:e1:82:39:b7:36:c8:e7:ae:ac:5a:70:2f:
         c7:4c:2f:14:d6:73:7b:28:2f:16:3d:a4:cb:12:92:cf:88:ae:
         fd:80:61:ca:78:6a:e3:da:e0:65:6f:ec:45:94:2c:c1:31:61:
         df:c4:d4:d7:aa:41:92:2e:2c:e8:91:ca:bf:30:1e:59:9b:1c:
         d0:18:32:98:c4:f8:af:22:e8:01:a9:de:35:48:b5:db:48:0a:
         99:3a:93:c5:02:c4:ec:de:d3:33:48:26:88:07:ba:60:01:98:
         90:ea:5b:a5:24:69:d6:5c:c1:1d:16:da:e3:9b:97:1a:8a:30:
         e7:29:ac:6e:22:17:66:4b:1d:35:41:d7:e6:b8:b4:fb:6e:f5:
         3c:b4:37:20:cd:2a:ee:c7:a8:0b:5c:f9:68:f9:bb:9c:e6:85:
         ee:ab:3e:b9:dc:d1:24:18:e2:91:d6:0b:bb:56:55:ec:f2:5c:
         1a:3d:ca:bf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYUHgLNOELYrc3ijqtOsMAp3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjIxMjEyMTgwMjMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDk3NzNiMWRhNTc5ZGM1Njk3YzQ0MWI2YTMyMTEwOTc5OTE2YmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOOQZQiDhoZtxk9L9OqizwPLlQJQ
0NlnQTbJdB6izxL6oICJ7QKR7yb0FAKjZby6Ucz2q3YidAqX4nWPjpauf9dUvokl
39u+v9pYqoeK/spw34ygVl2nD5B+53xDTGaZnCqwA//wokgj0YJI+1CMGctn5j2k
8+6OVPHolX+n3dL1nGqUCMJDT4afXRqEFyWVBt47hZbYC098cQPR8OPD9Q7u6gNh
7tfZdGAdJ0mHO3KRrFJG0mgPSPLxLBzu7x44oBiSZ7dX3R9ymlrJrHmhUMEVzg2f
XwLUnR5TP6mp8PM5ZvwQ8sFgOknJyv2jJCt8wRfFCt1GZgd491LzlV33wwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKCXc7HaV53FaXxEG2oyEQl5kWv3MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvb0pkenNkcFhuY1ZwZkVRYmFqSVJDWG1SYV9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAVYWIAwQB
VYWkAwQAVYXCMAwDBABVhdcDBAJVhdgDBABVheEDBABVhewDBABVhe4DBABVhf0w
DQYJKoZIhvcNAQELBQADggEBAJoqRQrJn0hW0Qnpd8j3iTHPztmZkXh04Gbfl7eZ
UUPPUSe1DaJkZJbGoiK+CmqsXJc+d6BdrCRqKOwhWkaPPyidpTGbWXU5ZDc6ek2O
L+GCObc2yOeurFpwL8dMLxTWc3soLxY9pMsSks+Irv2AYcp4auPa4GVv7EWULMEx
Yd/E1NeqQZIuLOiRyr8wHlmbHNAYMpjE+K8i6AGp3jVItdtICpk6k8UCxOze0zNI
JogHumABmJDqW6UkadZcwR0W2uOblxqKMOcprG4iF2ZLHTVB1+a4tPtu9Ty0NyDN
Ku7HqAtc+Wj5u5zmhe6rPrnc0SQY4pHWC7tWVezyXBo9yr8=
-----END CERTIFICATE-----