Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/c2ee7a-cbb7-470e-b965-907daa46463b/1/tSGENdflQx8hxMcjeHHV773GohE.roa
File:                     tSGENdflQx8hxMcjeHHV773GohE.roa (raw, json)
Hash identifier:          o6kNFq+ci7Op44rUfFEVdkrJ7glYoSBslfBvdUKq8dc=
Subject key identifier:   B5:21:84:35:D7:E5:43:1F:21:C4:C7:23:78:71:D5:EF:BD:C6:A2:11
Certificate issuer:       /CN=70797db07bf6d4597ac2dc8be34f89298008f2cd
Certificate serial:       0B3C08B7
Authority key identifier: 70:79:7D:B0:7B:F6:D4:59:7A:C2:DC:8B:E3:4F:89:29:80:08:F2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cHl9sHv21Fl6wtyL40-JKYAI8s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/c2ee7a-cbb7-470e-b965-907daa46463b/1/tSGENdflQx8hxMcjeHHV773GohE.roa
Signing time:             Sat 01 Jan 2022 13:54:36 +0000
ROA not before:           Sat 01 Jan 2022 13:54:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200044
IP address blocks:        185.159.64.0/24 maxlen: 24
                          185.159.64.0/22 maxlen: 24
                          109.238.246.0/24 maxlen: 24
                          109.238.240.0/20 maxlen: 24
                          89.249.16.0/20 maxlen: 24
                          89.249.31.0/24 maxlen: 24
                          93.158.192.0/22 maxlen: 22
                          93.158.192.0/21 maxlen: 21
                          93.158.192.0/23 maxlen: 23
                          93.158.192.0/24 maxlen: 24
                          93.158.198.0/23 maxlen: 23
                          93.158.198.0/24 maxlen: 24
                          93.158.196.0/24 maxlen: 24
                          93.158.197.0/24 maxlen: 24
                          93.158.194.0/24 maxlen: 24
                          93.158.194.0/23 maxlen: 23
                          93.158.195.0/24 maxlen: 24
                          93.158.199.0/24 maxlen: 24
                          93.158.193.0/24 maxlen: 24
                          2a0d:380::/29 maxlen: 29
                          2a00:eb8::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 188483767 (0xb3c08b7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70797db07bf6d4597ac2dc8be34f89298008f2cd
        Validity
            Not Before: Jan  1 13:54:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b5218435d7e5431f21c4c7237871d5efbdc6a211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9f:db:2e:33:eb:de:39:c2:14:8e:d1:87:7a:
                    71:40:a6:7e:72:7e:02:ad:03:1d:73:15:12:0e:ae:
                    2d:26:a1:42:6a:00:14:b0:c3:b9:1b:03:25:ab:a4:
                    7f:f1:e1:c9:f2:66:e1:17:4f:c3:14:66:73:d4:5b:
                    3b:6d:a2:93:1f:50:07:63:a7:33:92:9e:a5:ff:48:
                    3c:5f:86:36:8b:1a:a4:ad:1d:03:0c:c8:85:75:31:
                    c8:4b:d3:16:41:76:78:6a:8b:06:44:61:76:af:62:
                    09:e6:d3:2b:3e:80:11:7c:2a:47:3c:e3:6b:b5:0c:
                    46:fc:96:75:a1:8e:82:b5:b3:07:69:06:eb:81:b8:
                    d3:02:ee:72:ec:8e:78:8a:09:d9:a3:81:97:97:9d:
                    fa:c6:fe:1d:ee:e1:01:0f:69:52:df:1e:12:5e:ea:
                    ff:69:6d:7e:eb:d5:14:be:bf:4a:07:7e:2a:c2:c9:
                    75:dd:29:d3:18:d2:43:25:54:ca:8a:5f:98:2f:2b:
                    52:7e:44:ac:18:2d:be:4c:0b:93:c6:a0:ba:a4:1a:
                    48:11:03:c3:26:fb:e3:be:f2:04:bc:15:04:d5:ea:
                    de:be:34:5d:3f:6e:d1:28:81:dc:2f:f8:b9:e8:b0:
                    d1:03:22:90:9f:65:48:a9:9e:06:d1:19:4d:e0:07:
                    51:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:21:84:35:D7:E5:43:1F:21:C4:C7:23:78:71:D5:EF:BD:C6:A2:11
            X509v3 Authority Key Identifier:
                keyid:70:79:7D:B0:7B:F6:D4:59:7A:C2:DC:8B:E3:4F:89:29:80:08:F2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cHl9sHv21Fl6wtyL40-JKYAI8s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c2ee7a-cbb7-470e-b965-907daa46463b/1/tSGENdflQx8hxMcjeHHV773GohE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c2ee7a-cbb7-470e-b965-907daa46463b/1/cHl9sHv21Fl6wtyL40-JKYAI8s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.16.0/20
                  93.158.192.0/21
                  109.238.240.0/20
                  185.159.64.0/22
                IPv6:
                  2a00:eb8::/32
                  2a0d:380::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:03:c5:80:d2:a1:58:10:81:dc:48:44:5d:4b:95:01:71:0e:
         a1:db:f1:d2:8a:7c:4a:c7:c8:9e:01:a6:ab:fd:b6:66:7b:f1:
         57:a3:67:03:2a:c9:fe:10:01:67:47:0a:31:e8:57:90:d8:9b:
         c5:7f:4f:2a:e0:78:41:cb:29:19:89:3d:56:f4:36:60:80:36:
         4c:28:71:54:ff:1e:67:52:74:c8:6b:6e:f0:c1:30:4e:3b:5f:
         5c:36:02:8e:5e:61:21:4f:f3:43:50:c5:33:e8:db:7d:2e:d2:
         be:a3:bb:49:fb:13:1a:51:82:2e:05:e2:2d:b5:70:e2:f9:f0:
         61:2c:19:05:c6:1e:71:51:e4:4c:fe:d8:04:88:64:63:99:cf:
         fa:62:6d:11:6d:e5:95:34:65:6e:ac:78:47:9b:28:1b:bc:4c:
         f4:1a:c0:a6:c9:fc:f8:57:2f:ce:1a:95:6b:94:6e:88:31:a9:
         23:64:e0:a7:5e:81:10:d5:4b:1c:cb:5f:a8:00:34:a4:70:70:
         e6:0b:2f:71:46:a0:ec:29:a0:96:f0:cf:1d:d2:ea:91:7b:2d:
         04:be:7d:67:83:22:4e:8f:72:06:36:ef:3c:76:8c:c5:74:f3:
         47:9d:bf:34:93:d4:fb:f0:ed:fe:2a:ad:23:9f:7b:12:d4:fe:
         59:33:31:7c
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIECzwItzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MDc5N2RiMDdiZjZkNDU5N2FjMmRjOGJlMzRmODkyOTgwMDhmMmNkMB4XDTIyMDEw
MTEzNTQzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjUyMTg0MzVkN2U1
NDMxZjIxYzRjNzIzNzg3MWQ1ZWZiZGM2YTIxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMWf2y4z6945whSO0Yd6cUCmfnJ+Aq0DHXMVEg6uLSahQmoA
FLDDuRsDJaukf/HhyfJm4RdPwxRmc9RbO22ikx9QB2OnM5Kepf9IPF+GNosapK0d
AwzIhXUxyEvTFkF2eGqLBkRhdq9iCebTKz6AEXwqRzzja7UMRvyWdaGOgrWzB2kG
64G40wLucuyOeIoJ2aOBl5ed+sb+He7hAQ9pUt8eEl7q/2ltfuvVFL6/Sgd+KsLJ
dd0p0xjSQyVUyopfmC8rUn5ErBgtvkwLk8aguqQaSBEDwyb7477yBLwVBNXq3r40
XT9u0SiB3C/4ueiw0QMikJ9lSKmeBtEZTeAHUR8CAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBS1IYQ11+VDHyHExyN4cdXvvcaiETAfBgNVHSMEGDAWgBRweX2we/bUWXrC
3IvjT4kpgAjyzTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2NIbDlzSHYyMUZsNnd0eUw0MC1KS1lBSThzMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjEvYzJlZTdhLWNiYjctNDcwZS1iOTY1LTkwN2RhYTQ2NDYzYi8x
L3RTR0VOZGZsUXg4aHhNY2plSEhWNzczR29oRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjEv
YzJlZTdhLWNiYjctNDcwZS1iOTY1LTkwN2RhYTQ2NDYzYi8xL2NIbDlzSHYyMUZs
Nnd0eUw0MC1KS1lBSThzMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwHgQCAAEwGAMEBFn5EAMEA12ewAMEBG3u8AMEArmf
QDAUBAIAAjAOAwUAKgAOuAMFAyoNA4AwDQYJKoZIhvcNAQELBQADggEBAAUDxYDS
oVgQgdxIRF1LlQFxDqHb8dKKfErHyJ4Bpqv9tmZ78VejZwMqyf4QAWdHCjHoV5DY
m8V/TyrgeEHLKRmJPVb0NmCANkwocVT/HmdSdMhrbvDBME47X1w2Ao5eYSFP80NQ
xTPo230u0r6ju0n7ExpRgi4F4i21cOL58GEsGQXGHnFR5Ez+2ASIZGOZz/pibRFt
5ZU0ZW6seEebKBu8TPQawKbJ/PhXL84alWuUbogxqSNk4KdegRDVSxzLX6gANKRw
cOYLL3FGoOwpoJbwzx3S6pF7LQS+fWeDIk6PcgY27zx2jMV080edvzST1Pvw7f4q
rSOfexLU/lkzMXw=
-----END CERTIFICATE-----