Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/2_iWwO_0AD8HE3lAaqR8xPWoxh0.roa
File:                     2_iWwO_0AD8HE3lAaqR8xPWoxh0.roa (raw, json)
Hash identifier:          s+rCyZWjmeI/mzD4hHJ5aKax6tqagZFSD2x4bXLsZsU=
Subject key identifier:   DB:F8:96:C0:EF:F4:00:3F:07:13:79:40:6A:A4:7C:C4:F5:A8:C6:1D
Certificate issuer:       /CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
Certificate serial:       0182F3AD62C92D6C0A449600E59B5D236027
Authority key identifier: 4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/2_iWwO_0AD8HE3lAaqR8xPWoxh0.roa
Signing time:             Wed 31 Aug 2022 11:33:22 +0000
ROA not before:           Wed 31 Aug 2022 11:33:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43447
IP address blocks:        37.47.0.0/16 maxlen: 24
                          2a00:f46::/32 maxlen: 32
                          2a00:f46::/44 maxlen: 44
                          2a00:f40:2::/48 maxlen: 48
                          2a00:f42::/32 maxlen: 32
                          2a00:f40:f000::/48 maxlen: 48
                          2a00:f47::/32 maxlen: 32
                          2a00:f40:1::/48 maxlen: 48
                          2a00:f41::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f3:ad:62:c9:2d:6c:0a:44:96:00:e5:9b:5d:23:60:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ecf53007c79cc5e2f2d7356ba9121a78c0c7714
        Validity
            Not Before: Aug 31 11:33:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dbf896c0eff4003f071379406aa47cc4f5a8c61d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ef:2e:9e:79:63:5e:6b:80:18:c5:da:4d:b0:
                    7e:d6:a0:d8:23:a7:84:ea:8f:e7:9b:35:0f:03:01:
                    85:cc:3b:c3:66:a2:58:4c:cb:76:1c:79:8e:df:d4:
                    c9:f4:fc:f2:0f:6a:30:75:b1:fc:bc:97:ae:70:40:
                    2e:0f:db:39:9e:85:c4:00:a9:d4:91:6c:40:97:f6:
                    91:d0:8f:60:d3:d5:f8:e3:81:b9:25:2b:fb:b2:9d:
                    f3:a0:6b:61:da:2f:9f:7c:92:9f:49:f5:84:db:7e:
                    89:f9:0e:c5:c7:96:0d:f4:a6:6e:29:ab:a7:d2:d5:
                    37:aa:98:5e:88:a2:3b:40:7d:eb:f4:48:02:d7:5f:
                    bf:ec:ef:8e:f3:b8:83:85:ab:a6:db:03:9b:56:a0:
                    3c:7d:24:78:14:3d:74:47:40:b8:3c:7c:b5:55:ad:
                    f8:b5:16:a6:bd:df:99:f6:3e:4b:ba:ba:16:ae:0b:
                    e6:be:60:e1:76:c8:9d:e9:ab:5b:75:92:e9:6d:ac:
                    e4:95:48:67:e8:7d:9b:cc:a7:fd:7e:e3:a4:32:00:
                    cd:f6:ac:4b:6a:8f:d5:a3:3f:48:59:8a:b4:fd:5d:
                    67:d2:08:fc:08:5b:c1:82:b3:5e:ce:e5:7b:8f:3c:
                    75:ea:6f:ce:bc:5e:35:3b:72:25:47:63:d2:9f:c3:
                    50:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F8:96:C0:EF:F4:00:3F:07:13:79:40:6A:A4:7C:C4:F5:A8:C6:1D
            X509v3 Authority Key Identifier:
                keyid:4E:CF:53:00:7C:79:CC:5E:2F:2D:73:56:BA:91:21:A7:8C:0C:77:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/2_iWwO_0AD8HE3lAaqR8xPWoxh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/648c75-2be8-4bfd-a1b1-cb8b3a094209/1/Ts9TAHx5zF4vLXNWupEhp4wMdxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.47.0.0/16
                IPv6:
                  2a00:f40:1::-2a00:f40:2:ffff:ffff:ffff:ffff:ffff
                  2a00:f40:f000::/48
                  2a00:f41::-2a00:f42:ffff:ffff:ffff:ffff:ffff:ffff
                  2a00:f46::/31

    Signature Algorithm: sha256WithRSAEncryption
         4b:ed:49:0b:9e:73:1b:d8:88:8d:7f:86:d1:17:7c:20:44:c8:
         c9:d9:68:5e:00:37:67:93:8f:c8:0f:51:df:df:0b:94:63:a4:
         d9:52:8e:f6:bf:42:b2:63:8f:4c:b7:20:b7:96:32:79:c9:0a:
         46:ee:fd:7e:d2:f6:ab:e7:33:6e:b8:fc:ae:a1:45:84:40:67:
         8c:97:10:e2:7a:84:03:2f:59:9c:cd:01:3e:0f:fc:4e:7e:60:
         a8:15:1e:b2:44:69:5a:16:1e:c8:95:37:6a:61:15:1b:e2:39:
         f5:0f:a9:6f:58:70:26:54:57:9d:34:83:b7:94:99:ba:0f:ad:
         cf:42:11:7a:98:6c:8a:88:cc:52:c0:6e:77:16:e0:7f:94:b5:
         44:db:9d:39:7a:b4:22:57:ba:c2:59:9e:d5:4d:39:80:03:2c:
         a6:2c:6c:0d:3d:2c:16:7c:f3:b6:91:90:54:b5:d0:cf:58:6d:
         ad:19:c2:1e:ac:5b:ab:66:db:41:18:32:a1:a9:ac:78:19:7e:
         a5:83:ab:f4:07:e4:b7:2c:24:88:20:a2:e0:7e:28:6b:c7:f4:
         f9:21:d3:b7:96:44:dd:80:22:e8:97:12:3d:f0:5c:f0:72:2c:
         f2:f8:ab:86:99:33:ca:5d:1c:15:4e:f6:4d:ce:bd:6c:fb:dd:
         5f:33:81:cb
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYLzrWLJLWwKRJYA5ZtdI2AnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Y1MzAwN2M3OWNjNWUyZjJkNzM1NmJhOTEyMWE3OGMw
Yzc3MTQwHhcNMjIwODMxMTEzMzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmY4OTZjMGVmZjQwMDNmMDcxMzc5NDA2YWE0N2NjNGY1YThjNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnu8unnljXmuAGMXaTbB+1qDYI6eE
6o/nmzUPAwGFzDvDZqJYTMt2HHmO39TJ9PzyD2owdbH8vJeucEAuD9s5noXEAKnU
kWxAl/aR0I9g09X444G5JSv7sp3zoGth2i+ffJKfSfWE236J+Q7Fx5YN9KZuKaun
0tU3qpheiKI7QH3r9EgC11+/7O+O87iDhaum2wObVqA8fSR4FD10R0C4PHy1Va34
tRamvd+Z9j5LuroWrgvmvmDhdsid6atbdZLpbazklUhn6H2bzKf9fuOkMgDN9qxL
ao/Voz9IWYq0/V1n0gj8CFvBgrNezuV7jzx16m/OvF41O3IlR2PSn8NQgQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFNv4lsDv9AA/BxN5QGqkfMT1qMYdMB8GA1UdIwQY
MBaAFE7PUwB8ecxeLy1zVrqRIaeMDHcUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEt
Y2I4YjNhMDk0MjA5LzEvMl9pV3dPXzBBRDhIRTNsQWFxUjh4UFdveGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi82NDhjNzUtMmJlOC00YmZkLWExYjEtY2I4YjNhMDk0MjA5
LzEvVHM5VEFIeDV6RjR2TFhOV3VwRWhwNHdNZHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTALBAIAATAFAwMAJS8wOgQC
AAIwNDASAwcAKgAPQAABAwcAKgAPQAACAwcAKgAPQPAAMA4DBQAqAA9BAwUAKgAP
QgMFASoAD0YwDQYJKoZIhvcNAQELBQADggEBAEvtSQuecxvYiI1/htEXfCBEyMnZ
aF4AN2eTj8gPUd/fC5RjpNlSjva/QrJjj0y3ILeWMnnJCkbu/X7S9qvnM264/K6h
RYRAZ4yXEOJ6hAMvWZzNAT4P/E5+YKgVHrJEaVoWHsiVN2phFRviOfUPqW9YcCZU
V500g7eUmboPrc9CEXqYbIqIzFLAbncW4H+UtUTbnTl6tCJXusJZntVNOYADLKYs
bA09LBZ887aRkFS10M9Yba0Zwh6sW6tm20EYMqGprHgZfqWDq/QH5LcsJIggouB+
KGvH9Pkh07eWRN2AIuiXEj3wXPByLPL4q4aZM8pdHBVO9k3OvWz73V8zgcs=
-----END CERTIFICATE-----