Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/037adf-b9c2-4ad1-960a-4d403369d2a2/1/lWPsaGCSZdSle6bImJ3is3MFPkk.roa
File:                     lWPsaGCSZdSle6bImJ3is3MFPkk.roa (raw, json)
Hash identifier:          vsQq0U1Ctl8+50IJdVjvyQOKjMWufeWGZzHjyheHVkQ=
Subject key identifier:   95:63:EC:68:60:92:65:D4:A5:7B:A6:C8:98:9D:E2:B3:73:05:3E:49
Certificate issuer:       /CN=125ae2cfd315c131193484665acada7c013163ec
Certificate serial:       080FD7EF
Authority key identifier: 12:5A:E2:CF:D3:15:C1:31:19:34:84:66:5A:CA:DA:7C:01:31:63:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Elriz9MVwTEZNIRmWsrafAExY-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/037adf-b9c2-4ad1-960a-4d403369d2a2/1/lWPsaGCSZdSle6bImJ3is3MFPkk.roa
Signing time:             Sat 01 Jan 2022 08:04:17 +0000
ROA not before:           Sat 01 Jan 2022 08:04:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204736
IP address blocks:        185.241.100.0/24 maxlen: 24
                          185.241.103.0/24 maxlen: 24
                          185.241.102.0/24 maxlen: 24
                          185.241.101.0/24 maxlen: 24
                          2a0d:4580:60::/48 maxlen: 48
                          2a0d:4580:120::/48 maxlen: 48
                          2a0d:4580:100::/48 maxlen: 48
                          2a0d:4580:80::/48 maxlen: 48
                          2a0d:4580:40::/48 maxlen: 48
                          2a0d:4580:20::/48 maxlen: 48
                          2a0d:4580:130::/48 maxlen: 48
                          2a0d:4580:110::/48 maxlen: 48
                          2a0d:4580:90::/48 maxlen: 48
                          2a0d:4580:70::/48 maxlen: 48
                          2a0d:4580:50::/48 maxlen: 48
                          2a0d:4580:30::/48 maxlen: 48
                          2a0d:4580:10::/48 maxlen: 48
                          2a0d:4580::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 135256047 (0x80fd7ef)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=125ae2cfd315c131193484665acada7c013163ec
        Validity
            Not Before: Jan  1 08:04:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9563ec68609265d4a57ba6c8989de2b373053e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5d:4f:5b:7d:1f:07:42:ef:36:12:59:73:23:
                    0c:1e:83:2d:2a:c2:3c:40:65:49:06:df:0a:07:46:
                    d7:3a:8e:4e:5c:4f:a4:96:32:c9:a8:1d:8a:46:d0:
                    7a:2a:6f:38:e4:d1:b0:72:c0:95:57:f0:57:93:7d:
                    83:c0:87:9d:5b:49:87:7a:51:48:05:d8:19:51:ef:
                    a8:9b:eb:36:e0:02:cb:f1:a0:4f:60:a7:60:6e:17:
                    86:6b:35:a0:17:47:dd:6e:e3:f0:b2:4a:30:64:79:
                    96:1c:9e:f6:a8:7f:03:1d:2e:6e:39:08:dc:e8:0e:
                    73:61:6a:28:d1:4a:86:e8:85:9b:05:a0:a8:84:f5:
                    12:0e:d8:b1:cb:32:90:ef:df:be:16:c7:63:fe:f0:
                    e1:57:3b:98:0a:e8:4a:7f:09:2a:a2:fa:0e:4c:5f:
                    8c:37:e5:38:1c:2a:0f:a7:89:f3:15:09:2d:b0:c0:
                    4d:31:86:61:a0:0e:95:25:93:fd:9d:a2:3e:7e:90:
                    a3:c0:cb:8e:86:48:71:96:39:84:ac:e9:da:df:62:
                    f9:ef:46:53:05:ec:7d:c6:f5:4f:d6:ff:68:c6:7e:
                    df:66:df:e1:fc:af:bb:8e:7b:49:a4:90:5b:60:20:
                    e3:c3:3b:7d:fb:95:de:bb:14:bd:05:7d:e5:8f:98:
                    a4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:63:EC:68:60:92:65:D4:A5:7B:A6:C8:98:9D:E2:B3:73:05:3E:49
            X509v3 Authority Key Identifier:
                keyid:12:5A:E2:CF:D3:15:C1:31:19:34:84:66:5A:CA:DA:7C:01:31:63:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Elriz9MVwTEZNIRmWsrafAExY-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/037adf-b9c2-4ad1-960a-4d403369d2a2/1/lWPsaGCSZdSle6bImJ3is3MFPkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/037adf-b9c2-4ad1-960a-4d403369d2a2/1/Elriz9MVwTEZNIRmWsrafAExY-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.100.0/22
                IPv6:
                  2a0d:4580::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:7f:60:c4:6a:ce:74:e8:c1:9f:9d:1e:15:c4:61:b4:3b:3b:
         ec:5b:41:cb:c5:36:37:f5:9f:3c:ce:20:6d:8f:7c:f7:69:ef:
         e4:80:a4:46:03:30:c1:ab:99:fd:b2:7c:91:8c:00:46:a0:8e:
         98:c9:ce:be:49:2b:f0:75:eb:95:22:a8:5a:25:b7:74:e6:0f:
         8c:9f:d4:5c:ba:30:47:51:9a:ea:a0:18:0e:82:e6:43:ed:58:
         22:2f:3c:e0:d4:77:d5:11:ff:0f:ed:8e:b5:a6:68:a0:c8:ef:
         af:cd:c7:8f:88:b2:a9:34:d1:52:52:47:5e:41:00:a8:c3:b5:
         e0:85:70:23:ab:b9:f8:0c:4c:1f:83:78:4f:33:ed:f5:a8:99:
         4f:13:b4:c1:e1:4f:a2:a8:39:4e:52:67:b4:24:fc:57:dc:d2:
         1d:41:c1:53:6f:0d:6a:25:c4:08:f4:49:2b:70:a9:3b:5d:07:
         e1:6c:cf:09:c7:07:ba:cf:de:d5:8d:9f:17:36:12:a0:5c:2f:
         d1:d4:62:06:a7:3b:b0:67:25:43:72:5c:13:c3:94:e8:d5:b4:
         df:2d:85:03:2d:a6:2b:6b:f0:63:35:74:e2:cb:46:70:5d:0f:
         48:ee:db:dc:d6:85:ca:c8:3b:a5:6e:47:a4:c1:b1:05:d9:bc:
         dc:cd:d4:77
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECA/X7zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MjVhZTJjZmQzMTVjMTMxMTkzNDg0NjY1YWNhZGE3YzAxMzE2M2VjMB4XDTIyMDEw
MTA4MDQxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTU2M2VjNjg2MDky
NjVkNGE1N2JhNmM4OTg5ZGUyYjM3MzA1M2U0OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALVdT1t9HwdC7zYSWXMjDB6DLSrCPEBlSQbfCgdG1zqOTlxP
pJYyyagdikbQeipvOOTRsHLAlVfwV5N9g8CHnVtJh3pRSAXYGVHvqJvrNuACy/Gg
T2CnYG4Xhms1oBdH3W7j8LJKMGR5lhye9qh/Ax0ubjkI3OgOc2FqKNFKhuiFmwWg
qIT1Eg7YscsykO/fvhbHY/7w4Vc7mAroSn8JKqL6DkxfjDflOBwqD6eJ8xUJLbDA
TTGGYaAOlSWT/Z2iPn6Qo8DLjoZIcZY5hKzp2t9i+e9GUwXsfcb1T9b/aMZ+32bf
4fyvu457SaSQW2Ag48M7ffuV3rsUvQV95Y+YpJ0CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSVY+xoYJJl1KV7psiYneKzcwU+STAfBgNVHSMEGDAWgBQSWuLP0xXBMRk0
hGZaytp8ATFj7DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0Vscml6OU1Wd1RFWk5JUm1Xc3JhZkFFeFktdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjcvMDM3YWRmLWI5YzItNGFkMS05NjBhLTRkNDAzMzY5ZDJhMi8x
L2xXUHNhR0NTWmRTbGU2YkltSjNpczNNRlBray5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjcv
MDM3YWRmLWI5YzItNGFkMS05NjBhLTRkNDAzMzY5ZDJhMi8xL0Vscml6OU1Wd1RF
Wk5JUm1Xc3JhZkFFeFktdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArnxZDANBAIAAjAHAwUDKg1FgDAN
BgkqhkiG9w0BAQsFAAOCAQEAJX9gxGrOdOjBn50eFcRhtDs77FtBy8U2N/WfPM4g
bY9892nv5ICkRgMwwauZ/bJ8kYwARqCOmMnOvkkr8HXrlSKoWiW3dOYPjJ/UXLow
R1Ga6qAYDoLmQ+1YIi884NR31RH/D+2OtaZooMjvr83Hj4iyqTTRUlJHXkEAqMO1
4IVwI6u5+AxMH4N4TzPt9aiZTxO0weFPoqg5TlJntCT8V9zSHUHBU28NaiXECPRJ
K3CpO10H4WzPCccHus/e1Y2fFzYSoFwv0dRiBqc7sGclQ3JcE8OU6NW03y2FAy2m
K2vwYzV04stGcF0PSO7b3NaFysg7pW5HpMGxBdm83M3Udw==
-----END CERTIFICATE-----