Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/63f1e8-3715-4414-9f3b-83e55c5f6f7d/1/MJNB0_m4_B7zfYXRoH-oHdwVXVQ.roa
File:                     MJNB0_m4_B7zfYXRoH-oHdwVXVQ.roa (raw, json)
Hash identifier:          ZpKjZaooXB2PTAcASLKf2XlwPGE4TX0UGlipoekJeDs=
Subject key identifier:   30:93:41:D3:F9:B8:FC:1E:F3:7D:85:D1:A0:7F:A8:1D:DC:15:5D:54
Certificate issuer:       /CN=ca47921e4430521a7727888c13bc7b8e104cbdbe
Certificate serial:       04E2F7A6
Authority key identifier: CA:47:92:1E:44:30:52:1A:77:27:88:8C:13:BC:7B:8E:10:4C:BD:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ykeSHkQwUhp3J4iME7x7jhBMvb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/63f1e8-3715-4414-9f3b-83e55c5f6f7d/1/MJNB0_m4_B7zfYXRoH-oHdwVXVQ.roa
Signing time:             Sat 01 Jan 2022 10:54:23 +0000
ROA not before:           Sat 01 Jan 2022 10:54:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203082
IP address blocks:        185.251.244.0/24 maxlen: 24
                          185.251.244.0/22 maxlen: 24
                          185.251.245.0/24 maxlen: 24
                          185.251.246.0/24 maxlen: 24
                          185.251.247.0/24 maxlen: 24
                          2a0c:6cc0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 81983398 (0x4e2f7a6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca47921e4430521a7727888c13bc7b8e104cbdbe
        Validity
            Not Before: Jan  1 10:54:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=309341d3f9b8fc1ef37d85d1a07fa81ddc155d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:70:12:04:39:50:31:3f:70:bd:ce:37:0e:7c:
                    18:41:53:88:78:83:ac:6f:04:b4:f9:f7:98:86:3c:
                    25:f0:ac:9c:8f:c2:84:67:df:45:81:b8:e8:25:e2:
                    bd:03:e8:b6:92:2c:53:a4:0f:6e:4d:f8:8f:c8:24:
                    1c:95:f0:01:ef:e7:3e:4b:0c:02:a2:6c:c4:6a:30:
                    1a:9c:7c:28:85:99:1c:c3:b6:fe:17:3e:dc:c6:0d:
                    ab:f2:79:a0:8b:9d:b2:02:d0:45:53:aa:26:78:7f:
                    ee:23:90:c2:c0:b7:58:53:8d:8c:9c:b1:4f:0f:2e:
                    3e:22:b6:25:0e:3a:f4:20:f3:40:17:36:57:bd:e3:
                    09:c6:8b:dd:d6:ff:8d:3b:da:4f:e8:0e:38:7b:9b:
                    aa:85:25:a9:55:be:38:c8:cc:d9:04:74:87:82:2e:
                    5e:72:99:41:1c:d1:04:cb:5c:4b:40:51:94:62:52:
                    83:1a:3f:97:a5:d2:61:ec:d5:a3:de:37:b7:56:df:
                    ae:d0:61:9e:06:69:70:4d:e3:31:55:57:a3:d4:bb:
                    0b:7c:7d:d1:dd:86:33:8a:e1:c1:57:b0:aa:49:c1:
                    16:21:47:bc:d7:38:73:e1:93:31:85:09:1a:bf:95:
                    7b:66:49:1c:a5:29:54:26:f2:a8:55:0c:68:fe:f9:
                    6c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:93:41:D3:F9:B8:FC:1E:F3:7D:85:D1:A0:7F:A8:1D:DC:15:5D:54
            X509v3 Authority Key Identifier:
                keyid:CA:47:92:1E:44:30:52:1A:77:27:88:8C:13:BC:7B:8E:10:4C:BD:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ykeSHkQwUhp3J4iME7x7jhBMvb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/63f1e8-3715-4414-9f3b-83e55c5f6f7d/1/MJNB0_m4_B7zfYXRoH-oHdwVXVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/63f1e8-3715-4414-9f3b-83e55c5f6f7d/1/ykeSHkQwUhp3J4iME7x7jhBMvb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.244.0/22
                IPv6:
                  2a0c:6cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:fb:1b:3e:72:95:25:c8:1b:58:80:58:0b:14:68:e3:05:a1:
         3a:7e:b4:50:5f:f2:f4:fb:a6:c5:58:8f:3a:c4:3a:75:cf:fd:
         68:58:8e:99:ba:cd:d6:f0:24:12:30:32:72:0d:0c:69:3b:4b:
         c5:91:6c:3e:05:0a:32:bd:af:95:8d:9d:05:c3:92:94:50:27:
         f9:35:81:aa:65:64:2f:5f:d4:8a:fe:f6:dc:5b:8d:88:72:2f:
         c6:a6:db:52:c4:1b:5f:3e:65:d8:b6:14:85:61:d8:e9:4b:04:
         55:7b:31:36:c0:3b:9a:02:29:0f:db:17:75:5b:c5:69:2a:6a:
         a0:0a:31:72:f1:34:ae:14:c0:6b:09:0b:c5:14:99:26:33:0f:
         fb:e3:e2:b6:fc:b1:10:85:a2:a2:8a:5e:0f:1a:7c:41:dd:a5:
         12:1e:09:03:f9:29:d5:66:b4:37:74:94:07:b8:0e:a9:7f:10:
         58:47:bb:75:ac:c5:e5:ee:ca:31:76:0c:fe:36:ce:04:94:33:
         37:56:e1:3a:f2:b4:9b:76:1f:61:fc:bd:cc:dc:03:18:55:8e:
         c4:9a:70:a9:91:2b:f3:1b:77:17:2a:6f:06:a6:d7:f4:ae:0c:
         0f:00:34:c9:54:94:39:94:19:80:b1:23:90:1d:57:ab:2d:98:
         b1:a2:72:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBOL3pjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YTQ3OTIxZTQ0MzA1MjFhNzcyNzg4OGMxM2JjN2I4ZTEwNGNiZGJlMB4XDTIyMDEw
MTEwNTQyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzA5MzQxZDNmOWI4
ZmMxZWYzN2Q4NWQxYTA3ZmE4MWRkYzE1NWQ1NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMBwEgQ5UDE/cL3ONw58GEFTiHiDrG8EtPn3mIY8JfCsnI/C
hGffRYG46CXivQPotpIsU6QPbk34j8gkHJXwAe/nPksMAqJsxGowGpx8KIWZHMO2
/hc+3MYNq/J5oIudsgLQRVOqJnh/7iOQwsC3WFONjJyxTw8uPiK2JQ469CDzQBc2
V73jCcaL3db/jTvaT+gOOHubqoUlqVW+OMjM2QR0h4IuXnKZQRzRBMtcS0BRlGJS
gxo/l6XSYezVo943t1bfrtBhngZpcE3jMVVXo9S7C3x90d2GM4rhwVewqknBFiFH
vNc4c+GTMYUJGr+Ve2ZJHKUpVCbyqFUMaP75bOUCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBQwk0HT+bj8HvN9hdGgf6gd3BVdVDAfBgNVHSMEGDAWgBTKR5IeRDBSGncn
iIwTvHuOEEy9vjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lrZVNIa1F3VWhwM0o0aU1FN3g3amhCTXZiNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmYvNjNmMWU4LTM3MTUtNDQxNC05ZjNiLTgzZTU1YzVmNmY3ZC8x
L01KTkIwX200X0I3emZZWFJvSC1vSGR3VlhWUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYv
NjNmMWU4LTM3MTUtNDQxNC05ZjNiLTgzZTU1YzVmNmY3ZC8xL3lrZVNIa1F3VWhw
M0o0aU1FN3g3amhCTXZiNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArn79DANBAIAAjAHAwUDKgxswDAN
BgkqhkiG9w0BAQsFAAOCAQEAcPsbPnKVJcgbWIBYCxRo4wWhOn60UF/y9PumxViP
OsQ6dc/9aFiOmbrN1vAkEjAycg0MaTtLxZFsPgUKMr2vlY2dBcOSlFAn+TWBqmVk
L1/Uiv723FuNiHIvxqbbUsQbXz5l2LYUhWHY6UsEVXsxNsA7mgIpD9sXdVvFaSpq
oAoxcvE0rhTAawkLxRSZJjMP++PitvyxEIWioopeDxp8Qd2lEh4JA/kp1Wa0N3SU
B7gOqX8QWEe7dazF5e7KMXYM/jbOBJQzN1bhOvK0m3YfYfy9zNwDGFWOxJpwqZEr
8xt3FypvBqbX9K4MDwA0yVSUOZQZgLEjkB1Xqy2YsaJyQg==
-----END CERTIFICATE-----