Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/wp8Jh1bM3XMzDkFbzpbKy2F2fso.roa
File:                     wp8Jh1bM3XMzDkFbzpbKy2F2fso.roa (raw, json)
Hash identifier:          ORpfo+Q1D1J1IS6wQVoxaNNr1ctDBjqsyEhkaid+6OU=
Subject key identifier:   C2:9F:09:87:56:CC:DD:73:33:0E:41:5B:CE:96:CA:CB:61:76:7E:CA
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       0183B181224FA4F82B135FAA875B31185A8D
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/wp8Jh1bM3XMzDkFbzpbKy2F2fso.roa
Signing time:             Fri 07 Oct 2022 08:12:53 +0000
ROA not before:           Fri 07 Oct 2022 08:12:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6453
IP address blocks:        213.153.128.0/17 maxlen: 24
                          92.44.0.0/15 maxlen: 24
                          151.250.0.0/16 maxlen: 24
                          85.29.0.0/18 maxlen: 24
                          176.40.0.0/14 maxlen: 24
                          82.222.0.0/16 maxlen: 24
                          212.57.0.0/19 maxlen: 24
                          176.33.0.0/16 maxlen: 24
                          195.214.128.0/18 maxlen: 24
                          2a02:e0::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b1:81:22:4f:a4:f8:2b:13:5f:aa:87:5b:31:18:5a:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Oct  7 08:12:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c29f098756ccdd73330e415bce96cacb61767eca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9d:9b:58:4b:29:e4:e5:2c:e2:b3:7b:34:d1:
                    ae:b6:10:05:3f:67:0c:8b:b6:51:7c:fc:12:df:db:
                    5c:cc:31:ec:a4:cd:2a:90:88:45:76:86:d2:2c:d7:
                    cb:bf:a1:82:e2:90:76:03:6d:b9:a9:17:93:9c:b5:
                    66:d5:a6:f3:8a:31:24:f4:79:fc:d9:d2:cd:a0:d6:
                    b2:d8:dd:20:dc:81:2f:8a:7b:c4:92:14:6e:df:61:
                    0d:20:35:81:e5:87:71:6e:6c:86:d8:fe:04:8f:a5:
                    c2:0f:79:29:3f:07:ca:6b:1b:90:34:c9:e1:40:da:
                    75:d8:59:5f:1b:df:64:ba:63:4e:0d:55:82:cc:5c:
                    1d:7d:e4:4d:80:a7:56:75:b0:8b:52:57:5a:e3:ea:
                    85:65:d9:50:ac:72:33:45:ab:1f:ad:89:77:15:1a:
                    e4:0c:e9:f2:5a:c2:ef:06:cc:6f:6a:8c:a6:85:3f:
                    c8:08:07:6d:26:6e:1f:b4:b8:2c:e3:69:22:23:44:
                    b4:6c:82:3b:cf:c4:a0:81:10:d6:b3:5d:93:b7:04:
                    b8:ad:20:03:ee:d9:33:d0:d1:7a:67:88:4a:53:13:
                    d4:cb:e0:0d:69:8d:e4:05:62:93:f6:42:1b:56:64:
                    40:a3:25:45:4c:6c:bb:7b:07:f9:a0:26:0c:89:27:
                    c6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:9F:09:87:56:CC:DD:73:33:0E:41:5B:CE:96:CA:CB:61:76:7E:CA
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/wp8Jh1bM3XMzDkFbzpbKy2F2fso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.0.0/16
                  85.29.0.0/18
                  92.44.0.0/15
                  151.250.0.0/16
                  176.33.0.0/16
                  176.40.0.0/14
                  195.214.128.0/18
                  212.57.0.0/19
                  213.153.128.0/17
                IPv6:
                  2a02:e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:01:7c:5e:8b:4f:09:63:35:09:e0:d4:24:1b:94:07:4f:d7:
         3d:68:eb:41:0c:29:0b:2c:9f:30:4a:81:98:77:55:f2:3b:20:
         1a:22:f0:19:f1:5c:c2:d6:1a:9a:ac:d2:78:29:77:b3:2e:3d:
         97:2b:13:81:5a:10:f4:4f:07:7d:d0:11:fc:15:67:0e:65:ad:
         42:ca:6a:b9:81:44:3d:47:8f:7b:aa:63:d1:30:f0:1a:85:dd:
         71:82:20:ac:7a:b4:11:18:c0:e5:14:34:15:6f:4e:71:d2:0c:
         c6:22:e2:0b:f6:70:65:17:c6:9e:e6:09:c2:72:08:2f:c4:9a:
         c1:fb:01:0a:3b:e7:e0:89:92:55:53:e4:fd:35:d9:ca:4a:f6:
         12:b5:d0:51:59:3e:c5:68:e1:46:bb:bb:95:87:5d:d9:9a:0d:
         e1:b0:a2:db:0c:d1:94:cd:4c:a5:66:05:3c:96:77:2c:8d:73:
         e9:6c:ae:cd:0e:80:af:e8:ec:52:3b:34:a1:d2:15:ab:eb:9e:
         d8:cb:21:8e:35:94:85:1c:5d:c5:43:9f:d5:0a:51:f5:cd:f0:
         11:82:6c:0c:f7:8b:04:97:59:51:a6:33:5b:b3:01:12:09:2c:
         f4:aa:b8:7e:88:32:6f:ac:47:c4:db:d3:54:4b:38:23:18:8b:
         b0:57:8e:fd
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYOxgSJPpPgrE1+qh1sxGFqNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjIxMDA3MDgxMjUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjlmMDk4NzU2Y2NkZDczMzMwZTQxNWJjZTk2Y2FjYjYxNzY3ZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJ2bWEsp5OUs4rN7NNGuthAFP2cM
i7ZRfPwS39tczDHspM0qkIhFdobSLNfLv6GC4pB2A225qReTnLVm1abzijEk9Hn8
2dLNoNay2N0g3IEvinvEkhRu32ENIDWB5YdxbmyG2P4Ej6XCD3kpPwfKaxuQNMnh
QNp12FlfG99kumNODVWCzFwdfeRNgKdWdbCLUlda4+qFZdlQrHIzRasfrYl3FRrk
DOnyWsLvBsxvaoymhT/ICAdtJm4ftLgs42kiI0S0bII7z8SggRDWs12TtwS4rSAD
7tkz0NF6Z4hKUxPUy+ANaY3kBWKT9kIbVmRAoyVFTGy7ewf5oCYMiSfGRQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFMKfCYdWzN1zMw5BW86Wysthdn7KMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvd3A4SmgxYk0zWE16RGtGYnpwYkt5MkYyZnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA3BAIAATAxAwMAUt4DBAZV
HQADAwFcLAMDAJf6AwMAsCEDAwKwKAMEBsPWgAMEBdQ5AAMEB9WZgDANBAIAAjAH
AwUAKgIA4DANBgkqhkiG9w0BAQsFAAOCAQEAXgF8XotPCWM1CeDUJBuUB0/XPWjr
QQwpCyyfMEqBmHdV8jsgGiLwGfFcwtYamqzSeCl3sy49lysTgVoQ9E8HfdAR/BVn
DmWtQspquYFEPUePe6pj0TDwGoXdcYIgrHq0ERjA5RQ0FW9OcdIMxiLiC/ZwZRfG
nuYJwnIIL8SawfsBCjvn4ImSVVPk/TXZykr2ErXQUVk+xWjhRru7lYdd2ZoN4bCi
2wzRlM1MpWYFPJZ3LI1z6WyuzQ6Ar+jsUjs0odIVq+ue2MshjjWUhRxdxUOf1QpR
9c3wEYJsDPeLBJdZUaYzW7MBEgks9Kq4fogyb6xHxNvTVEs4IxiLsFeO/Q==
-----END CERTIFICATE-----