Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/3d11d8-fae0-4b97-afdf-9c2bbd8c9496/1/La7gix4hGR1wOw64ZP_M0zLCgVQ.roa
File:                     La7gix4hGR1wOw64ZP_M0zLCgVQ.roa (raw, json)
Hash identifier:          3qoCOkcIiA6btKAcJBf0YJUW15RyE/c5Py9G0Yw2Www=
Subject key identifier:   2D:AE:E0:8B:1E:21:19:1D:70:3B:0E:B8:64:FF:CC:D3:32:C2:81:54
Certificate issuer:       /CN=a60d129401b2693a38d5b4373dc7607bf85b8a6e
Certificate serial:       06511AEE
Authority key identifier: A6:0D:12:94:01:B2:69:3A:38:D5:B4:37:3D:C7:60:7B:F8:5B:8A:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pg0SlAGyaTo41bQ3Pcdge_hbim4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/3d11d8-fae0-4b97-afdf-9c2bbd8c9496/1/La7gix4hGR1wOw64ZP_M0zLCgVQ.roa
Signing time:             Tue 24 May 2022 16:51:13 +0000
ROA not before:           Tue 24 May 2022 16:51:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204260
IP address blocks:        194.34.0.0/24 maxlen: 24
                          194.34.0.0/22 maxlen: 22
                          194.34.0.0/21 maxlen: 21
                          194.34.1.0/24 maxlen: 24
                          194.34.2.0/24 maxlen: 24
                          194.34.3.0/24 maxlen: 24
                          194.34.4.0/22 maxlen: 22
                          194.34.4.0/24 maxlen: 24
                          194.34.7.0/24 maxlen: 24
                          194.34.5.0/24 maxlen: 24
                          194.34.6.0/24 maxlen: 24
                          185.109.8.0/22 maxlen: 22
                          185.109.8.0/24 maxlen: 24
                          185.109.8.0/23 maxlen: 23
                          185.109.9.0/24 maxlen: 24
                          185.109.10.0/23 maxlen: 23
                          185.109.10.0/24 maxlen: 24
                          185.109.11.0/24 maxlen: 24
                          2a02:e600::/30 maxlen: 30

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 105978606 (0x6511aee)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60d129401b2693a38d5b4373dc7607bf85b8a6e
        Validity
            Not Before: May 24 16:51:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2daee08b1e21191d703b0eb864ffccd332c28154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:bd:dc:2c:4f:3f:ff:f1:80:df:23:3f:40:82:
                    63:ce:ed:49:ad:bc:98:09:e7:7a:02:db:c4:0d:33:
                    29:23:27:30:26:e2:13:bb:bd:e7:86:3a:06:50:57:
                    64:41:42:9a:a8:fe:38:39:d3:63:54:84:0e:d5:08:
                    d8:6f:0d:14:1c:d0:2d:97:30:b2:51:3a:c6:63:4d:
                    c8:41:6f:47:88:bb:7a:7f:b2:7a:15:e7:22:5e:8f:
                    f3:6f:e2:c4:e6:67:d1:28:ab:b7:fb:64:a8:cd:7e:
                    16:b4:54:84:a3:36:bc:c3:c7:bf:8e:b3:cb:e8:3d:
                    ad:62:ff:81:af:03:50:b3:ed:e3:da:1a:5f:a7:9a:
                    2b:9e:89:bf:87:24:44:5b:07:c5:75:38:cb:af:9e:
                    82:76:46:49:63:06:64:41:9a:ac:a4:5d:df:2e:cd:
                    a0:fd:62:52:f0:4a:2b:fd:16:e6:93:39:b9:02:48:
                    79:2b:a1:61:d6:e1:10:c1:08:cc:14:c7:55:77:0d:
                    cd:69:4c:76:24:64:03:00:2f:a4:63:0f:d2:54:fe:
                    e2:ab:d8:4f:6d:dd:b6:18:59:a4:96:d8:ed:f4:6b:
                    6f:79:20:c2:97:71:c7:1d:d2:d2:1b:f8:60:8a:26:
                    41:74:8b:a6:a7:3b:3e:80:62:88:d9:b2:03:57:ce:
                    45:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:AE:E0:8B:1E:21:19:1D:70:3B:0E:B8:64:FF:CC:D3:32:C2:81:54
            X509v3 Authority Key Identifier:
                keyid:A6:0D:12:94:01:B2:69:3A:38:D5:B4:37:3D:C7:60:7B:F8:5B:8A:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pg0SlAGyaTo41bQ3Pcdge_hbim4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3d11d8-fae0-4b97-afdf-9c2bbd8c9496/1/La7gix4hGR1wOw64ZP_M0zLCgVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3d11d8-fae0-4b97-afdf-9c2bbd8c9496/1/pg0SlAGyaTo41bQ3Pcdge_hbim4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.8.0/22
                  194.34.0.0/21
                IPv6:
                  2a02:e600::/30

    Signature Algorithm: sha256WithRSAEncryption
         5b:7e:53:38:af:0c:5a:81:20:82:02:69:ba:e7:d1:78:00:ed:
         00:7b:25:8d:9d:6e:fe:ff:f2:3f:ce:a1:b5:ff:b7:ca:08:64:
         68:5a:40:b7:2d:e7:3b:ae:7f:9c:96:24:f7:b9:18:e5:43:88:
         7f:53:db:0f:84:81:6f:77:b9:94:56:61:a0:09:26:10:59:99:
         41:ca:eb:31:02:37:90:26:c0:6d:75:f0:24:9d:e9:fc:c2:6b:
         c6:a8:c3:ea:0f:66:e1:91:bd:94:de:a3:5a:2e:fd:6b:74:f4:
         d8:40:dc:bb:64:b1:9f:e8:3c:a3:a0:db:c7:46:34:a7:a5:60:
         8a:7d:af:f0:de:2e:09:94:9d:3b:fe:a2:39:e6:72:ee:b8:ba:
         3f:f0:39:21:d8:de:eb:83:f2:47:45:5d:9c:07:f6:8f:8f:6a:
         a5:d1:ee:90:e0:6e:c3:a2:a9:38:47:cf:c5:67:fd:67:7a:94:
         9a:95:1c:80:01:5a:25:18:39:43:98:5b:1e:33:e3:e1:01:a9:
         c9:70:d9:b4:8f:39:da:91:b8:ae:78:79:53:e3:ee:e9:4e:46:
         cb:00:e7:23:e0:25:8b:95:34:e0:b1:7a:d7:ee:cf:94:fb:d4:
         b1:2a:f5:b0:fc:d9:06:37:d4:b1:10:8d:8f:92:e6:58:08:df:
         88:ef:17:92
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEBlEa7jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NjBkMTI5NDAxYjI2OTNhMzhkNWI0MzczZGM3NjA3YmY4NWI4YTZlMB4XDTIyMDUy
NDE2NTExM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmRhZWUwOGIxZTIx
MTkxZDcwM2IwZWI4NjRmZmNjZDMzMmMyODE1NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOO93CxPP//xgN8jP0CCY87tSa28mAnnegLbxA0zKSMnMCbi
E7u954Y6BlBXZEFCmqj+ODnTY1SEDtUI2G8NFBzQLZcwslE6xmNNyEFvR4i7en+y
ehXnIl6P82/ixOZn0Sirt/tkqM1+FrRUhKM2vMPHv46zy+g9rWL/ga8DULPt49oa
X6eaK56Jv4ckRFsHxXU4y6+egnZGSWMGZEGarKRd3y7NoP1iUvBKK/0W5pM5uQJI
eSuhYdbhEMEIzBTHVXcNzWlMdiRkAwAvpGMP0lT+4qvYT23dthhZpJbY7fRrb3kg
wpdxxx3S0hv4YIomQXSLpqc7PoBiiNmyA1fORacCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQtruCLHiEZHXA7Drhk/8zTMsKBVDAfBgNVHSMEGDAWgBSmDRKUAbJpOjjV
tDc9x2B7+FuKbjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BnMFNsQUd5YVRvNDFiUTNQY2RnZV9oYmltNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDUvM2QxMWQ4LWZhZTAtNGI5Ny1hZmRmLTljMmJiZDhjOTQ5Ni8x
L0xhN2dpeDRoR1Ixd093NjRaUF9NMHpMQ2dWUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUv
M2QxMWQ4LWZhZTAtNGI5Ny1hZmRmLTljMmJiZDhjOTQ5Ni8xL3BnMFNsQUd5YVRv
NDFiUTNQY2RnZV9oYmltNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArltCAMEA8IiADANBAIAAjAHAwUC
KgLmADANBgkqhkiG9w0BAQsFAAOCAQEAW35TOK8MWoEgggJpuufReADtAHsljZ1u
/v/yP86htf+3yghkaFpAty3nO65/nJYk97kY5UOIf1PbD4SBb3e5lFZhoAkmEFmZ
QcrrMQI3kCbAbXXwJJ3p/MJrxqjD6g9m4ZG9lN6jWi79a3T02EDcu2Sxn+g8o6Db
x0Y0p6Vgin2v8N4uCZSdO/6iOeZy7ri6P/A5Idje64PyR0VdnAf2j49qpdHukOBu
w6KpOEfPxWf9Z3qUmpUcgAFaJRg5Q5hbHjPj4QGpyXDZtI852pG4rnh5U+Pu6U5G
ywDnI+Ali5U04LF61+7PlPvUsSr1sPzZBjfUsRCNj5LmWAjfiO8Xkg==
-----END CERTIFICATE-----