Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/862525-f63f-4653-a3a6-e89f51ca6840/1/rYZo5_tonKVuSLJE5VLyFsWzMd8.roa
File:                     rYZo5_tonKVuSLJE5VLyFsWzMd8.roa (raw, json)
Hash identifier:          ZVJ2mcHnWw4nDquVzJu7LLnI0zJjyDt/9zDEoOAKn8Y=
Subject key identifier:   AD:86:68:E7:FB:68:9C:A5:6E:48:B2:44:E5:52:F2:16:C5:B3:31:DF
Certificate issuer:       /CN=8751759bb92cba5520536945ed1b3fa5ad151b65
Certificate serial:       0181D8970614234285B1D40C88CD64967025
Authority key identifier: 87:51:75:9B:B9:2C:BA:55:20:53:69:45:ED:1B:3F:A5:AD:15:1B:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h1F1m7ksulUgU2lF7Rs_pa0VG2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/862525-f63f-4653-a3a6-e89f51ca6840/1/rYZo5_tonKVuSLJE5VLyFsWzMd8.roa
Signing time:             Thu 07 Jul 2022 12:16:25 +0000
ROA not before:           Thu 07 Jul 2022 12:16:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57653
IP address blocks:        109.69.232.0/24 maxlen: 24
                          109.69.232.0/21 maxlen: 21
                          109.69.233.0/24 maxlen: 24
                          109.69.239.0/24 maxlen: 24
                          109.69.238.0/24 maxlen: 24
                          109.69.234.0/24 maxlen: 24
                          109.69.235.0/24 maxlen: 24
                          109.69.237.0/24 maxlen: 24
                          109.69.236.0/24 maxlen: 24
                          185.191.85.0/24 maxlen: 24
                          185.191.84.0/22 maxlen: 22
                          185.191.84.0/24 maxlen: 24
                          185.191.87.0/24 maxlen: 24
                          185.191.86.0/24 maxlen: 24
                          94.156.96.0/24 maxlen: 24
                          2a00:1ba8::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:d8:97:06:14:23:42:85:b1:d4:0c:88:cd:64:96:70:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8751759bb92cba5520536945ed1b3fa5ad151b65
        Validity
            Not Before: Jul  7 12:16:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ad8668e7fb689ca56e48b244e552f216c5b331df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:56:a8:9a:a6:89:ab:be:95:64:cf:57:c5:f5:
                    34:2a:95:1e:97:96:0f:19:e7:73:f7:68:79:33:43:
                    e3:36:1f:64:31:46:3d:ba:a8:1e:7a:4a:ef:45:9e:
                    93:15:a1:38:1c:0a:27:84:3d:6c:ec:b7:aa:3b:29:
                    7e:23:1a:84:22:76:6d:7b:eb:bb:46:89:bc:c6:5b:
                    54:4f:d0:c2:4d:e0:f7:23:0b:3f:1e:08:75:e0:6f:
                    4e:57:13:fe:65:f6:2b:79:e6:4c:a5:a9:bb:87:c7:
                    f0:37:ee:11:88:b3:f1:af:04:c2:bf:04:16:31:ec:
                    f0:68:82:8d:5c:4a:86:81:51:8e:2a:1f:4c:2a:9f:
                    02:b7:7f:ab:07:3b:8b:20:44:98:28:b1:6b:3e:50:
                    87:6c:90:67:7a:27:4f:e6:fd:9a:6e:52:76:8d:5b:
                    f4:4c:03:cf:f1:c1:0e:e8:1f:8c:28:5c:8a:1c:59:
                    ae:f1:d1:7d:da:7b:85:ff:fc:53:87:f7:4f:1d:79:
                    b7:d9:ea:1c:8f:37:8e:f5:50:87:c7:01:a4:14:18:
                    82:c5:54:00:7d:b9:9e:12:96:f8:d5:30:17:4a:3e:
                    b8:35:9c:d1:c8:81:64:b1:5a:54:88:1f:07:b0:20:
                    e3:28:2e:73:8d:a7:dd:c6:85:21:8e:09:0e:b1:e6:
                    19:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:86:68:E7:FB:68:9C:A5:6E:48:B2:44:E5:52:F2:16:C5:B3:31:DF
            X509v3 Authority Key Identifier:
                keyid:87:51:75:9B:B9:2C:BA:55:20:53:69:45:ED:1B:3F:A5:AD:15:1B:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h1F1m7ksulUgU2lF7Rs_pa0VG2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/862525-f63f-4653-a3a6-e89f51ca6840/1/rYZo5_tonKVuSLJE5VLyFsWzMd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/862525-f63f-4653-a3a6-e89f51ca6840/1/h1F1m7ksulUgU2lF7Rs_pa0VG2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.96.0/24
                  109.69.232.0/21
                  185.191.84.0/22
                IPv6:
                  2a00:1ba8::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:c5:13:d4:ba:fd:2d:c7:bf:dd:47:26:24:e5:f9:40:e5:26:
         8b:65:ea:77:f3:4b:56:f1:5d:b6:e0:46:6d:c6:d8:f3:66:bc:
         40:0b:1d:27:2c:a4:f6:53:5d:a1:56:1e:f3:8a:da:64:b0:38:
         33:35:fa:6c:25:81:c6:d6:8d:9d:04:3c:98:4f:72:b5:a1:7f:
         9a:b6:15:79:24:19:b5:e9:64:5c:ea:06:55:70:df:d5:ba:03:
         10:c4:68:0b:d3:3a:31:f5:5d:bd:bb:1c:d9:d6:97:ed:d3:0f:
         76:7e:ce:44:70:3d:ce:1f:1b:04:41:2e:99:90:b1:e5:c1:1a:
         a6:c7:37:d3:79:9c:36:9d:94:7d:ce:9c:a7:4c:79:f6:27:77:
         d6:03:ee:17:9f:65:74:3e:d4:5d:59:12:89:4f:98:c4:84:de:
         d3:81:8f:85:4e:71:ce:8f:67:51:8d:95:fe:06:fb:e4:ee:77:
         23:b7:fa:40:7c:46:67:5f:3d:04:53:12:fb:c8:21:e1:9f:b0:
         1c:0a:fb:0b:81:11:b4:71:59:7e:b2:37:b0:02:8b:a9:29:3b:
         52:30:06:a3:4d:4c:38:3a:ec:55:1c:6f:d8:87:26:0c:a7:b7:
         fe:02:6f:1a:1a:41:9c:a8:58:c5:98:5d:58:6f:7f:3c:cd:ae:
         e0:16:48:4c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYHYlwYUI0KFsdQMiM1klnAlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NTE3NTliYjkyY2JhNTUyMDUzNjk0NWVkMWIzZmE1YWQx
NTFiNjUwHhcNMjIwNzA3MTIxNjI1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDg2NjhlN2ZiNjg5Y2E1NmU0OGIyNDRlNTUyZjIxNmM1YjMzMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVaomqaJq76VZM9XxfU0KpUel5YP
Gedz92h5M0PjNh9kMUY9uqgeekrvRZ6TFaE4HAonhD1s7LeqOyl+IxqEInZte+u7
Rom8xltUT9DCTeD3Iws/Hgh14G9OVxP+ZfYreeZMpam7h8fwN+4RiLPxrwTCvwQW
MezwaIKNXEqGgVGOKh9MKp8Ct3+rBzuLIESYKLFrPlCHbJBneidP5v2ablJ2jVv0
TAPP8cEO6B+MKFyKHFmu8dF92nuF//xTh/dPHXm32eocjzeO9VCHxwGkFBiCxVQA
fbmeEpb41TAXSj64NZzRyIFksVpUiB8HsCDjKC5zjafdxoUhjgkOseYZiwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFK2GaOf7aJylbkiyROVS8hbFszHfMB8GA1UdIwQY
MBaAFIdRdZu5LLpVIFNpRe0bP6WtFRtlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDFGMW03a3N1bFVnVTJsRjdSc19wYTBWRzJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi84NjI1MjUtZjYzZi00NjUzLWEzYTYt
ZTg5ZjUxY2E2ODQwLzEvcllabzVfdG9uS1Z1U0xKRTVWTHlGc1d6TWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi84NjI1MjUtZjYzZi00NjUzLWEzYTYtZTg5ZjUxY2E2ODQw
LzEvaDFGMW03a3N1bFVnVTJsRjdSc19wYTBWRzJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAXpxgAwQD
bUXoAwQCub9UMA0EAgACMAcDBQAqABuoMA0GCSqGSIb3DQEBCwUAA4IBAQBHxRPU
uv0tx7/dRyYk5flA5SaLZep380tW8V224EZtxtjzZrxACx0nLKT2U12hVh7zitpk
sDgzNfpsJYHG1o2dBDyYT3K1oX+athV5JBm16WRc6gZVcN/VugMQxGgL0zox9V29
uxzZ1pft0w92fs5EcD3OHxsEQS6ZkLHlwRqmxzfTeZw2nZR9zpynTHn2J3fWA+4X
n2V0PtRdWRKJT5jEhN7TgY+FTnHOj2dRjZX+Bvvk7ncjt/pAfEZnXz0EUxL7yCHh
n7AcCvsLgRG0cVl+sjewAoupKTtSMAajTUw4OuxVHG/YhyYMp7f+Am8aGkGcqFjF
mF1Yb388za7gFkhM
-----END CERTIFICATE-----