Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/ql-VYTxbtspXirxcmu6y1U6csAk.roa
File:                     ql-VYTxbtspXirxcmu6y1U6csAk.roa (raw, json)
Hash identifier:          100/0PV7W+itwVr8d+MlP8k/wPZpkY2Wg5bBCati5iA=
Subject key identifier:   AA:5F:95:61:3C:5B:B6:CA:57:8A:BC:5C:9A:EE:B2:D5:4E:9C:B0:09
Certificate issuer:       /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial:       036ABB3E
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/ql-VYTxbtspXirxcmu6y1U6csAk.roa
Signing time:             Sat 01 Jan 2022 05:06:08 +0000
ROA not before:           Sat 01 Jan 2022 05:06:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41079
IP address blocks:        185.204.216.0/22 maxlen: 22
                          194.169.227.0/24 maxlen: 24
                          185.208.164.0/24 maxlen: 24
                          185.243.52.0/22 maxlen: 22
                          195.114.0.0/23 maxlen: 23
                          91.199.22.0/24 maxlen: 24
                          195.242.116.0/23 maxlen: 23
                          193.218.152.0/22 maxlen: 22
                          178.250.40.0/21 maxlen: 21
                          195.2.254.0/23 maxlen: 23
                          2a02:1778::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57326398 (0x36abb3e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
        Validity
            Not Before: Jan  1 05:06:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aa5f95613c5bb6ca578abc5c9aeeb2d54e9cb009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:40:59:b2:38:ab:4b:0e:1a:a9:ca:b7:7f:10:
                    fb:2f:9d:51:ce:57:56:1e:f7:14:36:da:37:d9:28:
                    11:3e:78:25:48:51:37:08:8d:6a:c0:31:ca:c5:d6:
                    c1:b4:ce:ec:33:c6:d4:77:ed:11:c0:82:58:e9:11:
                    81:2e:a3:02:5c:cb:13:10:a9:12:fa:d2:01:77:a8:
                    df:79:34:d3:a5:00:bd:dd:cd:0d:ef:78:de:f2:5b:
                    2e:01:07:ae:c1:6e:76:f3:e2:48:81:c6:21:75:49:
                    3a:83:34:25:5d:c2:0e:e0:09:0f:88:a1:a9:51:d7:
                    6a:16:45:9a:4a:b4:4c:ba:66:46:1b:c1:c1:ad:a9:
                    ac:18:a4:a5:6a:04:6e:c5:c5:b9:68:5e:a2:45:6d:
                    79:eb:a8:0e:6b:2d:88:9d:15:bc:33:2c:6a:37:33:
                    84:e8:c7:8f:e9:90:8c:65:ec:b2:14:f7:46:37:b7:
                    78:67:3d:38:d3:32:2a:a1:18:ac:81:82:99:83:55:
                    79:e8:ef:a2:65:2c:e7:2d:70:be:80:2a:4d:4b:e4:
                    f4:70:d2:b6:82:0c:44:8c:c1:1d:13:21:82:72:01:
                    70:87:e7:e2:40:28:ce:84:c0:36:19:7b:af:69:cf:
                    9a:73:f3:b0:9e:8d:06:dd:0b:4e:c4:ad:2b:2a:0d:
                    0a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:5F:95:61:3C:5B:B6:CA:57:8A:BC:5C:9A:EE:B2:D5:4E:9C:B0:09
            X509v3 Authority Key Identifier:
                keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/ql-VYTxbtspXirxcmu6y1U6csAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.22.0/24
                  178.250.40.0/21
                  185.204.216.0/22
                  185.208.164.0/24
                  185.243.52.0/22
                  193.218.152.0/22
                  194.169.227.0/24
                  195.2.254.0/23
                  195.114.0.0/23
                  195.242.116.0/23
                IPv6:
                  2a02:1778::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:19:93:6c:be:bb:31:45:53:07:9b:b9:81:85:3a:08:4e:12:
         15:30:ad:0c:a2:f4:50:42:2d:da:8e:b0:3a:28:ec:6d:af:a2:
         26:0a:d3:13:42:48:ea:bd:1a:20:9d:19:df:6d:c1:39:bb:87:
         f1:4e:62:c4:46:28:ff:59:e9:b9:df:af:68:13:0c:07:78:f9:
         17:fb:71:a7:66:cf:e1:74:35:7d:f5:ba:32:1a:e1:6b:ca:d5:
         b0:f3:c3:2e:8c:d7:43:a1:93:a4:df:09:99:50:26:81:06:73:
         06:48:42:14:60:b8:79:3e:0e:96:67:22:db:33:78:33:ae:97:
         4c:ad:2e:28:f3:8a:0c:9a:8f:3b:53:fa:d5:2d:83:00:3a:7c:
         92:01:68:3c:cd:ff:bb:00:e8:f3:7a:a1:5a:9b:9a:87:87:ff:
         86:15:32:af:87:57:b1:bd:40:97:ad:2b:a9:d2:49:33:91:92:
         86:cd:35:64:87:0e:9f:79:66:00:90:7f:73:5d:3e:55:71:19:
         4e:4d:75:98:38:14:69:6b:45:1d:74:63:9b:c6:92:a8:5b:25:
         1f:41:77:00:0b:a8:37:24:9b:be:6b:8b:66:49:bd:2e:72:fa:
         39:e6:1c:ff:c5:df:2a:5f:27:82:14:b2:18:85:4e:33:bc:7b:
         05:98:6c:f1
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgIEA2q7PjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
NmE1YWE5MThjYmZlYjNlMTI5OTdmMzM4OTBmZWIyNTg5MDdiMzQzMB4XDTIyMDEw
MTA1MDYwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWE1Zjk1NjEzYzVi
YjZjYTU3OGFiYzVjOWFlZWIyZDU0ZTljYjAwOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKBAWbI4q0sOGqnKt38Q+y+dUc5XVh73FDbaN9koET54JUhR
NwiNasAxysXWwbTO7DPG1HftEcCCWOkRgS6jAlzLExCpEvrSAXeo33k006UAvd3N
De943vJbLgEHrsFudvPiSIHGIXVJOoM0JV3CDuAJD4ihqVHXahZFmkq0TLpmRhvB
wa2prBikpWoEbsXFuWheokVteeuoDmstiJ0VvDMsajczhOjHj+mQjGXsshT3Rje3
eGc9ONMyKqEYrIGCmYNVeejvomUs5y1wvoAqTUvk9HDStoIMRIzBHRMhgnIBcIfn
4kAozoTANhl7r2nPmnPzsJ6NBt0LTsStKyoNCgkCAwEAAaOCAk4wggJKMB0GA1Ud
DgQWBBSqX5VhPFu2yleKvFya7rLVTpywCTAfBgNVHSMEGDAWgBQmpaqRjL/rPhKZ
fzOJD+sliQezQzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0pxV3FrWXlfNno0U21YOHppUV9ySllrSHMwTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWQvMTQzM2VhLTEwODAtNDZlNS1iNjEyLTI5N2UyODJkNjZhOC8x
L3FsLVZZVHhidHNwWGlyeGNtdTZ5MVU2Y3NBay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQv
MTQzM2VhLTEwODAtNDZlNS1iNjEyLTI5N2UyODJkNjZhOC8xL0pxV3FrWXlfNno0
U21YOHppUV9ySllrSHMwTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBk
BggrBgEFBQcBBwEB/wRVMFMwQgQCAAEwPAMEAFvHFgMEA7L6KAMEArnM2AMEALnQ
pAMEArnzNAMEAsHamAMEAMKp4wMEAcMC/gMEAcNyAAMEAcPydDANBAIAAjAHAwUA
KgIXeDANBgkqhkiG9w0BAQsFAAOCAQEABBmTbL67MUVTB5u5gYU6CE4SFTCtDKL0
UEIt2o6wOijsba+iJgrTE0JI6r0aIJ0Z323BObuH8U5ixEYo/1npud+vaBMMB3j5
F/txp2bP4XQ1ffW6Mhrha8rVsPPDLozXQ6GTpN8JmVAmgQZzBkhCFGC4eT4Olmci
2zN4M66XTK0uKPOKDJqPO1P61S2DADp8kgFoPM3/uwDo83qhWpuah4f/hhUyr4dX
sb1Al60rqdJJM5GShs01ZIcOn3lmAJB/c10+VXEZTk11mDgUaWtFHXRjm8aSqFsl
H0F3AAuoNySbvmuLZkm9LnL6OeYc/8XfKl8nghSyGIVOM7x7BZhs8Q==
-----END CERTIFICATE-----