Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/vWPGdplFKj5h9wn_8sG8OuPUcXM.roa
File:                     vWPGdplFKj5h9wn_8sG8OuPUcXM.roa (raw, json)
Hash identifier:          ygqhISgVojR2v8uu4iFSZ2OS2tAJVGc3lU+Ql83QbtE=
Subject key identifier:   BD:63:C6:76:99:45:2A:3E:61:F7:09:FF:F2:C1:BC:3A:E3:D4:71:73
Certificate issuer:       /CN=a6f87cf4a15b9e7822455b3aa8af0b5ed3a299f7
Certificate serial:       01850F5036EAB59E34B2FA02ADF5FE2714FB
Authority key identifier: A6:F8:7C:F4:A1:5B:9E:78:22:45:5B:3A:A8:AF:0B:5E:D3:A2:99:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pvh89KFbnngiRVs6qK8LXtOimfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/vWPGdplFKj5h9wn_8sG8OuPUcXM.roa
Signing time:             Wed 14 Dec 2022 06:26:33 +0000
ROA not before:           Wed 14 Dec 2022 06:26:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42831
IP address blocks:        81.92.217.0/24 maxlen: 24
                          94.46.244.0/22 maxlen: 22
                          81.92.219.0/24 maxlen: 24
                          81.92.218.0/24 maxlen: 24
                          94.46.184.0/22 maxlen: 22
                          91.109.112.0/21 maxlen: 21
                          94.46.192.0/22 maxlen: 22
                          94.46.207.0/24 maxlen: 24
                          81.92.192.0/22 maxlen: 22
                          94.46.220.0/22 maxlen: 22
                          185.99.252.0/22 maxlen: 22
                          185.109.168.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:0f:50:36:ea:b5:9e:34:b2:fa:02:ad:f5:fe:27:14:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6f87cf4a15b9e7822455b3aa8af0b5ed3a299f7
        Validity
            Not Before: Dec 14 06:26:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bd63c67699452a3e61f709fff2c1bc3ae3d47173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:db:6e:02:9a:f3:3f:2d:5e:5d:b0:c5:b8:54:
                    81:27:15:2a:d6:8d:ae:42:a1:af:6b:22:b5:85:93:
                    a2:b3:00:aa:40:2b:c5:0d:04:48:a0:ef:00:37:23:
                    a6:2a:45:2b:8b:18:ac:de:2f:02:72:51:36:f2:ef:
                    fe:1d:5a:50:0c:72:50:30:bd:53:54:a4:51:a1:13:
                    6a:df:3e:b2:2b:cf:fe:dd:42:9d:af:dd:8e:96:8c:
                    00:7f:e9:f1:8e:1c:b5:cb:5b:53:a4:9e:fa:8f:ba:
                    90:20:e0:48:d6:4e:3c:9e:3e:29:15:b9:1f:e9:8c:
                    b9:e1:ad:c9:29:cf:b1:6b:f7:71:47:4c:3d:7a:c8:
                    35:3c:b8:8c:9a:63:70:e3:09:a5:39:21:43:99:88:
                    04:be:88:54:92:36:14:3c:a1:4b:63:3f:37:c9:06:
                    55:05:93:0c:8f:db:73:b2:08:29:81:2a:45:28:3a:
                    e3:35:72:cd:c0:8e:dd:3d:14:28:32:41:80:57:d5:
                    54:10:4f:7f:1b:31:bc:b2:8b:b4:d9:47:3f:b1:d1:
                    08:10:cd:75:88:e7:23:ee:ad:15:26:2f:ce:41:cc:
                    43:84:9c:94:52:ac:c7:57:a6:d8:23:9c:e7:c9:91:
                    c5:33:ae:ff:93:1c:c8:03:c7:7b:71:a4:9e:da:f8:
                    d2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:63:C6:76:99:45:2A:3E:61:F7:09:FF:F2:C1:BC:3A:E3:D4:71:73
            X509v3 Authority Key Identifier:
                keyid:A6:F8:7C:F4:A1:5B:9E:78:22:45:5B:3A:A8:AF:0B:5E:D3:A2:99:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pvh89KFbnngiRVs6qK8LXtOimfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/vWPGdplFKj5h9wn_8sG8OuPUcXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/pvh89KFbnngiRVs6qK8LXtOimfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.92.192.0/22
                  81.92.217.0-81.92.219.255
                  91.109.112.0/21
                  94.46.184.0/22
                  94.46.192.0/22
                  94.46.207.0/24
                  94.46.220.0/22
                  94.46.244.0/22
                  185.99.252.0/22
                  185.109.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:42:0a:06:a7:4e:64:ad:d4:d6:11:36:79:ac:ba:7a:18:25:
         52:5b:2f:7f:da:7d:ee:33:42:3e:75:7b:bd:ce:22:f3:64:14:
         01:aa:55:4e:08:70:a6:54:82:b6:c5:56:a1:a5:00:43:62:12:
         63:c8:07:24:8d:1e:c2:72:51:14:2e:13:c6:21:07:a3:dc:4d:
         2a:ce:5e:58:79:e2:5c:44:8d:87:73:37:a5:6a:b3:01:c5:30:
         2b:8d:bd:79:60:4a:5c:e4:c0:fa:63:cc:43:7f:de:af:29:ea:
         33:2f:0f:ae:95:a8:33:b3:05:fb:4e:8c:88:5d:41:36:b2:cb:
         05:9c:7d:c4:88:17:a5:f3:a7:8a:a8:9c:4e:eb:80:89:a5:34:
         20:ba:14:c3:f3:6d:a6:aa:75:a9:04:57:48:ff:1c:13:c5:bd:
         f8:08:c9:23:8d:ed:33:22:52:82:f9:5b:ab:87:9e:6e:58:e7:
         68:c2:d8:9d:c1:ce:41:ee:8f:0c:2e:cb:3b:6c:ed:62:83:28:
         a0:e0:ff:9c:26:5f:c3:ff:84:84:7a:45:fd:1b:1c:7b:e2:33:
         66:32:b4:4f:cc:9c:ff:d3:62:4c:eb:09:87:d1:e5:d9:64:28:
         eb:08:76:e1:33:67:db:da:3b:85:71:35:94:ca:f0:54:9a:82:
         20:19:c0:a9
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYUPUDbqtZ40svoCrfX+JxT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Zjg3Y2Y0YTE1YjllNzgyMjQ1NWIzYWE4YWYwYjVlZDNh
Mjk5ZjcwHhcNMjIxMjE0MDYyNjMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDYzYzY3Njk5NDUyYTNlNjFmNzA5ZmZmMmMxYmMzYWUzZDQ3MTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNtuAprzPy1eXbDFuFSBJxUq1o2u
QqGvayK1hZOiswCqQCvFDQRIoO8ANyOmKkUrixis3i8CclE28u/+HVpQDHJQML1T
VKRRoRNq3z6yK8/+3UKdr92OlowAf+nxjhy1y1tTpJ76j7qQIOBI1k48nj4pFbkf
6Yy54a3JKc+xa/dxR0w9esg1PLiMmmNw4wmlOSFDmYgEvohUkjYUPKFLYz83yQZV
BZMMj9tzsggpgSpFKDrjNXLNwI7dPRQoMkGAV9VUEE9/GzG8sou02Uc/sdEIEM11
iOcj7q0VJi/OQcxDhJyUUqzHV6bYI5znyZHFM67/kxzIA8d7caSe2vjSyQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFL1jxnaZRSo+YfcJ//LBvDrj1HFzMB8GA1UdIwQY
MBaAFKb4fPShW554IkVbOqivC17Topn3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHZoODlLRmJubmdpUlZzNnFLOExYdE9pbWZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8yODliMWQtMDhkZC00ZDUzLWIxMmQt
N2Q0MDI4YTFiZjU5LzEvdldQR2RwbEZLajVoOXduXzhzRzhPdVBVY1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8yODliMWQtMDhkZC00ZDUzLWIxMmQtN2Q0MDI4YTFiZjU5
LzEvcHZoODlLRmJubmdpUlZzNnFLOExYdE9pbWZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCUVzAMAwD
BABRXNkDBAJRXNgDBANbbXADBAJeLrgDBAJeLsADBABeLs8DBAJeLtwDBAJeLvQD
BAK5Y/wDBAK5bagwDQYJKoZIhvcNAQELBQADggEBAAlCCganTmSt1NYRNnmsunoY
JVJbL3/afe4zQj51e73OIvNkFAGqVU4IcKZUgrbFVqGlAENiEmPIBySNHsJyURQu
E8YhB6PcTSrOXlh54lxEjYdzN6VqswHFMCuNvXlgSlzkwPpjzEN/3q8p6jMvD66V
qDOzBftOjIhdQTayywWcfcSIF6Xzp4qonE7rgImlNCC6FMPzbaaqdakEV0j/HBPF
vfgIySON7TMiUoL5W6uHnm5Y52jC2J3BzkHujwwuyzts7WKDKKDg/5wmX8P/hIR6
Rf0bHHviM2YytE/MnP/TYkzrCYfR5dlkKOsIduEzZ9vaO4VxNZTK8FSagiAZwKk=
-----END CERTIFICATE-----