Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/yZKvuP8TkYYxDwzqdQJO7RC2UxQ.roa
File:                     yZKvuP8TkYYxDwzqdQJO7RC2UxQ.roa (raw, json)
Hash identifier:          Yq9KCorPCWH2ql8smlqdli2FHC/NOwgnOYp19imuxqs=
Subject key identifier:   C9:92:AF:B8:FF:13:91:86:31:0F:0C:EA:75:02:4E:ED:10:B6:53:14
Certificate issuer:       /CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
Certificate serial:       01845607EB7AE1530FBEBC31212C3C3F84A1
Authority key identifier: 6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/yZKvuP8TkYYxDwzqdQJO7RC2UxQ.roa
Signing time:             Tue 08 Nov 2022 06:57:50 +0000
ROA not before:           Tue 08 Nov 2022 06:57:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16024
IP address blocks:        156.67.56.0/23 maxlen: 23
                          156.67.56.0/24 maxlen: 24
                          156.67.57.0/24 maxlen: 24
                          217.70.160.0/20 maxlen: 24
                          149.232.190.0/23 maxlen: 24
                          185.47.232.0/22 maxlen: 24
                          46.28.32.0/21 maxlen: 24
                          185.159.32.0/22 maxlen: 24
                          149.232.244.0/22 maxlen: 24
                          149.232.248.0/22 maxlen: 24
                          2a02:1670::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:56:07:eb:7a:e1:53:0f:be:bc:31:21:2c:3c:3f:84:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f3d89a81fc299f39c092e4f6d0173a9a9cfbc65
        Validity
            Not Before: Nov  8 06:57:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c992afb8ff139186310f0cea75024eed10b65314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:89:d0:e7:38:b4:01:5e:87:e3:f7:18:55:a8:
                    f8:73:df:c5:06:64:5b:c2:6f:97:61:c2:de:46:01:
                    ef:3f:0b:7e:00:1b:7c:67:e1:4b:2c:cf:ea:73:62:
                    29:b3:6d:5d:6a:7b:c8:d4:d2:cd:b5:55:d5:9f:b3:
                    2e:30:ce:33:fe:af:c1:5e:ce:67:5c:2d:de:d8:cf:
                    53:fb:5d:d5:50:cd:6f:1c:22:43:f7:54:cf:c8:15:
                    d5:a4:9a:0b:16:94:42:40:83:c7:d5:ce:68:a8:6f:
                    4a:dd:3b:d0:32:65:77:ab:b0:cd:38:20:af:bb:f5:
                    86:f9:30:83:69:29:04:b8:c4:9c:2e:bd:6c:f3:75:
                    32:7d:4c:9a:0c:71:77:6b:6f:37:53:c7:f0:df:2d:
                    17:d0:ee:5f:2f:dc:7f:48:b7:68:3a:98:2b:30:83:
                    7c:80:cb:a9:1c:af:be:e7:37:2b:f7:a9:99:17:35:
                    51:96:3a:ac:9c:18:e3:80:19:3c:e0:b1:13:12:21:
                    c1:92:51:d3:c0:ec:8c:25:a3:fe:a6:1a:01:ca:3d:
                    ea:54:50:d6:42:e4:51:9a:a5:44:50:05:14:ba:86:
                    bb:c8:bb:b9:f4:25:de:b5:da:c7:0a:71:53:64:d6:
                    68:82:c7:58:80:67:6c:f0:01:8d:0b:00:dd:39:24:
                    f3:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:92:AF:B8:FF:13:91:86:31:0F:0C:EA:75:02:4E:ED:10:B6:53:14
            X509v3 Authority Key Identifier:
                keyid:6F:3D:89:A8:1F:C2:99:F3:9C:09:2E:4F:6D:01:73:A9:A9:CF:BC:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bz2JqB_CmfOcCS5PbQFzqanPvGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/yZKvuP8TkYYxDwzqdQJO7RC2UxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/05e0ee-ae03-4124-b670-309b7b960d14/1/bz2JqB_CmfOcCS5PbQFzqanPvGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.32.0/21
                  149.232.190.0/23
                  149.232.244.0-149.232.251.255
                  156.67.56.0/23
                  185.47.232.0/22
                  185.159.32.0/22
                  217.70.160.0/20
                IPv6:
                  2a02:1670::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:a0:82:3e:54:af:96:67:a6:01:80:ce:0c:19:86:d0:d4:dd:
         34:b7:f2:0d:6b:aa:a8:fd:86:83:97:28:83:91:13:2c:e8:4c:
         14:c5:82:2e:ee:84:5b:07:26:30:75:a4:20:4a:b7:67:29:e5:
         97:42:25:59:3e:c0:71:42:63:bd:b2:13:ae:e5:12:04:01:c6:
         33:d4:65:40:bc:16:f5:ca:f7:6a:0c:ad:3c:99:29:79:b7:31:
         c1:d6:16:d0:7d:6b:69:6f:40:24:82:ef:a8:70:a4:77:66:9d:
         3a:c0:c5:9a:2d:08:7f:53:92:32:4b:9c:57:e1:f8:32:ed:a6:
         b1:b2:63:3d:41:44:32:73:4c:02:56:d8:42:27:7e:68:56:84:
         05:bf:d7:80:5c:4b:5b:94:69:4e:0f:91:6e:54:fc:a5:24:16:
         27:99:6b:8d:61:d4:4d:26:e8:37:ca:e2:39:2b:df:15:dd:e7:
         23:55:9d:13:ba:e0:84:7b:56:49:9e:1f:85:f7:b5:f9:2b:49:
         da:9c:d2:de:5a:8e:0c:a4:a3:60:85:f7:01:c4:0f:af:97:af:
         51:81:43:27:ad:5b:af:0f:0d:69:77:6f:51:6a:56:10:1e:63:
         c5:c1:20:a2:5a:10:a1:3f:0d:ba:9e:4e:3c:39:f3:4a:f3:8a:
         90:c5:90:13
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYRWB+t64VMPvrwxISw8P4ShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmM2Q4OWE4MWZjMjk5ZjM5YzA5MmU0ZjZkMDE3M2E5YTlj
ZmJjNjUwHhcNMjIxMTA4MDY1NzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTkyYWZiOGZmMTM5MTg2MzEwZjBjZWE3NTAyNGVlZDEwYjY1MzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArInQ5zi0AV6H4/cYVaj4c9/FBmRb
wm+XYcLeRgHvPwt+ABt8Z+FLLM/qc2Ips21danvI1NLNtVXVn7MuMM4z/q/BXs5n
XC3e2M9T+13VUM1vHCJD91TPyBXVpJoLFpRCQIPH1c5oqG9K3TvQMmV3q7DNOCCv
u/WG+TCDaSkEuMScLr1s83UyfUyaDHF3a283U8fw3y0X0O5fL9x/SLdoOpgrMIN8
gMupHK++5zcr96mZFzVRljqsnBjjgBk84LETEiHBklHTwOyMJaP+phoByj3qVFDW
QuRRmqVEUAUUuoa7yLu59CXetdrHCnFTZNZogsdYgGds8AGNCwDdOSTzywIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFMmSr7j/E5GGMQ8M6nUCTu0QtlMUMB8GA1UdIwQY
MBaAFG89iagfwpnznAkuT20Bc6mpz7xlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAt
MzA5YjdiOTYwZDE0LzEveVpLdnVQOFRrWVl4RHd6cWRRSk83UkMyVXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wNWUwZWUtYWUwMy00MTI0LWI2NzAtMzA5YjdiOTYwZDE0
LzEvYnoySnFCX0NtZk9jQ1M1UGJRRnpxYW5QdkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQDLhwgAwQB
lei+MAwDBAKV6PQDBAKV6PgDBAGcQzgDBAK5L+gDBAK5nyADBATZRqAwDQQCAAIw
BwMFACoCFnAwDQYJKoZIhvcNAQELBQADggEBAD6ggj5Ur5ZnpgGAzgwZhtDU3TS3
8g1rqqj9hoOXKIOREyzoTBTFgi7uhFsHJjB1pCBKt2cp5ZdCJVk+wHFCY72yE67l
EgQBxjPUZUC8FvXK92oMrTyZKXm3McHWFtB9a2lvQCSC76hwpHdmnTrAxZotCH9T
kjJLnFfh+DLtprGyYz1BRDJzTAJW2EInfmhWhAW/14BcS1uUaU4PkW5U/KUkFieZ
a41h1E0m6DfK4jkr3xXd5yNVnRO64IR7VkmeH4X3tfkrSdqc0t5ajgyko2CF9wHE
D6+Xr1GBQyetW68PDWl3b1FqVhAeY8XBIKJaEKE/DbqeTjw580rzipDFkBM=
-----END CERTIFICATE-----