Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d09fb0-9aa5-4b5a-8a4f-a237444af829/1/23mr9kgWYkuFQ-b2ou_b2Q_njhM.roa
File:                     23mr9kgWYkuFQ-b2ou_b2Q_njhM.roa (raw, json)
Hash identifier:          3g5LPJb2Pg/b+f/YaUMQ/DDTKZixx1nEXY8wRdcO464=
Subject key identifier:   DB:79:AB:F6:48:16:62:4B:85:43:E6:F6:A2:EF:DB:D9:0F:E7:8E:13
Certificate issuer:       /CN=063badc7853b05100a6b224ddcefc18e2e7d3dd5
Certificate serial:       01840F49977BD42D50822369A469B029396E
Authority key identifier: 06:3B:AD:C7:85:3B:05:10:0A:6B:22:4D:DC:EF:C1:8E:2E:7D:3D:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bjutx4U7BRAKayJN3O_Bji59PdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d09fb0-9aa5-4b5a-8a4f-a237444af829/1/23mr9kgWYkuFQ-b2ou_b2Q_njhM.roa
Signing time:             Tue 25 Oct 2022 13:16:31 +0000
ROA not before:           Tue 25 Oct 2022 13:16:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8387
IP address blocks:        92.61.208.0/20 maxlen: 20
                          185.49.176.0/22 maxlen: 22
                          212.166.96.0/19 maxlen: 19
                          193.162.45.0/24 maxlen: 24
                          212.31.64.0/19 maxlen: 19
                          212.166.108.0/24 maxlen: 24
                          212.166.115.0/24 maxlen: 24
                          212.166.122.0/23 maxlen: 23
                          46.17.224.0/21 maxlen: 21
                          2a10:f8c0::/29 maxlen: 29
                          2001:9d0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:0f:49:97:7b:d4:2d:50:82:23:69:a4:69:b0:29:39:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=063badc7853b05100a6b224ddcefc18e2e7d3dd5
        Validity
            Not Before: Oct 25 13:16:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=db79abf64816624b8543e6f6a2efdbd90fe78e13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5c:85:58:ec:46:61:b7:fa:9a:2d:77:36:16:
                    2d:ae:b8:ad:34:74:45:7d:bd:36:d0:9c:73:de:6a:
                    7a:57:8d:78:7a:dd:dd:d2:c7:e6:df:93:2c:d4:e6:
                    34:5c:db:95:65:cf:ab:3f:08:fd:0d:5d:44:18:58:
                    cf:4c:a9:34:f8:8a:5a:94:1a:fe:b0:a3:49:0e:ad:
                    10:fc:35:f7:a4:51:88:c4:e8:75:7a:4a:ac:ad:63:
                    d6:93:1c:02:1f:81:91:fa:9f:78:d7:50:b7:7f:64:
                    6c:f2:15:1c:e9:00:a2:36:20:18:27:4f:2e:99:c0:
                    48:75:74:6a:7b:da:e2:b9:7a:8b:ce:07:5f:ff:72:
                    ec:10:77:ec:9b:bc:b4:5c:cf:09:37:ba:bc:17:01:
                    a5:d5:68:5a:26:b7:2c:ff:d6:bb:da:2a:3e:45:97:
                    e8:31:f0:da:21:04:8f:ac:c5:50:5c:ef:dd:bb:d4:
                    c5:4b:6d:b9:ed:11:9f:9f:e3:62:13:82:05:15:40:
                    4d:72:6e:41:81:cd:aa:34:d3:d1:99:f5:ef:e3:2f:
                    a0:ac:5d:0d:1a:a1:5d:ac:1f:4a:58:77:4a:9c:9b:
                    63:40:29:de:73:0b:8c:f3:ce:5a:fa:84:5d:1e:c9:
                    6c:79:98:e3:f6:9c:8f:e1:0b:7a:30:68:92:26:05:
                    7d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:79:AB:F6:48:16:62:4B:85:43:E6:F6:A2:EF:DB:D9:0F:E7:8E:13
            X509v3 Authority Key Identifier:
                keyid:06:3B:AD:C7:85:3B:05:10:0A:6B:22:4D:DC:EF:C1:8E:2E:7D:3D:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bjutx4U7BRAKayJN3O_Bji59PdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d09fb0-9aa5-4b5a-8a4f-a237444af829/1/23mr9kgWYkuFQ-b2ou_b2Q_njhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d09fb0-9aa5-4b5a-8a4f-a237444af829/1/Bjutx4U7BRAKayJN3O_Bji59PdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.224.0/21
                  92.61.208.0/20
                  185.49.176.0/22
                  193.162.45.0/24
                  212.31.64.0/19
                  212.166.96.0/19
                IPv6:
                  2001:9d0::/32
                  2a10:f8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:3e:3a:1e:19:37:1e:a9:05:a3:c8:8e:ec:09:cf:70:f6:6f:
         84:a7:4a:70:40:6a:56:1b:90:2d:c7:3c:68:13:01:c3:8d:ac:
         2e:79:8e:0c:ce:57:eb:d3:88:1c:5f:5e:94:66:88:5e:23:5d:
         52:d8:96:d0:c3:3a:26:b4:7a:cc:e0:bb:d0:dd:f0:45:ac:60:
         9e:dd:fd:35:71:41:7f:ea:60:d2:27:6c:9d:1f:f5:be:2b:20:
         74:20:36:dc:39:bb:6f:81:07:c2:ce:11:f3:81:32:e6:16:27:
         7b:ea:26:25:1d:28:58:a4:ec:a0:9f:83:46:60:f1:ce:c5:b2:
         61:d3:8c:ab:2a:66:70:27:ff:19:5f:c2:59:59:d9:05:ba:ee:
         4c:87:55:9f:7d:ec:99:c8:cb:52:85:57:dc:44:88:37:0c:6b:
         fe:55:3c:90:69:b3:2d:61:9e:4e:b8:0b:bc:94:06:da:c0:4b:
         c7:46:4d:ba:53:e8:7d:57:07:42:81:ff:c5:8e:a7:81:88:05:
         25:f3:e2:70:3e:47:4c:27:b9:ed:92:fa:e2:73:c3:43:38:ef:
         88:8f:37:07:a6:b5:8a:03:5b:c3:1c:f0:7a:28:07:6f:94:df:
         36:ab:a9:e6:7d:06:f4:b3:80:95:99:6c:8c:87:c7:a2:e1:97:
         43:12:d6:6b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYQPSZd71C1QgiNppGmwKTluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2M2JhZGM3ODUzYjA1MTAwYTZiMjI0ZGRjZWZjMThlMmU3
ZDNkZDUwHhcNMjIxMDI1MTMxNjMxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjc5YWJmNjQ4MTY2MjRiODU0M2U2ZjZhMmVmZGJkOTBmZTc4ZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFyFWOxGYbf6mi13NhYtrritNHRF
fb020Jxz3mp6V414et3d0sfm35Ms1OY0XNuVZc+rPwj9DV1EGFjPTKk0+IpalBr+
sKNJDq0Q/DX3pFGIxOh1ekqsrWPWkxwCH4GR+p9411C3f2Rs8hUc6QCiNiAYJ08u
mcBIdXRqe9riuXqLzgdf/3LsEHfsm7y0XM8JN7q8FwGl1WhaJrcs/9a72io+RZfo
MfDaIQSPrMVQXO/du9TFS2257RGfn+NiE4IFFUBNcm5Bgc2qNNPRmfXv4y+grF0N
GqFdrB9KWHdKnJtjQCnecwuM885a+oRdHslseZjj9pyP4Qt6MGiSJgV9ZwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNt5q/ZIFmJLhUPm9qLv29kP544TMB8GA1UdIwQY
MBaAFAY7rceFOwUQCmsiTdzvwY4ufT3VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmp1dHg0VTdCUkFLYXlKTjNPX0JqaTU5UGRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMDlmYjAtOWFhNS00YjVhLThhNGYt
YTIzNzQ0NGFmODI5LzEvMjNtcjlrZ1dZa3VGUS1iMm91X2IyUV9uamhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMDlmYjAtOWFhNS00YjVhLThhNGYtYTIzNzQ0NGFmODI5
LzEvQmp1dHg0VTdCUkFLYXlKTjNPX0JqaTU5UGRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQDLhHgAwQE
XD3QAwQCuTGwAwQAwaItAwQF1B9AAwQF1KZgMBQEAgACMA4DBQAgAQnQAwUDKhD4
wDANBgkqhkiG9w0BAQsFAAOCAQEAND46Hhk3HqkFo8iO7AnPcPZvhKdKcEBqVhuQ
Lcc8aBMBw42sLnmODM5X69OIHF9elGaIXiNdUtiW0MM6JrR6zOC70N3wRaxgnt39
NXFBf+pg0idsnR/1visgdCA23Dm7b4EHws4R84Ey5hYne+omJR0oWKTsoJ+DRmDx
zsWyYdOMqypmcCf/GV/CWVnZBbruTIdVn33smcjLUoVX3ESINwxr/lU8kGmzLWGe
TrgLvJQG2sBLx0ZNulPofVcHQoH/xY6ngYgFJfPicD5HTCe57ZL64nPDQzjviI83
B6a1igNbwxzweigHb5TfNqup5n0G9LOAlZlsjIfHouGXQxLWaw==
-----END CERTIFICATE-----