Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/c4x07iOHXvCUElkp9NTS_rxiFhE.roa
File:                     c4x07iOHXvCUElkp9NTS_rxiFhE.roa (raw, json)
Hash identifier:          gbHwiVzfdWTFLEclSvkAuBhoNK0atFFGGj+DzR/p1C0=
Subject key identifier:   73:8C:74:EE:23:87:5E:F0:94:12:59:29:F4:D4:D2:FE:BC:62:16:11
Certificate issuer:       /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial:       0184348DA91F6059C105D5873373AEE91422
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/c4x07iOHXvCUElkp9NTS_rxiFhE.roa
Signing time:             Tue 01 Nov 2022 18:56:49 +0000
ROA not before:           Tue 01 Nov 2022 18:56:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48847
IP address blocks:        185.12.223.0/24 maxlen: 24
                          185.12.222.0/24 maxlen: 24
                          185.12.221.0/24 maxlen: 24
                          185.12.220.0/22 maxlen: 22
                          185.12.221.152/29 maxlen: 29
                          109.233.21.92/30 maxlen: 30
                          109.233.17.0/24 maxlen: 24
                          109.233.16.0/24 maxlen: 24
                          109.233.16.0/21 maxlen: 21
                          109.233.20.0/24 maxlen: 24
                          109.233.19.0/24 maxlen: 24
                          109.233.18.0/24 maxlen: 24
                          109.233.23.0/24 maxlen: 24
                          109.233.22.0/24 maxlen: 24
                          109.233.21.0/24 maxlen: 24
                          109.233.19.128/30 maxlen: 30
                          109.233.20.196/30 maxlen: 30
                          2a03:6900::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:34:8d:a9:1f:60:59:c1:05:d5:87:33:73:ae:e9:14:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
        Validity
            Not Before: Nov  1 18:56:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=738c74ee23875ef094125929f4d4d2febc621611
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:92:cd:c0:dc:2d:ef:93:d1:26:ea:d9:1d:d1:
                    67:b9:5a:d3:c2:20:2a:d4:52:45:1a:9f:1d:59:6b:
                    3e:09:ee:63:5b:16:9e:11:5e:0d:30:3d:32:a8:b8:
                    a8:05:45:9c:9a:02:d6:0e:95:b6:47:44:b5:55:1b:
                    d2:a4:ca:f6:cc:4d:d8:35:e8:c3:82:03:3e:bf:5c:
                    da:33:d6:fb:01:54:37:b7:37:16:83:e4:1d:93:0f:
                    be:bd:a6:4e:44:1f:20:14:98:cd:63:52:10:86:a0:
                    3d:4d:08:54:15:00:6d:7d:87:24:43:5a:8e:6c:dc:
                    54:61:50:53:9b:df:4d:45:a8:05:54:e2:43:90:55:
                    b6:e8:45:92:bf:f2:e0:62:b6:61:31:22:64:e0:c8:
                    82:89:30:d5:81:c5:42:56:f6:c4:30:e5:68:de:e8:
                    6e:c0:4a:cc:97:f2:4c:c7:4f:f8:06:1b:fe:05:77:
                    05:0e:ab:5a:80:76:0f:a9:04:56:4d:d0:d7:ce:aa:
                    e5:0d:14:21:f9:8d:2b:4e:59:f7:ad:36:5f:8d:17:
                    7c:f0:70:07:b5:c5:f6:9a:53:3e:09:47:5e:9d:48:
                    77:48:a4:b6:73:94:68:17:d6:7d:9a:96:35:3d:43:
                    b0:e6:c5:a8:0d:ca:81:f3:bd:61:48:64:c6:3c:54:
                    05:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:8C:74:EE:23:87:5E:F0:94:12:59:29:F4:D4:D2:FE:BC:62:16:11
            X509v3 Authority Key Identifier:
                keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/c4x07iOHXvCUElkp9NTS_rxiFhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.16.0/21
                  185.12.220.0/22
                IPv6:
                  2a03:6900::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:36:cb:12:fe:73:70:57:1e:4a:17:34:bf:19:d1:51:51:c4:
         35:97:03:c2:b6:5b:4b:88:0f:1f:3f:97:f1:46:e7:a2:08:53:
         e5:f4:4d:f0:0b:5c:cb:49:6f:48:00:04:3d:13:de:1d:53:95:
         6e:50:14:1c:e0:63:f2:32:9c:ee:58:3c:22:40:5d:d8:23:54:
         ab:24:ef:68:74:46:9c:81:6f:79:ca:97:90:4e:5c:02:6a:30:
         69:59:95:d6:76:93:5b:07:fd:25:47:43:c0:dd:4b:43:9c:d0:
         38:45:06:c5:89:7f:ed:ee:d4:ba:b3:4e:6d:75:3a:4b:6f:73:
         31:28:3e:29:68:64:39:f7:49:93:06:65:59:02:79:7c:f2:d8:
         f2:8e:64:38:a5:ba:78:b9:3b:98:02:37:f1:28:aa:27:4b:15:
         82:5d:aa:7a:a5:a2:86:42:0c:ff:cb:03:e9:ec:97:2c:16:71:
         53:48:69:3b:30:7f:06:da:79:98:44:55:8a:19:76:32:a9:40:
         75:4e:76:aa:9e:3b:8f:74:bd:bd:01:17:d4:37:60:a2:31:f5:
         dc:17:e5:8d:e8:06:5d:46:07:44:83:bb:95:73:5b:87:00:7e:
         2e:73:68:74:36:31:31:e8:f2:eb:b7:ab:7e:0e:9b:9b:e6:19:
         f1:0a:83:3f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYQ0jakfYFnBBdWHM3Ou6RQiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjIxMTAxMTg1NjQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzhjNzRlZTIzODc1ZWYwOTQxMjU5MjlmNGQ0ZDJmZWJjNjIxNjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5LNwNwt75PRJurZHdFnuVrTwiAq
1FJFGp8dWWs+Ce5jWxaeEV4NMD0yqLioBUWcmgLWDpW2R0S1VRvSpMr2zE3YNejD
ggM+v1zaM9b7AVQ3tzcWg+Qdkw++vaZORB8gFJjNY1IQhqA9TQhUFQBtfYckQ1qO
bNxUYVBTm99NRagFVOJDkFW26EWSv/LgYrZhMSJk4MiCiTDVgcVCVvbEMOVo3uhu
wErMl/JMx0/4Bhv+BXcFDqtagHYPqQRWTdDXzqrlDRQh+Y0rTln3rTZfjRd88HAH
tcX2mlM+CUdenUh3SKS2c5RoF9Z9mpY1PUOw5sWoDcqB871hSGTGPFQFnwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHOMdO4jh17wlBJZKfTU0v68YhYRMB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvYzR4MDdpT0hYdkNVRWxrcDlOVFNfcnhpRmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekQAwQC
uQzcMA0EAgACMAcDBQAqA2kAMA0GCSqGSIb3DQEBCwUAA4IBAQB/NssS/nNwVx5K
FzS/GdFRUcQ1lwPCtltLiA8fP5fxRueiCFPl9E3wC1zLSW9IAAQ9E94dU5VuUBQc
4GPyMpzuWDwiQF3YI1SrJO9odEacgW95ypeQTlwCajBpWZXWdpNbB/0lR0PA3UtD
nNA4RQbFiX/t7tS6s05tdTpLb3MxKD4paGQ590mTBmVZAnl88tjyjmQ4pbp4uTuY
AjfxKKonSxWCXap6paKGQgz/ywPp7JcsFnFTSGk7MH8G2nmYRFWKGXYyqUB1Tnaq
njuPdL29ARfUN2CiMfXcF+WN6AZdRgdEg7uVc1uHAH4uc2h0NjEx6PLrt6t+Dpub
5hnxCoM/
-----END CERTIFICATE-----