Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/BqQpTzjE4Fm9rjSWfmVcZ84GNeE.roa
File:                     BqQpTzjE4Fm9rjSWfmVcZ84GNeE.roa (raw, json)
Hash identifier:          MPzqfNXYeY2GfTo1B7EA0uZqZAq1L9gSvL5SKyCjeNI=
Subject key identifier:   06:A4:29:4F:38:C4:E0:59:BD:AE:34:96:7E:65:5C:67:CE:06:35:E1
Certificate issuer:       /CN=9955c5a7137eb5d47ea24e17d27fa92d0b42fbd8
Certificate serial:       0184757C2E7A783ED66FA0E96455D71FE163
Authority key identifier: 99:55:C5:A7:13:7E:B5:D4:7E:A2:4E:17:D2:7F:A9:2D:0B:42:FB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/BqQpTzjE4Fm9rjSWfmVcZ84GNeE.roa
Signing time:             Mon 14 Nov 2022 09:33:03 +0000
ROA not before:           Mon 14 Nov 2022 09:33:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12361
IP address blocks:        195.97.52.0/24 maxlen: 24
                          62.74.128.0/17 maxlen: 17
                          77.69.38.0/24 maxlen: 24
                          213.249.32.0/19 maxlen: 19
                          62.74.0.0/17 maxlen: 22
                          62.74.0.0/16 maxlen: 24
                          213.249.59.0/24 maxlen: 24
                          195.46.0.0/19 maxlen: 24
                          195.46.0.0/20 maxlen: 20
                          185.158.220.0/22 maxlen: 22
                          185.158.220.0/23 maxlen: 23
                          185.158.222.0/23 maxlen: 23
                          213.249.0.0/18 maxlen: 18
                          213.249.0.0/19 maxlen: 19
                          195.46.16.0/20 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:75:7c:2e:7a:78:3e:d6:6f:a0:e9:64:55:d7:1f:e1:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9955c5a7137eb5d47ea24e17d27fa92d0b42fbd8
        Validity
            Not Before: Nov 14 09:33:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=06a4294f38c4e059bdae34967e655c67ce0635e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:22:b0:c6:f1:20:04:05:6c:b3:de:11:1a:95:
                    b7:90:c8:ce:e0:c0:76:6f:c1:b3:6d:96:78:fa:89:
                    b1:a2:dd:32:03:f6:cf:5e:ab:6a:4f:ca:a7:1e:22:
                    ff:1c:23:62:32:06:b2:d9:ac:be:9c:a1:47:64:48:
                    e0:4f:34:52:da:30:bb:5c:02:c7:81:30:e0:39:ea:
                    69:5f:c3:a1:da:ec:f3:09:ef:23:64:5e:81:e3:67:
                    73:d1:3f:59:70:1d:0b:1b:f6:42:ac:68:44:40:07:
                    9f:57:7a:10:f4:45:e1:53:43:f8:bd:4b:38:26:74:
                    d4:0e:b5:33:7c:23:65:38:ac:be:c5:1b:dd:61:42:
                    0f:76:78:45:19:11:90:ff:6d:72:20:a7:dc:52:01:
                    8f:77:a9:e7:8a:fb:d4:c0:6c:26:3c:6d:eb:ed:7b:
                    bd:26:f8:97:f9:cf:58:3f:aa:88:61:2d:81:70:66:
                    6b:da:0c:84:89:9c:f0:50:7b:20:67:48:5d:e3:e4:
                    fc:10:0a:d9:a4:2d:de:14:6f:23:60:93:83:34:19:
                    8c:01:3c:50:40:19:f1:07:41:40:18:c6:4a:23:6b:
                    20:19:3a:82:64:6f:e8:d9:4f:52:e2:1a:55:a5:a5:
                    f5:c5:1c:96:db:d2:88:98:33:4d:3a:3f:04:86:2c:
                    a0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:A4:29:4F:38:C4:E0:59:BD:AE:34:96:7E:65:5C:67:CE:06:35:E1
            X509v3 Authority Key Identifier:
                keyid:99:55:C5:A7:13:7E:B5:D4:7E:A2:4E:17:D2:7F:A9:2D:0B:42:FB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/BqQpTzjE4Fm9rjSWfmVcZ84GNeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/mVXFpxN-tdR-ok4X0n-pLQtC-9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.74.0.0/16
                  77.69.38.0/24
                  185.158.220.0/22
                  195.46.0.0/19
                  195.97.52.0/24
                  213.249.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9e:c2:c5:f6:08:08:53:f5:70:4d:0b:3c:34:23:06:b5:f1:a1:
         8c:b5:e3:db:35:b0:59:f9:36:51:3b:b5:dc:7e:23:c2:ec:a4:
         71:4a:34:cc:a4:4f:ec:dd:3b:f4:03:1c:e1:98:7c:97:0a:1e:
         37:27:8e:25:0f:3d:d2:83:96:51:fb:5a:b2:ff:ad:69:a1:d7:
         6f:af:74:bb:14:31:85:9c:79:7a:69:78:97:82:bd:0a:f2:40:
         b5:1f:d1:d4:21:c7:44:32:db:fc:fb:a8:be:f1:04:53:9e:9b:
         b7:0b:dd:9f:5f:97:e6:59:77:3a:70:e0:64:d9:5c:b6:41:52:
         77:3c:0e:d6:ab:b7:ec:45:c6:2c:ea:0c:56:be:0b:5f:10:8f:
         a0:0b:47:75:de:f9:93:59:3c:ce:9a:04:cb:65:17:39:1b:6b:
         4b:35:c8:a0:85:3c:86:14:e0:d9:f8:fa:ce:6c:b5:26:45:1f:
         b5:78:b0:48:12:20:c5:60:fd:c4:87:ce:0e:cd:e1:69:9b:13:
         43:9c:55:92:a5:d4:3a:86:cf:0b:b7:13:45:bd:5b:e3:ce:d2:
         5c:71:1c:46:9a:15:dc:71:23:18:a2:34:07:76:f0:be:a0:f2:
         08:a5:7e:e1:ec:69:4e:20:0c:0a:d4:32:02:39:23:45:65:01:
         06:d9:ef:a2
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYR1fC56eD7Wb6DpZFXXH+FjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NTVjNWE3MTM3ZWI1ZDQ3ZWEyNGUxN2QyN2ZhOTJkMGI0
MmZiZDgwHhcNMjIxMTE0MDkzMzAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmE0Mjk0ZjM4YzRlMDU5YmRhZTM0OTY3ZTY1NWM2N2NlMDYzNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSKwxvEgBAVss94RGpW3kMjO4MB2
b8GzbZZ4+omxot0yA/bPXqtqT8qnHiL/HCNiMgay2ay+nKFHZEjgTzRS2jC7XALH
gTDgOeppX8Oh2uzzCe8jZF6B42dz0T9ZcB0LG/ZCrGhEQAefV3oQ9EXhU0P4vUs4
JnTUDrUzfCNlOKy+xRvdYUIPdnhFGRGQ/21yIKfcUgGPd6nnivvUwGwmPG3r7Xu9
JviX+c9YP6qIYS2BcGZr2gyEiZzwUHsgZ0hd4+T8EArZpC3eFG8jYJODNBmMATxQ
QBnxB0FAGMZKI2sgGTqCZG/o2U9S4hpVpaX1xRyW29KImDNNOj8EhiygYwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFAakKU84xOBZva40ln5lXGfOBjXhMB8GA1UdIwQY
MBaAFJlVxacTfrXUfqJOF9J/qS0LQvvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVZYRnB4Ti10ZFItb2s0WDBuLXBMUXRDLTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy85NDUzYTAtZTY1NS00ODBlLWI2YTkt
ZTM5NTI0ZTdhNmVkLzEvQnFRcFR6akU0Rm05cmpTV2ZtVmNaODRHTmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy85NDUzYTAtZTY1NS00ODBlLWI2YTktZTM5NTI0ZTdhNmVk
LzEvbVZYRnB4Ti10ZFItb2s0WDBuLXBMUXRDLTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAATAjAwMAPkoDBABN
RSYDBAK5ntwDBAXDLgADBADDYTQDBAbV+QAwDQYJKoZIhvcNAQELBQADggEBAJ7C
xfYICFP1cE0LPDQjBrXxoYy149s1sFn5NlE7tdx+I8LspHFKNMykT+zdO/QDHOGY
fJcKHjcnjiUPPdKDllH7WrL/rWmh12+vdLsUMYWceXppeJeCvQryQLUf0dQhx0Qy
2/z7qL7xBFOem7cL3Z9fl+ZZdzpw4GTZXLZBUnc8Dtart+xFxizqDFa+C18Qj6AL
R3Xe+ZNZPM6aBMtlFzkba0s1yKCFPIYU4Nn4+s5stSZFH7V4sEgSIMVg/cSHzg7N
4WmbE0OcVZKl1DqGzwu3E0W9W+PO0lxxHEaaFdxxIxiiNAd28L6g8gilfuHsaU4g
DArUMgI5I0VlAQbZ76I=
-----END CERTIFICATE-----