Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zX77UjIUwNVr59kGJRruWNJ54H4.roa
File:                     zX77UjIUwNVr59kGJRruWNJ54H4.roa (raw, json)
Hash identifier:          rwBFBQJz9wnAnq89PWrO3I0d+e71S6uQQtio8xdQpr0=
Subject key identifier:   CD:7E:FB:52:32:14:C0:D5:6B:E7:D9:06:25:1A:EE:58:D2:79:E0:7E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01850ACEAD108DAA852629005C4BC3D9F891
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zX77UjIUwNVr59kGJRruWNJ54H4.roa
Signing time:             Tue 13 Dec 2022 09:26:34 +0000
ROA not before:           Tue 13 Dec 2022 09:26:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        194.55.224.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          80.76.48.0/24 maxlen: 24
                          85.31.47.0/24 maxlen: 24
                          85.31.45.0/24 maxlen: 24
                          185.216.70.0/24 maxlen: 24
                          185.216.69.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:0a:ce:ad:10:8d:aa:85:26:29:00:5c:4b:c3:d9:f8:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 13 09:26:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cd7efb523214c0d56be7d906251aee58d279e07e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f7:81:4a:30:4a:11:5c:7f:53:89:ab:ba:49:
                    c5:62:34:f5:85:9d:54:a4:81:83:49:94:d8:4b:55:
                    24:85:5a:d4:57:96:0f:43:de:51:df:82:83:f6:da:
                    49:97:6b:24:05:fc:b2:36:d0:46:b0:6c:4f:31:22:
                    01:a9:8c:13:02:15:7e:31:20:82:2b:a0:21:65:ad:
                    5a:59:90:1f:09:91:a6:47:03:85:42:a8:1b:70:80:
                    f3:49:fc:ad:4e:98:7a:e3:7c:2a:32:86:10:4d:0b:
                    e2:fa:55:a7:50:1f:78:f3:07:4a:bf:db:a4:53:1d:
                    f8:5c:d2:db:34:1e:3c:00:8e:2e:5f:d5:22:6a:a0:
                    47:a7:f9:06:ae:5a:52:13:74:c0:89:8e:1a:7c:3f:
                    af:93:b5:b3:45:dc:dc:7b:ed:07:94:24:31:69:09:
                    45:aa:f1:3f:82:56:c8:ad:b3:12:41:ba:92:d7:ba:
                    d4:18:36:a1:9b:a0:d0:99:a4:c4:e7:94:40:08:75:
                    e3:a4:f6:f0:f4:22:97:fa:1d:cb:16:50:31:0b:ae:
                    dd:27:a8:a3:12:90:90:d3:0a:ec:dc:1a:8f:df:a0:
                    b7:91:61:ac:8c:cc:e2:ba:d8:29:64:67:b3:e3:b4:
                    f6:1e:f6:f3:4f:ba:5d:99:6d:80:a6:bb:5a:e6:d9:
                    67:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:7E:FB:52:32:14:C0:D5:6B:E7:D9:06:25:1A:EE:58:D2:79:E0:7E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zX77UjIUwNVr59kGJRruWNJ54H4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.48.0/24
                  85.31.45.0/24
                  85.31.47.0/24
                  87.120.87.0/24
                  94.154.172.0/24
                  178.215.225.0/24
                  178.215.227.0/24
                  178.215.239.0/24
                  185.216.69.0-185.216.70.255
                  193.35.19.0/24
                  194.55.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:f9:1e:0c:86:64:72:52:da:44:df:5f:d9:b4:c5:c2:b4:7b:
         b9:33:58:31:4b:ed:f3:c7:1f:07:41:e7:22:d0:da:84:21:62:
         5a:cc:7d:f3:c6:18:a7:ca:07:9f:db:f6:70:4d:2c:48:cd:88:
         32:b6:f2:c1:04:60:a5:ad:b0:08:bb:d0:47:26:76:43:d4:33:
         c2:d2:39:3b:8a:f5:56:4f:37:2c:65:1c:99:df:c6:e5:64:6a:
         6b:48:d1:17:a1:c3:5e:70:a3:d9:07:e2:c3:f7:3d:e3:f3:42:
         f0:cf:aa:e5:b4:7c:c4:24:08:81:66:69:e0:73:8b:7c:56:97:
         fb:d8:5b:25:ec:c8:97:b3:c7:d8:fd:f3:3c:eb:94:3a:0f:c3:
         5c:b0:f8:7a:c1:79:ea:3a:89:63:b1:05:43:3b:df:43:68:72:
         d6:fe:e4:ab:24:5c:b6:d1:38:83:3b:f7:ee:f9:fc:70:33:75:
         36:f3:bf:70:ee:d9:ae:a7:23:4c:44:ca:0a:97:18:88:60:98:
         e6:bc:2b:1c:4a:72:08:8e:b8:4c:06:7e:44:52:a2:7b:9f:77:
         e9:00:01:df:17:7c:da:d6:69:95:2a:04:94:5d:f4:d0:de:1d:
         20:85:87:ce:8f:5c:a4:8c:0f:f1:14:bf:15:d5:9f:c4:d3:ef:
         9c:80:fe:95
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYUKzq0QjaqFJikAXEvD2fiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjEzMDkyNjM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDdlZmI1MjMyMTRjMGQ1NmJlN2Q5MDYyNTFhZWU1OGQyNzllMDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/eBSjBKEVx/U4mruknFYjT1hZ1U
pIGDSZTYS1UkhVrUV5YPQ95R34KD9tpJl2skBfyyNtBGsGxPMSIBqYwTAhV+MSCC
K6AhZa1aWZAfCZGmRwOFQqgbcIDzSfytTph643wqMoYQTQvi+lWnUB948wdKv9uk
Ux34XNLbNB48AI4uX9UiaqBHp/kGrlpSE3TAiY4afD+vk7WzRdzce+0HlCQxaQlF
qvE/glbIrbMSQbqS17rUGDahm6DQmaTE55RACHXjpPbw9CKX+h3LFlAxC67dJ6ij
EpCQ0wrs3BqP36C3kWGsjMziutgpZGez47T2HvbzT7pdmW2Aprta5tlneQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFM1++1IyFMDVa+fZBiUa7ljSeeB+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvelg3N1VqSVV3TlZyNTlrR0pScnVXTko1NEg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUEwwAwQA
VR8tAwQAVR8vAwQAV3hXAwQAXpqsAwQAstfhAwQAstfjAwQAstfvMAwDBAC52EUD
BAC52EYDBADBIxMDBAHCN+AwDQYJKoZIhvcNAQELBQADggEBAHn5HgyGZHJS2kTf
X9m0xcK0e7kzWDFL7fPHHwdB5yLQ2oQhYlrMffPGGKfKB5/b9nBNLEjNiDK28sEE
YKWtsAi70EcmdkPUM8LSOTuK9VZPNyxlHJnfxuVkamtI0Rehw15wo9kH4sP3PePz
QvDPquW0fMQkCIFmaeBzi3xWl/vYWyXsyJezx9j98zzrlDoPw1yw+HrBeeo6iWOx
BUM730Noctb+5KskXLbROIM79+75/HAzdTbzv3Du2a6nI0xEygqXGIhgmOa8KxxK
cgiOuEwGfkRSonufd+kAAd8XfNrWaZUqBJRd9NDeHSCFh86PXKSMD/EUvxXVn8TT
75yA/pU=
-----END CERTIFICATE-----