Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/j4CQCBi8RW8boOTwOdCD8k7ZZpI.roa
File:                     j4CQCBi8RW8boOTwOdCD8k7ZZpI.roa (raw, json)
Hash identifier:          W+uR6pHlSwDjE0Y6K9De7u1+qeKFTCAZWjETmdvJFrA=
Subject key identifier:   8F:80:90:08:18:BC:45:6F:1B:A0:E4:F0:39:D0:83:F2:4E:D9:66:92
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       1AC3A68C
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/j4CQCBi8RW8boOTwOdCD8k7ZZpI.roa
Signing time:             Sat 01 Jan 2022 14:59:28 +0000
ROA not before:           Sat 01 Jan 2022 14:59:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47843
IP address blocks:        87.248.132.0/23 maxlen: 24
                          87.248.128.0/24 maxlen: 24
                          87.248.129.0/24 maxlen: 24
                          87.248.138.0/24 maxlen: 24
                          87.248.136.0/24 maxlen: 24
                          87.248.137.0/24 maxlen: 24
                          87.248.143.0/24 maxlen: 24
                          87.248.148.0/24 maxlen: 24
                          87.248.149.0/24 maxlen: 24
                          87.248.150.0/24 maxlen: 24
                          87.248.151.0/24 maxlen: 24
                          87.248.155.0/24 maxlen: 24
                          87.248.156.0/24 maxlen: 24
                          87.248.157.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 449029772 (0x1ac3a68c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 14:59:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8f80900818bc456f1ba0e4f039d083f24ed96692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:11:21:3d:2a:c6:c3:96:0c:e6:65:24:76:01:
                    be:25:0b:0d:15:80:65:59:e0:61:a0:67:fd:23:7f:
                    03:6d:39:67:3f:7a:a4:30:06:2d:2d:12:19:40:41:
                    06:c0:e5:ae:22:21:2b:c7:e0:2d:ce:76:9e:88:2b:
                    ba:f7:4b:f6:74:aa:a0:a0:20:0c:db:d0:72:b5:01:
                    d2:68:07:89:87:91:53:bd:c3:7b:69:dd:68:94:0a:
                    1a:7f:91:d1:b2:10:10:d7:fd:30:9b:55:44:cd:77:
                    92:a6:c0:cf:c3:80:2d:38:22:42:00:6c:1b:72:68:
                    d8:e7:be:34:82:0d:9c:64:74:ca:e4:1e:6c:14:58:
                    12:f9:4f:38:78:1a:2a:c5:ec:93:90:17:f0:ef:0f:
                    be:bf:06:e8:3e:04:5e:d4:8f:32:c0:7b:6c:8c:34:
                    f3:36:cd:c3:d7:d9:cf:d2:80:51:2a:c1:76:0b:a3:
                    ba:5d:14:17:93:4d:ba:ce:82:be:b9:e9:a9:96:a3:
                    4e:74:90:e6:ad:58:e2:96:10:93:7d:eb:d1:07:ed:
                    71:df:9e:a3:3c:1a:42:8d:df:28:3d:f2:33:50:24:
                    06:7a:6b:e7:cf:60:17:a7:53:e9:6a:3f:7e:71:3f:
                    d3:43:7e:45:b5:3e:63:a2:4a:4d:aa:5c:88:84:0d:
                    1f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:80:90:08:18:BC:45:6F:1B:A0:E4:F0:39:D0:83:F2:4E:D9:66:92
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/j4CQCBi8RW8boOTwOdCD8k7ZZpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.128.0/23
                  87.248.132.0/23
                  87.248.136.0-87.248.138.255
                  87.248.143.0/24
                  87.248.148.0/22
                  87.248.155.0-87.248.157.255

    Signature Algorithm: sha256WithRSAEncryption
         b6:4a:1e:9c:d6:de:4c:5c:f2:ca:a3:79:36:b4:07:6a:fd:79:
         92:1c:24:16:92:86:af:ca:2a:ce:3c:a7:7a:b0:e4:d2:af:e4:
         d3:86:ff:bb:04:94:9c:06:0e:4c:b3:49:03:0e:ee:74:88:1a:
         d1:12:2c:7f:2a:95:23:44:fd:06:ab:f0:9f:52:39:22:22:7b:
         8e:8c:71:d6:a1:0e:70:41:44:a8:bd:a7:40:ec:81:7c:9c:40:
         96:33:8c:80:22:79:da:6e:22:6e:0f:4a:47:8a:9b:ea:79:dc:
         b9:d2:88:22:4d:eb:9e:ec:55:fa:90:f2:18:5e:f0:6a:f3:cd:
         93:c1:40:be:5f:94:9f:b5:87:1b:d7:49:12:dd:9c:52:fe:0d:
         1f:43:9b:58:ee:06:8f:34:f5:c4:6a:47:22:7f:7c:e4:65:63:
         81:1d:b0:84:5c:5c:b6:73:e1:19:da:2b:79:b1:e7:40:b5:d6:
         50:f5:36:3c:0f:30:17:a0:fb:6e:1f:f3:cf:e8:94:31:75:de:
         f7:4c:12:1f:f0:59:87:98:4f:92:bd:6a:fa:a0:91:e8:04:be:
         56:a6:45:93:06:23:25:50:b0:73:ae:7c:d3:95:5e:6e:e6:d7:
         1e:b9:38:87:28:36:e1:62:47:9e:26:98:bd:cc:97:80:54:71:
         10:d0:e5:73
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIEGsOmjDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
N2Y2MWZjN2MwYWI0MWNlMTU0ZTdiY2IwOGVmOTYyMzUxYTQ2Nzg0MB4XDTIyMDEw
MTE0NTkyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGY4MDkwMDgxOGJj
NDU2ZjFiYTBlNGYwMzlkMDgzZjI0ZWQ5NjY5MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKoRIT0qxsOWDOZlJHYBviULDRWAZVngYaBn/SN/A205Zz96
pDAGLS0SGUBBBsDlriIhK8fgLc52nogruvdL9nSqoKAgDNvQcrUB0mgHiYeRU73D
e2ndaJQKGn+R0bIQENf9MJtVRM13kqbAz8OALTgiQgBsG3Jo2Oe+NIINnGR0yuQe
bBRYEvlPOHgaKsXsk5AX8O8Pvr8G6D4EXtSPMsB7bIw08zbNw9fZz9KAUSrBdguj
ul0UF5NNus6CvrnpqZajTnSQ5q1Y4pYQk33r0Qftcd+eozwaQo3fKD3yM1AkBnpr
589gF6dT6Wo/fnE/00N+RbU+Y6JKTapciIQNH4MCAwEAAaOCAjcwggIzMB0GA1Ud
DgQWBBSPgJAIGLxFbxug5PA50IPyTtlmkjAfBgNVHSMEGDAWgBR39h/HwKtBzhVO
e8sI75YjUaRnhDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2RfWWZ4OENyUWM0VlRudkxDTy1XSTFHa1o0US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjQvOTIxM2VjLTg1YTktNDhkNi1hYTY5LWVkYzlkMDJmYWY1NC8x
L2o0Q1FDQmk4Ulc4Ym9PVHdPZENEOGs3WlpwSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQv
OTIxM2VjLTg1YTktNDhkNi1hYTY5LWVkYzlkMDJmYWY1NC8xL2RfWWZ4OENyUWM0
VlRudkxDTy1XSTFHa1o0US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBN
BggrBgEFBQcBBwEB/wQ+MDwwOgQCAAEwNAMEAVf4gAMEAVf4hDAMAwQDV/iIAwQA
V/iKAwQAV/iPAwQCV/iUMAwDBABX+JsDBAFX+JwwDQYJKoZIhvcNAQELBQADggEB
ALZKHpzW3kxc8sqjeTa0B2r9eZIcJBaShq/KKs48p3qw5NKv5NOG/7sElJwGDkyz
SQMO7nSIGtESLH8qlSNE/Qar8J9SOSIie46McdahDnBBRKi9p0DsgXycQJYzjIAi
edpuIm4PSkeKm+p53LnSiCJN657sVfqQ8hhe8GrzzZPBQL5flJ+1hxvXSRLdnFL+
DR9Dm1juBo809cRqRyJ/fORlY4EdsIRcXLZz4RnaK3mx50C11lD1NjwPMBeg+24f
88/olDF13vdMEh/wWYeYT5K9avqgkegEvlamRZMGIyVQsHOufNOVXm7m1x65OIco
NuFiR54mmL3Ml4BUcRDQ5XM=
-----END CERTIFICATE-----