Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/sfyEEMMFdK_f5X5W9W8aXBYyqZU.roa
File:                     sfyEEMMFdK_f5X5W9W8aXBYyqZU.roa (raw, json)
Hash identifier:          r+GVDd+L36tyZSG9Smk/9ZMOAFCWNp3PJfkGpYkeUnQ=
Subject key identifier:   B1:FC:84:10:C3:05:74:AF:DF:E5:7E:56:F5:6F:1A:5C:16:32:A9:95
Certificate issuer:       /CN=22ff5bcf739b0732fb1bcdb717ec717f6f1cb0e2
Certificate serial:       04548747
Authority key identifier: 22:FF:5B:CF:73:9B:07:32:FB:1B:CD:B7:17:EC:71:7F:6F:1C:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iv9bz3ObBzL7G823F-xxf28csOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/sfyEEMMFdK_f5X5W9W8aXBYyqZU.roa
Signing time:             Sat 01 Jan 2022 13:05:31 +0000
ROA not before:           Sat 01 Jan 2022 13:05:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48260
IP address blocks:        185.77.198.0/24 maxlen: 24
                          185.77.199.0/24 maxlen: 24
                          185.77.197.0/24 maxlen: 24
                          2a03:1980:d400::/40 maxlen: 40
                          2a03:1980:d200::/40 maxlen: 40
                          2a03:1980::/40 maxlen: 40
                          2a03:1981::/32 maxlen: 32
                          2a03:1980:d4ff::/48 maxlen: 48
                          2a03:1980:d1ff::/48 maxlen: 48
                          2a03:1980:d0ff::/48 maxlen: 48
                          2a03:1984::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 72648519 (0x4548747)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22ff5bcf739b0732fb1bcdb717ec717f6f1cb0e2
        Validity
            Not Before: Jan  1 13:05:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b1fc8410c30574afdfe57e56f56f1a5c1632a995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0d:35:46:15:06:17:af:33:87:ed:1c:d1:c7:
                    5d:21:a5:96:e6:74:77:08:40:0e:d6:25:98:99:61:
                    48:5f:10:d9:29:e9:88:d3:42:37:6e:62:8b:2d:37:
                    37:70:02:40:d3:a2:ac:27:8a:0c:20:ad:44:d5:79:
                    db:81:94:d2:3c:0d:81:f5:7d:01:85:01:5a:0c:9e:
                    3c:9c:7f:a0:14:c1:f9:0f:f8:0e:47:ed:4b:6b:65:
                    26:83:2d:4e:2b:d5:68:35:71:cf:cd:f2:ff:98:54:
                    d1:90:ab:bb:09:17:e9:83:97:f0:14:be:47:2b:17:
                    35:7e:cc:36:6d:aa:4b:d1:9d:a7:57:30:1f:4b:97:
                    52:e6:62:01:9d:aa:6e:61:2c:91:db:68:df:ce:72:
                    63:11:af:ec:ed:f3:11:99:83:31:08:29:91:b4:b2:
                    27:92:8e:8f:bf:5b:af:55:ea:94:d8:9a:5d:92:8a:
                    06:69:49:20:a4:eb:ce:c3:fa:c6:36:c7:86:04:d9:
                    f7:3b:40:ad:86:86:8d:be:54:2f:45:7c:30:5b:93:
                    79:42:50:90:df:99:ee:53:72:00:12:c1:f6:68:5c:
                    41:29:22:9e:9b:43:d6:73:63:43:fa:69:97:56:41:
                    d9:4d:ac:d7:4d:38:7c:0c:d5:50:af:c7:db:c0:8e:
                    b7:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:FC:84:10:C3:05:74:AF:DF:E5:7E:56:F5:6F:1A:5C:16:32:A9:95
            X509v3 Authority Key Identifier:
                keyid:22:FF:5B:CF:73:9B:07:32:FB:1B:CD:B7:17:EC:71:7F:6F:1C:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iv9bz3ObBzL7G823F-xxf28csOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/sfyEEMMFdK_f5X5W9W8aXBYyqZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d7bf0f-691a-4cec-b5ce-7603e5dd5707/1/Iv9bz3ObBzL7G823F-xxf28csOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.197.0-185.77.199.255
                IPv6:
                  2a03:1980::/40
                  2a03:1980:d0ff::/48
                  2a03:1980:d1ff::-2a03:1980:d2ff:ffff:ffff:ffff:ffff:ffff
                  2a03:1980:d400::/40
                  2a03:1981::/32
                  2a03:1984::/32

    Signature Algorithm: sha256WithRSAEncryption
         e0:31:b1:52:d6:88:22:58:2b:65:29:28:cc:bf:f0:98:10:7e:
         0b:2b:d2:4d:7c:96:ad:37:ed:ce:b7:9e:02:b5:22:05:90:40:
         42:82:cd:28:47:db:2b:e3:65:d5:7a:60:72:49:0c:11:ff:22:
         28:87:b8:9b:2f:78:81:79:ba:50:58:24:29:6d:26:55:f7:ec:
         fb:b6:68:00:eb:3f:4e:20:30:77:0e:a0:c2:b2:2f:57:69:7b:
         3a:0d:d6:01:60:27:6a:40:0a:e2:ad:72:36:1e:33:06:20:a1:
         fb:4c:81:da:1b:6e:df:91:93:e2:23:4a:e3:f8:92:ad:90:44:
         c5:e9:1d:b4:a9:57:c3:6f:53:f3:3c:92:76:ce:c7:14:9a:82:
         51:e9:5b:fb:7d:be:7a:41:6a:f7:76:4e:ba:2e:a6:e5:54:c0:
         b4:6c:cd:45:a8:d9:15:40:c4:9e:86:be:09:4e:27:43:1b:d9:
         8d:1f:49:8f:39:da:03:1b:e5:40:d6:e0:fc:f0:f6:ff:d2:2b:
         05:ff:9a:b5:59:4c:d7:0b:61:c0:41:ca:5e:7a:7e:18:06:0a:
         0a:01:92:55:0d:fb:cc:a7:ce:22:fe:72:e0:f9:5a:a7:23:69:
         a8:6c:25:8e:2e:62:84:78:68:51:6f:97:29:11:ff:d8:18:db:
         85:d3:d1:12
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgIEBFSHRzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmZmNWJjZjczOWIwNzMyZmIxYmNkYjcxN2VjNzE3ZjZmMWNiMGUyMB4XDTIyMDEw
MTEzMDUzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjFmYzg0MTBjMzA1
NzRhZmRmZTU3ZTU2ZjU2ZjFhNWMxNjMyYTk5NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI8NNUYVBhevM4ftHNHHXSGlluZ0dwhADtYlmJlhSF8Q2Snp
iNNCN25iiy03N3ACQNOirCeKDCCtRNV524GU0jwNgfV9AYUBWgyePJx/oBTB+Q/4
DkftS2tlJoMtTivVaDVxz83y/5hU0ZCruwkX6YOX8BS+RysXNX7MNm2qS9Gdp1cw
H0uXUuZiAZ2qbmEskdto385yYxGv7O3zEZmDMQgpkbSyJ5KOj79br1XqlNiaXZKK
BmlJIKTrzsP6xjbHhgTZ9ztArYaGjb5UL0V8MFuTeUJQkN+Z7lNyABLB9mhcQSki
nptD1nNjQ/ppl1ZB2U2s1004fAzVUK/H28COtwcCAwEAAaOCAlMwggJPMB0GA1Ud
DgQWBBSx/IQQwwV0r9/lflb1bxpcFjKplTAfBgNVHSMEGDAWgBQi/1vPc5sHMvsb
zbcX7HF/bxyw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0l2OWJ6M09iQnpMN0c4MjNGLXh4ZjI4Y3NPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjkvZDdiZjBmLTY5MWEtNGNlYy1iNWNlLTc2MDNlNWRkNTcwNy8x
L3NmeUVFTU1GZEtfZjVYNVc5VzhhWEJZeXFaVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkv
ZDdiZjBmLTY5MWEtNGNlYy1iNWNlLTc2MDNlNWRkNTcwNy8xL0l2OWJ6M09iQnpM
N0c4MjNGLXh4ZjI4Y3NPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBp
BggrBgEFBQcBBwEB/wRaMFgwFAQCAAEwDjAMAwQAuU3FAwQDuU3AMEAEAgACMDoD
BgAqAxmAAAMHACoDGYDQ/zARAwcAKgMZgNH/AwYAKgMZgNIDBgAqAxmA1AMFACoD
GYEDBQAqAxmEMA0GCSqGSIb3DQEBCwUAA4IBAQDgMbFS1ogiWCtlKSjMv/CYEH4L
K9JNfJatN+3Ot54CtSIFkEBCgs0oR9sr42XVemBySQwR/yIoh7ibL3iBebpQWCQp
bSZV9+z7tmgA6z9OIDB3DqDCsi9XaXs6DdYBYCdqQArirXI2HjMGIKH7TIHaG27f
kZPiI0rj+JKtkETF6R20qVfDb1PzPJJ2zscUmoJR6Vv7fb56QWr3dk66LqblVMC0
bM1FqNkVQMSehr4JTidDG9mNH0mPOdoDG+VA1uD88Pb/0isF/5q1WUzXC2HAQcpe
en4YBgoKAZJVDfvMp84i/nLg+VqnI2mobCWOLmKEeGhRb5cpEf/YGNuF09ES
-----END CERTIFICATE-----