Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/4e1bc8-f810-4182-a6e3-721bb4fc8c16/1/QC4TYa_MfTsGlenjpdWCUQXe3bY.roa
File:                     QC4TYa_MfTsGlenjpdWCUQXe3bY.roa (raw, json)
Hash identifier:          oyLkBNHkVDlcShoMtT2bIWXq3P39FcvUsfjlzwWi9bQ=
Subject key identifier:   40:2E:13:61:AF:CC:7D:3B:06:95:E9:E3:A5:D5:82:51:05:DE:DD:B6
Certificate issuer:       /CN=0966e05d152750dfaade5faf791bad391dc6d2d4
Certificate serial:       01857139D3ACD4B86B801449B0388EDBBFBE
Authority key identifier: 09:66:E0:5D:15:27:50:DF:AA:DE:5F:AF:79:1B:AD:39:1D:C6:D2:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWbgXRUnUN-q3l-veRutOR3G0tQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/4e1bc8-f810-4182-a6e3-721bb4fc8c16/1/QC4TYa_MfTsGlenjpdWCUQXe3bY.roa
Signing time:             Mon 02 Jan 2023 06:44:53 +0000
ROA not before:           Mon 02 Jan 2023 06:44:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42020
IP address blocks:        77.42.249.0/24 maxlen: 24
                          77.42.250.0/24 maxlen: 24
                          77.42.251.0/24 maxlen: 24
                          77.42.252.0/24 maxlen: 24
                          77.42.248.0/24 maxlen: 24
                          77.42.253.0/24 maxlen: 24
                          77.42.254.0/24 maxlen: 24
                          77.42.255.0/24 maxlen: 24
                          185.173.62.0/24 maxlen: 24
                          185.173.63.0/24 maxlen: 24
                          185.173.60.0/24 maxlen: 24
                          185.173.61.0/24 maxlen: 24
                          2a00:6920:1000::/40 maxlen: 40
                          2a00:6920::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:39:d3:ac:d4:b8:6b:80:14:49:b0:38:8e:db:bf:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0966e05d152750dfaade5faf791bad391dc6d2d4
        Validity
            Not Before: Jan  2 06:44:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=402e1361afcc7d3b0695e9e3a5d5825105deddb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:62:bc:9b:95:3f:25:20:9b:75:5b:1b:c0:0a:
                    22:7e:69:cc:a5:8b:46:ae:59:6e:69:04:b1:73:f7:
                    be:2a:81:d1:f8:87:6a:a5:0e:a1:f3:00:ba:1e:6d:
                    64:62:f0:eb:ac:9c:33:3b:fb:2e:8b:46:81:25:13:
                    19:9b:8c:67:ce:bb:a3:71:b2:41:16:99:2e:e0:d5:
                    e9:2b:2f:88:b6:ac:5c:9f:63:48:a9:ff:47:51:39:
                    45:8e:0c:56:54:30:a9:1e:07:10:0b:b1:f8:40:87:
                    56:02:96:e8:97:36:33:83:9a:ba:e0:61:97:64:25:
                    1b:71:b2:22:99:a5:42:a6:23:56:34:e3:b7:95:92:
                    33:fc:40:10:bc:d0:81:95:a5:84:74:79:89:5f:43:
                    b7:78:ab:c2:60:a9:45:ca:29:7e:76:7d:71:9e:53:
                    4b:94:8b:55:e0:4a:de:5c:9b:16:8c:22:1e:b7:dd:
                    dd:ea:67:64:18:f5:65:a2:c1:ba:af:73:86:fd:5d:
                    c0:23:ad:7d:00:23:04:bf:38:6b:60:92:87:dd:ee:
                    84:6f:26:4e:1a:22:97:49:90:97:f4:7e:68:0e:6e:
                    18:8c:20:80:00:7e:a4:02:b0:05:f9:d2:a2:69:4a:
                    a0:b5:65:d5:fb:1d:8c:e7:9a:0f:bc:6e:50:67:6c:
                    e7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:2E:13:61:AF:CC:7D:3B:06:95:E9:E3:A5:D5:82:51:05:DE:DD:B6
            X509v3 Authority Key Identifier:
                keyid:09:66:E0:5D:15:27:50:DF:AA:DE:5F:AF:79:1B:AD:39:1D:C6:D2:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWbgXRUnUN-q3l-veRutOR3G0tQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/4e1bc8-f810-4182-a6e3-721bb4fc8c16/1/QC4TYa_MfTsGlenjpdWCUQXe3bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/4e1bc8-f810-4182-a6e3-721bb4fc8c16/1/CWbgXRUnUN-q3l-veRutOR3G0tQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.42.248.0/21
                  185.173.60.0/22
                IPv6:
                  2a00:6920::/48
                  2a00:6920:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         25:32:c1:4a:ac:00:29:8d:80:a6:7d:55:b7:54:c1:76:0a:d4:
         a1:dc:35:ff:eb:93:c2:5a:ab:50:25:b0:5e:df:3b:5c:07:fc:
         4c:1b:af:5e:e2:95:0b:58:26:e2:89:7c:9a:cd:10:cd:fd:0e:
         eb:2c:e1:aa:06:c9:b5:c4:1b:a0:51:2a:f6:9c:78:d4:4d:11:
         c2:c5:44:ce:b5:99:2a:71:4f:f1:8f:53:36:b0:00:20:ab:af:
         99:8a:89:16:41:5b:63:c1:84:c0:28:0b:36:f4:6b:d6:92:e4:
         51:1d:fe:6f:70:5a:23:0f:52:e6:07:4d:b5:e3:51:ce:c3:7f:
         bc:db:4f:15:5b:6e:1a:e8:59:5e:25:bd:36:17:24:cc:bc:1d:
         51:6d:66:62:2e:a8:f1:30:de:2e:18:e5:40:fb:f8:c7:2f:a4:
         71:0a:b8:7a:39:62:aa:0e:49:b9:f6:02:24:84:73:13:b4:e1:
         6f:95:65:d4:8f:1a:43:2b:ad:f3:e9:4f:5e:eb:bf:62:2c:b8:
         52:e3:a4:4e:49:bb:90:a6:da:bb:f4:54:e4:25:dc:cd:ee:3b:
         be:5d:7d:b6:17:cf:93:e1:03:02:c0:5b:e2:e0:b0:3f:83:62:
         51:9b:10:3b:12:c5:c1:56:9b:c9:b8:77:44:7c:9d:3f:5f:dd:
         2d:ef:e6:eb
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYVxOdOs1LhrgBRJsDiO27++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjZlMDVkMTUyNzUwZGZhYWRlNWZhZjc5MWJhZDM5MWRj
NmQyZDQwHhcNMjMwMTAyMDY0NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDJlMTM2MWFmY2M3ZDNiMDY5NWU5ZTNhNWQ1ODI1MTA1ZGVkZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWK8m5U/JSCbdVsbwAoifmnMpYtG
rlluaQSxc/e+KoHR+IdqpQ6h8wC6Hm1kYvDrrJwzO/sui0aBJRMZm4xnzrujcbJB
Fpku4NXpKy+Itqxcn2NIqf9HUTlFjgxWVDCpHgcQC7H4QIdWApbolzYzg5q64GGX
ZCUbcbIimaVCpiNWNOO3lZIz/EAQvNCBlaWEdHmJX0O3eKvCYKlFyil+dn1xnlNL
lItV4EreXJsWjCIet93d6mdkGPVlosG6r3OG/V3AI619ACMEvzhrYJKH3e6EbyZO
GiKXSZCX9H5oDm4YjCCAAH6kArAF+dKiaUqgtWXV+x2M55oPvG5QZ2znrQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFEAuE2GvzH07BpXp46XVglEF3t22MB8GA1UdIwQY
MBaAFAlm4F0VJ1Dfqt5fr3kbrTkdxtLUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1diZ1hSVW5VTi1xM2wtdmVSdXRPUjNHMHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC80ZTFiYzgtZjgxMC00MTgyLWE2ZTMt
NzIxYmI0ZmM4YzE2LzEvUUM0VFlhX01mVHNHbGVuanBkV0NVUVhlM2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC80ZTFiYzgtZjgxMC00MTgyLWE2ZTMtNzIxYmI0ZmM4YzE2
LzEvQ1diZ1hSVW5VTi1xM2wtdmVSdXRPUjNHMHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTASBAIAATAMAwQDTSr4AwQC
ua08MBcEAgACMBEDBwAqAGkgAAADBgAqAGkgEDANBgkqhkiG9w0BAQsFAAOCAQEA
JTLBSqwAKY2Apn1Vt1TBdgrUodw1/+uTwlqrUCWwXt87XAf8TBuvXuKVC1gm4ol8
ms0Qzf0O6yzhqgbJtcQboFEq9px41E0RwsVEzrWZKnFP8Y9TNrAAIKuvmYqJFkFb
Y8GEwCgLNvRr1pLkUR3+b3BaIw9S5gdNteNRzsN/vNtPFVtuGuhZXiW9NhckzLwd
UW1mYi6o8TDeLhjlQPv4xy+kcQq4ejliqg5JufYCJIRzE7Thb5Vl1I8aQyut8+lP
Xuu/Yiy4UuOkTkm7kKbau/RU5CXcze47vl19thfPk+EDAsBb4uCwP4NiUZsQOxLF
wVabybh3RHydP1/dLe/m6w==
-----END CERTIFICATE-----