Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/76WmunBuMAlmWiI9qyQebHph0QU.roa
File:                     76WmunBuMAlmWiI9qyQebHph0QU.roa (raw, json)
Hash identifier:          GRPaVw9eLbWMbpV8TSiXFwf5r7fCp+REKXbRExZXijw=
Subject key identifier:   EF:A5:A6:BA:70:6E:30:09:66:5A:22:3D:AB:24:1E:6C:7A:61:D1:05
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       09D4FF7F
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/76WmunBuMAlmWiI9qyQebHph0QU.roa
Signing time:             Thu 23 Jun 2022 12:52:56 +0000
ROA not before:           Thu 23 Jun 2022 12:52:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.144.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          77.90.150.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 164953983 (0x9d4ff7f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jun 23 12:52:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=efa5a6ba706e3009665a223dab241e6c7a61d105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b2:91:45:5b:f9:14:db:93:c7:b8:3b:86:d6:
                    ca:5d:e7:74:5f:4b:8c:c5:20:66:0e:27:30:c8:65:
                    59:0c:03:25:42:c1:25:13:6a:96:3c:d1:ea:72:41:
                    84:51:40:bf:b0:6f:22:56:6d:b5:95:e4:bd:93:37:
                    7a:4b:9d:b7:33:ae:53:b8:51:52:9b:9b:94:93:05:
                    36:fc:47:ff:d6:dc:a8:e9:00:9d:5d:ee:a2:ca:4e:
                    66:56:12:2f:bf:1d:5a:f8:94:4c:04:63:2a:b1:12:
                    85:3b:cd:07:a2:78:b5:ad:e7:57:91:86:d4:4c:38:
                    4e:60:05:ce:1d:85:72:99:4a:94:fd:34:d3:aa:22:
                    b8:e2:45:ee:27:ae:ac:2e:d2:05:c6:ec:07:8d:96:
                    8f:f3:ab:e7:94:95:6f:27:d7:69:11:f3:f2:ea:95:
                    9d:75:87:b3:6f:0d:0c:83:d9:4e:e2:81:d2:52:0e:
                    47:fa:6e:b7:7c:95:71:a9:83:a2:06:95:0d:53:58:
                    dc:31:01:05:42:bf:12:f2:04:f0:07:45:6f:fc:b1:
                    15:24:26:d2:72:53:d9:1d:ff:c6:42:05:e6:ab:60:
                    46:71:c6:cc:c2:e0:4a:c1:b4:ee:df:be:be:d8:e1:
                    3e:fe:04:37:37:97:f2:75:f8:d8:bd:d7:d8:62:34:
                    a5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:A5:A6:BA:70:6E:30:09:66:5A:22:3D:AB:24:1E:6C:7A:61:D1:05
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/76WmunBuMAlmWiI9qyQebHph0QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.149.0-77.90.150.255
                  77.90.178.0/24
                  77.90.185.0/24
                  77.90.188.0/24
                  185.230.13.0-185.230.14.255
                  213.209.129.0/24
                  213.209.136.0/24
                  213.209.143.0-213.209.146.255
                  213.209.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:b2:e7:6b:00:e4:45:8f:f6:7a:1f:3b:e5:d1:38:44:73:6e:
         ed:b2:ab:d0:41:db:fa:4a:21:ab:e0:bd:09:6c:e3:75:9c:38:
         7a:25:5d:10:f6:b8:c8:2e:f9:aa:b9:28:76:1d:d1:11:dc:21:
         db:1a:6a:5d:2f:2e:22:65:00:21:1e:a5:d2:34:2d:b3:7a:9e:
         8f:7d:78:3e:eb:28:b0:13:f8:16:99:60:9e:aa:b7:48:7a:3f:
         17:aa:39:59:5c:c6:e6:f6:e2:96:ce:81:0b:74:43:e1:34:7b:
         b9:7f:08:fe:a5:c4:05:10:6f:02:e6:82:4f:46:a1:1d:a8:af:
         db:1b:19:fa:6d:66:da:2a:bc:d4:4b:b1:00:67:77:2a:b7:0f:
         5d:48:31:d2:e4:dd:08:a9:a2:c8:d7:4f:96:fc:60:28:13:7b:
         cc:c5:2e:57:48:bc:e3:fe:a2:56:6e:6a:35:c3:21:35:db:65:
         1f:ec:36:9c:2d:e3:7c:58:b6:b5:e8:44:0a:51:de:6c:39:b3:
         6f:99:78:35:88:27:ab:a3:d3:b5:e9:f2:94:52:83:3c:2c:1d:
         4d:e5:3b:4e:57:ee:93:85:7c:2b:b4:cf:f0:0c:56:75:3e:9f:
         0b:98:a6:fe:60:a0:f5:90:23:8f:26:7c:ee:fa:f5:bb:6d:90:
         c1:cd:5d:44
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIECdT/fzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDYy
MzEyNTI1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWZhNWE2YmE3MDZl
MzAwOTY2NWEyMjNkYWIyNDFlNmM3YTYxZDEwNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL2ykUVb+RTbk8e4O4bWyl3ndF9LjMUgZg4nMMhlWQwDJULB
JRNqljzR6nJBhFFAv7BvIlZttZXkvZM3ekudtzOuU7hRUpublJMFNvxH/9bcqOkA
nV3uospOZlYSL78dWviUTARjKrEShTvNB6J4ta3nV5GG1Ew4TmAFzh2FcplKlP00
06oiuOJF7ieurC7SBcbsB42Wj/Or55SVbyfXaRHz8uqVnXWHs28NDIPZTuKB0lIO
R/put3yVcamDogaVDVNY3DEBBUK/EvIE8AdFb/yxFSQm0nJT2R3/xkIF5qtgRnHG
zMLgSsG07t++vtjhPv4ENzeX8nX42L3X2GI0pVkCAwEAAaOCAlEwggJNMB0GA1Ud
DgQWBBTvpaa6cG4wCWZaIj2rJB5semHRBTAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
Lzc2V211bkJ1TUFsbVdpSTlxeVFlYkhwaDBRVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBn
BggrBgEFBQcBBwEB/wRYMFYwVAQCAAEwTjAMAwQATVqVAwQATVqWAwQATVqyAwQA
TVq5AwQATVq8MAwDBAC55g0DBAC55g4DBADV0YEDBADV0YgwDAMEANXRjwMEANXR
kgMEANXRnDANBgkqhkiG9w0BAQsFAAOCAQEAI7LnawDkRY/2eh875dE4RHNu7bKr
0EHb+kohq+C9CWzjdZw4eiVdEPa4yC75qrkodh3REdwh2xpqXS8uImUAIR6l0jQt
s3qej314PusosBP4Fplgnqq3SHo/F6o5WVzG5vbils6BC3RD4TR7uX8I/qXEBRBv
AuaCT0ahHaiv2xsZ+m1m2iq81EuxAGd3KrcPXUgx0uTdCKmiyNdPlvxgKBN7zMUu
V0i84/6iVm5qNcMhNdtlH+w2nC3jfFi2tehEClHebDmzb5l4NYgnq6PTtenylFKD
PCwdTeU7Tlfuk4V8K7TP8AxWdT6fC5im/mCg9ZAjjyZ87vr1u22Qwc1dRA==
-----END CERTIFICATE-----