Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/EMPzIt3zLKbjRFbtPAuEJSjV-lc.roa
File:                     EMPzIt3zLKbjRFbtPAuEJSjV-lc.roa (raw, json)
Hash identifier:          x1iykGTCC8V4E8/lFBOSgt7nw0ybHvC2L2lBllcEnMM=
Subject key identifier:   10:C3:F3:22:DD:F3:2C:A6:E3:44:56:ED:3C:0B:84:25:28:D5:FA:57
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0181F7C725994296D37A261397C0E53CB965
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/EMPzIt3zLKbjRFbtPAuEJSjV-lc.roa
Signing time:             Wed 13 Jul 2022 13:37:12 +0000
ROA not before:           Wed 13 Jul 2022 13:37:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62240
IP address blocks:        213.209.139.0/24 maxlen: 24
                          213.209.152.0/24 maxlen: 24
                          77.90.163.0/24 maxlen: 24
                          77.90.162.0/24 maxlen: 24
                          77.90.161.0/24 maxlen: 24
                          77.90.160.0/24 maxlen: 24
                          77.90.170.0/24 maxlen: 24
                          77.90.169.0/24 maxlen: 24
                          77.90.172.0/24 maxlen: 24
                          77.90.171.0/24 maxlen: 24
                          77.90.175.0/24 maxlen: 24
                          77.90.186.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f7:c7:25:99:42:96:d3:7a:26:13:97:c0:e5:3c:b9:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 13 13:37:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=10c3f322ddf32ca6e34456ed3c0b842528d5fa57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d5:8e:0e:d9:8b:47:ad:b6:22:df:94:a3:7f:
                    ca:57:86:0c:fa:2f:ff:b2:18:8c:eb:f7:ec:57:cd:
                    65:ac:3e:e5:65:86:6c:68:c8:21:ef:3b:45:98:73:
                    36:9e:1a:66:01:f3:d9:8c:cd:9c:31:c4:55:d9:12:
                    91:eb:cf:14:f2:92:0b:ec:49:62:3e:8e:7d:83:b5:
                    c7:5c:cd:9f:ae:e6:99:41:9a:9d:86:dd:86:ba:ee:
                    86:be:d1:ca:27:24:6f:30:e3:24:52:3c:9e:fd:76:
                    81:7d:9a:0c:9f:37:9c:ac:3c:a9:c2:ae:0a:de:ea:
                    de:f0:c3:e2:17:70:79:08:8a:9c:60:88:28:c1:8d:
                    29:46:a0:28:6b:00:ee:1b:26:1c:ed:e4:da:6f:86:
                    fb:72:25:44:7d:6e:97:f8:34:10:90:cb:2d:93:49:
                    fe:38:79:f5:0b:e5:3d:8c:0f:aa:62:96:46:75:5b:
                    53:fd:05:fc:96:2d:b7:9f:fa:fd:d0:b8:46:0c:f0:
                    94:ee:8b:34:d8:a1:88:6e:71:ed:0f:e9:a0:9d:e8:
                    06:88:02:a1:fd:39:02:85:a7:58:2b:5c:62:2a:e0:
                    c3:1a:23:de:2f:93:30:07:ab:95:c8:f0:7d:8e:53:
                    cc:fc:24:98:7d:17:17:e1:22:ca:14:55:de:5a:01:
                    d7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C3:F3:22:DD:F3:2C:A6:E3:44:56:ED:3C:0B:84:25:28:D5:FA:57
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/EMPzIt3zLKbjRFbtPAuEJSjV-lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.160.0/22
                  77.90.169.0-77.90.172.255
                  77.90.175.0/24
                  77.90.186.0/24
                  213.209.139.0/24
                  213.209.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:24:7d:5f:29:36:1e:8c:16:82:5a:b9:4c:4a:f7:48:c5:5f:
         9e:a4:3f:a7:5c:5e:56:e2:2c:9e:17:ca:83:31:be:70:e9:d0:
         96:a0:bf:68:c5:24:69:90:2a:fb:e7:f3:0b:9f:69:e1:94:08:
         3c:c6:16:0c:42:c1:c9:e6:73:9b:2c:88:51:8d:5c:76:49:15:
         e6:c7:f6:e9:ec:00:d4:61:57:4d:c0:ea:4f:80:ea:da:a1:7e:
         3e:80:2e:3e:91:ec:7d:52:04:dc:61:1d:fc:7f:1a:c8:1c:f2:
         5d:53:cf:b2:53:14:e4:39:ad:4c:74:66:8f:0b:09:8d:7f:f4:
         49:1a:d7:8e:8c:d2:38:a9:ab:3e:0a:90:65:36:aa:7f:52:9f:
         c2:e3:4b:94:16:1a:8e:36:36:fe:97:a4:ef:cd:da:de:2d:df:
         d1:d2:12:92:af:81:fd:91:f8:63:d0:ca:3b:28:41:ee:1d:8f:
         a0:77:0e:dc:57:ee:1b:29:59:95:48:93:e6:e1:05:35:21:17:
         55:0c:14:e1:71:dc:73:86:a9:07:0e:b3:4c:87:e1:1e:cd:11:
         89:2e:7a:ae:f4:94:58:a4:12:2f:4d:9f:12:2d:1e:58:cc:6f:
         00:66:26:68:dd:5d:b5:50:44:9a:d0:26:77:5a:9d:19:0f:28:
         db:19:ee:e9
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYH3xyWZQpbTeiYTl8DlPLllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwNzEzMTMzNzEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGMzZjMyMmRkZjMyY2E2ZTM0NDU2ZWQzYzBiODQyNTI4ZDVmYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNWODtmLR622It+Uo3/KV4YM+i//
shiM6/fsV81lrD7lZYZsaMgh7ztFmHM2nhpmAfPZjM2cMcRV2RKR688U8pIL7Eli
Po59g7XHXM2fruaZQZqdht2Guu6GvtHKJyRvMOMkUjye/XaBfZoMnzecrDypwq4K
3ure8MPiF3B5CIqcYIgowY0pRqAoawDuGyYc7eTab4b7ciVEfW6X+DQQkMstk0n+
OHn1C+U9jA+qYpZGdVtT/QX8li23n/r90LhGDPCU7os02KGIbnHtD+mgnegGiAKh
/TkChadYK1xiKuDDGiPeL5MwB6uVyPB9jlPM/CSYfRcX4SLKFFXeWgHX4wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFBDD8yLd8yym40RW7TwLhCUo1fpXMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvRU1Qekl0M3pMS2JqUkZidFBBdUVKU2pWLWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCTVqgMAwD
BABNWqkDBABNWqwDBABNWq8DBABNWroDBADV0YsDBADV0ZgwDQYJKoZIhvcNAQEL
BQADggEBABskfV8pNh6MFoJauUxK90jFX56kP6dcXlbiLJ4XyoMxvnDp0Jagv2jF
JGmQKvvn8wufaeGUCDzGFgxCwcnmc5ssiFGNXHZJFebH9unsANRhV03A6k+A6tqh
fj6ALj6R7H1SBNxhHfx/Gsgc8l1Tz7JTFOQ5rUx0Zo8LCY1/9Eka146M0jipqz4K
kGU2qn9Sn8LjS5QWGo42Nv6XpO/N2t4t39HSEpKvgf2R+GPQyjsoQe4dj6B3DtxX
7hspWZVIk+bhBTUhF1UMFOFx3HOGqQcOs0yH4R7NEYkueq70lFikEi9NnxItHljM
bwBmJmjdXbVQRJrQJndanRkPKNsZ7uk=
-----END CERTIFICATE-----