Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/HfVPh5NPj-QNjTJwbwCSZ07iHVk.roa
File:                     HfVPh5NPj-QNjTJwbwCSZ07iHVk.roa (raw, json)
Hash identifier:          hZuVPeSunLo1MZoocsyd7kxbgSe0FlveU/yZkQWh/DY=
Subject key identifier:   1D:F5:4F:87:93:4F:8F:E4:0D:8D:32:70:6F:00:92:67:4E:E2:1D:59
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       07A80FCD
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/HfVPh5NPj-QNjTJwbwCSZ07iHVk.roa
Signing time:             Tue 01 Mar 2022 19:50:18 +0000
ROA not before:           Tue 01 Mar 2022 19:50:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        77.90.191.0/24 maxlen: 24
                          213.209.134.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          213.209.157.0/24 maxlen: 24
                          77.90.152.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          185.230.12.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          77.90.180.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 128454605 (0x7a80fcd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar  1 19:50:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1df54f87934f8fe40d8d32706f0092674ee21d59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ce:a5:54:18:23:b8:24:a1:a7:ab:25:7b:d9:
                    61:28:3e:14:4e:39:5a:56:bb:db:1a:c3:6e:b7:a3:
                    60:81:7d:48:10:8e:26:25:99:e8:f0:0f:b5:ca:89:
                    8e:67:44:5d:cd:df:82:6b:34:c3:4a:8c:6c:fc:75:
                    76:6d:85:3b:8b:86:62:d3:3c:37:84:48:c6:76:0c:
                    9f:26:17:2d:2a:82:f6:0e:b6:54:5c:9f:2d:9f:74:
                    ad:b8:b1:62:59:ad:0b:ed:ef:37:b2:bd:b1:13:bf:
                    f0:cc:dc:5a:0a:7a:23:95:b2:aa:aa:0c:d7:40:9a:
                    96:85:3a:fc:8b:42:b1:8d:ef:85:e2:6c:aa:69:cc:
                    9c:75:67:38:d6:46:21:c1:e4:01:c3:5d:67:b9:21:
                    56:77:f2:a9:f0:7d:cc:06:72:0e:0c:b9:40:e0:0a:
                    3c:d2:20:25:85:9d:8a:6a:c4:ef:f1:0e:f4:b4:3e:
                    72:4d:0c:98:3d:19:a0:70:b7:ba:57:14:d8:4d:3d:
                    c9:1b:0f:db:63:11:b8:6d:f7:ae:85:12:1f:09:af:
                    56:3f:d9:9b:2b:95:5e:c0:c9:27:39:88:4c:8c:a2:
                    d0:6e:3a:c2:2b:e3:ae:95:2f:68:d1:9f:a1:0f:5d:
                    5e:89:ef:8d:33:9c:9b:33:49:90:65:67:8d:e1:98:
                    31:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F5:4F:87:93:4F:8F:E4:0D:8D:32:70:6F:00:92:67:4E:E2:1D:59
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/HfVPh5NPj-QNjTJwbwCSZ07iHVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.149.0/24
                  77.90.152.0/24
                  77.90.179.0-77.90.180.255
                  77.90.191.0/24
                  185.230.12.0/24
                  213.209.134.0/24
                  213.209.143.0/24
                  213.209.145.0/24
                  213.209.149.0/24
                  213.209.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:81:55:7b:c7:83:5c:c4:21:7a:d4:d9:e9:2a:83:79:48:26:
         30:bf:f7:87:9d:64:6f:3f:fb:ab:59:97:e5:e3:c0:ed:fb:30:
         43:f0:41:0e:34:ed:19:8c:95:aa:9b:05:01:83:ce:39:df:a7:
         3c:ab:33:d9:da:ce:7e:19:58:fd:c0:cc:5b:b6:a1:3e:39:5b:
         ec:9f:14:72:3e:77:4f:0f:1f:c4:12:94:6a:e6:49:52:20:01:
         f4:20:69:d4:b5:f7:4d:a1:40:91:91:f3:1d:5f:05:90:99:ef:
         77:4a:6e:9c:78:f3:47:47:e5:cc:b9:20:07:d0:84:d6:e0:9e:
         93:e3:49:ca:e2:30:7d:01:d1:b6:b8:db:f9:28:0e:13:73:94:
         9c:00:9d:75:3d:f3:4f:d1:a2:54:f0:bd:8b:4a:5e:b1:2c:68:
         7f:6b:fa:08:64:0b:b1:db:58:23:93:ce:08:66:b2:79:01:3a:
         ae:d4:0a:c8:37:e6:08:66:b7:0e:06:d2:fc:90:41:95:5f:6e:
         6a:7b:bf:02:8f:d8:5c:93:48:a8:8c:ed:bd:e8:a4:53:56:6a:
         d8:50:f9:ef:bc:bb:07:1d:e9:be:5b:7a:9d:1e:c0:c9:89:f0:
         74:99:1e:1f:10:3f:f6:fe:c2:a8:c6:a5:b2:58:8f:53:56:d6:
         62:bb:77:00
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIEB6gPzTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMw
MTE5NTAxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWRmNTRmODc5MzRm
OGZlNDBkOGQzMjcwNmYwMDkyNjc0ZWUyMWQ1OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMXOpVQYI7gkoaerJXvZYSg+FE45Wla72xrDbrejYIF9SBCO
JiWZ6PAPtcqJjmdEXc3fgms0w0qMbPx1dm2FO4uGYtM8N4RIxnYMnyYXLSqC9g62
VFyfLZ90rbixYlmtC+3vN7K9sRO/8MzcWgp6I5WyqqoM10CaloU6/ItCsY3vheJs
qmnMnHVnONZGIcHkAcNdZ7khVnfyqfB9zAZyDgy5QOAKPNIgJYWdimrE7/EO9LQ+
ck0MmD0ZoHC3ulcU2E09yRsP22MRuG33roUSHwmvVj/ZmyuVXsDJJzmITIyi0G46
wivjrpUvaNGfoQ9dXonvjTOcmzNJkGVnjeGYMSUCAwEAAaOCAkcwggJDMB0GA1Ud
DgQWBBQd9U+Hk0+P5A2NMnBvAJJnTuIdWTAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L0hmVlBoNU5Qai1RTmpUSndid0NTWjA3aUhWay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBd
BggrBgEFBQcBBwEB/wROMEwwSgQCAAEwRAMEAE1alQMEAE1amDAMAwQATVqzAwQA
TVq0AwQATVq/AwQAueYMAwQA1dGGAwQA1dGPAwQA1dGRAwQA1dGVAwQB1dGcMA0G
CSqGSIb3DQEBCwUAA4IBAQABgVV7x4NcxCF61NnpKoN5SCYwv/eHnWRvP/urWZfl
48Dt+zBD8EEONO0ZjJWqmwUBg84536c8qzPZ2s5+GVj9wMxbtqE+OVvsnxRyPndP
Dx/EEpRq5klSIAH0IGnUtfdNoUCRkfMdXwWQme93Sm6cePNHR+XMuSAH0ITW4J6T
40nK4jB9AdG2uNv5KA4Tc5ScAJ11PfNP0aJU8L2LSl6xLGh/a/oIZAux21gjk84I
ZrJ5ATqu1ArIN+YIZrcOBtL8kEGVX25qe78Cj9hck0iojO296KRTVmrYUPnvvLsH
Hem+W3qdHsDJifB0mR4fED/2/sKoxqWyWI9TVtZiu3cA
-----END CERTIFICATE-----