Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ePf85GINnW21S-9xv5myQt7WKoA.roa
File:                     ePf85GINnW21S-9xv5myQt7WKoA.roa (raw, json)
Hash identifier:          JzjViqFeag0zCE0i4BH6GuDFcRzGhmfDfB7aexZsKh4=
Subject key identifier:   78:F7:FC:E4:62:0D:9D:6D:B5:4B:EF:71:BF:99:B2:42:DE:D6:2A:80
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0998AB68
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ePf85GINnW21S-9xv5myQt7WKoA.roa
Signing time:             Mon 13 Jun 2022 13:17:57 +0000
ROA not before:           Mon 13 Jun 2022 13:17:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        213.209.129.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          213.209.158.0/24 maxlen: 24
                          77.90.150.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 161000296 (0x998ab68)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jun 13 13:17:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=78f7fce4620d9d6db54bef71bf99b242ded62a80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ec:d3:2a:bb:eb:e2:f6:03:d9:8d:31:00:82:
                    a2:b4:da:1e:84:b6:11:01:4c:b9:4f:25:12:5d:12:
                    fd:f5:fc:74:d2:ff:7e:5d:9e:3d:8a:b6:79:6c:d0:
                    b3:82:fc:8b:2c:23:71:4d:df:cf:fe:4a:ec:2f:16:
                    2c:6d:f6:43:83:35:ab:0d:cf:9e:4c:20:a1:bb:a0:
                    3d:6f:f7:de:79:61:04:21:ae:45:ff:7f:27:95:dd:
                    ec:20:e3:16:36:50:99:3d:a7:fd:c1:f6:59:9e:cf:
                    75:f9:38:b7:ba:ed:da:31:8a:eb:4d:e1:7a:82:eb:
                    a2:90:72:b5:7a:ff:f9:c5:81:2d:e0:49:b5:cb:4d:
                    4c:42:fc:d4:fb:c0:20:7d:70:7c:08:a2:6d:2c:96:
                    0c:8e:58:74:4e:26:39:fd:8e:33:6f:15:2a:46:02:
                    13:9f:84:67:6f:bb:3c:97:d8:d3:03:39:af:d0:d1:
                    3f:cd:be:e8:e3:48:cf:91:93:23:4a:c8:aa:3f:ad:
                    96:a2:fd:9a:70:09:a2:33:5a:77:93:b9:f1:95:c6:
                    f7:24:9f:9e:4a:e8:87:a5:e3:94:7e:89:62:f4:60:
                    55:64:42:34:1f:00:13:56:c6:33:83:43:3e:d4:f6:
                    44:89:a9:35:4b:bf:48:cf:98:22:c4:60:52:0b:d8:
                    31:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:F7:FC:E4:62:0D:9D:6D:B5:4B:EF:71:BF:99:B2:42:DE:D6:2A:80
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ePf85GINnW21S-9xv5myQt7WKoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.149.0-77.90.150.255
                  77.90.178.0/24
                  77.90.185.0/24
                  185.230.13.0-185.230.14.255
                  213.209.129.0/24
                  213.209.145.0-213.209.146.255
                  213.209.156.0/24
                  213.209.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:6b:36:a8:a6:f1:39:ba:6a:40:40:39:8b:f3:44:de:a7:85:
         9c:c3:75:6c:c6:c8:5c:df:b2:39:c7:9d:4a:c9:73:6e:a1:ca:
         05:d6:bc:41:2d:5a:25:80:40:f9:03:f5:ba:40:04:cd:03:dc:
         d8:c8:85:39:33:be:2f:59:2d:b5:0c:54:de:7f:1d:10:da:4e:
         6c:61:56:d4:3c:66:5c:43:b1:4c:22:3d:81:8d:72:21:50:27:
         13:a3:04:9a:48:07:8e:73:5e:f1:48:a1:f3:e9:fc:4d:9e:0d:
         3b:9f:ef:55:78:4c:5f:d7:99:bd:8e:65:78:80:90:a3:5d:0e:
         78:44:7d:67:b8:70:fe:18:90:2c:dd:97:f2:3f:b9:a7:bc:68:
         34:ad:68:28:90:f0:64:d5:c8:5d:0b:19:47:a1:c7:4b:e1:49:
         e9:f5:38:ca:08:d2:bb:2a:f8:88:6e:15:6a:d9:94:85:89:bf:
         42:2a:a2:53:4d:f9:dd:4b:f3:4c:c6:da:6e:48:b2:2a:d2:d5:
         ed:94:8d:90:3d:af:85:66:b4:6d:27:73:60:2f:ed:2d:42:2c:
         0d:e7:f5:ea:f7:57:60:6b:3e:33:65:a3:9b:26:ad:ce:58:43:
         57:f7:42:ef:36:e5:23:b1:87:54:b1:98:e9:5d:22:52:21:6e:
         33:28:92:56
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIECZiraDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDYx
MzEzMTc1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzhmN2ZjZTQ2MjBk
OWQ2ZGI1NGJlZjcxYmY5OWIyNDJkZWQ2MmE4MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMDs0yq76+L2A9mNMQCCorTaHoS2EQFMuU8lEl0S/fX8dNL/
fl2ePYq2eWzQs4L8iywjcU3fz/5K7C8WLG32Q4M1qw3PnkwgobugPW/33nlhBCGu
Rf9/J5Xd7CDjFjZQmT2n/cH2WZ7Pdfk4t7rt2jGK603heoLropBytXr/+cWBLeBJ
tctNTEL81PvAIH1wfAiibSyWDI5YdE4mOf2OM28VKkYCE5+EZ2+7PJfY0wM5r9DR
P82+6ONIz5GTI0rIqj+tlqL9mnAJojNad5O58ZXG9ySfnkroh6XjlH6JYvRgVWRC
NB8AE1bGM4NDPtT2RImpNUu/SM+YIsRgUgvYMfkCAwEAAaOCAkswggJHMB0GA1Ud
DgQWBBR49/zkYg2dbbVL73G/mbJC3tYqgDAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L2VQZjg1R0lOblcyMVMtOXh2NW15UXQ3V0tvQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBh
BggrBgEFBQcBBwEB/wRSMFAwTgQCAAEwSDAMAwQATVqVAwQATVqWAwQATVqyAwQA
TVq5MAwDBAC55g0DBAC55g4DBADV0YEwDAMEANXRkQMEANXRkgMEANXRnAMEANXR
njANBgkqhkiG9w0BAQsFAAOCAQEAHGs2qKbxObpqQEA5i/NE3qeFnMN1bMbIXN+y
OcedSslzbqHKBda8QS1aJYBA+QP1ukAEzQPc2MiFOTO+L1kttQxU3n8dENpObGFW
1DxmXEOxTCI9gY1yIVAnE6MEmkgHjnNe8Uih8+n8TZ4NO5/vVXhMX9eZvY5leICQ
o10OeER9Z7hw/hiQLN2X8j+5p7xoNK1oKJDwZNXIXQsZR6HHS+FJ6fU4ygjSuyr4
iG4VatmUhYm/QiqiU0353UvzTMbabkiyKtLV7ZSNkD2vhWa0bSdzYC/tLUIsDef1
6vdXYGs+M2WjmyatzlhDV/dC7zblI7GHVLGY6V0iUiFuMyiSVg==
-----END CERTIFICATE-----