Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/gncQe8OF91g0InGzewjgdaUD4WA.roa
File:                     gncQe8OF91g0InGzewjgdaUD4WA.roa (raw, json)
Hash identifier:          plpRzcyA+usMxwpKpcQxxywYjFRq1Z+8Y9lC/r9UlQc=
Subject key identifier:   82:77:10:7B:C3:85:F7:58:34:22:71:B3:7B:08:E0:75:A5:03:E1:60
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0182181373754035C16BEF0F76AEB4FD6902
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/gncQe8OF91g0InGzewjgdaUD4WA.roa
Signing time:             Tue 19 Jul 2022 20:08:24 +0000
ROA not before:           Tue 19 Jul 2022 20:08:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        185.230.13.0/24 maxlen: 24
                          185.230.14.0/24 maxlen: 24
                          77.90.188.0/24 maxlen: 24
                          213.209.136.0/24 maxlen: 24
                          213.209.145.0/24 maxlen: 24
                          213.209.143.0/24 maxlen: 24
                          213.209.146.0/24 maxlen: 24
                          213.209.156.0/24 maxlen: 24
                          77.90.149.0/24 maxlen: 24
                          77.90.164.0/24 maxlen: 24
                          77.90.166.0/24 maxlen: 24
                          77.90.178.0/24 maxlen: 24
                          77.90.185.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:18:13:73:75:40:35:c1:6b:ef:0f:76:ae:b4:fd:69:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 19 20:08:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8277107bc385f758342271b37b08e075a503e160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5e:ef:a6:63:48:af:65:32:db:e8:c9:05:7b:
                    f2:22:ae:60:81:ec:48:5c:6a:ed:81:a9:9c:33:f1:
                    36:db:76:fa:80:c1:7b:d3:a4:fb:06:46:85:39:84:
                    85:41:90:77:9f:1d:78:6a:a8:89:87:bc:6d:58:22:
                    38:41:2d:29:7c:c0:19:87:74:a1:95:e4:ed:90:0e:
                    fc:83:12:44:83:b7:15:70:60:c9:6c:bf:2d:94:cb:
                    d1:3a:51:5b:d9:84:55:37:e4:ea:51:56:e5:f2:e6:
                    fb:12:c4:d9:9e:ba:ef:59:d1:a2:a0:b5:53:a5:f4:
                    e1:b5:b4:02:be:c2:f7:51:f6:3e:4d:f2:84:e0:99:
                    d2:a8:00:7a:23:ac:ee:75:d0:69:91:ab:d0:4c:09:
                    69:3e:2e:a5:06:7a:b2:64:da:4b:26:64:11:eb:7e:
                    b7:1a:45:96:38:aa:23:cd:8c:9f:a9:bf:f9:ff:6d:
                    e6:1a:b4:1e:27:12:28:7d:4a:34:17:f5:aa:26:13:
                    06:de:9b:38:2e:8a:02:02:62:d5:d4:ab:67:09:b9:
                    78:29:f6:a8:8c:6d:27:48:c0:6a:80:9b:83:fc:32:
                    7d:74:4e:21:af:1a:03:06:e8:d9:3e:6c:cf:23:79:
                    cc:07:a0:11:87:59:e5:6b:75:09:94:15:de:bb:97:
                    27:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:77:10:7B:C3:85:F7:58:34:22:71:B3:7B:08:E0:75:A5:03:E1:60
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/gncQe8OF91g0InGzewjgdaUD4WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.149.0/24
                  77.90.164.0/24
                  77.90.166.0/24
                  77.90.178.0/24
                  77.90.185.0/24
                  77.90.188.0/24
                  185.230.13.0-185.230.14.255
                  213.209.136.0/24
                  213.209.143.0/24
                  213.209.145.0-213.209.146.255
                  213.209.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:cc:7b:41:53:dc:ca:03:a7:a2:c9:38:2d:f2:01:d4:8d:03:
         a6:34:f9:56:d6:98:d0:f3:49:93:b1:1e:0d:fa:60:4b:51:d3:
         59:6c:b9:56:63:6c:25:b9:f0:be:1a:cf:df:4f:d5:8a:28:8a:
         07:3d:2b:2a:83:01:44:48:5d:c5:44:7e:7e:8d:bb:09:87:bd:
         fd:e4:ff:17:ef:80:8a:72:dd:1c:e9:90:5e:7c:6c:84:e9:c5:
         7a:e0:8b:61:9a:e5:36:39:6f:51:45:97:f7:39:50:47:ab:34:
         fb:8d:35:ef:3e:85:73:06:ae:ae:1c:24:7c:ee:e5:32:68:14:
         ea:69:fa:d8:56:1c:b6:a1:ca:99:d0:7b:63:71:67:74:9f:37:
         fc:d1:d2:1c:39:a8:3e:3d:ec:c4:3d:cc:61:be:57:f7:70:7c:
         3e:16:b9:0f:d3:6a:4a:46:9b:3a:b7:73:b1:99:9a:41:f0:4d:
         85:67:66:91:cb:78:22:32:71:95:0c:db:a0:07:e7:05:dd:e5:
         3b:c4:db:fe:70:49:d3:82:75:9c:01:4e:15:89:de:b0:7f:40:
         7f:de:83:7c:69:11:f7:fd:10:02:52:aa:8a:26:9f:6a:29:24:
         77:4b:8c:76:84:f5:bc:a9:82:48:dd:e6:7d:59:cd:5a:5b:11:
         e7:70:8c:48
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYIYE3N1QDXBa+8Pdq60/WkCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwNzE5MjAwODI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjc3MTA3YmMzODVmNzU4MzQyMjcxYjM3YjA4ZTA3NWE1MDNlMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo17vpmNIr2Uy2+jJBXvyIq5ggexI
XGrtgamcM/E223b6gMF706T7BkaFOYSFQZB3nx14aqiJh7xtWCI4QS0pfMAZh3Sh
leTtkA78gxJEg7cVcGDJbL8tlMvROlFb2YRVN+TqUVbl8ub7EsTZnrrvWdGioLVT
pfThtbQCvsL3UfY+TfKE4JnSqAB6I6zuddBpkavQTAlpPi6lBnqyZNpLJmQR6363
GkWWOKojzYyfqb/5/23mGrQeJxIofUo0F/WqJhMG3ps4LooCAmLV1KtnCbl4Kfao
jG0nSMBqgJuD/DJ9dE4hrxoDBujZPmzPI3nMB6ARh1nla3UJlBXeu5cnNQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFIJ3EHvDhfdYNCJxs3sI4HWlA+FgMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvZ25jUWU4T0Y5MWcwSW5HemV3amdkYVVENFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQATVqVAwQA
TVqkAwQATVqmAwQATVqyAwQATVq5AwQATVq8MAwDBAC55g0DBAC55g4DBADV0YgD
BADV0Y8wDAMEANXRkQMEANXRkgMEANXRnDANBgkqhkiG9w0BAQsFAAOCAQEAfcx7
QVPcygOnosk4LfIB1I0DpjT5VtaY0PNJk7EeDfpgS1HTWWy5VmNsJbnwvhrP30/V
iiiKBz0rKoMBREhdxUR+fo27CYe9/eT/F++AinLdHOmQXnxshOnFeuCLYZrlNjlv
UUWX9zlQR6s0+4017z6FcwaurhwkfO7lMmgU6mn62FYctqHKmdB7Y3FndJ83/NHS
HDmoPj3sxD3MYb5X93B8Pha5D9NqSkabOrdzsZmaQfBNhWdmkct4IjJxlQzboAfn
Bd3lO8Tb/nBJ04J1nAFOFYnesH9Af96DfGkR9/0QAlKqiiafaikkd0uMdoT1vKmC
SN3mfVnNWlsR53CMSA==
-----END CERTIFICATE-----