Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/iAYgaM0xQiLzLtf5q328XaTp8OI.roa
File:                     iAYgaM0xQiLzLtf5q328XaTp8OI.roa (raw, json)
Hash identifier:          DlnY+L1J1tky8MQzqjIg81DLlmff5/89lxYR/rB7i5Y=
Subject key identifier:   88:06:20:68:CD:31:42:22:F3:2E:D7:F9:AB:7D:BC:5D:A4:E9:F0:E2
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       07FF6DC3
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/iAYgaM0xQiLzLtf5q328XaTp8OI.roa
Signing time:             Thu 10 Mar 2022 19:09:07 +0000
ROA not before:           Thu 10 Mar 2022 19:09:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207710
IP address blocks:        213.209.131.0/24 maxlen: 24
                          213.209.139.0/24 maxlen: 24
                          213.209.152.0/24 maxlen: 24
                          77.90.159.0/24 maxlen: 24
                          77.90.160.0/22 maxlen: 22
                          77.90.172.0/24 maxlen: 24
                          77.90.171.0/24 maxlen: 24
                          77.90.170.0/24 maxlen: 24
                          77.90.169.0/24 maxlen: 24
                          77.90.177.0/24 maxlen: 24
                          77.90.175.0/24 maxlen: 24
                          77.90.186.0/24 maxlen: 24
                          77.90.183.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 134180291 (0x7ff6dc3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar 10 19:09:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=88062068cd314222f32ed7f9ab7dbc5da4e9f0e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ee:db:c1:09:11:75:87:08:0a:ff:68:8c:2d:
                    c2:c0:b6:9e:f9:c8:03:b6:31:4a:6c:5d:69:5e:80:
                    32:df:3c:3b:fe:2e:e9:d6:5b:55:90:00:50:57:5a:
                    41:64:e1:28:c7:40:64:9e:98:c2:ce:ab:e7:58:da:
                    d0:e3:fb:8d:30:d3:f1:2d:a1:57:c2:45:1b:ac:e6:
                    af:23:db:62:42:ec:e7:ce:7a:83:0a:fc:af:96:00:
                    89:0f:87:e7:e0:bb:23:67:0b:1d:a3:2c:30:3b:22:
                    d5:14:e8:1d:85:af:05:1c:bd:23:29:2e:bf:f9:eb:
                    93:9b:9d:09:bf:fa:1c:34:58:9d:b4:fe:0b:7e:ed:
                    9d:ea:c3:23:16:d0:33:30:0f:7a:9a:ff:24:bf:29:
                    86:58:db:d6:32:02:bc:12:94:49:d7:03:21:ab:5c:
                    52:56:6c:00:85:45:4e:b3:c7:a0:e2:97:78:b0:ff:
                    14:36:d3:5c:1a:42:ea:71:45:38:35:e2:8b:71:8b:
                    ff:b3:c5:ad:22:a8:71:11:82:fc:6e:f6:d4:d8:28:
                    d7:25:37:2d:0c:75:8c:2c:cf:55:17:18:91:68:24:
                    00:28:9a:b7:a7:50:0f:61:fc:5b:00:9e:7b:8a:97:
                    ce:52:3d:88:d5:da:53:c0:d6:df:95:f7:ac:3a:64:
                    1b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:06:20:68:CD:31:42:22:F3:2E:D7:F9:AB:7D:BC:5D:A4:E9:F0:E2
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/iAYgaM0xQiLzLtf5q328XaTp8OI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.159.0-77.90.163.255
                  77.90.169.0-77.90.172.255
                  77.90.175.0/24
                  77.90.177.0/24
                  77.90.183.0/24
                  77.90.186.0/24
                  213.209.131.0/24
                  213.209.139.0/24
                  213.209.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:e1:f2:06:06:81:3d:37:15:1b:da:56:0b:10:36:e9:c8:69:
         d9:2c:55:4d:bd:d8:2b:de:0c:37:dc:38:39:ab:e4:fe:63:bd:
         e4:73:a3:8b:1d:b7:1a:85:3a:63:ee:83:ee:cd:43:27:4b:03:
         62:bf:c7:0d:23:ed:43:1a:d9:7a:3f:82:33:f3:12:c9:09:e4:
         f7:02:d2:83:16:cf:f9:95:dd:93:3e:86:66:1f:ec:46:bd:2c:
         e2:28:6e:33:1e:69:39:14:02:d3:ca:ac:77:64:c0:24:97:4d:
         5d:c1:37:ef:a8:1f:b8:68:aa:f0:1a:ae:3d:ce:c4:69:77:c9:
         21:70:d9:1f:2d:e7:dc:87:73:1c:52:5e:d1:64:0e:b7:bb:f5:
         3b:e0:c9:d9:0f:05:5b:d0:5a:2e:eb:99:01:da:a8:46:86:98:
         43:6a:3e:69:a8:84:5f:c1:ab:67:de:c3:ff:a2:bb:f9:a2:61:
         7e:e5:ff:d4:78:f4:ff:ec:a0:13:47:7b:be:ae:19:0f:c0:47:
         f6:e9:c9:08:70:a6:6a:70:c0:90:8c:35:47:dc:5a:12:52:c1:
         40:27:29:b1:19:81:ee:99:93:48:f1:21:8e:97:de:95:66:39:
         6a:8a:43:29:b3:08:e6:a8:3b:60:c3:22:ef:86:c5:d4:27:e4:
         ef:12:4c:39
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIEB/9twzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjQ3NmUxMmU4OTg3ZTViMzAyY2RjMjRiZGQ5ZGIzZmU4M2M4NDQ5MB4XDTIyMDMx
MDE5MDkwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODgwNjIwNjhjZDMx
NDIyMmYzMmVkN2Y5YWI3ZGJjNWRhNGU5ZjBlMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMju28EJEXWHCAr/aIwtwsC2nvnIA7YxSmxdaV6AMt88O/4u
6dZbVZAAUFdaQWThKMdAZJ6Yws6r51ja0OP7jTDT8S2hV8JFG6zmryPbYkLs5856
gwr8r5YAiQ+H5+C7I2cLHaMsMDsi1RToHYWvBRy9Iykuv/nrk5udCb/6HDRYnbT+
C37tnerDIxbQMzAPepr/JL8phljb1jICvBKUSdcDIatcUlZsAIVFTrPHoOKXeLD/
FDbTXBpC6nFFODXii3GL/7PFrSKocRGC/G721Ngo1yU3LQx1jCzPVRcYkWgkACia
t6dQD2H8WwCee4qXzlI9iNXaU8DW35X3rDpkG9kCAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBSIBiBozTFCIvMu1/mrfbxdpOnw4jAfBgNVHSMEGDAWgBQ7R24S6Jh+WzAs
3CS92ds/6DyESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08wZHVFdWlZZmxzd0xOd2t2ZG5iUC1nOGhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8x
L2lBWWdhTTB4UWlMekx0ZjVxMzI4WGFUcDhPSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
ZDkwYzZmLTY1NzYtNDZiOS04MzEzLTZjYmZmM2M0ZGEwMS8xL08wZHVFdWlZZmxz
d0xOd2t2ZG5iUC1nOGhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wTAQCAAEwRjAMAwQATVqfAwQCTVqgMAwDBABNWqkD
BABNWqwDBABNWq8DBABNWrEDBABNWrcDBABNWroDBADV0YMDBADV0YsDBADV0Zgw
DQYJKoZIhvcNAQELBQADggEBAJvh8gYGgT03FRvaVgsQNunIadksVU292CveDDfc
ODmr5P5jveRzo4sdtxqFOmPug+7NQydLA2K/xw0j7UMa2Xo/gjPzEskJ5PcC0oMW
z/mV3ZM+hmYf7Ea9LOIobjMeaTkUAtPKrHdkwCSXTV3BN++oH7hoqvAarj3OxGl3
ySFw2R8t59yHcxxSXtFkDre79TvgydkPBVvQWi7rmQHaqEaGmENqPmmohF/Bq2fe
w/+iu/miYX7l/9R49P/soBNHe76uGQ/AR/bpyQhwpmpwwJCMNUfcWhJSwUAnKbEZ
ge6Zk0jxIY6X3pVmOWqKQymzCOaoO2DDIu+GxdQn5O8STDk=
-----END CERTIFICATE-----