Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ieU7jWsXYxyfvaJYT06_5q0mn2s.roa
File:                     ieU7jWsXYxyfvaJYT06_5q0mn2s.roa (raw, json)
Hash identifier:          Gvt4o9a45RZFvYflLEafKidR+BgnR2sRzH84WAbl1JY=
Subject key identifier:   89:E5:3B:8D:6B:17:63:1C:9F:BD:A2:58:4F:4E:BF:E6:AD:26:9F:6B
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01822A4691B8B2246400388DEBFE80E1463C
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ieU7jWsXYxyfvaJYT06_5q0mn2s.roa
Signing time:             Sat 23 Jul 2022 08:57:24 +0000
ROA not before:           Sat 23 Jul 2022 08:57:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30823
IP address blocks:        213.209.129.0/24 maxlen: 24
                          213.209.134.0/24 maxlen: 24
                          213.209.149.0/24 maxlen: 24
                          213.209.147.0/24 maxlen: 24
                          213.209.151.0/24 maxlen: 24
                          77.90.139.0/24 maxlen: 24
                          77.90.138.0/24 maxlen: 24
                          77.90.145.0/24 maxlen: 24
                          77.90.153.0/24 maxlen: 24
                          77.90.179.0/24 maxlen: 24
                          77.90.181.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:2a:46:91:b8:b2:24:64:00:38:8d:eb:fe:80:e1:46:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 23 08:57:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=89e53b8d6b17631c9fbda2584f4ebfe6ad269f6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d4:66:9c:3b:f7:09:fd:97:4b:47:0f:3b:7c:
                    ad:84:9e:1e:2c:7d:d9:d1:03:e5:26:c0:96:99:2b:
                    9d:2a:a9:6d:93:99:2d:ef:b3:9d:1f:8d:79:c5:d7:
                    6f:c1:51:aa:b4:48:7c:a5:c7:23:92:79:0d:72:c9:
                    19:ed:3f:db:eb:aa:98:4d:09:a3:85:02:ff:f2:7f:
                    fc:b5:29:89:e0:29:1e:e4:c1:09:d4:d5:0f:83:d3:
                    23:e8:52:c5:f1:47:0b:5d:d1:17:b6:b9:f2:5a:37:
                    70:9e:d9:61:ed:a5:b9:16:17:56:bf:46:d7:cd:69:
                    47:45:99:ec:2e:4f:eb:b2:b6:c0:c2:9c:24:c9:57:
                    65:cc:8d:35:73:1e:e1:1f:b2:e8:40:43:9d:5a:2f:
                    66:a0:45:7a:b7:68:81:99:0e:04:68:70:3a:d9:10:
                    bc:44:04:07:93:8f:78:27:40:34:77:34:11:39:36:
                    74:03:cb:e3:8c:22:84:20:d2:59:3a:46:fa:5e:a8:
                    69:c5:9b:ad:b6:11:5f:c4:8e:20:bb:8d:59:6e:84:
                    87:42:19:bf:c2:45:27:c4:ce:5e:f8:3c:38:df:9e:
                    e8:42:da:d4:bc:23:c8:97:a8:d9:58:bc:04:62:5d:
                    ad:1b:d2:c9:f8:0f:48:dd:40:55:a4:02:4a:04:bc:
                    ec:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E5:3B:8D:6B:17:63:1C:9F:BD:A2:58:4F:4E:BF:E6:AD:26:9F:6B
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ieU7jWsXYxyfvaJYT06_5q0mn2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.138.0/23
                  77.90.145.0/24
                  77.90.153.0/24
                  77.90.179.0/24
                  77.90.181.0/24
                  213.209.129.0/24
                  213.209.134.0/24
                  213.209.147.0/24
                  213.209.149.0/24
                  213.209.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:0c:50:92:2a:4b:e8:d8:4c:1b:ed:72:d1:ca:5a:9e:84:ec:
         65:9c:58:f0:9b:2d:2d:ea:cb:ce:e6:9a:53:ab:cb:ef:e2:ed:
         43:ce:9e:d8:ef:7c:60:27:5b:82:b1:da:16:61:0b:fc:40:21:
         cf:74:cc:b9:40:06:94:71:62:d6:47:1a:85:78:b1:a4:cf:12:
         db:96:75:5c:15:ca:a9:0f:c1:9e:f3:37:f7:8d:4d:89:d7:70:
         4e:67:9a:8d:d5:bd:b7:44:0a:27:1c:4a:19:c4:c8:41:87:72:
         64:0c:99:e9:33:0a:34:65:f0:4e:39:f5:a2:09:29:8e:96:14:
         5d:3a:84:d8:12:82:ac:d0:81:c4:4a:f7:76:dc:41:3e:a7:e4:
         eb:3b:41:6c:84:59:ae:60:4d:7a:25:4d:c1:e8:05:1f:08:68:
         c0:e0:9c:1a:3b:6f:10:08:99:26:86:99:d7:c6:24:cb:14:05:
         81:e6:81:ea:52:aa:d3:a3:66:96:30:8c:0a:0c:72:c1:0b:42:
         81:4d:1c:95:4a:89:58:70:43:34:32:60:0a:94:83:01:16:92:
         31:f5:de:07:2b:95:1a:28:93:35:55:de:30:ae:78:80:0e:ad:
         1d:d5:c1:e6:8a:64:e7:5a:ed:2d:0b:fc:d4:a2:f3:6b:3c:8d:
         6f:aa:89:bd
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYIqRpG4siRkADiN6/6A4UY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwNzIzMDg1NzI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWU1M2I4ZDZiMTc2MzFjOWZiZGEyNTg0ZjRlYmZlNmFkMjY5ZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9RmnDv3Cf2XS0cPO3ythJ4eLH3Z
0QPlJsCWmSudKqltk5kt77OdH415xddvwVGqtEh8pccjknkNcskZ7T/b66qYTQmj
hQL/8n/8tSmJ4Cke5MEJ1NUPg9Mj6FLF8UcLXdEXtrnyWjdwntlh7aW5FhdWv0bX
zWlHRZnsLk/rsrbAwpwkyVdlzI01cx7hH7LoQEOdWi9moEV6t2iBmQ4EaHA62RC8
RAQHk494J0A0dzQROTZ0A8vjjCKEINJZOkb6XqhpxZutthFfxI4gu41ZboSHQhm/
wkUnxM5e+Dw4357oQtrUvCPIl6jZWLwEYl2tG9LJ+A9I3UBVpAJKBLzsNwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFInlO41rF2Mcn72iWE9Ov+atJp9rMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvaWVVN2pXc1hZeHlmdmFKWVQwNl81cTBtbjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBTVqKAwQA
TVqRAwQATVqZAwQATVqzAwQATVq1AwQA1dGBAwQA1dGGAwQA1dGTAwQA1dGVAwQA
1dGXMA0GCSqGSIb3DQEBCwUAA4IBAQAIDFCSKkvo2Ewb7XLRylqehOxlnFjwmy0t
6svO5ppTq8vv4u1Dzp7Y73xgJ1uCsdoWYQv8QCHPdMy5QAaUcWLWRxqFeLGkzxLb
lnVcFcqpD8Ge8zf3jU2J13BOZ5qN1b23RAonHEoZxMhBh3JkDJnpMwo0ZfBOOfWi
CSmOlhRdOoTYEoKs0IHESvd23EE+p+TrO0FshFmuYE16JU3B6AUfCGjA4JwaO28Q
CJkmhpnXxiTLFAWB5oHqUqrTo2aWMIwKDHLBC0KBTRyVSolYcEM0MmAKlIMBFpIx
9d4HK5UaKJM1Vd4wrniADq0d1cHmimTnWu0tC/zUovNrPI1vqom9
-----END CERTIFICATE-----