Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/nVP8rFxHSqCdyO0W5YyJIhdtPpA.roa
File:                     nVP8rFxHSqCdyO0W5YyJIhdtPpA.roa (raw, json)
Hash identifier:          R9Wc7X9LqvhmfwwqL+q4xHokiCoMwouFa5It9n1SXjU=
Subject key identifier:   9D:53:FC:AC:5C:47:4A:A0:9D:C8:ED:16:E5:8C:89:22:17:6D:3E:90
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0181F7C549C42087EBE70C96678CE0006F00
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/nVP8rFxHSqCdyO0W5YyJIhdtPpA.roa
Signing time:             Wed 13 Jul 2022 13:35:10 +0000
ROA not before:           Wed 13 Jul 2022 13:35:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209372
IP address blocks:        213.209.131.0/24 maxlen: 24
                          213.209.139.0/24 maxlen: 24
                          213.209.135.0/24 maxlen: 24
                          213.209.152.0/24 maxlen: 24
                          213.209.154.0/24 maxlen: 24
                          213.209.153.0/24 maxlen: 24
                          77.90.159.0/24 maxlen: 24
                          77.90.160.0/24 maxlen: 24
                          77.90.163.0/24 maxlen: 24
                          77.90.161.0/24 maxlen: 24
                          77.90.162.0/24 maxlen: 24
                          77.90.171.0/24 maxlen: 24
                          77.90.172.0/24 maxlen: 24
                          77.90.167.0/24 maxlen: 24
                          77.90.170.0/24 maxlen: 24
                          77.90.169.0/24 maxlen: 24
                          77.90.177.0/24 maxlen: 24
                          77.90.175.0/24 maxlen: 24
                          77.90.186.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f7:c5:49:c4:20:87:eb:e7:0c:96:67:8c:e0:00:6f:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 13 13:35:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9d53fcac5c474aa09dc8ed16e58c8922176d3e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2f:4a:96:5d:5c:25:b0:21:ab:0a:f8:eb:9b:
                    1a:c7:ab:e8:7a:5a:7d:9a:98:fc:21:f3:fd:1c:18:
                    62:ed:d7:1c:f3:e0:84:cc:cd:43:84:4b:80:46:89:
                    56:b5:97:a2:81:47:6c:0a:01:87:23:64:b2:50:20:
                    ba:9f:32:45:8b:23:ee:fb:ac:21:3b:00:e7:24:87:
                    26:60:10:18:18:8f:8c:33:b8:5f:b6:eb:81:af:c6:
                    5d:98:21:34:39:01:86:d4:26:27:4d:94:f2:24:b5:
                    0e:45:a9:40:4b:d8:fe:e8:b9:02:86:9f:07:a8:6c:
                    77:b5:66:b9:93:f2:05:0d:02:87:11:c5:90:60:2b:
                    e7:72:a5:3b:32:78:f9:c0:b4:e1:a9:c0:41:3e:01:
                    37:b5:fa:ad:0d:5d:59:85:3f:fa:bc:3f:52:2c:64:
                    ed:4d:e4:c7:13:e5:c3:9a:9b:24:0b:eb:f3:6b:f3:
                    60:c1:26:6e:74:e9:38:e2:01:b0:c9:ae:a4:11:58:
                    ed:a4:4f:a5:dd:86:3a:50:5e:ae:d1:bc:da:c3:ee:
                    7c:6b:cd:45:13:2e:1b:a0:7b:e2:f1:3e:6b:1f:64:
                    11:b2:d5:1f:73:c0:87:d7:b0:e7:9c:e9:ea:c9:f3:
                    1e:2f:3d:bb:61:e1:96:0e:29:94:dd:cb:2c:73:d2:
                    1d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:53:FC:AC:5C:47:4A:A0:9D:C8:ED:16:E5:8C:89:22:17:6D:3E:90
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/nVP8rFxHSqCdyO0W5YyJIhdtPpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.159.0-77.90.163.255
                  77.90.167.0/24
                  77.90.169.0-77.90.172.255
                  77.90.175.0/24
                  77.90.177.0/24
                  77.90.186.0/24
                  213.209.131.0/24
                  213.209.135.0/24
                  213.209.139.0/24
                  213.209.152.0-213.209.154.255

    Signature Algorithm: sha256WithRSAEncryption
         19:d2:6e:f4:eb:c5:12:99:6b:f6:99:12:e1:00:82:dc:98:ae:
         74:cc:1c:b0:3c:c7:92:1c:6d:21:1b:4e:5b:a5:9b:b3:99:f0:
         54:d5:03:8c:47:f5:a4:e2:0d:ff:9d:80:dd:4f:02:52:04:d3:
         ea:de:0e:0a:6d:0d:fc:00:73:a0:8e:45:64:45:0e:af:b0:e2:
         0e:f9:3f:9a:c2:a6:07:99:96:6b:ad:ed:92:ed:74:20:4f:45:
         f0:1b:32:e5:bf:0d:1f:3f:e1:03:25:ca:d8:50:7f:79:45:4b:
         ff:ba:6b:bb:e6:98:e4:38:9f:01:9a:b8:7b:2d:f6:6a:21:5a:
         ab:bb:7c:aa:82:21:40:f1:09:26:bc:a3:e5:14:3d:4c:bb:3b:
         a1:e3:d0:32:63:62:6c:3e:7c:34:d1:45:8c:98:88:e7:f1:0a:
         c1:b5:4c:bd:32:bd:36:9b:4a:0b:1a:3f:45:67:24:22:75:88:
         ea:87:cd:e0:c4:96:46:5b:64:a1:08:c1:f7:c7:13:83:ac:13:
         55:18:c6:e9:a9:93:83:c4:2b:33:6a:f5:31:29:1a:a2:96:53:
         8e:8b:51:5c:a5:03:d2:84:b9:09:97:57:cf:80:9f:1a:a9:eb:
         83:b6:94:17:89:34:b4:db:13:e2:80:3f:95:dc:a0:2d:4b:75:
         46:42:a3:dd
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYH3xUnEIIfr5wyWZ4zgAG8AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjIwNzEzMTMzNTEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDUzZmNhYzVjNDc0YWEwOWRjOGVkMTZlNThjODkyMjE3NmQzZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjS9Kll1cJbAhqwr465sax6voelp9
mpj8IfP9HBhi7dcc8+CEzM1DhEuARolWtZeigUdsCgGHI2SyUCC6nzJFiyPu+6wh
OwDnJIcmYBAYGI+MM7hftuuBr8ZdmCE0OQGG1CYnTZTyJLUORalAS9j+6LkChp8H
qGx3tWa5k/IFDQKHEcWQYCvncqU7Mnj5wLThqcBBPgE3tfqtDV1ZhT/6vD9SLGTt
TeTHE+XDmpskC+vza/NgwSZudOk44gGwya6kEVjtpE+l3YY6UF6u0bzaw+58a81F
Ey4boHvi8T5rH2QRstUfc8CH17DnnOnqyfMeLz27YeGWDimU3cssc9IdBQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFJ1T/KxcR0qgncjtFuWMiSIXbT6QMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvblZQOHJGeEhTcUNkeU8wVzVZeUpJaGR0UHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUMAwDBABNWp8D
BAJNWqADBABNWqcwDAMEAE1aqQMEAE1arAMEAE1arwMEAE1asQMEAE1augMEANXR
gwMEANXRhwMEANXRizAMAwQD1dGYAwQA1dGaMA0GCSqGSIb3DQEBCwUAA4IBAQAZ
0m7068USmWv2mRLhAILcmK50zBywPMeSHG0hG05bpZuzmfBU1QOMR/Wk4g3/nYDd
TwJSBNPq3g4KbQ38AHOgjkVkRQ6vsOIO+T+awqYHmZZrre2S7XQgT0XwGzLlvw0f
P+EDJcrYUH95RUv/umu75pjkOJ8Bmrh7LfZqIVqru3yqgiFA8QkmvKPlFD1Muzuh
49AyY2JsPnw00UWMmIjn8QrBtUy9Mr02m0oLGj9FZyQidYjqh83gxJZGW2ShCMH3
xxODrBNVGMbpqZODxCszavUxKRqillOOi1FcpQPShLkJl1fPgJ8aqeuDtpQXiTS0
2xPigD+V3KAtS3VGQqPd
-----END CERTIFICATE-----