Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/f9u5NEgoR8I37kz1doyd6nvCmaY.roa
File:                     f9u5NEgoR8I37kz1doyd6nvCmaY.roa (raw, json)
Hash identifier:          ytfSIGfcJQkmhKPx/BnhuiHEbrsmw+Qm+wQwR1XEAB0=
Subject key identifier:   7F:DB:B9:34:48:28:47:C2:37:EE:4C:F5:76:8C:9D:EA:7B:C2:99:A6
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01831C0B8E151EF6B204A933CB03F95B5485
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/f9u5NEgoR8I37kz1doyd6nvCmaY.roa
Signing time:             Thu 08 Sep 2022 07:41:02 +0000
ROA not before:           Thu 08 Sep 2022 07:41:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        109.121.38.0/24 maxlen: 24
                          109.121.34.0/24 maxlen: 24
                          109.121.35.0/24 maxlen: 24
                          79.175.117.0/24 maxlen: 24
                          109.121.32.0/24 maxlen: 24
                          109.121.41.0/24 maxlen: 24
                          109.121.40.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.44.0/24 maxlen: 24
                          109.121.46.0/24 maxlen: 24
                          109.233.184.0/24 maxlen: 24
                          77.105.4.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:1c:0b:8e:15:1e:f6:b2:04:a9:33:cb:03:f9:5b:54:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Sep  8 07:41:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7fdbb934482847c237ee4cf5768c9dea7bc299a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a1:2b:74:45:7b:85:9f:7d:ea:c5:78:9a:59:
                    be:b3:7c:8c:02:fd:ea:45:72:a2:84:ee:59:c0:16:
                    48:3e:a6:20:14:ef:11:af:7f:b2:6d:f9:a7:c6:30:
                    19:06:2e:a4:40:e2:0d:ed:b2:1c:af:ea:8f:55:93:
                    cf:63:d9:f6:ae:f8:ca:63:a2:a0:4b:4e:9a:4c:d5:
                    ff:a4:78:c1:14:5d:92:af:1b:ed:26:fc:2f:5b:f3:
                    3c:14:b8:1c:38:fb:94:2f:85:9c:ef:97:2a:87:25:
                    ae:be:96:0e:cb:5c:51:2d:26:98:70:5e:46:a3:4c:
                    59:9c:c9:7c:4f:35:57:85:c6:b8:61:7e:f7:88:5c:
                    70:a8:bc:bf:4b:a2:e1:ea:a4:67:17:d8:01:42:94:
                    96:27:6e:5f:87:77:a3:15:77:cf:1d:b6:1f:c0:35:
                    94:23:54:94:99:8c:b6:e6:77:50:80:15:a5:a7:45:
                    b7:8d:f1:e5:59:9e:44:33:f9:42:8c:3c:f8:5f:a3:
                    b1:48:7a:ff:a4:f4:db:bf:72:0b:a2:c4:c8:15:96:
                    b1:01:f3:42:21:3e:9d:93:7c:b0:7a:48:ff:61:8b:
                    28:7f:00:fc:4c:3c:c6:c7:bb:09:4f:f2:bd:85:d7:
                    e6:7a:c7:78:d2:ec:56:9a:ff:87:45:d3:d3:81:f2:
                    c3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:DB:B9:34:48:28:47:C2:37:EE:4C:F5:76:8C:9D:EA:7B:C2:99:A6
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/f9u5NEgoR8I37kz1doyd6nvCmaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.4.0/24
                  79.175.117.0/24
                  109.121.32.0/24
                  109.121.34.0/23
                  109.121.38.0/24
                  109.121.40.0/23
                  109.121.43.0-109.121.44.255
                  109.121.46.0/24
                  109.233.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:95:ef:cb:98:d5:89:31:83:49:c8:19:42:fd:0a:51:1c:ff:
         96:64:47:9d:8e:93:03:ec:b9:0a:bb:cd:c7:66:bd:ec:46:b2:
         11:00:f1:a2:00:3f:38:35:ed:44:15:79:73:2e:dc:66:99:b1:
         77:55:e6:31:c8:0f:36:b3:68:31:0d:62:b5:a4:9a:f8:0b:20:
         b3:c2:4b:d9:7b:dc:6f:52:02:29:cc:5a:26:ce:84:03:06:0a:
         07:1d:f5:dc:55:ca:fc:b2:53:db:93:2e:ba:d4:9c:6a:75:55:
         0f:44:b2:bc:a9:f9:f8:b8:9b:e1:2e:45:09:3b:a4:5c:da:70:
         3a:3e:5c:ac:90:4d:ef:02:36:52:a0:8c:14:5a:21:71:b1:10:
         4e:8e:a7:41:7e:6f:b0:85:ab:b5:79:37:f4:13:61:4e:94:7c:
         5a:64:ad:02:89:1b:a1:7a:11:ef:c3:d0:d3:0d:e9:ea:65:71:
         2a:1e:ee:6f:a9:41:99:2f:88:1e:a9:74:5b:e2:dd:1e:7a:60:
         45:aa:7b:76:d4:41:15:69:e4:8f:fe:b4:82:4a:92:6b:3a:17:
         5d:09:86:6e:d0:ee:ff:7d:60:da:0e:23:a6:d0:c2:80:f1:66:
         c3:af:c2:2e:41:8f:7a:17:87:64:61:b5:b9:f0:d4:a0:4f:6b:
         32:a8:b2:a0
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYMcC44VHvayBKkzywP5W1SFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIwOTA4MDc0MTAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmRiYjkzNDQ4Mjg0N2MyMzdlZTRjZjU3NjhjOWRlYTdiYzI5OWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6ErdEV7hZ996sV4mlm+s3yMAv3q
RXKihO5ZwBZIPqYgFO8Rr3+ybfmnxjAZBi6kQOIN7bIcr+qPVZPPY9n2rvjKY6Kg
S06aTNX/pHjBFF2SrxvtJvwvW/M8FLgcOPuUL4Wc75cqhyWuvpYOy1xRLSaYcF5G
o0xZnMl8TzVXhca4YX73iFxwqLy/S6Lh6qRnF9gBQpSWJ25fh3ejFXfPHbYfwDWU
I1SUmYy25ndQgBWlp0W3jfHlWZ5EM/lCjDz4X6OxSHr/pPTbv3ILosTIFZaxAfNC
IT6dk3ywekj/YYsofwD8TDzGx7sJT/K9hdfmesd40uxWmv+HRdPTgfLDJQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFH/buTRIKEfCN+5M9XaMnep7wpmmMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvZjl1NU5FZ29SOEkzN2t6MWRveWQ2bnZDbWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQATWkEAwQA
T691AwQAbXkgAwQBbXkiAwQAbXkmAwQBbXkoMAwDBABteSsDBABteSwDBABteS4D
BABt6bgwDQYJKoZIhvcNAQELBQADggEBAAiV78uY1Ykxg0nIGUL9ClEc/5ZkR52O
kwPsuQq7zcdmvexGshEA8aIAPzg17UQVeXMu3GaZsXdV5jHIDzazaDENYrWkmvgL
ILPCS9l73G9SAinMWibOhAMGCgcd9dxVyvyyU9uTLrrUnGp1VQ9Esryp+fi4m+Eu
RQk7pFzacDo+XKyQTe8CNlKgjBRaIXGxEE6Op0F+b7CFq7V5N/QTYU6UfFpkrQKJ
G6F6Ee/D0NMN6eplcSoe7m+pQZkviB6pdFvi3R56YEWqe3bUQRVp5I/+tIJKkms6
F10Jhm7Q7v99YNoOI6bQwoDxZsOvwi5Bj3oXh2Rhtbnw1KBPazKosqA=
-----END CERTIFICATE-----