Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/hMHYa8I8UoWtTdbRvi6IPn2LDwM.roa
File:                     hMHYa8I8UoWtTdbRvi6IPn2LDwM.roa (raw, json)
Hash identifier:          M9w4p20/fCF+fVfcnS4NP4iiF1qKk+TSo9EIB+Kdzhg=
Subject key identifier:   84:C1:D8:6B:C2:3C:52:85:AD:4D:D6:D1:BE:2E:88:3E:7D:8B:0F:03
Certificate issuer:       /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial:       018571F0D5DD8979E360036268B0726FAF96
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/hMHYa8I8UoWtTdbRvi6IPn2LDwM.roa
Signing time:             Mon 02 Jan 2023 10:04:46 +0000
ROA not before:           Mon 02 Jan 2023 10:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5377
IP address blocks:        77.70.240.0/20 maxlen: 20
                          193.220.0.0/16 maxlen: 16
                          193.220.220.0/22 maxlen: 22
                          193.220.224.0/20 maxlen: 20
                          77.70.254.0/24 maxlen: 24
                          77.70.255.0/24 maxlen: 24
                          193.220.240.0/20 maxlen: 24
                          77.70.192.0/19 maxlen: 19
                          77.70.207.0/24 maxlen: 24
                          77.70.144.0/20 maxlen: 20
                          77.70.160.0/20 maxlen: 20
                          77.70.176.0/22 maxlen: 22
                          77.70.184.0/21 maxlen: 21
                          193.219.196.0/24 maxlen: 24
                          193.219.192.0/18 maxlen: 18
                          77.70.181.0/24 maxlen: 24
                          193.220.88.0/21 maxlen: 21
                          77.70.128.0/19 maxlen: 19
                          77.70.128.0/17 maxlen: 17
                          2a02:6600::/29 maxlen: 32
                          2a02:6600:f000::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:f0:d5:dd:89:79:e3:60:03:62:68:b0:72:6f:af:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
        Validity
            Not Before: Jan  2 10:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=84c1d86bc23c5285ad4dd6d1be2e883e7d8b0f03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a8:5c:03:17:d5:b6:10:a4:43:60:5e:09:d3:
                    f7:e2:51:7c:de:96:48:16:73:79:86:1a:f7:85:56:
                    80:79:af:a1:e3:0d:68:0f:d1:2d:1a:22:ee:70:42:
                    54:e4:97:0a:df:5f:f9:b5:b6:0c:2f:f9:44:97:f8:
                    1b:1a:30:63:47:26:0a:11:f7:04:ce:7e:21:32:fb:
                    1a:74:68:7b:1e:f3:56:32:46:ec:85:d0:70:3f:4d:
                    22:cc:a6:e3:b9:11:54:4c:b1:7e:bc:52:92:33:24:
                    c5:53:35:b6:13:91:88:2d:28:b7:71:59:c0:13:de:
                    47:9a:87:46:f5:60:b9:f0:5b:82:22:13:31:9e:18:
                    16:38:37:8d:2e:71:67:ef:44:2f:3d:67:6e:d4:45:
                    bf:89:10:7b:d8:b8:06:62:68:b2:19:54:0b:e2:46:
                    90:c5:d5:5c:7b:b3:2f:4b:07:ed:94:44:42:0f:97:
                    9b:77:d6:88:6d:17:d3:de:20:24:02:a8:7d:c8:d4:
                    30:31:3b:0f:38:27:74:01:6a:4c:52:78:2f:59:d6:
                    30:1f:be:e1:4b:48:20:e2:9f:bc:de:75:d5:ea:19:
                    57:58:8f:ae:0d:8f:2a:70:08:14:3d:2b:9d:f8:d2:
                    d2:96:32:9c:aa:d2:3b:26:8f:14:21:36:aa:12:07:
                    e8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C1:D8:6B:C2:3C:52:85:AD:4D:D6:D1:BE:2E:88:3E:7D:8B:0F:03
            X509v3 Authority Key Identifier:
                keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/hMHYa8I8UoWtTdbRvi6IPn2LDwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.70.128.0/17
                  193.219.192.0-193.220.255.255
                IPv6:
                  2a02:6600::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:53:99:39:09:16:e9:e1:5e:05:18:31:3a:14:ad:cd:5a:ad:
         c8:68:16:a1:dc:99:36:e2:25:83:5b:c9:83:da:d0:01:72:e8:
         48:4d:7c:84:7c:f0:5c:00:45:d6:cb:e4:fb:06:c4:ac:ac:65:
         30:f4:51:fe:b0:bb:e4:c6:db:99:3a:5e:0b:b4:a5:f0:93:3f:
         c4:32:32:30:bd:c0:29:8e:04:18:f1:82:fb:92:96:18:bb:df:
         f9:5b:e2:23:16:ef:81:df:cf:93:70:de:a7:ed:e4:1c:c7:c9:
         79:7a:82:f6:29:2b:cc:87:0e:90:9c:79:84:b5:22:a0:d7:04:
         cd:59:5f:24:5d:99:00:1c:e7:23:3b:f5:ad:ef:bf:18:76:99:
         fe:7b:f1:d7:ce:db:ed:52:cc:65:c9:b3:e7:f4:58:af:d2:45:
         0e:8f:34:a3:df:35:dd:79:e1:17:ee:19:31:b9:81:f3:9c:3b:
         39:2a:be:b5:92:7a:21:e9:63:23:1a:a2:fe:0b:d3:ac:e7:8e:
         b6:ec:fb:28:9e:79:40:a3:54:df:32:65:4b:05:12:53:46:06:
         98:0c:1d:fd:82:63:35:8f:a4:d4:7a:dc:dc:23:e7:5b:15:b4:
         47:df:9a:6d:e4:1a:3c:2c:b8:36:93:4a:a2:aa:6d:d4:71:ed:
         4b:d9:97:94
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVx8NXdiXnjYANiaLByb6+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjMwMTAyMTAwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGMxZDg2YmMyM2M1Mjg1YWQ0ZGQ2ZDFiZTJlODgzZTdkOGIwZjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6hcAxfVthCkQ2BeCdP34lF83pZI
FnN5hhr3hVaAea+h4w1oD9EtGiLucEJU5JcK31/5tbYML/lEl/gbGjBjRyYKEfcE
zn4hMvsadGh7HvNWMkbshdBwP00izKbjuRFUTLF+vFKSMyTFUzW2E5GILSi3cVnA
E95HmodG9WC58FuCIhMxnhgWODeNLnFn70QvPWdu1EW/iRB72LgGYmiyGVQL4kaQ
xdVce7MvSwftlERCD5ebd9aIbRfT3iAkAqh9yNQwMTsPOCd0AWpMUngvWdYwH77h
S0gg4p+83nXV6hlXWI+uDY8qcAgUPSud+NLSljKcqtI7Jo8UITaqEgfo7wIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFITB2GvCPFKFrU3W0b4uiD59iw8DMB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEvaE1IWWE4SThVb1d0VGRiUnZpNklQbjJMRHdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAZBAIAATATAwQHTUaAMAsD
BAbB28ADAwDB3DANBAIAAjAHAwUDKgJmADANBgkqhkiG9w0BAQsFAAOCAQEAdVOZ
OQkW6eFeBRgxOhStzVqtyGgWodyZNuIlg1vJg9rQAXLoSE18hHzwXABF1svk+wbE
rKxlMPRR/rC75MbbmTpeC7Sl8JM/xDIyML3AKY4EGPGC+5KWGLvf+VviIxbvgd/P
k3Dep+3kHMfJeXqC9ikrzIcOkJx5hLUioNcEzVlfJF2ZABznIzv1re+/GHaZ/nvx
187b7VLMZcmz5/RYr9JFDo80o9813XnhF+4ZMbmB85w7OSq+tZJ6IeljIxqi/gvT
rOeOtuz7KJ55QKNU3zJlSwUSU0YGmAwd/YJjNY+k1Hrc3CPnWxW0R9+abeQaPCy4
NpNKoqpt1HHtS9mXlA==
-----END CERTIFICATE-----