Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/77mczQWhXjt9T2U48xeIwG0OU9s.roa
File:                     77mczQWhXjt9T2U48xeIwG0OU9s.roa (raw, json)
Hash identifier:          iX8cwjBnVP6NRsYyoljBRjniBTFqJpv3IntZhbFpnPM=
Subject key identifier:   EF:B9:9C:CD:05:A1:5E:3B:7D:4F:65:38:F3:17:88:C0:6D:0E:53:DB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       125B57C3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/77mczQWhXjt9T2U48xeIwG0OU9s.roa
Signing time:             Tue 22 Feb 2022 19:58:18 +0000
ROA not before:           Tue 22 Feb 2022 19:58:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:b107:5e0::/44 maxlen: 48
                          2a0e:b107:900::/44 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:97c0:736::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a10:cc42:1000::/36 maxlen: 48
                          2a0e:97c0:73f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 307976131 (0x125b57c3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 22 19:58:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=efb99ccd05a15e3b7d4f6538f31788c06d0e53db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e6:ae:fa:b8:05:f1:9e:c7:ed:aa:10:5f:6c:
                    08:1e:93:bd:dc:3b:b4:e9:82:ad:e9:29:8d:aa:e3:
                    5c:3b:c8:c1:25:88:01:50:8e:54:da:02:d8:f4:52:
                    32:dc:86:64:eb:9b:4a:2a:dc:8c:5e:96:38:23:1b:
                    89:04:bf:c1:bc:97:b3:28:e1:46:f5:b9:d2:83:49:
                    47:2b:9f:88:97:95:cc:07:5f:00:fe:fc:9e:88:3d:
                    13:33:f3:23:2c:21:cf:07:b8:71:a8:09:6a:27:b3:
                    60:d4:53:6a:cc:94:72:2f:ad:57:e1:1f:4e:93:fd:
                    4a:c4:e4:6d:86:98:d5:6b:e4:08:8d:e0:9a:e8:a3:
                    4a:eb:75:30:54:36:6a:06:2a:6f:82:84:74:54:2b:
                    56:6f:b6:cb:c3:91:56:eb:d3:6f:de:a0:f1:c7:c6:
                    ea:45:62:45:ef:5d:0a:34:c0:dd:e6:11:0e:6d:2f:
                    de:f5:d4:6d:4b:df:1c:0c:57:54:41:54:fa:bb:3a:
                    5b:85:b3:3b:bb:36:68:7f:01:24:7b:6b:28:e1:50:
                    1a:ec:11:b0:10:46:0c:c0:48:75:5b:e5:36:97:2d:
                    3b:aa:a0:dd:e5:58:3c:3e:bf:d7:57:7b:fe:a7:58:
                    e0:94:35:0e:4b:a6:a2:91:1f:6d:5c:87:c7:14:5f:
                    13:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:B9:9C:CD:05:A1:5E:3B:7D:4F:65:38:F3:17:88:C0:6D:0E:53:DB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/77mczQWhXjt9T2U48xeIwG0OU9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:736::/48
                  2a0e:97c0:73f::/48
                  2a0e:b107:5d0::-2a0e:b107:5ef:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:900::/44
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a10:cc42:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         54:04:29:5f:b3:7a:4b:a6:97:d1:7a:82:2e:69:86:a9:a6:29:
         52:91:ae:87:50:58:36:c5:64:96:de:76:15:72:75:98:c5:82:
         d6:58:7a:9d:f3:04:c4:a1:1e:67:e8:08:1b:6a:85:b3:ad:b6:
         26:a3:00:c1:83:29:0f:ce:7b:bd:b2:46:ce:e3:14:9a:b0:aa:
         d7:89:75:23:b5:f1:e4:ea:88:b9:2f:62:0e:e1:83:ad:71:86:
         18:c1:43:6a:7f:50:ba:9d:92:fd:9c:06:0a:3d:0c:a6:c7:2f:
         30:47:aa:b2:6d:fa:da:3c:b8:5a:14:f1:0b:6c:56:ed:4a:8e:
         6a:f7:92:b0:5d:be:04:40:9c:41:1d:54:cc:05:28:66:45:00:
         5c:6a:82:91:45:8f:19:1e:0b:01:2c:9b:24:7f:95:64:4d:55:
         89:7a:01:92:be:69:dd:ef:12:d5:03:dc:a6:e8:a8:6a:a0:5f:
         93:4c:fc:36:be:77:ce:5c:d9:93:1e:28:9c:9a:52:d2:26:85:
         4d:b4:7e:bd:eb:66:50:87:77:eb:4e:21:98:41:48:eb:bd:60:
         55:d4:7c:67:16:06:ef:55:82:76:93:1b:e8:41:0a:31:e2:88:
         fa:e4:63:24:c0:2a:06:9d:4f:72:26:59:e2:06:4a:96:de:b2:
         85:c7:c4:00
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIEEltXwzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2U5MTY3MTdhYjExY2NjZjExZWYxZmI1YzEyZWU0MTk1MGZhZDliMB4XDTIyMDIy
MjE5NTgxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWZiOTljY2QwNWEx
NWUzYjdkNGY2NTM4ZjMxNzg4YzA2ZDBlNTNkYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAODmrvq4BfGex+2qEF9sCB6Tvdw7tOmCrekpjarjXDvIwSWI
AVCOVNoC2PRSMtyGZOubSircjF6WOCMbiQS/wbyXsyjhRvW50oNJRyufiJeVzAdf
AP78nog9EzPzIywhzwe4cagJaiezYNRTasyUci+tV+EfTpP9SsTkbYaY1WvkCI3g
muijSut1MFQ2agYqb4KEdFQrVm+2y8ORVuvTb96g8cfG6kViRe9dCjTA3eYRDm0v
3vXUbUvfHAxXVEFU+rs6W4WzO7s2aH8BJHtrKOFQGuwRsBBGDMBIdVvlNpctO6qg
3eVYPD6/11d7/qdY4JQ1DkumopEfbVyHxxRfExECAwEAAaOCAlUwggJRMB0GA1Ud
DgQWBBTvuZzNBaFeO31PZTjzF4jAbQ5T2zAfBgNVHSMEGDAWgBRj6RZxerEczPEe
8ftcEu5BlQ+tmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8x
Lzc3bWN6UVdoWGp0OVQyVTQ4eGVJd0cwT1U5cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
NDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZhNS8xL1kta1djWHF4SE16
eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBr
BggrBgEFBQcBBwEB/wRcMFowWAQCAAIwUgMHACoOl8AHNgMHACoOl8AHPzASAwcE
Kg6xBwXQAwcEKg6xBwXgAwcEKg6xBwkAAwcAKg6xBwn2AwcAKg6xBw3yAwcAKg6x
BxhwAwYEKhDMQhAwDQYJKoZIhvcNAQELBQADggEBAFQEKV+zekuml9F6gi5phqmm
KVKRrodQWDbFZJbedhVydZjFgtZYep3zBMShHmfoCBtqhbOttiajAMGDKQ/Oe72y
Rs7jFJqwqteJdSO18eTqiLkvYg7hg61xhhjBQ2p/ULqdkv2cBgo9DKbHLzBHqrJt
+to8uFoU8QtsVu1Kjmr3krBdvgRAnEEdVMwFKGZFAFxqgpFFjxkeCwEsmyR/lWRN
VYl6AZK+ad3vEtUD3KboqGqgX5NM/Da+d85c2ZMeKJyaUtImhU20fr3rZlCHd+tO
IZhBSOu9YFXUfGcWBu9VgnaTG+hBCjHiiPrkYyTAKgadT3ImWeIGSpbesoXHxAA=
-----END CERTIFICATE-----