Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/ISPI-AjR2647aAFFqeo3J4vyZ-o.roa
File:                     ISPI-AjR2647aAFFqeo3J4vyZ-o.roa (raw, json)
Hash identifier:          HYf+1xljfGbZ28A6oLWDP5SBteC1ChzzBm05zAVlIJw=
Subject key identifier:   21:23:C8:F8:08:D1:DB:AE:3B:68:01:45:A9:EA:37:27:8B:F2:67:EA
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       1D721AFA
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/ISPI-AjR2647aAFFqeo3J4vyZ-o.roa
Signing time:             Fri 01 Apr 2022 06:40:40 +0000
ROA not before:           Fri 01 Apr 2022 06:40:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3319
IP address blocks:        195.178.144.0/23 maxlen: 23
                          195.178.152.0/22 maxlen: 22
                          212.111.220.0/24 maxlen: 24
                          212.111.222.0/24 maxlen: 24
                          212.111.221.0/24 maxlen: 24
                          212.111.223.0/24 maxlen: 24
                          77.47.244.0/22 maxlen: 22
                          77.47.152.0/24 maxlen: 24
                          77.47.154.0/24 maxlen: 24
                          77.47.153.0/24 maxlen: 24
                          77.47.155.0/24 maxlen: 24
                          77.47.182.0/24 maxlen: 24
                          77.47.181.0/24 maxlen: 24
                          77.47.183.0/24 maxlen: 24
                          77.47.180.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 494017274 (0x1d721afa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Apr  1 06:40:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2123c8f808d1dbae3b680145a9ea37278bf267ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d4:32:63:b7:a1:ff:de:1c:95:c4:ff:55:8d:
                    e6:8c:7c:74:22:9a:99:ad:e3:72:4b:22:d5:3f:dd:
                    d9:b6:6b:59:a3:e7:f0:00:d6:2f:8c:e1:71:12:46:
                    91:03:58:88:2f:84:de:d5:7f:77:0c:9f:fd:4b:6a:
                    38:21:8b:65:2c:69:66:01:94:d4:7b:0e:a3:38:ad:
                    09:9b:7c:b7:92:73:52:61:23:22:1a:52:08:6b:ca:
                    f4:b3:76:25:c5:d2:1b:27:2a:14:32:fb:43:05:ea:
                    76:eb:ac:82:03:4d:a1:ff:76:25:66:3f:43:c5:a8:
                    08:da:09:52:bd:f8:14:06:82:75:1f:c1:88:21:a2:
                    66:d6:26:29:be:19:4d:bb:90:ce:f3:eb:5f:7f:8b:
                    78:4e:37:f6:53:92:97:b6:74:20:03:65:b8:82:b0:
                    09:c1:cc:ca:44:db:82:bf:80:c0:35:68:55:21:ea:
                    7a:ca:b2:74:b6:2b:c1:5a:16:a5:79:8d:bf:4e:c2:
                    e8:fd:ed:25:94:bb:57:13:43:96:d4:c7:86:ee:9b:
                    4a:f8:aa:a4:a3:66:9b:71:00:9b:ca:90:9b:48:3f:
                    7a:2a:01:48:6d:e6:4a:a3:ce:0c:a8:56:f9:84:b7:
                    76:8f:66:cb:a6:8e:81:66:1e:0a:57:90:c0:17:65:
                    12:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:23:C8:F8:08:D1:DB:AE:3B:68:01:45:A9:EA:37:27:8B:F2:67:EA
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/ISPI-AjR2647aAFFqeo3J4vyZ-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.152.0/22
                  77.47.180.0/22
                  77.47.244.0/22
                  195.178.144.0/23
                  195.178.152.0/22
                  212.111.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:37:6f:b6:18:ae:36:d3:54:d4:d9:96:7a:f4:bd:3a:53:3b:
         ca:67:8e:1b:b1:59:1f:32:70:27:62:18:c5:ec:fc:21:f8:f6:
         90:ec:30:db:97:81:c3:5b:4c:33:99:1a:f2:9e:61:e2:4f:1c:
         22:b4:52:f9:c2:2f:4a:f3:db:46:9d:a4:10:1d:6b:d2:d1:16:
         4e:26:83:03:77:b0:c1:a6:31:74:59:3b:b8:4f:68:8c:04:7e:
         29:9c:05:77:d1:b5:1f:6c:d4:c3:a9:97:66:00:b9:d6:17:e6:
         e2:c6:c2:3a:84:07:4a:eb:7c:eb:94:e5:6f:86:69:d9:4d:2f:
         cd:c8:b3:25:3d:32:17:4a:1d:59:3a:70:22:4d:08:b7:08:10:
         c5:2d:f1:a0:5b:ea:e0:49:96:7e:b0:ae:f6:ee:29:d5:aa:cc:
         50:c1:90:ac:f5:41:b7:59:d7:82:ca:9b:84:89:8c:46:f5:f8:
         c5:04:69:14:a6:be:97:77:a9:60:d9:2f:7a:bb:bd:c4:77:e4:
         d8:36:4c:e2:85:53:6f:33:17:22:07:02:ff:ca:0a:d3:f9:10:
         0b:d1:ed:b8:db:1e:6c:90:0d:14:76:04:5c:05:4d:f6:02:4a:
         ab:5e:a2:a9:b7:c0:bc:4c:fe:9d:be:82:2f:14:b0:b6:ef:1a:
         29:5a:9a:59
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEHXIa+jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
OTQyNjMyNWFjYjhjZTYwOWE2ODZmYTY1NWIwNTg5Njg4MDliMzQ2MB4XDTIyMDQw
MTA2NDA0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjEyM2M4ZjgwOGQx
ZGJhZTNiNjgwMTQ1YTllYTM3Mjc4YmYyNjdlYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL/UMmO3of/eHJXE/1WN5ox8dCKama3jcksi1T/d2bZrWaPn
8ADWL4zhcRJGkQNYiC+E3tV/dwyf/UtqOCGLZSxpZgGU1HsOozitCZt8t5JzUmEj
IhpSCGvK9LN2JcXSGycqFDL7QwXqduusggNNof92JWY/Q8WoCNoJUr34FAaCdR/B
iCGiZtYmKb4ZTbuQzvPrX3+LeE439lOSl7Z0IANluIKwCcHMykTbgr+AwDVoVSHq
esqydLYrwVoWpXmNv07C6P3tJZS7VxNDltTHhu6bSviqpKNmm3EAm8qQm0g/eioB
SG3mSqPODKhW+YS3do9my6aOgWYeCleQwBdlEj8CAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBQhI8j4CNHbrjtoAUWp6jcni/Jn6jAfBgNVHSMEGDAWgBQZQmMlrLjOYJpo
b6ZVsFiWiAmzRjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dVSmpKYXk0em1DYWFHLW1WYkJZbG9nSnMwWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvOGI2ZmIwLWE4NzUtNDk0Ny04YWU0LTAzZjRjNzExM2MzNC8x
L0lTUEktQWpSMjY0N2FBRkZxZW8zSjR2eVotby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
OGI2ZmIwLWE4NzUtNDk0Ny04YWU0LTAzZjRjNzExM2MzNC8xL0dVSmpKYXk0em1D
YWFHLW1WYkJZbG9nSnMwWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAk0vmAMEAk0vtAMEAk0v9AMEAcOy
kAMEAsOymAMEAtRv3DANBgkqhkiG9w0BAQsFAAOCAQEAiTdvthiuNtNU1NmWevS9
OlM7ymeOG7FZHzJwJ2IYxez8Ifj2kOww25eBw1tMM5ka8p5h4k8cIrRS+cIvSvPb
Rp2kEB1r0tEWTiaDA3ewwaYxdFk7uE9ojAR+KZwFd9G1H2zUw6mXZgC51hfm4sbC
OoQHSut865Tlb4Zp2U0vzcizJT0yF0odWTpwIk0ItwgQxS3xoFvq4EmWfrCu9u4p
1arMUMGQrPVBt1nXgsqbhImMRvX4xQRpFKa+l3epYNkveru9xHfk2DZM4oVTbzMX
IgcC/8oK0/kQC9HtuNsebJANFHYEXAVN9gJKq16iqbfAvEz+nb6CLxSwtu8aKVqa
WQ==
-----END CERTIFICATE-----