Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/PoTNwDlJK61c_ieKCk_0uVdDSjk.roa
File:                     PoTNwDlJK61c_ieKCk_0uVdDSjk.roa (raw, json)
Hash identifier:          CXAIOik5LsmdfGhGfrksAyWn1OxEX4WhgOwG+vxw88k=
Subject key identifier:   3E:84:CD:C0:39:49:2B:AD:5C:FE:27:8A:0A:4F:F4:B9:57:43:4A:39
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       1D578598
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/PoTNwDlJK61c_ieKCk_0uVdDSjk.roa
Signing time:             Tue 29 Mar 2022 17:43:10 +0000
ROA not before:           Tue 29 Mar 2022 17:43:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3319
IP address blocks:        195.178.144.0/21 maxlen: 21
                          195.178.152.0/22 maxlen: 22
                          212.111.220.0/24 maxlen: 24
                          212.111.222.0/24 maxlen: 24
                          212.111.221.0/24 maxlen: 24
                          212.111.223.0/24 maxlen: 24
                          77.47.244.0/22 maxlen: 22
                          77.47.248.0/22 maxlen: 24
                          77.47.252.0/22 maxlen: 24
                          77.47.152.0/24 maxlen: 24
                          77.47.154.0/24 maxlen: 24
                          77.47.153.0/24 maxlen: 24
                          77.47.155.0/24 maxlen: 24
                          77.47.182.0/24 maxlen: 24
                          77.47.181.0/24 maxlen: 24
                          77.47.183.0/24 maxlen: 24
                          77.47.180.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 492275096 (0x1d578598)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Mar 29 17:43:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3e84cdc039492bad5cfe278a0a4ff4b957434a39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d2:fb:40:53:2f:c2:ea:9c:1a:cf:0e:31:09:
                    48:e3:d9:58:15:05:35:91:08:d4:71:fb:69:da:e9:
                    c6:72:a1:64:f6:f5:f8:fc:70:a5:48:31:44:17:0b:
                    3a:77:0c:29:ff:ba:58:1e:83:47:a5:bb:5b:4d:b4:
                    f4:8d:70:90:b9:61:30:4d:28:65:3a:5f:51:6a:53:
                    78:7d:d3:0f:35:08:7b:d8:1c:9d:1b:b5:74:e1:3f:
                    30:9b:94:27:1b:92:86:a1:ad:36:c6:ad:fc:35:f5:
                    e1:26:a4:ae:87:f5:c6:69:5f:e9:fe:d5:c4:a0:4b:
                    c9:30:d3:60:34:67:0d:c1:ea:78:2c:80:65:26:fe:
                    0c:53:9e:ab:0c:07:eb:57:d5:22:79:a5:6e:2b:54:
                    49:75:82:1e:4b:e0:a6:62:f1:de:0d:19:75:dd:2d:
                    37:ad:d9:8e:e2:90:1c:b1:c0:86:c2:ad:dc:a5:c3:
                    f9:94:66:31:2c:dc:78:ca:5e:67:c7:ad:26:2b:bb:
                    2a:75:09:8f:13:eb:58:71:d2:2b:6c:e3:1a:02:8f:
                    81:45:53:8e:63:02:5f:31:d8:2e:68:18:c9:96:1e:
                    93:3c:3d:87:32:7e:7d:c5:3f:d6:54:07:00:86:bc:
                    fc:4d:ba:b9:c2:55:6b:c9:e2:5d:80:b1:cf:b0:a6:
                    f3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:84:CD:C0:39:49:2B:AD:5C:FE:27:8A:0A:4F:F4:B9:57:43:4A:39
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/PoTNwDlJK61c_ieKCk_0uVdDSjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.152.0/22
                  77.47.180.0/22
                  77.47.244.0-77.47.255.255
                  195.178.144.0-195.178.155.255
                  212.111.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:48:35:bf:8c:ad:3c:ec:48:be:e5:1d:f0:46:a1:31:7d:7e:
         74:d2:3f:39:38:a4:e0:99:65:ba:ea:53:73:77:31:0f:62:1c:
         83:2a:fb:2d:b1:0b:e9:d2:c9:78:60:45:4e:c4:25:9c:3d:f8:
         81:a4:19:24:b5:f3:c7:8f:e9:12:61:f9:70:58:fe:47:28:73:
         df:27:d9:d1:d5:1e:76:e1:e7:9c:cc:5b:4f:4a:55:9c:a4:95:
         7d:4b:5a:78:ee:57:ab:8c:06:ce:cf:47:35:fd:c2:8c:7f:be:
         51:32:da:e2:9c:db:16:80:41:08:0d:a1:59:60:28:e7:da:bf:
         4d:c6:13:2f:16:d0:4a:8d:e8:42:e8:50:a6:16:7c:fa:73:e3:
         8e:2a:09:c3:bc:ec:88:e4:f0:15:ed:0d:2a:11:da:c4:0c:ae:
         93:a2:e2:e9:2a:6b:ae:74:3d:57:41:de:79:db:c1:18:f7:19:
         90:a8:f7:4f:f3:aa:4c:ba:bc:9e:ce:0c:e4:b1:98:58:df:6f:
         41:a8:17:ff:8a:6b:d6:3a:45:c9:a1:54:bc:08:6b:19:71:ec:
         12:f9:32:70:73:7d:75:6d:c4:ef:f0:7e:08:13:0f:b9:65:2f:
         a6:12:df:99:63:ce:63:3b:ac:7e:1a:4d:76:b5:6c:5b:ae:4a:
         a6:f6:0f:1d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEHVeFmDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
OTQyNjMyNWFjYjhjZTYwOWE2ODZmYTY1NWIwNTg5Njg4MDliMzQ2MB4XDTIyMDMy
OTE3NDMxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2U4NGNkYzAzOTQ5
MmJhZDVjZmUyNzhhMGE0ZmY0Yjk1NzQzNGEzOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMDS+0BTL8LqnBrPDjEJSOPZWBUFNZEI1HH7adrpxnKhZPb1
+PxwpUgxRBcLOncMKf+6WB6DR6W7W0209I1wkLlhME0oZTpfUWpTeH3TDzUIe9gc
nRu1dOE/MJuUJxuShqGtNsat/DX14Sakrof1xmlf6f7VxKBLyTDTYDRnDcHqeCyA
ZSb+DFOeqwwH61fVInmlbitUSXWCHkvgpmLx3g0Zdd0tN63ZjuKQHLHAhsKt3KXD
+ZRmMSzceMpeZ8etJiu7KnUJjxPrWHHSK2zjGgKPgUVTjmMCXzHYLmgYyZYekzw9
hzJ+fcU/1lQHAIa8/E26ucJVa8niXYCxz7Cm85MCAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBQ+hM3AOUkrrVz+J4oKT/S5V0NKOTAfBgNVHSMEGDAWgBQZQmMlrLjOYJpo
b6ZVsFiWiAmzRjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dVSmpKYXk0em1DYWFHLW1WYkJZbG9nSnMwWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvOGI2ZmIwLWE4NzUtNDk0Ny04YWU0LTAzZjRjNzExM2MzNC8x
L1BvVE53RGxKSzYxY19pZUtDa18wdVZkRFNqay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
OGI2ZmIwLWE4NzUtNDk0Ny04YWU0LTAzZjRjNzExM2MzNC8xL0dVSmpKYXk0em1D
YWFHLW1WYkJZbG9nSnMwWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwMwQCAAEwLQMEAk0vmAMEAk0vtDALAwQCTS/0AwME
TSAwDAMEBMOykAMEAsOymAMEAtRv3DANBgkqhkiG9w0BAQsFAAOCAQEAa0g1v4yt
POxIvuUd8EahMX1+dNI/OTik4JlluupTc3cxD2Icgyr7LbEL6dLJeGBFTsQlnD34
gaQZJLXzx4/pEmH5cFj+Ryhz3yfZ0dUeduHnnMxbT0pVnKSVfUtaeO5Xq4wGzs9H
Nf3CjH++UTLa4pzbFoBBCA2hWWAo59q/TcYTLxbQSo3oQuhQphZ8+nPjjioJw7zs
iOTwFe0NKhHaxAyuk6Li6SprrnQ9V0HeedvBGPcZkKj3T/OqTLq8ns4M5LGYWN9v
QagX/4pr1jpFyaFUvAhrGXHsEvkycHN9dW3E7/B+CBMPuWUvphLfmWPOYzusfhpN
drVsW65KpvYPHQ==
-----END CERTIFICATE-----