Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/Zi0RpFPi4oj9vVR41b0viZiqfuM.roa
File:                     Zi0RpFPi4oj9vVR41b0viZiqfuM.roa (raw, json)
Hash identifier:          vdlYxztpFk/qr8VqgBMWyLeOV0hCDq98qWrYIYVuiJo=
Subject key identifier:   66:2D:11:A4:53:E2:E2:88:FD:BD:54:78:D5:BD:2F:89:98:AA:7E:E3
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       01891CF909E5DBC388D81FFDD0C0428D2495
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/Zi0RpFPi4oj9vVR41b0viZiqfuM.roa
Signing time:             Mon 03 Jul 2023 18:17:10 +0000
ROA not before:           Mon 03 Jul 2023 18:17:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25393
IP address blocks:        193.178.144.0/23 maxlen: 23
                          78.27.224.0/19 maxlen: 19
                          77.87.192.0/21 maxlen: 21
                          89.184.72.0/21 maxlen: 21
                          89.184.88.0/21 maxlen: 21
                          195.177.116.0/22 maxlen: 22
                          2a02:2278:200::/40 maxlen: 56
                          2a02:2278:204::/48 maxlen: 48
                          2a02:2278:100::/44 maxlen: 56
                          2a02:2278:208::/48 maxlen: 48
                          2a02:2279::/32 maxlen: 32
                          2a02:2279:1200::/40 maxlen: 56
                          2a02:2279:200::/40 maxlen: 56
                          2a02:2279::/40 maxlen: 56
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:1c:f9:09:e5:db:c3:88:d8:1f:fd:d0:c0:42:8d:24:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Jul  3 18:17:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=662d11a453e2e288fdbd5478d5bd2f8998aa7ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:6b:e4:f9:03:eb:d3:98:32:a8:cf:14:83:f2:
                    05:2f:ab:1d:d4:fc:72:64:04:44:98:50:b2:dc:15:
                    2b:95:a8:0c:9b:07:86:ad:3c:55:4d:a7:5b:70:bb:
                    a5:71:43:93:0d:06:e1:8f:7d:01:59:27:cc:90:fe:
                    ac:22:90:dd:e1:50:7c:70:80:27:86:26:94:eb:70:
                    c8:6a:ff:e4:f3:08:4b:56:1a:ce:1d:38:43:ae:98:
                    59:4d:ed:e8:ac:64:74:e4:ef:43:ef:1f:97:a6:5f:
                    0e:8f:4c:a3:f2:12:ce:3e:20:c1:b0:20:2e:4f:6c:
                    4e:21:8b:48:d2:b9:fb:66:3e:ce:d2:16:1e:c1:b0:
                    03:d8:d1:64:b0:43:e1:e5:23:17:69:04:f2:2a:59:
                    15:1a:9c:f0:dc:e5:00:14:e1:94:1c:c0:55:56:4b:
                    02:f7:4f:e2:52:2d:40:34:21:36:bc:96:76:83:c8:
                    5d:a6:17:c1:52:52:96:e2:89:62:47:54:74:bf:3e:
                    5a:60:de:02:58:5c:08:f8:b7:b7:50:ae:cc:aa:49:
                    0f:18:f8:01:55:d2:ae:60:84:ba:4b:b1:15:89:e5:
                    ef:9f:61:45:47:a1:5a:88:2e:3b:11:87:87:e2:93:
                    88:b4:e5:ea:d9:45:58:86:64:a4:bf:30:b3:c2:1c:
                    6f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:2D:11:A4:53:E2:E2:88:FD:BD:54:78:D5:BD:2F:89:98:AA:7E:E3
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/Zi0RpFPi4oj9vVR41b0viZiqfuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.192.0/21
                  78.27.224.0/19
                  89.184.72.0/21
                  89.184.88.0/21
                  193.178.144.0/23
                  195.177.116.0/22
                IPv6:
                  2a02:2278:100::/44
                  2a02:2278:200::/40
                  2a02:2279::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:70:ff:e9:0c:99:2d:c0:cb:4f:eb:ac:36:c5:02:02:52:15:
         e8:aa:f9:36:04:95:a5:6d:2e:68:2f:2c:74:f8:af:9f:35:cc:
         1e:40:a4:57:8d:0f:6b:f0:89:c9:29:19:53:7c:e6:e6:c0:df:
         61:c1:61:08:e0:0d:3b:e2:e5:08:1c:74:16:09:08:53:8e:0c:
         68:26:d2:35:39:b4:52:0e:31:e5:6b:af:33:e4:93:38:e6:98:
         a2:de:b0:a8:0f:6f:2b:be:8c:39:04:ee:95:19:b4:ff:e0:28:
         eb:5a:91:3b:18:56:b2:0f:8d:3a:cc:93:12:06:00:94:6f:a7:
         39:44:f0:87:18:24:05:f6:ee:f8:0b:c3:af:0b:44:03:51:de:
         12:e0:cb:52:67:46:64:61:73:1a:2c:35:64:a2:84:b1:61:3f:
         17:35:be:97:8f:7c:0e:8e:00:05:a2:bb:c8:6b:6f:1e:70:87:
         12:49:f8:e4:54:f9:36:ad:51:db:33:52:5a:54:20:1b:a0:01:
         5b:52:72:62:a0:48:d7:3a:f0:1f:e8:f8:d2:26:89:52:17:51:
         96:b4:a6:dc:84:c7:ea:95:57:b5:df:49:ba:0d:3b:04:56:ca:
         70:a0:7a:29:2d:3d:d9:a4:e6:e6:1e:d4:fe:7e:e7:96:82:13:
         61:89:85:e3
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYkc+Qnl28OI2B/90MBCjSSVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjMwNzAzMTgxNzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjJkMTFhNDUzZTJlMjg4ZmRiZDU0NzhkNWJkMmY4OTk4YWE3ZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWvk+QPr05gyqM8Ug/IFL6sd1Pxy
ZAREmFCy3BUrlagMmweGrTxVTadbcLulcUOTDQbhj30BWSfMkP6sIpDd4VB8cIAn
hiaU63DIav/k8whLVhrOHThDrphZTe3orGR05O9D7x+Xpl8Oj0yj8hLOPiDBsCAu
T2xOIYtI0rn7Zj7O0hYewbAD2NFksEPh5SMXaQTyKlkVGpzw3OUAFOGUHMBVVksC
90/iUi1ANCE2vJZ2g8hdphfBUlKW4oliR1R0vz5aYN4CWFwI+Le3UK7MqkkPGPgB
VdKuYIS6S7EVieXvn2FFR6FaiC47EYeH4pOItOXq2UVYhmSkvzCzwhxvKQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGYtEaRT4uKI/b1UeNW9L4mYqn7jMB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvWmkwUnBGUGk0b2o5dlZSNDFiMHZpWmlxZnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAqBAIAATAkAwQDTVfAAwQF
ThvgAwQDWbhIAwQDWbhYAwQBwbKQAwQCw7F0MB4EAgACMBgDBwQqAiJ4AQADBgAq
AiJ4AgMFACoCInkwDQYJKoZIhvcNAQELBQADggEBAF5w/+kMmS3Ay0/rrDbFAgJS
Feiq+TYElaVtLmgvLHT4r581zB5ApFeND2vwickpGVN85ubA32HBYQjgDTvi5Qgc
dBYJCFOODGgm0jU5tFIOMeVrrzPkkzjmmKLesKgPbyu+jDkE7pUZtP/gKOtakTsY
VrIPjTrMkxIGAJRvpzlE8IcYJAX27vgLw68LRANR3hLgy1JnRmRhcxosNWSihLFh
Pxc1vpePfA6OAAWiu8hrbx5whxJJ+ORU+TatUdszUlpUIBugAVtScmKgSNc68B/o
+NImiVIXUZa0ptyEx+qVV7XfSboNOwRWynCgeiktPdmk5uYe1P5+55aCE2GJheM=
-----END CERTIFICATE-----