Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/Vq4rAc-0_M1iUj8m38mnd3hHQSE.roa
File:                     Vq4rAc-0_M1iUj8m38mnd3hHQSE.roa (raw, json)
Hash identifier:          f/gN5atqC8PL3vM503ys9recVfxvily2KrgZ901+Vr0=
Subject key identifier:   56:AE:2B:01:CF:B4:FC:CD:62:52:3F:26:DF:C9:A7:77:78:47:41:21
Certificate issuer:       /CN=13a0f7143ffa22113442dc8589ee1352ebe3daa3
Certificate serial:       01823ACD3584B963D7F882658012CE536493
Authority key identifier: 13:A0:F7:14:3F:FA:22:11:34:42:DC:85:89:EE:13:52:EB:E3:DA:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E6D3FD_6IhE0QtyFie4TUuvj2qM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/Vq4rAc-0_M1iUj8m38mnd3hHQSE.roa
Signing time:             Tue 26 Jul 2022 13:58:23 +0000
ROA not before:           Tue 26 Jul 2022 13:58:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50889
IP address blocks:        185.136.71.0/24 maxlen: 24
                          185.136.69.0/24 maxlen: 24
                          77.111.250.0/24 maxlen: 24
                          77.111.251.0/24 maxlen: 24
                          77.111.248.0/24 maxlen: 24
                          77.111.249.0/24 maxlen: 24
                          80.84.160.0/24 maxlen: 24
                          80.84.164.0/24 maxlen: 24
                          80.84.165.0/24 maxlen: 24
                          80.84.163.0/24 maxlen: 24
                          80.84.161.0/24 maxlen: 24
                          80.84.162.0/24 maxlen: 24
                          80.84.167.0/24 maxlen: 24
                          80.84.171.0/24 maxlen: 24
                          80.84.172.0/24 maxlen: 24
                          80.84.170.0/24 maxlen: 24
                          80.84.168.0/24 maxlen: 24
                          80.84.169.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:3a:cd:35:84:b9:63:d7:f8:82:65:80:12:ce:53:64:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13a0f7143ffa22113442dc8589ee1352ebe3daa3
        Validity
            Not Before: Jul 26 13:58:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=56ae2b01cfb4fccd62523f26dfc9a77778474121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2f:5f:16:0f:8b:dc:1e:c0:9b:67:b1:cd:5f:
                    f7:4e:e4:e5:56:99:b2:9a:da:e4:f7:6a:a1:05:6a:
                    2b:27:e6:32:d5:78:4e:db:4a:fc:6a:8d:d0:59:f4:
                    d6:94:0a:5a:e5:5a:24:0a:4c:77:18:38:83:ce:6f:
                    2d:19:4d:bc:47:f7:9e:15:54:15:14:92:40:05:eb:
                    2f:4b:4a:4a:5c:fa:fc:a9:2b:c0:1c:93:61:e0:5e:
                    ac:2c:55:02:2f:c5:e4:21:ce:16:9a:b8:41:f4:d3:
                    53:a4:e2:c1:70:d9:d5:78:40:bb:0c:94:9a:bb:d2:
                    e3:53:08:de:21:ed:21:4b:8e:05:56:a7:57:00:c0:
                    82:b7:7d:e5:2e:c2:10:61:bb:7e:04:84:30:3c:46:
                    3b:fb:92:4b:9e:a3:5f:2f:8c:91:ed:e9:dc:03:a7:
                    2a:59:fe:e1:19:f6:02:38:64:f1:c0:fb:e4:a5:14:
                    92:ff:7b:19:6d:56:16:72:7d:92:32:9d:09:2d:f6:
                    9f:23:7f:0d:f6:c4:16:70:ee:99:ed:e3:28:cb:7e:
                    1b:e7:46:e0:08:9a:f0:1b:92:b5:f0:51:e8:91:91:
                    46:52:b3:e7:71:7e:d4:f9:62:ba:d3:5b:c1:9e:0c:
                    53:37:8f:66:88:86:fd:61:6d:13:9c:70:b3:59:7e:
                    9e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:AE:2B:01:CF:B4:FC:CD:62:52:3F:26:DF:C9:A7:77:78:47:41:21
            X509v3 Authority Key Identifier:
                keyid:13:A0:F7:14:3F:FA:22:11:34:42:DC:85:89:EE:13:52:EB:E3:DA:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E6D3FD_6IhE0QtyFie4TUuvj2qM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/Vq4rAc-0_M1iUj8m38mnd3hHQSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/E6D3FD_6IhE0QtyFie4TUuvj2qM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.248.0/22
                  80.84.160.0-80.84.165.255
                  80.84.167.0-80.84.172.255
                  185.136.69.0/24
                  185.136.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:fe:8b:d8:61:2f:5e:fa:eb:9a:72:63:96:41:91:45:15:db:
         4e:f7:98:b2:e5:84:ca:70:68:0e:db:93:2b:7c:cf:85:c8:c8:
         00:bf:9b:7b:8a:cb:eb:db:43:2b:77:02:e1:ad:d0:2c:73:6f:
         af:31:01:04:df:c8:3f:42:5c:e0:6e:6f:06:e2:13:b0:28:e7:
         e5:8c:8b:ca:91:44:a4:08:ad:56:a6:75:c9:6f:88:ff:87:bf:
         98:71:8e:05:1a:01:a7:41:17:8e:23:9c:c3:89:24:42:cd:06:
         4f:fe:2e:0c:0d:62:a0:e9:19:b7:1f:38:5a:14:cf:0a:fe:42:
         a5:5a:ab:d5:e1:02:12:ed:06:b6:7b:2e:10:c8:4f:c7:d0:48:
         f3:01:9a:3f:1c:c2:7f:2a:2d:25:e6:06:91:50:7c:2e:7f:08:
         9e:14:93:d7:d8:4d:06:15:8d:01:74:dc:ff:1e:5a:00:5c:9d:
         81:44:41:85:ba:14:d5:b5:38:44:4c:77:c6:5e:a0:0a:eb:31:
         16:78:6b:f7:74:4c:df:a9:fe:ef:f7:b3:c3:85:06:41:b6:3e:
         44:d0:49:ab:70:9b:17:1a:b8:d5:e7:1f:c6:43:cb:47:01:83:
         83:41:2f:fd:0b:6c:8c:28:fc:58:49:ab:dc:9c:e3:2d:07:da:
         07:70:5a:68
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYI6zTWEuWPX+IJlgBLOU2STMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYTBmNzE0M2ZmYTIyMTEzNDQyZGM4NTg5ZWUxMzUyZWJl
M2RhYTMwHhcNMjIwNzI2MTM1ODIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmFlMmIwMWNmYjRmY2NkNjI1MjNmMjZkZmM5YTc3Nzc4NDc0MTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoi9fFg+L3B7Am2exzV/3TuTlVpmy
mtrk92qhBWorJ+Yy1XhO20r8ao3QWfTWlApa5VokCkx3GDiDzm8tGU28R/eeFVQV
FJJABesvS0pKXPr8qSvAHJNh4F6sLFUCL8XkIc4WmrhB9NNTpOLBcNnVeEC7DJSa
u9LjUwjeIe0hS44FVqdXAMCCt33lLsIQYbt+BIQwPEY7+5JLnqNfL4yR7encA6cq
Wf7hGfYCOGTxwPvkpRSS/3sZbVYWcn2SMp0JLfafI38N9sQWcO6Z7eMoy34b50bg
CJrwG5K18FHokZFGUrPncX7U+WK601vBngxTN49miIb9YW0TnHCzWX6eOQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFFauKwHPtPzNYlI/Jt/Jp3d4R0EhMB8GA1UdIwQY
MBaAFBOg9xQ/+iIRNELchYnuE1Lr49qjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTZEM0ZEXzZJaEUwUXR5RmllNFRVdXZqMnFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi80NDNmODctNGFlMC00MTk4LWJjYjgt
MTA0YTMzNDM3NjY1LzEvVnE0ckFjLTBfTTFpVWo4bTM4bW5kM2hIUVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi80NDNmODctNGFlMC00MTk4LWJjYjgtMTA0YTMzNDM3NjY1
LzEvRTZEM0ZEXzZJaEUwUXR5RmllNFRVdXZqMnFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCTW/4MAwD
BAVQVKADBAFQVKQwDAMEAFBUpwMEAFBUrAMEALmIRQMEALmIRzANBgkqhkiG9w0B
AQsFAAOCAQEAjv6L2GEvXvrrmnJjlkGRRRXbTveYsuWEynBoDtuTK3zPhcjIAL+b
e4rL69tDK3cC4a3QLHNvrzEBBN/IP0Jc4G5vBuITsCjn5YyLypFEpAitVqZ1yW+I
/4e/mHGOBRoBp0EXjiOcw4kkQs0GT/4uDA1ioOkZtx84WhTPCv5CpVqr1eECEu0G
tnsuEMhPx9BI8wGaPxzCfyotJeYGkVB8Ln8InhST19hNBhWNAXTc/x5aAFydgURB
hboU1bU4REx3xl6gCusxFnhr93RM36n+7/ezw4UGQbY+RNBJq3CbFxq41ecfxkPL
RwGDg0Ev/QtsjCj8WEmr3JzjLQfaB3BaaA==
-----END CERTIFICATE-----