Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/77ac86-31f6-4370-b433-b0e7d41b5d36/1/CcvJXphXM0tCde7ZRF4vVWYvhZU.roa
File:                     CcvJXphXM0tCde7ZRF4vVWYvhZU.roa (raw, json)
Hash identifier:          U/J+NJ6wDkbUnl+3DeBiGrRrGl3Pg/G94QInf+8zBmI=
Subject key identifier:   09:CB:C9:5E:98:57:33:4B:42:75:EE:D9:44:5E:2F:55:66:2F:85:95
Certificate issuer:       /CN=7e0423211f49b1335e94b8bdbbb1168664f6804f
Certificate serial:       052E90B6
Authority key identifier: 7E:04:23:21:1F:49:B1:33:5E:94:B8:BD:BB:B1:16:86:64:F6:80:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fgQjIR9JsTNelLi9u7EWhmT2gE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/77ac86-31f6-4370-b433-b0e7d41b5d36/1/CcvJXphXM0tCde7ZRF4vVWYvhZU.roa
Signing time:             Sat 01 Jan 2022 06:05:50 +0000
ROA not before:           Sat 01 Jan 2022 06:05:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204213
IP address blocks:        89.39.208.0/24 maxlen: 24
                          217.144.105.0/24 maxlen: 24
                          217.144.104.0/24 maxlen: 24
                          185.94.96.0/24 maxlen: 24
                          185.94.98.0/24 maxlen: 24
                          185.94.97.0/24 maxlen: 24
                          185.94.99.0/24 maxlen: 24
                          89.32.251.0/24 maxlen: 24
                          89.32.249.0/24 maxlen: 24
                          89.32.248.0/24 maxlen: 24
                          89.32.250.0/24 maxlen: 24
                          89.42.209.0/24 maxlen: 24
                          89.42.211.0/24 maxlen: 24
                          89.42.210.0/24 maxlen: 24
                          188.212.22.0/24 maxlen: 24
                          89.42.208.0/24 maxlen: 24
                          217.144.106.0/24 maxlen: 24
                          217.144.107.0/24 maxlen: 24
                          86.106.142.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 86937782 (0x52e90b6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e0423211f49b1335e94b8bdbbb1168664f6804f
        Validity
            Not Before: Jan  1 06:05:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=09cbc95e9857334b4275eed9445e2f55662f8595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:74:d1:22:96:eb:e5:b9:d6:f2:f4:9b:94:d9:
                    72:22:68:99:8b:f3:98:6f:63:7d:08:6a:a4:de:3b:
                    3d:45:35:e6:18:1f:5e:5c:03:d6:71:ab:cd:9a:da:
                    a5:ef:84:b5:d1:b1:a8:52:2e:25:4e:27:a6:a1:54:
                    c8:d5:0a:ec:98:be:ac:6a:e4:cf:1b:47:7a:e9:92:
                    87:c9:5d:fb:3d:93:bd:ca:30:28:96:f9:77:c4:8a:
                    3a:29:aa:4e:31:9e:76:78:23:bf:2c:c1:e1:4f:22:
                    19:61:e3:f5:9b:70:2b:92:ef:ae:6f:09:04:85:b9:
                    b8:c4:00:a2:30:49:55:80:76:df:2d:f8:72:c9:8a:
                    8d:a0:e6:95:4b:8f:e4:09:5e:81:d3:5f:cf:13:e1:
                    2c:51:7a:e4:0a:c9:7c:c1:4f:e3:ed:9b:a9:e8:ba:
                    c5:4d:71:84:ba:da:92:ff:f8:58:de:9e:79:11:07:
                    12:67:9e:2c:5d:74:46:ca:47:b1:03:f7:16:2d:9a:
                    d5:6f:de:8b:0d:d5:a6:f2:9e:3d:1f:b3:e1:50:9b:
                    df:9f:88:25:07:e6:f5:71:32:8a:d0:02:45:df:77:
                    40:3b:e7:0f:92:0c:cd:f1:23:da:c3:db:b8:25:f7:
                    e9:33:8a:53:d4:cc:1a:3d:49:2f:e4:8b:22:85:25:
                    74:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:CB:C9:5E:98:57:33:4B:42:75:EE:D9:44:5E:2F:55:66:2F:85:95
            X509v3 Authority Key Identifier:
                keyid:7E:04:23:21:1F:49:B1:33:5E:94:B8:BD:BB:B1:16:86:64:F6:80:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fgQjIR9JsTNelLi9u7EWhmT2gE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/77ac86-31f6-4370-b433-b0e7d41b5d36/1/CcvJXphXM0tCde7ZRF4vVWYvhZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/77ac86-31f6-4370-b433-b0e7d41b5d36/1/fgQjIR9JsTNelLi9u7EWhmT2gE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.142.0/24
                  89.32.248.0/22
                  89.39.208.0/24
                  89.42.208.0/22
                  185.94.96.0/22
                  188.212.22.0/24
                  217.144.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:95:5b:cb:14:a3:07:a0:e0:ea:b8:a1:bf:0c:93:59:64:33:
         ac:b2:c8:c7:0e:7e:34:27:3b:2a:0b:60:df:93:3a:a9:6e:9f:
         d1:0b:ee:30:be:d0:33:d0:80:28:55:5f:ce:54:06:69:0c:3b:
         c0:46:dc:74:c3:e8:4b:48:fb:25:98:8a:33:74:e8:6b:79:b1:
         ba:6b:da:b2:da:bd:de:f2:4e:56:74:aa:73:73:4b:b1:33:04:
         01:ca:e3:ab:e6:4b:60:93:cb:48:3d:59:4c:c9:f4:f7:ad:33:
         56:68:3c:c2:e3:d1:91:ed:b4:fa:59:6a:df:ae:f5:03:ba:3b:
         67:37:f0:6a:ed:5a:06:b8:c7:ff:c7:35:be:26:e1:96:6d:cc:
         54:0d:ca:4f:b5:1d:27:c4:05:56:19:1e:be:ff:3a:2c:e4:b1:
         a3:d2:38:67:39:43:86:9c:10:fd:0d:c8:bf:90:00:be:08:fc:
         69:b3:0f:9c:c5:6a:b9:3c:38:db:98:62:dc:32:21:63:03:7f:
         c4:77:e6:34:27:e1:61:11:84:ff:9f:42:b9:87:76:52:6e:65:
         19:ce:32:21:19:d0:3d:d8:1b:29:43:b6:22:89:0d:ee:4f:99:
         54:0a:ad:f7:03:33:88:2d:6e:f4:6a:92:06:5d:3e:92:a6:9e:
         3e:9f:95:57
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIEBS6QtjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZTA0MjMyMTFmNDliMTMzNWU5NGI4YmRiYmIxMTY4NjY0ZjY4MDRmMB4XDTIyMDEw
MTA2MDU1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDljYmM5NWU5ODU3
MzM0YjQyNzVlZWQ5NDQ1ZTJmNTU2NjJmODU5NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANR00SKW6+W51vL0m5TZciJomYvzmG9jfQhqpN47PUU15hgf
XlwD1nGrzZrape+EtdGxqFIuJU4npqFUyNUK7Ji+rGrkzxtHeumSh8ld+z2Tvcow
KJb5d8SKOimqTjGedngjvyzB4U8iGWHj9ZtwK5Lvrm8JBIW5uMQAojBJVYB23y34
csmKjaDmlUuP5AlegdNfzxPhLFF65ArJfMFP4+2bqei6xU1xhLrakv/4WN6eeREH
EmeeLF10RspHsQP3Fi2a1W/eiw3VpvKePR+z4VCb35+IJQfm9XEyitACRd93QDvn
D5IMzfEj2sPbuCX36TOKU9TMGj1JL+SLIoUldMsCAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBQJy8lemFczS0J17tlEXi9VZi+FlTAfBgNVHSMEGDAWgBR+BCMhH0mxM16U
uL27sRaGZPaATzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZnUWpJUjlKc1ROZWxMaTl1N0VXaG1UMmdFOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvNzdhYzg2LTMxZjYtNDM3MC1iNDMzLWIwZTdkNDFiNWQzNi8x
L0NjdkpYcGhYTTB0Q2RlN1pSRjR2VldZdmhaVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
NzdhYzg2LTMxZjYtNDM3MC1iNDMzLWIwZTdkNDFiNWQzNi8xL2ZnUWpJUjlKc1RO
ZWxMaTl1N0VXaG1UMmdFOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAFZqjgMEAlkg+AMEAFkn0AMEAlkq
0AMEArleYAMEALzUFgMEAtmQaDANBgkqhkiG9w0BAQsFAAOCAQEAepVbyxSjB6Dg
6rihvwyTWWQzrLLIxw5+NCc7Kgtg35M6qW6f0QvuML7QM9CAKFVfzlQGaQw7wEbc
dMPoS0j7JZiKM3Toa3mxumvastq93vJOVnSqc3NLsTMEAcrjq+ZLYJPLSD1ZTMn0
960zVmg8wuPRke20+llq3671A7o7Zzfwau1aBrjH/8c1vibhlm3MVA3KT7UdJ8QF
Vhkevv86LOSxo9I4ZzlDhpwQ/Q3Iv5AAvgj8abMPnMVquTw425hi3DIhYwN/xHfm
NCfhYRGE/59CuYd2Um5lGc4yIRnQPdgbKUO2IokN7k+ZVAqt9wMziC1u9GqSBl0+
kqaePp+VVw==
-----END CERTIFICATE-----