Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/Xcu_QMneYCvFPmBtMTFllPPDk3U.roa
File:                     Xcu_QMneYCvFPmBtMTFllPPDk3U.roa (raw, json)
Hash identifier:          M/468uC/ct0tkvf7VlEalhpL7e11Tk8dobINQ42COrg=
Subject key identifier:   5D:CB:BF:40:C9:DE:60:2B:C5:3E:60:6D:31:31:65:94:F3:C3:93:75
Certificate issuer:       /CN=6b85894a84baa0eca0e6ef44a992fc2ba00f5277
Certificate serial:       0AE62A03
Authority key identifier: 6B:85:89:4A:84:BA:A0:EC:A0:E6:EF:44:A9:92:FC:2B:A0:0F:52:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a4WJSoS6oOyg5u9EqZL8K6APUnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/Xcu_QMneYCvFPmBtMTFllPPDk3U.roa
Signing time:             Sat 01 Jan 2022 09:02:32 +0000
ROA not before:           Sat 01 Jan 2022 09:02:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9121
IP address blocks:        37.77.3.0/24 maxlen: 24
                          37.77.4.0/24 maxlen: 24
                          37.77.0.0/24 maxlen: 24
                          37.77.1.0/24 maxlen: 24
                          37.77.2.0/24 maxlen: 24
                          37.77.5.0/24 maxlen: 24
                          37.77.6.0/24 maxlen: 24
                          37.77.7.0/24 maxlen: 24
                          37.77.8.0/24 maxlen: 24
                          37.77.9.0/24 maxlen: 24
                          37.77.17.0/24 maxlen: 24
                          37.77.12.0/24 maxlen: 24
                          37.77.24.0/24 maxlen: 24
                          37.77.21.0/24 maxlen: 24
                          37.77.22.0/24 maxlen: 24
                          37.77.23.0/24 maxlen: 24
                          37.77.18.0/24 maxlen: 24
                          37.77.19.0/24 maxlen: 24
                          37.77.20.0/24 maxlen: 24
                          37.77.25.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 182856195 (0xae62a03)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b85894a84baa0eca0e6ef44a992fc2ba00f5277
        Validity
            Not Before: Jan  1 09:02:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5dcbbf40c9de602bc53e606d31316594f3c39375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ee:ce:40:de:13:d5:24:ec:80:eb:c3:bc:23:
                    b6:ec:b1:fe:c9:4e:42:88:74:fc:98:d5:bd:6c:3b:
                    79:f5:db:4a:d5:f3:26:8f:7f:9a:42:77:44:a2:2a:
                    a1:bb:eb:b9:19:86:d4:ee:ba:4a:8a:a1:0a:0d:11:
                    c1:68:db:85:46:52:50:ce:79:5f:25:03:22:c1:b1:
                    6d:84:6b:53:b5:21:42:a0:a9:ab:ce:7f:32:62:ad:
                    da:50:14:9b:dd:c1:59:6e:f5:92:a8:05:67:6f:ed:
                    5a:4b:9a:2e:4e:ea:5c:fc:dd:e1:bb:c5:19:dc:c8:
                    39:89:12:c4:0c:df:67:de:c6:2a:3e:d7:be:11:2e:
                    e9:16:b1:fd:6c:4f:6c:40:8c:62:5a:87:04:19:c1:
                    58:e9:67:7a:fe:63:f2:73:bc:08:b9:80:14:99:c6:
                    5d:88:a5:91:62:ce:cb:87:21:ac:94:c3:4c:ce:b6:
                    fa:d5:ea:4a:74:b6:8c:22:9d:e8:72:28:ed:a9:4a:
                    da:e5:8f:1d:c2:11:fa:b6:ea:ef:06:1f:69:70:ec:
                    e0:4c:5a:cd:90:d5:0e:f9:0b:56:ce:dd:d9:98:27:
                    b2:35:7e:c2:f5:1b:83:94:ad:f7:ef:b1:a7:d9:6d:
                    98:43:f2:6a:f6:5d:64:d9:b6:d0:95:98:a8:6e:ec:
                    4e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:CB:BF:40:C9:DE:60:2B:C5:3E:60:6D:31:31:65:94:F3:C3:93:75
            X509v3 Authority Key Identifier:
                keyid:6B:85:89:4A:84:BA:A0:EC:A0:E6:EF:44:A9:92:FC:2B:A0:0F:52:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4WJSoS6oOyg5u9EqZL8K6APUnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/Xcu_QMneYCvFPmBtMTFllPPDk3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f5c020-e1d7-4fe9-83c0-a3be63b8572f/1/a4WJSoS6oOyg5u9EqZL8K6APUnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.0.0-37.77.9.255
                  37.77.12.0/24
                  37.77.17.0-37.77.25.255

    Signature Algorithm: sha256WithRSAEncryption
         75:59:51:46:c6:ad:13:bd:97:e5:c9:7f:5f:21:ea:d8:7c:20:
         91:b2:e0:90:7d:41:eb:ec:72:8e:85:58:d2:e0:3b:c7:51:89:
         17:b5:64:5f:cb:d4:f1:e7:16:a7:7e:02:36:59:e8:89:31:7f:
         09:f8:4c:43:47:af:f2:f9:ac:7c:60:c2:9d:a8:60:27:d4:57:
         4b:64:8f:f5:0f:4b:0b:d0:a4:80:fa:cf:39:92:bf:a3:79:73:
         a2:a1:f6:97:a2:37:fa:a1:f2:66:4a:b4:4e:5b:21:51:3a:47:
         fa:0b:00:50:90:2a:b0:95:88:56:d7:79:72:34:2f:da:13:c3:
         c0:68:0c:99:a9:d2:5b:8d:a7:c6:0f:f3:3f:34:23:3b:5a:03:
         8d:7b:7f:01:dd:58:94:d8:76:df:6e:bc:35:4d:b7:dc:a8:f4:
         c8:71:61:06:81:e4:67:c4:df:53:16:b7:3f:38:9a:e5:28:32:
         4a:d0:30:47:71:93:3e:16:3b:39:f5:19:e4:f0:f9:e2:fd:0d:
         25:df:bb:d9:4c:56:19:b6:93:3a:bd:43:c3:38:2f:72:e0:0a:
         0a:67:c1:7e:aa:02:d2:4a:c7:aa:5c:88:78:8e:d3:25:4e:0b:
         38:d5:81:b1:a2:b5:d3:51:2a:70:dc:a2:b9:79:cf:10:da:60:
         f8:f2:24:be
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIECuYqAzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Yjg1ODk0YTg0YmFhMGVjYTBlNmVmNDRhOTkyZmMyYmEwMGY1Mjc3MB4XDTIyMDEw
MTA5MDIzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWRjYmJmNDBjOWRl
NjAyYmM1M2U2MDZkMzEzMTY1OTRmM2MzOTM3NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKnuzkDeE9Uk7IDrw7wjtuyx/slOQoh0/JjVvWw7efXbStXz
Jo9/mkJ3RKIqobvruRmG1O66SoqhCg0RwWjbhUZSUM55XyUDIsGxbYRrU7UhQqCp
q85/MmKt2lAUm93BWW71kqgFZ2/tWkuaLk7qXPzd4bvFGdzIOYkSxAzfZ97GKj7X
vhEu6Rax/WxPbECMYlqHBBnBWOlnev5j8nO8CLmAFJnGXYilkWLOy4chrJTDTM62
+tXqSnS2jCKd6HIo7alK2uWPHcIR+rbq7wYfaXDs4ExazZDVDvkLVs7d2ZgnsjV+
wvUbg5St9++xp9ltmEPyavZdZNm20JWYqG7sTicCAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBRdy79Ayd5gK8U+YG0xMWWU88OTdTAfBgNVHSMEGDAWgBRrhYlKhLqg7KDm
70SpkvwroA9SdzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2E0V0pTb1M2b095ZzV1OUVxWkw4SzZBUFVuYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWYvZjVjMDIwLWUxZDctNGZlOS04M2MwLWEzYmU2M2I4NTcyZi8x
L1hjdV9RTW5lWUN2RlBtQnRNVEZsbFBQRGszVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWYv
ZjVjMDIwLWUxZDctNGZlOS04M2MwLWEzYmU2M2I4NTcyZi8xL2E0V0pTb1M2b095
ZzV1OUVxWkw4SzZBUFVuYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwJwQCAAEwITALAwMAJU0DBAElTQgDBAAlTQwwDAME
ACVNEQMEASVNGDANBgkqhkiG9w0BAQsFAAOCAQEAdVlRRsatE72X5cl/XyHq2Hwg
kbLgkH1B6+xyjoVY0uA7x1GJF7VkX8vU8ecWp34CNlnoiTF/CfhMQ0ev8vmsfGDC
nahgJ9RXS2SP9Q9LC9CkgPrPOZK/o3lzoqH2l6I3+qHyZkq0TlshUTpH+gsAUJAq
sJWIVtd5cjQv2hPDwGgMmanSW42nxg/zPzQjO1oDjXt/Ad1YlNh23268NU233Kj0
yHFhBoHkZ8TfUxa3Pzia5SgyStAwR3GTPhY7OfUZ5PD54v0NJd+72UxWGbaTOr1D
wzgvcuAKCmfBfqoC0krHqlyIeI7TJU4LONWBsaK101EqcNyiuXnPENpg+PIkvg==
-----END CERTIFICATE-----