Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/H4IlAALEv7P9H38ExmmugxLCCk4.roa
File:                     H4IlAALEv7P9H38ExmmugxLCCk4.roa (raw, json)
Hash identifier:          Xe/YLa9TSrvoQw7rLx5zvWMblaMagGozpxId6YidvJg=
Subject key identifier:   1F:82:25:00:02:C4:BF:B3:FD:1F:7F:04:C6:69:AE:83:12:C2:0A:4E
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       15407989
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/H4IlAALEv7P9H38ExmmugxLCCk4.roa
Signing time:             Sat 01 Jan 2022 07:52:50 +0000
ROA not before:           Sat 01 Jan 2022 07:52:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     65024
IP address blocks:        84.108.0.0/22 maxlen: 22
                          84.108.10.0/23 maxlen: 23
                          84.108.14.0/23 maxlen: 23
                          84.108.12.0/23 maxlen: 23
                          84.108.112.0/22 maxlen: 22
                          84.108.108.0/22 maxlen: 22
                          84.108.116.0/22 maxlen: 22
                          84.108.124.0/23 maxlen: 23
                          84.108.120.0/22 maxlen: 22
                          84.108.126.0/23 maxlen: 23
                          84.108.132.0/22 maxlen: 22
                          84.108.128.0/22 maxlen: 22
                          84.108.136.0/22 maxlen: 22
                          84.108.142.0/24 maxlen: 24
                          84.108.143.0/24 maxlen: 24
                          84.108.144.0/23 maxlen: 23
                          84.108.140.0/24 maxlen: 24
                          84.108.148.0/22 maxlen: 22
                          84.108.146.0/23 maxlen: 23
                          84.108.152.0/22 maxlen: 22
                          84.108.100.0/23 maxlen: 23
                          84.108.102.0/24 maxlen: 24
                          84.108.103.0/24 maxlen: 24
                          84.108.104.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 356546953 (0x15407989)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: Jan  1 07:52:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1f82250002c4bfb3fd1f7f04c669ae8312c20a4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:8f:01:83:6f:0a:82:de:10:30:71:de:c0:5d:
                    51:3c:1c:31:9f:3f:f2:5b:f1:0e:07:03:c4:3a:21:
                    4e:0c:5f:d4:f4:26:7a:ed:47:8c:d3:44:a3:e8:ef:
                    e4:db:09:e3:d0:82:6c:06:0e:af:29:8e:a7:a4:11:
                    c3:99:88:49:93:db:36:b1:10:4b:64:f2:43:66:0f:
                    61:90:c0:d2:41:9d:7b:23:bf:7e:f4:11:08:09:61:
                    44:75:4b:cd:b6:31:d3:bb:40:92:87:4d:e7:b8:f5:
                    1b:c7:1a:d8:db:dc:a9:6b:3f:17:f2:f9:de:1b:50:
                    36:c8:4b:9c:d3:1f:e2:d0:92:7a:a6:a9:6a:ab:ec:
                    8f:a6:a9:44:09:2e:36:50:f8:11:7f:32:e6:0d:5e:
                    b0:14:05:99:da:ee:ac:c0:79:3d:10:82:59:ce:c3:
                    c4:cd:b9:c7:a7:ea:bd:82:3d:ae:1e:8d:0e:13:fe:
                    ce:07:35:9c:99:a3:75:47:8c:f2:a1:05:1b:17:de:
                    e4:54:49:b8:c0:64:6b:24:7f:5a:ab:47:ab:4d:a7:
                    92:a2:f9:f1:27:a7:c9:2f:d5:7e:f8:2b:48:f4:29:
                    b5:a0:3c:c2:d9:85:c8:ac:0b:40:39:93:12:aa:70:
                    27:19:32:6e:9e:fe:b2:e4:ed:c5:e0:fd:4e:9b:47:
                    e8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:82:25:00:02:C4:BF:B3:FD:1F:7F:04:C6:69:AE:83:12:C2:0A:4E
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/H4IlAALEv7P9H38ExmmugxLCCk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.108.0.0/22
                  84.108.10.0-84.108.15.255
                  84.108.100.0-84.108.140.255
                  84.108.142.0-84.108.155.255

    Signature Algorithm: sha256WithRSAEncryption
         24:14:ec:55:89:c2:27:b5:73:9f:52:d6:67:76:41:e9:99:3d:
         e9:45:02:64:25:0d:f6:c6:a1:0c:f5:a9:88:61:cf:c2:57:79:
         30:88:18:2c:fa:16:c3:61:51:1e:8c:e9:e8:4e:6e:95:c5:6e:
         02:e3:7e:30:26:25:aa:5e:d3:c7:ad:38:81:38:06:08:ac:02:
         29:f1:58:3b:f0:f8:0b:43:a5:0d:bc:5f:02:9f:8c:63:71:3b:
         66:ba:a4:2e:0b:b8:f2:3c:b6:2b:fc:ee:9d:4a:82:30:a8:5a:
         11:a6:b5:05:ef:9e:f0:fa:df:f8:65:ca:d0:17:df:06:d6:a5:
         c5:ef:3a:fa:a2:02:b8:cb:4d:ab:06:c9:a3:ee:68:a9:6b:f5:
         66:c8:a0:10:45:81:c5:aa:97:cc:ab:b5:8e:e5:63:9f:e2:64:
         0c:e3:a6:ea:b0:19:57:c0:54:c4:2e:a1:e1:3a:76:39:86:3c:
         ff:89:91:78:fb:b4:63:05:fc:cf:3e:86:0a:40:a3:35:91:ea:
         7b:a9:31:81:f7:72:cb:0a:73:14:1c:b4:18:76:5b:06:6d:34:
         10:6e:ce:a9:07:98:a8:15:6a:54:b1:1d:2c:6e:34:03:0a:da:
         e1:91:d8:89:c5:7a:08:47:57:a6:5c:a4:9c:5b:b9:c7:b1:24:
         4b:de:6b:48
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEFUB5iTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZmVkZDg1YzFlY2NiNWZmNGJhOTMwMTE3YTczMjkwOTljMGZmMmViMB4XDTIyMDEw
MTA3NTI1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWY4MjI1MDAwMmM0
YmZiM2ZkMWY3ZjA0YzY2OWFlODMxMmMyMGE0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANuPAYNvCoLeEDBx3sBdUTwcMZ8/8lvxDgcDxDohTgxf1PQm
eu1HjNNEo+jv5NsJ49CCbAYOrymOp6QRw5mISZPbNrEQS2TyQ2YPYZDA0kGdeyO/
fvQRCAlhRHVLzbYx07tAkodN57j1G8ca2NvcqWs/F/L53htQNshLnNMf4tCSeqap
aqvsj6apRAkuNlD4EX8y5g1esBQFmdrurMB5PRCCWc7DxM25x6fqvYI9rh6NDhP+
zgc1nJmjdUeM8qEFGxfe5FRJuMBkayR/WqtHq02nkqL58SenyS/VfvgrSPQptaA8
wtmFyKwLQDmTEqpwJxkybp7+suTtxeD9TptH6BMCAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBQfgiUAAsS/s/0ffwTGaa6DEsIKTjAfBgNVHSMEGDAWgBQ/7dhcHsy1/0up
MBF6cykJnA/y6zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1AtM1lYQjdNdGY5THFUQVJlbk1wQ1p3UDh1cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzQvNDFjMzIxLTM0N2UtNGMzZS1hZmZkLWUyYjUyNzcyOGU5Ni8x
L0g0SWxBQUxFdjdQOUgzOEV4bW11Z3hMQ0NrNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQv
NDFjMzIxLTM0N2UtNGMzZS1hZmZkLWUyYjUyNzcyOGU5Ni8xL1AtM1lYQjdNdGY5
THFUQVJlbk1wQ1p3UDh1cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAlRsADAMAwQBVGwKAwQEVGwAMAwD
BAJUbGQDBABUbIwwDAMEAVRsjgMEAlRsmDANBgkqhkiG9w0BAQsFAAOCAQEAJBTs
VYnCJ7Vzn1LWZ3ZB6Zk96UUCZCUN9sahDPWpiGHPwld5MIgYLPoWw2FRHozp6E5u
lcVuAuN+MCYlql7Tx604gTgGCKwCKfFYO/D4C0OlDbxfAp+MY3E7ZrqkLgu48jy2
K/zunUqCMKhaEaa1Be+e8Prf+GXK0BffBtalxe86+qICuMtNqwbJo+5oqWv1Zsig
EEWBxaqXzKu1juVjn+JkDOOm6rAZV8BUxC6h4Tp2OYY8/4mRePu0YwX8zz6GCkCj
NZHqe6kxgfdyywpzFBy0GHZbBm00EG7OqQeYqBVqVLEdLG40Awra4ZHYicV6CEdX
plyknFu5x7EkS95rSA==
-----END CERTIFICATE-----