Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/n4lH8OvNNg3wIfxTRy8M76ePpOs.roa
File:                     n4lH8OvNNg3wIfxTRy8M76ePpOs.roa (raw, json)
Hash identifier:          qeFZN5GfumkTnOZyHa4I9NXiK84ocqlV0JN6dz1vRu4=
Subject key identifier:   9F:89:47:F0:EB:CD:36:0D:F0:21:FC:53:47:2F:0C:EF:A7:8F:A4:EB
Certificate issuer:       /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial:       01830A3F46BDDF771DED3D112833F18FA358
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/n4lH8OvNNg3wIfxTRy8M76ePpOs.roa
Signing time:             Sun 04 Sep 2022 20:44:22 +0000
ROA not before:           Sun 04 Sep 2022 20:44:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44307
IP address blocks:        45.93.76.0/22 maxlen: 24
                          45.86.252.0/22 maxlen: 24
                          45.142.148.0/22 maxlen: 24
                          45.135.20.0/22 maxlen: 24
                          45.95.60.0/22 maxlen: 24
                          45.148.180.0/22 maxlen: 24
                          45.84.180.0/22 maxlen: 24
                          45.87.71.0/24 maxlen: 24
                          45.138.60.0/22 maxlen: 24
                          45.15.76.0/22 maxlen: 24
                          45.129.112.0/22 maxlen: 24
                          45.81.216.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:0a:3f:46:bd:df:77:1d:ed:3d:11:28:33:f1:8f:a3:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
        Validity
            Not Before: Sep  4 20:44:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9f8947f0ebcd360df021fc53472f0cefa78fa4eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:be:3f:f9:06:89:00:cf:43:c2:45:31:5e:11:
                    10:f3:f9:f7:7a:67:8f:9c:89:d8:58:6a:b4:8e:bd:
                    6e:87:49:e8:dc:03:0e:1d:a9:e1:81:b1:65:16:db:
                    01:68:81:96:18:cc:34:02:7e:91:08:71:c5:ba:a2:
                    b0:7b:80:70:a1:42:26:db:a7:8a:da:12:65:96:9b:
                    18:fa:03:00:21:74:bf:5d:a4:7b:e5:c4:99:5e:2c:
                    05:52:12:af:77:d0:2f:7f:ed:da:f5:60:e4:f1:4b:
                    9e:92:30:e6:63:30:4d:5b:8e:97:c4:e6:b0:3d:73:
                    8b:fc:bb:8e:86:5d:73:9e:04:8e:fc:43:40:51:01:
                    2f:08:11:d6:65:9c:33:fd:75:90:92:36:57:bb:6b:
                    78:8e:fa:41:68:a5:94:4d:04:f4:53:c4:45:8c:0b:
                    df:00:e0:a9:cc:37:da:d1:23:4d:73:83:2e:b2:13:
                    0f:c8:3c:ed:9a:b9:e7:72:53:30:40:3b:0c:23:6b:
                    bf:c2:76:5c:70:0f:be:81:d3:bf:30:13:96:05:1e:
                    b9:c5:8c:17:d3:81:f6:b1:ed:b6:52:4e:3f:ff:77:
                    b0:d2:fd:4d:89:69:72:6f:ca:29:f5:4f:ec:81:59:
                    0f:7a:04:b7:5a:7e:6c:23:19:f0:8f:9d:7f:c8:a5:
                    23:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:89:47:F0:EB:CD:36:0D:F0:21:FC:53:47:2F:0C:EF:A7:8F:A4:EB
            X509v3 Authority Key Identifier:
                keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/n4lH8OvNNg3wIfxTRy8M76ePpOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.76.0/22
                  45.81.216.0/22
                  45.84.180.0/22
                  45.86.252.0/22
                  45.87.71.0/24
                  45.93.76.0/22
                  45.95.60.0/22
                  45.129.112.0/22
                  45.135.20.0/22
                  45.138.60.0/22
                  45.142.148.0/22
                  45.148.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:76:ad:8a:a4:89:78:11:46:ab:04:88:44:57:fc:58:c4:3a:
         af:0e:c9:b1:ff:62:95:92:3e:24:d2:bd:09:f2:00:ed:10:02:
         54:da:70:89:53:a7:3e:c6:88:b7:96:cb:45:49:79:fa:27:c9:
         16:e3:c8:83:6b:52:78:09:00:83:18:93:1c:55:a8:fb:56:9b:
         fb:46:48:08:59:ac:f6:9a:bd:f0:97:de:7a:e1:70:62:cf:12:
         6e:f0:18:7b:c0:21:ec:3a:eb:b1:d5:b9:7c:41:85:97:6a:0a:
         16:5f:25:e9:14:1e:e7:19:9a:ad:a8:4a:4f:4b:95:99:b2:a1:
         b2:27:d3:73:d9:92:6c:8f:a2:12:49:11:97:5f:65:c2:16:31:
         52:f5:28:df:d7:5b:a7:f7:ee:c0:8e:1a:45:1d:a8:ce:50:fe:
         5e:a1:3e:cc:b0:1c:98:8a:f2:29:8f:43:38:dc:26:8a:bf:b6:
         40:3f:7f:7b:d3:18:27:d2:59:8e:1c:70:91:4a:ce:b6:fe:cf:
         0c:b5:d2:f0:78:90:84:fb:a1:c9:17:59:09:e4:29:1b:fe:e3:
         2a:7c:11:bf:d0:53:73:fe:9f:fe:3e:07:07:8b:c7:8c:36:f6:
         f7:25:56:8d:ad:54:d9:03:e8:f4:fa:0e:f3:17:f4:76:7f:2a:
         fa:a1:e9:42
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYMKP0a933cd7T0RKDPxj6NYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjIwOTA0MjA0NDIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjg5NDdmMGViY2QzNjBkZjAyMWZjNTM0NzJmMGNlZmE3OGZhNGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh74/+QaJAM9DwkUxXhEQ8/n3emeP
nInYWGq0jr1uh0no3AMOHanhgbFlFtsBaIGWGMw0An6RCHHFuqKwe4BwoUIm26eK
2hJllpsY+gMAIXS/XaR75cSZXiwFUhKvd9Avf+3a9WDk8UuekjDmYzBNW46XxOaw
PXOL/LuOhl1zngSO/ENAUQEvCBHWZZwz/XWQkjZXu2t4jvpBaKWUTQT0U8RFjAvf
AOCpzDfa0SNNc4MushMPyDztmrnnclMwQDsMI2u/wnZccA++gdO/MBOWBR65xYwX
04H2se22Uk4//3ew0v1NiWlyb8op9U/sgVkPegS3Wn5sIxnwj51/yKUjcQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJ+JR/DrzTYN8CH8U0cvDO+nj6TrMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvbjRsSDhPdk5OZzN3SWZ4VFJ5OE03NmVQcE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCLQ9MAwQC
LVHYAwQCLVS0AwQCLVb8AwQALVdHAwQCLV1MAwQCLV88AwQCLYFwAwQCLYcUAwQC
LYo8AwQCLY6UAwQCLZS0MA0GCSqGSIb3DQEBCwUAA4IBAQBpdq2KpIl4EUarBIhE
V/xYxDqvDsmx/2KVkj4k0r0J8gDtEAJU2nCJU6c+xoi3lstFSXn6J8kW48iDa1J4
CQCDGJMcVaj7Vpv7RkgIWaz2mr3wl9564XBizxJu8Bh7wCHsOuux1bl8QYWXagoW
XyXpFB7nGZqtqEpPS5WZsqGyJ9Nz2ZJsj6ISSRGXX2XCFjFS9Sjf11un9+7AjhpF
HajOUP5eoT7MsByYivIpj0M43CaKv7ZAP3970xgn0lmOHHCRSs62/s8MtdLweJCE
+6HJF1kJ5Ckb/uMqfBG/0FNz/p/+PgcHi8eMNvb3JVaNrVTZA+j0+g7zF/R2fyr6
oelC
-----END CERTIFICATE-----