Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/0SBQleGpBHWB5Ds1JNxcgoc5FFE.roa
File:                     0SBQleGpBHWB5Ds1JNxcgoc5FFE.roa (raw, json)
Hash identifier:          ABAp/p/hAg33NcyDYeguEHdM2o9ko/xi4yYmKgpS++o=
Subject key identifier:   D1:20:50:95:E1:A9:04:75:81:E4:3B:35:24:DC:5C:82:87:39:14:51
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01848B4D1A16525A641EEB30008C4AD5E215
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/0SBQleGpBHWB5Ds1JNxcgoc5FFE.roa
Signing time:             Fri 18 Nov 2022 15:13:16 +0000
ROA not before:           Fri 18 Nov 2022 15:13:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        84.32.52.0/22 maxlen: 24
                          84.32.76.0/24 maxlen: 24
                          84.32.77.0/24 maxlen: 24
                          88.216.210.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          84.32.6.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.224.0/21 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.248.0/21 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:8b:4d:1a:16:52:5a:64:1e:eb:30:00:8c:4a:d5:e2:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 18 15:13:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d1205095e1a9047581e43b3524dc5c8287391451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:60:52:79:6b:ed:8a:76:3d:ca:07:b5:2b:9a:
                    c3:50:4f:f4:e0:a6:be:25:cd:4a:05:f7:5d:24:b2:
                    5a:56:bf:3e:db:96:83:7b:9a:a9:1c:9e:ba:11:51:
                    a4:ba:5d:00:a0:22:5d:91:34:5c:c4:cb:40:41:8e:
                    0c:f6:21:96:56:1e:64:25:a5:f5:a1:8b:73:9f:24:
                    c7:a3:8d:2c:dd:7d:94:ec:7c:c3:e4:58:b9:8f:cb:
                    30:e9:33:86:ef:de:a1:63:8d:de:d3:50:6a:bc:21:
                    27:7f:0e:61:e4:39:50:6a:e8:e3:ec:0f:88:17:70:
                    2c:e9:1a:32:b4:26:7e:5b:af:80:cf:7a:28:8b:ae:
                    bd:b8:d3:e4:3b:d5:f7:93:f5:ef:ca:af:dc:4b:32:
                    1a:c5:86:1e:29:d0:72:21:53:75:02:05:6e:fb:58:
                    06:17:7b:43:b0:18:92:c2:4e:6e:c0:8a:a0:90:ca:
                    82:89:01:b7:55:29:08:54:84:9a:bb:db:ac:20:9f:
                    34:19:b7:07:62:6b:ff:dd:55:55:b6:f0:f2:5c:a1:
                    ab:93:df:ea:27:75:2d:9e:8d:b2:6b:bc:39:80:d3:
                    b8:5f:5e:d0:c9:f2:d3:e2:b8:db:e5:f0:21:69:a5:
                    2f:ac:68:04:38:2d:27:ee:75:75:87:d1:f7:ec:3f:
                    c3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:20:50:95:E1:A9:04:75:81:E4:3B:35:24:DC:5C:82:87:39:14:51
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/0SBQleGpBHWB5Ds1JNxcgoc5FFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.52.0/22
                  84.32.76.0/23
                  88.216.19.0/24
                  88.216.46.0/24
                  88.216.98.0/24
                  88.216.209.0-88.216.211.255
                  88.216.224.0/21
                  88.216.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:d6:8c:c2:9f:04:00:34:a8:46:49:b0:aa:c7:dd:53:1d:eb:
         9b:06:ac:0a:60:7b:bd:bf:da:88:68:96:b4:d8:55:f6:b8:09:
         7c:29:63:01:41:36:ef:99:d9:29:91:3c:2c:7a:d4:9c:b9:14:
         3a:3c:19:78:a0:eb:49:44:f3:58:08:41:17:d7:76:cf:95:21:
         ca:6e:79:d0:39:1c:71:f7:6e:82:ad:10:25:bc:3a:0a:2a:48:
         95:f8:11:bd:70:b8:ee:92:80:18:1e:38:69:c2:77:fc:51:00:
         a7:03:05:28:88:40:ff:09:1b:60:f4:05:26:aa:a1:cd:2e:4e:
         8d:71:aa:b3:29:85:e0:8a:6f:77:43:02:91:f4:f5:88:8c:16:
         09:b2:70:c4:30:2b:e0:f2:0a:07:3d:bd:a3:c3:f8:c7:19:39:
         49:32:76:e7:fc:0c:c3:30:07:b6:bb:a4:62:5a:39:8d:69:3a:
         e8:10:59:c9:8f:84:f2:68:82:91:d6:6f:28:44:d2:5a:2f:15:
         71:0b:4a:85:51:65:50:53:b4:b0:e9:3b:6d:60:fa:ab:7b:27:
         e5:b3:bc:9a:a0:23:a9:65:bf:89:9a:3b:9d:ae:e5:cc:67:74:
         3a:a6:84:c8:17:2a:72:e0:85:f1:6a:a2:71:9e:ea:29:b8:37:
         84:0d:c8:85
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYSLTRoWUlpkHuswAIxK1eIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTE4MTUxMzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTIwNTA5NWUxYTkwNDc1ODFlNDNiMzUyNGRjNWM4Mjg3MzkxNDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWBSeWvtinY9yge1K5rDUE/04Ka+
Jc1KBfddJLJaVr8+25aDe5qpHJ66EVGkul0AoCJdkTRcxMtAQY4M9iGWVh5kJaX1
oYtznyTHo40s3X2U7HzD5Fi5j8sw6TOG796hY43e01BqvCEnfw5h5DlQaujj7A+I
F3As6RoytCZ+W6+Az3ooi669uNPkO9X3k/Xvyq/cSzIaxYYeKdByIVN1AgVu+1gG
F3tDsBiSwk5uwIqgkMqCiQG3VSkIVISau9usIJ80GbcHYmv/3VVVtvDyXKGrk9/q
J3Utno2ya7w5gNO4X17QyfLT4rjb5fAhaaUvrGgEOC0n7nV1h9H37D/DYQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNEgUJXhqQR1geQ7NSTcXIKHORRRMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvMFNCUWxlR3BCSFdCNURzMUpOeGNnb2M1RkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAVCAGAwQC
VCA0AwQBVCBMAwQAWNgTAwQAWNguAwQAWNhiMAwDBABY2NEDBAJY2NADBANY2OAD
BANY2PgwDQYJKoZIhvcNAQELBQADggEBADbWjMKfBAA0qEZJsKrH3VMd65sGrApg
e72/2oholrTYVfa4CXwpYwFBNu+Z2SmRPCx61Jy5FDo8GXig60lE81gIQRfXds+V
IcpuedA5HHH3boKtECW8OgoqSJX4Eb1wuO6SgBgeOGnCd/xRAKcDBSiIQP8JG2D0
BSaqoc0uTo1xqrMpheCKb3dDApH09YiMFgmycMQwK+DyCgc9vaPD+McZOUkyduf8
DMMwB7a7pGJaOY1pOugQWcmPhPJogpHWbyhE0lovFXELSoVRZVBTtLDpO21g+qt7
J+WzvJqgI6llv4maO52u5cxndDqmhMgXKnLghfFqonGe6im4N4QNyIU=
-----END CERTIFICATE-----