Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/1-9ffPNGS_uqPmQ4BsZwPggOb-Pc.roa
File:                     1-9ffPNGS_uqPmQ4BsZwPggOb-Pc.roa (raw, json)
Hash identifier:          EU22I/3IRsjHRmiJwAoHawNeZz+TgiALC0nypxFblAc=
Subject key identifier:   FB:D7:DF:3C:D1:92:FE:EA:8F:99:0E:01:B1:9C:0F:82:03:9B:F8:F7
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0183CBA0CD2EC102E3F68EC459474FFCCC7A
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/1-9ffPNGS_uqPmQ4BsZwPggOb-Pc.roa
Signing time:             Wed 12 Oct 2022 09:57:36 +0000
ROA not before:           Wed 12 Oct 2022 09:57:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49999
IP address blocks:        84.32.76.0/24 maxlen: 24
                          88.216.188.0/22 maxlen: 24
                          88.216.187.0/24 maxlen: 24
                          84.32.79.0/24 maxlen: 24
                          84.32.88.0/24 maxlen: 24
                          84.32.14.0/24 maxlen: 24
                          84.32.34.0/24 maxlen: 24
                          84.32.40.0/22 maxlen: 24
                          88.216.18.0/24 maxlen: 24
                          88.216.248.0/22 maxlen: 24
                          88.216.43.0/24 maxlen: 24
                          88.216.41.0/24 maxlen: 24
                          88.216.40.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:cb:a0:cd:2e:c1:02:e3:f6:8e:c4:59:47:4f:fc:cc:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct 12 09:57:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fbd7df3cd192feea8f990e01b19c0f82039bf8f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b2:49:51:82:41:f8:20:90:35:af:11:02:2a:
                    8b:a9:d2:72:fd:74:21:c1:cb:69:d7:78:6f:75:65:
                    93:7d:f2:f0:24:a5:f9:6a:6f:82:2a:c7:0a:1c:0f:
                    f6:25:20:91:5a:30:59:91:39:a4:54:f9:9b:aa:c2:
                    cb:4f:cc:e3:53:78:d1:1c:27:25:95:c4:c0:31:79:
                    99:20:45:fa:d4:92:97:67:e7:41:a5:e7:07:71:13:
                    42:e3:6b:5c:8b:d2:b8:1c:75:60:c9:65:58:5f:b8:
                    b5:0e:0c:50:35:d4:96:40:ab:0b:ac:08:17:62:a9:
                    56:94:03:b9:2e:d5:be:fa:33:42:1b:53:9b:e5:34:
                    a2:20:4c:a8:6f:d5:e4:b8:02:6c:99:94:40:f9:bd:
                    5f:67:e5:08:b5:4c:a5:03:0f:0e:62:0c:28:1a:31:
                    0c:0c:50:71:2b:77:f4:cb:02:29:64:e7:75:2a:51:
                    3c:65:55:93:81:72:43:b1:c6:0b:05:f9:61:b3:cb:
                    95:cc:68:b5:b5:96:ef:58:8f:09:c1:56:2c:4f:20:
                    fa:48:bb:ba:74:1d:bf:00:87:60:2c:07:5c:39:d2:
                    2e:d2:cb:4c:33:99:c7:04:c1:3f:3a:f5:9b:fd:54:
                    30:68:41:3f:b0:cf:3f:10:6a:41:43:5a:6c:03:3f:
                    06:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:D7:DF:3C:D1:92:FE:EA:8F:99:0E:01:B1:9C:0F:82:03:9B:F8:F7
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/1-9ffPNGS_uqPmQ4BsZwPggOb-Pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.14.0/24
                  84.32.34.0/24
                  84.32.40.0/22
                  84.32.76.0/24
                  84.32.79.0/24
                  84.32.88.0/24
                  88.216.18.0/24
                  88.216.40.0/23
                  88.216.43.0/24
                  88.216.187.0-88.216.191.255
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:cd:35:e3:32:40:bb:8c:0e:b4:45:dd:9c:9b:d3:cc:88:f8:
         c0:86:db:b3:08:47:fd:5c:f2:20:9b:8f:fd:97:67:ad:5a:6e:
         6f:c1:11:11:be:83:01:67:5a:9e:b2:13:92:27:d9:ed:06:1a:
         07:23:18:b8:93:81:5e:bb:5a:79:2b:5e:38:73:f0:dc:aa:5e:
         c2:0b:ff:55:8b:c8:1d:84:c0:c7:a3:3d:45:68:b4:75:b4:31:
         37:82:10:58:72:93:90:10:f5:fe:ee:d6:72:ae:32:e4:a1:ae:
         28:53:1b:34:32:b1:9a:a7:60:b9:5c:3e:5c:0b:db:17:9e:8c:
         f1:71:62:3b:c1:c8:ae:9a:e3:18:ca:d2:0d:8b:be:b3:46:bf:
         61:76:29:2c:75:d1:75:27:bb:9a:0a:3e:7e:db:9f:19:07:71:
         d1:f9:7a:d9:86:ed:8d:a5:e0:e5:2b:db:15:dc:c2:9f:e9:0d:
         c0:bf:a1:84:3d:2c:9f:af:b2:26:63:28:0c:40:8a:74:aa:ae:
         dc:d7:f1:c5:fc:af:e2:bc:d5:e3:6d:45:f9:76:59:ca:ff:0d:
         5b:ae:70:75:94:ed:e3:b2:14:35:b6:bb:38:00:a9:da:e2:cc:
         13:25:26:48:f0:54:34:f9:ed:76:54:f6:ad:4e:e1:21:d1:03:
         09:1d:a2:c3
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYPLoM0uwQLj9o7EWUdP/Mx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMDEyMDk1NzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmQ3ZGYzY2QxOTJmZWVhOGY5OTBlMDFiMTljMGY4MjAzOWJmOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7JJUYJB+CCQNa8RAiqLqdJy/XQh
wctp13hvdWWTffLwJKX5am+CKscKHA/2JSCRWjBZkTmkVPmbqsLLT8zjU3jRHCcl
lcTAMXmZIEX61JKXZ+dBpecHcRNC42tci9K4HHVgyWVYX7i1DgxQNdSWQKsLrAgX
YqlWlAO5LtW++jNCG1Ob5TSiIEyob9XkuAJsmZRA+b1fZ+UItUylAw8OYgwoGjEM
DFBxK3f0ywIpZOd1KlE8ZVWTgXJDscYLBflhs8uVzGi1tZbvWI8JwVYsTyD6SLu6
dB2/AIdgLAdcOdIu0stMM5nHBME/OvWb/VQwaEE/sM8/EGpBQ1psAz8GuQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFPvX3zzRkv7qj5kOAbGcD4IDm/j3MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvMS05ZmZQTkdTX3VxUG1RNEJzWndQZ2dPYi1QYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGMvMzk0YzkzLWRjYTMtNGJjNS04YzliLTIzNDgxYmYwOTFj
My8xL1Q3MUZfT05XNHFaZkhrMGRyM2dVdHRhOW84VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBjBggrBgEFBQcBBwEB/wRUMFIwUAQCAAEwSgMEAFQgDgME
AFQgIgMEAlQgKAMEAFQgTAMEAFQgTwMEAFQgWAMEAFjYEgMEAVjYKAMEAFjYKzAM
AwQAWNi7AwQGWNiAAwQCWNj4MA0GCSqGSIb3DQEBCwUAA4IBAQBQzTXjMkC7jA60
Rd2cm9PMiPjAhtuzCEf9XPIgm4/9l2etWm5vwRERvoMBZ1qeshOSJ9ntBhoHIxi4
k4Feu1p5K144c/Dcql7CC/9Vi8gdhMDHoz1FaLR1tDE3ghBYcpOQEPX+7tZyrjLk
oa4oUxs0MrGap2C5XD5cC9sXnozxcWI7wciumuMYytINi76zRr9hdiksddF1J7ua
Cj5+258ZB3HR+XrZhu2NpeDlK9sV3MKf6Q3Av6GEPSyfr7ImYygMQIp0qq7c1/HF
/K/ivNXjbUX5dlnK/w1brnB1lO3jshQ1trs4AKna4swTJSZI8FQ0+e12VPatTuEh
0QMJHaLD
-----END CERTIFICATE-----