Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/2F38cEYYMyUS0R_vxF00I1ZUkTc.roa
File:                     2F38cEYYMyUS0R_vxF00I1ZUkTc.roa (raw, json)
Hash identifier:          ANG3NsvsuDC+jBNrzBZq1jn+WTKkzydnsAgPsKNtSL0=
Subject key identifier:   D8:5D:FC:70:46:18:33:25:12:D1:1F:EF:C4:5D:34:23:56:54:91:37
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018257FF128634DB1F32220B00A902174FAD
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/2F38cEYYMyUS0R_vxF00I1ZUkTc.roa
Signing time:             Mon 01 Aug 2022 06:01:50 +0000
ROA not before:           Mon 01 Aug 2022 06:01:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        84.32.64.0/22 maxlen: 24
                          84.32.68.0/22 maxlen: 24
                          84.32.82.0/23 maxlen: 24
                          88.216.196.0/22 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          88.216.210.0/23 maxlen: 24
                          88.216.212.0/22 maxlen: 24
                          84.32.8.0/22 maxlen: 24
                          84.32.40.0/21 maxlen: 24
                          88.216.90.0/24 maxlen: 24
                          88.216.0.0/22 maxlen: 24
                          88.216.16.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:57:ff:12:86:34:db:1f:32:22:0b:00:a9:02:17:4f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Aug  1 06:01:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d85dfc704618332512d11fefc45d342356549137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e7:8e:c5:37:0b:83:c8:f8:c5:88:05:95:ca:
                    39:ec:f3:56:1b:b2:b6:be:a0:80:bb:01:8b:86:3c:
                    84:21:38:40:79:9c:17:2d:bc:19:4f:bc:94:1f:6c:
                    b7:fc:ac:93:01:c4:c4:fa:19:05:5f:8e:ec:1a:d4:
                    45:b1:e7:2a:10:cf:d3:2b:c3:d9:14:d0:49:24:83:
                    65:a3:18:b8:06:47:39:01:62:8e:b6:03:16:71:7b:
                    0c:22:0c:a2:8f:ce:3a:53:42:97:bf:ff:48:8f:b2:
                    37:0d:7f:6f:04:50:be:89:5b:24:1e:6f:44:a2:ec:
                    39:8c:8f:38:c3:67:53:0d:5c:18:f8:3c:67:f8:bb:
                    28:7e:8b:21:b3:c6:53:e0:36:ef:28:47:5e:f6:8e:
                    f3:53:ca:21:fc:63:5b:f8:e2:6a:cb:d1:22:e6:90:
                    d2:00:18:3a:cd:89:d3:2f:ac:75:c1:f4:34:f1:51:
                    40:98:15:89:4b:46:80:b3:62:06:1a:35:33:7f:e3:
                    e6:d2:b7:22:63:13:6c:0f:d1:56:1f:6c:38:46:b5:
                    91:34:94:fa:26:f9:71:98:de:f8:c3:1f:87:40:6d:
                    d3:c2:ee:a0:f8:ec:6a:a7:2f:58:cb:b3:6f:61:90:
                    9a:af:bc:de:38:9e:bd:76:3e:cb:3c:77:5c:2f:8d:
                    17:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:5D:FC:70:46:18:33:25:12:D1:1F:EF:C4:5D:34:23:56:54:91:37
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/2F38cEYYMyUS0R_vxF00I1ZUkTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.8.0/22
                  84.32.40.0/21
                  84.32.64.0/21
                  84.32.82.0/23
                  88.216.0.0/22
                  88.216.16.0/24
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.90.0/24
                  88.216.196.0/22
                  88.216.209.0-88.216.215.255

    Signature Algorithm: sha256WithRSAEncryption
         8e:c9:43:c0:59:5f:6d:29:b4:1f:8f:61:4b:a9:aa:10:d0:8c:
         75:7b:01:87:b8:f1:70:e6:bb:33:36:25:ee:69:b7:a6:33:50:
         29:a9:f3:c4:5f:68:3f:e1:20:2c:c5:66:93:5b:e4:90:71:3b:
         54:8a:4a:71:3b:9b:7e:7f:04:96:b8:1d:12:ee:ee:79:81:eb:
         60:76:c2:81:3c:73:e8:03:05:ea:19:99:16:a2:f3:02:51:79:
         f7:0d:71:94:91:ae:8a:28:2a:4b:46:de:7e:8f:82:01:be:56:
         62:e2:3c:a1:44:bf:2b:de:f9:4a:4a:8a:cf:90:5e:ed:0f:24:
         9d:9c:ac:c6:d7:ec:66:95:7d:98:86:67:ac:f6:a7:87:85:77:
         d7:91:b7:d0:2b:2e:3a:42:93:3f:6d:6f:d1:e8:13:16:9e:3f:
         13:f7:f2:52:b2:9b:1e:a7:4b:11:22:5f:02:fc:58:59:97:25:
         13:d4:9f:c9:e3:b2:e4:a3:4e:3d:7d:ab:0d:a8:59:1c:03:9b:
         68:49:8f:da:d6:ac:fe:e7:43:ca:8b:3b:2b:7e:98:52:83:3f:
         07:8d:a7:6d:9e:d6:32:6b:06:82:f8:ef:db:0f:81:ce:e7:47:
         a2:e9:bd:63:73:4d:dc:66:fd:10:ca:83:5a:50:ac:8a:f1:4a:
         25:48:14:b0
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYJX/xKGNNsfMiILAKkCF0+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIwODAxMDYwMTUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODVkZmM3MDQ2MTgzMzI1MTJkMTFmZWZjNDVkMzQyMzU2NTQ5MTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnueOxTcLg8j4xYgFlco57PNWG7K2
vqCAuwGLhjyEIThAeZwXLbwZT7yUH2y3/KyTAcTE+hkFX47sGtRFsecqEM/TK8PZ
FNBJJINloxi4Bkc5AWKOtgMWcXsMIgyij846U0KXv/9Ij7I3DX9vBFC+iVskHm9E
ouw5jI84w2dTDVwY+Dxn+Lsofoshs8ZT4DbvKEde9o7zU8oh/GNb+OJqy9Ei5pDS
ABg6zYnTL6x1wfQ08VFAmBWJS0aAs2IGGjUzf+Pm0rciYxNsD9FWH2w4RrWRNJT6
JvlxmN74wx+HQG3Twu6g+Oxqpy9Yy7NvYZCar7zeOJ69dj7LPHdcL40XWQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFNhd/HBGGDMlEtEf78RdNCNWVJE3MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvMkYzOGNFWVlNeVVTMFJfdnhGMDBJMVpVa1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQCVCAIAwQD
VCAoAwQDVCBAAwQBVCBSAwQCWNgAAwQAWNgQMAwDBABY2BMDBANY2BADBABY2CAD
BABY2C4DBABY2FoDBAJY2MQwDAMEAFjY0QMEA1jY0DANBgkqhkiG9w0BAQsFAAOC
AQEAjslDwFlfbSm0H49hS6mqENCMdXsBh7jxcOa7MzYl7mm3pjNQKanzxF9oP+Eg
LMVmk1vkkHE7VIpKcTubfn8ElrgdEu7ueYHrYHbCgTxz6AMF6hmZFqLzAlF59w1x
lJGuiigqS0befo+CAb5WYuI8oUS/K975SkqKz5Be7Q8knZysxtfsZpV9mIZnrPan
h4V315G30CsuOkKTP21v0egTFp4/E/fyUrKbHqdLESJfAvxYWZclE9SfyeOy5KNO
PX2rDahZHAObaEmP2tas/udDyos7K36YUoM/B42nbZ7WMmsGgvjv2w+BzudHoum9
Y3NN3Gb9EMqDWlCsivFKJUgUsA==
-----END CERTIFICATE-----