Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/30GtoK67kTjecIq7asShDkwwUmQ.roa
File:                     30GtoK67kTjecIq7asShDkwwUmQ.roa (raw, json)
Hash identifier:          Ml+XqFywBurVQq0txzfNn7rEM7rmR2Q5VUp7LlESGL8=
Subject key identifier:   DF:41:AD:A0:AE:BB:91:38:DE:70:8A:BB:6A:C4:A1:0E:4C:30:52:64
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018460A605FCFBA62336DAB22DB688F92390
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/30GtoK67kTjecIq7asShDkwwUmQ.roa
Signing time:             Thu 10 Nov 2022 08:26:43 +0000
ROA not before:           Thu 10 Nov 2022 08:26:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211585
IP address blocks:        88.216.180.0/22 maxlen: 24
                          88.216.212.0/22 maxlen: 24
                          84.32.214.0/23 maxlen: 24
                          84.32.232.0/23 maxlen: 24
                          84.32.236.0/23 maxlen: 24
                          84.32.246.0/23 maxlen: 24
                          84.32.252.0/23 maxlen: 24
                          84.32.210.0/23 maxlen: 24
                          84.32.208.0/23 maxlen: 24
                          88.216.228.0/22 maxlen: 24
                          88.216.236.0/22 maxlen: 24
                          88.216.240.0/22 maxlen: 24
                          88.216.244.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:60:a6:05:fc:fb:a6:23:36:da:b2:2d:b6:88:f9:23:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 10 08:26:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=df41ada0aebb9138de708abb6ac4a10e4c305264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:39:39:0b:95:06:61:7c:e9:75:7d:e2:98:fc:
                    5a:d1:63:5f:f1:9b:82:72:4c:bf:5f:69:d9:b5:2d:
                    88:5b:51:b8:01:e3:bc:20:cb:b6:7b:36:cf:e9:10:
                    3c:8e:3a:c2:07:c8:3b:66:8a:e8:3a:7e:26:93:fd:
                    12:2b:66:37:13:80:11:b7:19:84:8b:31:04:b5:ec:
                    f5:bb:ae:10:d8:14:54:7a:42:c0:a6:43:12:b2:49:
                    a3:3d:87:ee:12:9c:3f:4f:5b:f6:79:14:2c:4a:72:
                    3f:d4:06:86:76:65:6e:e0:67:eb:e3:40:1f:1c:4b:
                    64:5e:1a:08:ee:a6:0c:86:87:66:54:a4:d2:47:b2:
                    24:b8:37:9c:93:12:1c:c2:75:5a:8a:55:b4:2f:bd:
                    19:c3:0f:f3:8a:2f:f9:9f:99:ba:63:1d:c3:42:c8:
                    79:2c:b6:6b:99:f0:45:50:83:9b:17:14:a9:93:89:
                    91:9f:1e:43:a8:ee:d2:82:eb:78:09:72:f5:ad:3d:
                    52:4c:21:d0:dd:6c:88:01:f0:c7:cc:1b:40:18:a6:
                    49:a8:2f:74:39:08:6a:17:ba:ee:1d:ad:a5:44:82:
                    1c:4c:09:c9:4b:da:28:53:95:b0:94:79:f1:33:1e:
                    17:16:94:03:21:a6:87:fd:70:7f:85:e2:d1:7c:c7:
                    a1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:41:AD:A0:AE:BB:91:38:DE:70:8A:BB:6A:C4:A1:0E:4C:30:52:64
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/30GtoK67kTjecIq7asShDkwwUmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.208.0/22
                  84.32.214.0/23
                  84.32.232.0/23
                  84.32.236.0/23
                  84.32.246.0/23
                  84.32.252.0/23
                  88.216.180.0/22
                  88.216.212.0/22
                  88.216.228.0/22
                  88.216.236.0-88.216.247.255

    Signature Algorithm: sha256WithRSAEncryption
         73:6e:a8:50:e6:37:68:31:08:13:57:db:8d:3b:4d:8a:47:86:
         5e:1d:ed:dd:99:77:40:ec:2f:8e:42:55:f8:14:56:6a:7c:95:
         d1:2b:e0:6c:50:a3:ed:1b:01:66:5a:91:bf:60:a7:2b:4f:b4:
         5b:1e:be:25:5f:53:cd:63:0f:d4:2c:c0:34:06:b1:5f:9f:8b:
         b5:71:6c:9a:71:78:c0:5f:61:04:47:4a:34:8c:fb:00:b6:e2:
         52:a3:ce:b0:02:79:4a:fa:3c:b8:6e:9a:ca:eb:b2:bf:a7:e2:
         88:2a:2e:6a:4e:e8:7c:03:d9:db:73:9c:d5:72:39:fa:f9:d7:
         e2:e4:8e:64:23:f7:e3:3c:6e:e5:0f:25:3c:4f:ee:c8:0c:a4:
         d9:b4:63:59:ce:18:c5:92:94:2b:39:3d:86:32:cb:aa:75:ff:
         46:76:c7:e2:49:dc:2c:dc:e5:1a:c7:b9:ea:27:79:33:91:1c:
         a7:56:b1:c2:2f:86:ae:04:d2:e6:02:77:be:14:1c:50:27:ed:
         62:66:cb:09:3f:19:74:f0:c1:75:53:9d:ce:1d:d2:5c:17:80:
         ef:32:2f:47:34:e6:3f:d6:83:fd:f0:a1:51:01:0a:5c:84:44:
         4c:5e:8f:f9:db:e0:c9:28:ea:31:7b:04:51:ff:21:cd:fe:42:
         97:ee:6e:54
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYRgpgX8+6YjNtqyLbaI+SOQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTEwMDgyNjQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjQxYWRhMGFlYmI5MTM4ZGU3MDhhYmI2YWM0YTEwZTRjMzA1MjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTk5C5UGYXzpdX3imPxa0WNf8ZuC
cky/X2nZtS2IW1G4AeO8IMu2ezbP6RA8jjrCB8g7ZoroOn4mk/0SK2Y3E4ARtxmE
izEEtez1u64Q2BRUekLApkMSskmjPYfuEpw/T1v2eRQsSnI/1AaGdmVu4Gfr40Af
HEtkXhoI7qYMhodmVKTSR7IkuDeckxIcwnVailW0L70Zww/zii/5n5m6Yx3DQsh5
LLZrmfBFUIObFxSpk4mRnx5DqO7Sgut4CXL1rT1STCHQ3WyIAfDHzBtAGKZJqC90
OQhqF7ruHa2lRIIcTAnJS9ooU5WwlHnxMx4XFpQDIaaH/XB/heLRfMehaQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFN9BraCuu5E43nCKu2rEoQ5MMFJkMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvMzBHdG9LNjdrVGplY0lxN2FzU2hEa3d3VW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCVCDQAwQB
VCDWAwQBVCDoAwQBVCDsAwQBVCD2AwQBVCD8AwQCWNi0AwQCWNjUAwQCWNjkMAwD
BAJY2OwDBANY2PAwDQYJKoZIhvcNAQELBQADggEBAHNuqFDmN2gxCBNX2407TYpH
hl4d7d2Zd0DsL45CVfgUVmp8ldEr4GxQo+0bAWZakb9gpytPtFseviVfU81jD9Qs
wDQGsV+fi7VxbJpxeMBfYQRHSjSM+wC24lKjzrACeUr6PLhumsrrsr+n4ogqLmpO
6HwD2dtznNVyOfr51+LkjmQj9+M8buUPJTxP7sgMpNm0Y1nOGMWSlCs5PYYyy6p1
/0Z2x+JJ3Czc5RrHueoneTORHKdWscIvhq4E0uYCd74UHFAn7WJmywk/GXTwwXVT
nc4d0lwXgO8yL0c05j/Wg/3woVEBClyERExej/nb4Mko6jF7BFH/Ic3+QpfublQ=
-----END CERTIFICATE-----