Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/6g-Z_JmgcFNRkRy2cncIn-FqqF4.roa
File:                     6g-Z_JmgcFNRkRy2cncIn-FqqF4.roa (raw, json)
Hash identifier:          fFHdpifywZ1HShmGnbYUGL7G1clUjQH6AuPyIZuLUrU=
Subject key identifier:   EA:0F:99:FC:99:A0:70:53:51:91:1C:B6:72:77:08:9F:E1:6A:A8:5E
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0181E234DA55EE5A00EBDBE41E54108789E1
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/6g-Z_JmgcFNRkRy2cncIn-FqqF4.roa
Signing time:             Sat 09 Jul 2022 09:05:23 +0000
ROA not before:           Sat 09 Jul 2022 09:05:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        84.32.64.0/24 maxlen: 24
                          84.32.70.0/24 maxlen: 24
                          88.216.185.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          84.32.82.0/24 maxlen: 24
                          84.32.4.0/24 maxlen: 24
                          84.32.8.0/22 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          88.216.135.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.96.0/24 maxlen: 24
                          88.216.18.0/24 maxlen: 24
                          88.216.34.0/24 maxlen: 24
                          88.216.42.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:e2:34:da:55:ee:5a:00:eb:db:e4:1e:54:10:87:89:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul  9 09:05:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ea0f99fc99a0705351911cb67277089fe16aa85e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:11:33:97:51:9f:50:52:9c:40:29:2d:32:21:
                    17:19:a3:d3:81:66:fa:27:b9:5e:a8:b7:d3:61:e0:
                    55:3a:31:98:17:00:07:24:91:41:86:85:92:62:71:
                    59:f9:dd:cb:b0:b8:96:a9:f5:90:3e:4b:7a:3f:ec:
                    66:3d:c6:58:68:8c:da:b8:7e:ff:a8:ee:1f:0d:ec:
                    38:fe:90:4b:b5:13:ee:57:7f:03:99:92:86:fb:47:
                    03:6f:bd:97:74:af:18:b7:5c:27:c6:db:75:1e:12:
                    89:49:16:88:99:64:6e:bf:97:cb:63:7d:ba:c8:33:
                    ce:91:34:48:ac:08:ed:3e:31:75:bd:fb:2c:67:46:
                    10:ad:bb:29:d9:96:3b:e6:6c:a4:24:45:29:77:55:
                    17:42:52:36:c4:6b:2d:45:0f:c3:a7:5b:f0:ef:d7:
                    40:ab:6f:da:c5:95:40:83:cf:17:d7:66:f5:38:ef:
                    2a:08:f9:a4:0a:88:24:cc:6b:9f:4c:98:62:65:e8:
                    69:57:0f:3d:07:84:0e:b5:ba:9e:8d:7a:88:b5:05:
                    07:89:ca:50:5a:c0:56:53:7e:fb:b0:4a:8f:d8:2d:
                    11:6a:ac:f0:0a:43:68:60:73:2b:c3:c7:a5:ff:59:
                    d4:52:09:4b:0a:51:92:e9:2b:0a:17:01:58:44:c5:
                    b5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:0F:99:FC:99:A0:70:53:51:91:1C:B6:72:77:08:9F:E1:6A:A8:5E
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/6g-Z_JmgcFNRkRy2cncIn-FqqF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.4.0/24
                  84.32.8.0/22
                  84.32.64.0/24
                  84.32.70.0/24
                  84.32.82.0/24
                  88.216.18.0/24
                  88.216.34.0/24
                  88.216.42.0/24
                  88.216.96.0/24
                  88.216.98.0/24
                  88.216.128.0/24
                  88.216.135.0/24
                  88.216.185.0-88.216.186.255

    Signature Algorithm: sha256WithRSAEncryption
         12:ea:61:18:a9:dc:73:e5:d2:df:2c:d3:aa:9d:b6:4f:ae:2a:
         1d:51:45:3d:cf:37:9c:ae:6a:2d:b1:46:c3:9b:f8:71:bc:7b:
         2f:b2:df:30:6e:ff:16:ef:0d:a3:be:34:c2:46:29:8b:fb:84:
         b5:ec:e4:f0:3b:bc:3e:4c:f6:af:fa:d9:93:e1:1f:40:41:d1:
         ed:b4:4f:fa:0f:9d:77:cb:95:11:56:56:c8:ad:57:6f:ac:90:
         93:7b:99:2f:c7:86:95:dc:ba:36:62:c2:55:df:70:44:f1:59:
         78:24:21:66:0b:6d:38:c8:fb:4b:18:ed:76:b2:8f:35:2a:16:
         ed:cb:da:ec:77:f4:6c:8c:21:e5:db:8a:95:39:98:cf:b6:0a:
         68:b0:49:8e:fb:0c:80:fc:e9:8c:13:1c:46:d4:7e:70:ec:1e:
         00:9e:42:80:13:2e:ed:3d:57:fd:cf:41:b2:20:cb:7f:5e:72:
         c0:89:37:ed:4e:54:ca:bd:fd:cb:53:ee:7a:b6:6c:db:ff:7f:
         16:83:91:22:cd:f2:fc:6b:0f:ea:55:db:f7:08:ab:af:57:2b:
         37:fc:cc:4c:c3:93:71:d3:51:69:83:6d:08:43:68:7d:f6:88:
         29:c9:6a:d7:74:b3:4b:d7:31:28:98:1c:b7:2a:fb:ea:22:7e:
         48:ea:a9:e3
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYHiNNpV7loA69vkHlQQh4nhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIwNzA5MDkwNTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTBmOTlmYzk5YTA3MDUzNTE5MTFjYjY3Mjc3MDg5ZmUxNmFhODVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhEzl1GfUFKcQCktMiEXGaPTgWb6
J7leqLfTYeBVOjGYFwAHJJFBhoWSYnFZ+d3LsLiWqfWQPkt6P+xmPcZYaIzauH7/
qO4fDew4/pBLtRPuV38DmZKG+0cDb72XdK8Yt1wnxtt1HhKJSRaImWRuv5fLY326
yDPOkTRIrAjtPjF1vfssZ0YQrbsp2ZY75mykJEUpd1UXQlI2xGstRQ/Dp1vw79dA
q2/axZVAg88X12b1OO8qCPmkCogkzGufTJhiZehpVw89B4QOtbqejXqItQUHicpQ
WsBWU377sEqP2C0RaqzwCkNoYHMrw8el/1nUUglLClGS6SsKFwFYRMW1iQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFOoPmfyZoHBTUZEctnJ3CJ/haqheMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvNmctWl9KbWdjRk5Sa1J5MmNuY0luLUZxcUY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAVCAEAwQC
VCAIAwQAVCBAAwQAVCBGAwQAVCBSAwQAWNgSAwQAWNgiAwQAWNgqAwQAWNhgAwQA
WNhiAwQAWNiAAwQAWNiHMAwDBABY2LkDBABY2LowDQYJKoZIhvcNAQELBQADggEB
ABLqYRip3HPl0t8s06qdtk+uKh1RRT3PN5yuai2xRsOb+HG8ey+y3zBu/xbvDaO+
NMJGKYv7hLXs5PA7vD5M9q/62ZPhH0BB0e20T/oPnXfLlRFWVsitV2+skJN7mS/H
hpXcujZiwlXfcETxWXgkIWYLbTjI+0sY7XayjzUqFu3L2ux39GyMIeXbipU5mM+2
CmiwSY77DID86YwTHEbUfnDsHgCeQoATLu09V/3PQbIgy39ecsCJN+1OVMq9/ctT
7nq2bNv/fxaDkSLN8vxrD+pV2/cIq69XKzf8zEzDk3HTUWmDbQhDaH32iCnJatd0
s0vXMSiYHLcq++oifkjqqeM=
-----END CERTIFICATE-----