Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BtMm_7MwoASuMbjluyQcin8swAQ.roa
File:                     BtMm_7MwoASuMbjluyQcin8swAQ.roa (raw, json)
Hash identifier:          gel7MtRPX1XLa3llS95pymM0emIEGqfOVvFtn9uLfBc=
Subject key identifier:   06:D3:26:FF:B3:30:A0:04:AE:31:B8:E5:BB:24:1C:8A:7F:2C:C0:04
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       633E9E
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BtMm_7MwoASuMbjluyQcin8swAQ.roa
Signing time:             Wed 23 Mar 2022 15:24:54 +0000
ROA not before:           Wed 23 Mar 2022 15:24:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        88.216.180.0/22 maxlen: 24
                          88.216.188.0/22 maxlen: 24
                          88.216.196.0/22 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          88.216.210.0/23 maxlen: 24
                          88.216.212.0/22 maxlen: 24
                          84.32.4.0/22 maxlen: 24
                          84.32.8.0/22 maxlen: 24
                          88.216.0.0/22 maxlen: 24
                          88.216.16.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.20.0/22 maxlen: 22
                          88.216.33.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.47.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6504094 (0x633e9e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 23 15:24:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=06d326ffb330a004ae31b8e5bb241c8a7f2cc004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ee:4e:2b:09:97:07:25:e5:ff:b4:8f:42:b9:
                    d8:a0:1e:c2:61:06:a4:4d:8d:00:87:9a:3f:3d:11:
                    4e:7b:70:30:3b:a3:a6:f2:13:c3:86:80:9d:1e:4b:
                    4e:d7:17:34:61:9d:1f:ae:95:e8:30:8b:12:89:72:
                    aa:81:8e:ce:23:c1:45:38:36:ab:33:aa:df:20:a5:
                    b7:68:f2:0c:75:2c:e2:67:42:f0:a1:22:9d:fd:6c:
                    30:88:c2:c9:63:17:0d:13:94:64:52:cb:f9:ad:69:
                    1c:af:30:7f:41:f0:90:f7:93:81:d6:c3:d4:4a:09:
                    a5:2f:5c:0d:e9:da:ab:db:fa:71:e4:a5:2f:d3:43:
                    0d:d4:3d:ae:05:3a:fb:8d:68:b9:f3:bc:9b:1d:b8:
                    89:15:ad:83:a9:ac:75:43:ed:bd:7a:ba:b4:40:4d:
                    b7:c9:b9:b1:6d:63:e3:c6:b4:48:12:fa:26:21:c9:
                    e3:1d:aa:0b:8b:d6:c3:1c:d0:8c:a9:d1:fc:1e:98:
                    b6:25:40:aa:79:21:63:48:47:79:93:b7:58:76:73:
                    af:2b:39:f7:ba:3d:f2:9e:32:81:fa:05:b7:c5:61:
                    b4:dc:57:83:4a:96:46:30:cd:88:34:e1:6f:15:9d:
                    b6:a5:98:a0:56:95:0f:1d:66:e7:a0:e2:2a:72:67:
                    f0:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D3:26:FF:B3:30:A0:04:AE:31:B8:E5:BB:24:1C:8A:7F:2C:C0:04
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/BtMm_7MwoASuMbjluyQcin8swAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.4.0-84.32.11.255
                  88.216.0.0/22
                  88.216.16.0/24
                  88.216.19.0-88.216.23.255
                  88.216.32.0/23
                  88.216.46.0/23
                  88.216.180.0/22
                  88.216.188.0/22
                  88.216.196.0/22
                  88.216.209.0-88.216.215.255

    Signature Algorithm: sha256WithRSAEncryption
         56:80:89:b2:fe:e3:2f:64:21:6b:dd:9d:ef:7f:3c:cc:ae:07:
         1e:b2:e3:07:d9:27:84:9f:dd:3e:dc:cb:ed:b8:27:bb:6f:28:
         4c:20:d2:f0:d6:89:91:cb:b3:d5:6d:22:dd:bf:3d:8a:29:73:
         49:98:66:d8:78:d3:12:fd:60:1a:f2:e3:e2:3e:50:6b:31:30:
         75:f8:d8:28:36:d3:98:d0:91:d4:b5:04:74:85:dc:14:e4:03:
         b3:51:9a:a2:af:6a:5b:9b:e7:6a:d2:45:9b:ea:ed:42:13:fc:
         75:a1:a3:31:7b:69:69:63:eb:7f:c7:13:69:47:d4:fe:88:9d:
         90:1e:62:e3:fd:f0:b8:58:c5:07:33:c9:11:3d:b7:f7:98:31:
         e5:2e:ca:00:58:1b:fc:71:03:8b:aa:58:66:f6:a4:9d:65:ae:
         c4:92:6a:f6:db:ca:9b:95:23:aa:07:0f:86:74:db:f3:1f:9a:
         6a:81:49:03:9a:18:55:3b:d4:00:c0:7e:56:91:a8:cb:fa:7d:
         8b:32:05:f2:95:38:1c:7e:8d:70:ac:cc:9f:f6:97:89:2d:a2:
         5d:d3:fd:c7:44:1b:95:04:a8:e4:3f:c9:90:7c:eb:9a:a8:46:
         40:c5:51:7f:ce:a4:86:54:da:c7:c1:a4:b5:0f:14:b2:ee:96:
         16:92:bd:15
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIDYz6eMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDRm
YmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZiZGEzYzUwHhcNMjIwMzIz
MTUyNDU0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygwNmQzMjZmZmIzMzBh
MDA0YWUzMWI4ZTViYjI0MWM4YTdmMmNjMDA0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyu5OKwmXByXl/7SPQrnYoB7CYQakTY0Ah5o/PRFOe3AwO6Om
8hPDhoCdHktO1xc0YZ0frpXoMIsSiXKqgY7OI8FFODarM6rfIKW3aPIMdSziZ0Lw
oSKd/WwwiMLJYxcNE5RkUsv5rWkcrzB/QfCQ95OB1sPUSgmlL1wN6dqr2/px5KUv
00MN1D2uBTr7jWi587ybHbiJFa2Dqax1Q+29erq0QE23ybmxbWPjxrRIEvomIcnj
HaoLi9bDHNCMqdH8Hpi2JUCqeSFjSEd5k7dYdnOvKzn3uj3ynjKB+gW3xWG03FeD
SpZGMM2INOFvFZ22pZigVpUPHWbnoOIqcmfwsQIDAQABo4ICVzCCAlMwHQYDVR0O
BBYEFAbTJv+zMKAErjG45bskHIp/LMAEMB8GA1UdIwQYMBaAFE+9RfzjVuKmXx5N
Ha94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
VDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMzLzEv
QnRNbV83TXdvQVN1TWJqbHV5UWNpbjhzd0FRLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8z
OTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMzLzEvVDcxRl9PTlc0cVpm
SGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMG0G
CCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUMAwDBAJUIAQDBAJUIAgDBAJY2AADBABY
2BAwDAMEAFjYEwMEA1jYEAMEAVjYIAMEAVjYLgMEAljYtAMEAljYvAMEAljYxDAM
AwQAWNjRAwQDWNjQMA0GCSqGSIb3DQEBCwUAA4IBAQBWgImy/uMvZCFr3Z3vfzzM
rgcesuMH2SeEn90+3MvtuCe7byhMINLw1omRy7PVbSLdvz2KKXNJmGbYeNMS/WAa
8uPiPlBrMTB1+NgoNtOY0JHUtQR0hdwU5AOzUZqir2pbm+dq0kWb6u1CE/x1oaMx
e2lpY+t/xxNpR9T+iJ2QHmLj/fC4WMUHM8kRPbf3mDHlLsoAWBv8cQOLqlhm9qSd
Za7Ekmr228qblSOqBw+GdNvzH5pqgUkDmhhVO9QAwH5WkajL+n2LMgXylTgcfo1w
rMyf9peJLaJd0/3HRBuVBKjkP8mQfOuaqEZAxVF/zqSGVNrHwaS1DxSy7pYWkr0V
-----END CERTIFICATE-----