Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/D0Jui7XaQw-8L-nrhlT9Zoae4ww.roa
File:                     D0Jui7XaQw-8L-nrhlT9Zoae4ww.roa (raw, json)
Hash identifier:          sv+R/fghV/PHuk32yHR5mCGgWena9PJwIOAehfyM9XI=
Subject key identifier:   0F:42:6E:8B:B5:DA:43:0F:BC:2F:E9:EB:86:54:FD:66:86:9E:E3:0C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018441B80E399EF8DFAE8B7A467457F96BB2
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/D0Jui7XaQw-8L-nrhlT9Zoae4ww.roa
Signing time:             Fri 04 Nov 2022 08:18:12 +0000
ROA not before:           Fri 04 Nov 2022 08:18:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61138
IP address blocks:        84.32.57.0/24 maxlen: 24
                          84.32.67.0/24 maxlen: 24
                          88.216.187.0/24 maxlen: 24
                          84.32.85.0/24 maxlen: 24
                          88.216.196.0/24 maxlen: 24
                          88.216.130.0/24 maxlen: 24
                          84.32.241.0/24 maxlen: 24
                          84.32.39.0/24 maxlen: 24
                          88.216.100.0/24 maxlen: 24
                          88.216.101.0/24 maxlen: 24
                          88.216.37.0/24 maxlen: 24
                          88.216.38.0/24 maxlen: 24
                          88.216.39.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:41:b8:0e:39:9e:f8:df:ae:8b:7a:46:74:57:f9:6b:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov  4 08:18:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0f426e8bb5da430fbc2fe9eb8654fd66869ee30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:98:3e:3c:ae:d7:17:f3:fd:74:34:ac:e8:86:
                    2b:61:09:40:ac:f2:90:b7:8e:be:9b:b3:c8:cf:bc:
                    07:78:74:84:27:63:6f:83:75:09:dd:56:0b:6a:e2:
                    86:b8:70:f0:a4:40:88:d2:e2:19:e8:20:80:33:a5:
                    4c:f1:b7:30:0a:ce:a3:c3:c1:52:ed:9a:fa:af:ef:
                    df:1e:73:46:dd:b6:6e:b5:5b:2e:63:a2:92:4f:cd:
                    9d:23:80:31:69:ec:b4:82:ac:a5:59:09:cd:ac:c7:
                    97:84:45:cd:8f:d6:d9:e2:08:ed:5f:46:5a:6c:51:
                    6f:d2:51:25:ea:7b:8c:56:b0:ae:4e:fa:7c:d6:e5:
                    62:38:aa:34:03:2d:50:b0:40:72:de:95:0f:41:6e:
                    5e:b2:1c:91:0a:a9:b8:9b:9e:cb:b9:65:8a:0c:83:
                    2a:ff:a5:35:a7:aa:9f:57:e8:8b:91:4b:e1:aa:f2:
                    01:da:29:d6:49:d0:8e:a9:30:a1:68:e6:a6:da:9d:
                    cc:2a:b9:db:0f:6e:55:1a:b0:d4:0f:ae:1d:31:b3:
                    df:fa:4d:7c:e0:4b:39:25:8b:c2:48:bc:e1:11:de:
                    68:2b:49:53:fa:98:cb:e8:9b:4d:e3:45:55:77:c2:
                    91:95:c9:53:48:42:d8:a9:65:25:ca:c7:d3:5a:be:
                    82:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:42:6E:8B:B5:DA:43:0F:BC:2F:E9:EB:86:54:FD:66:86:9E:E3:0C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/D0Jui7XaQw-8L-nrhlT9Zoae4ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.39.0/24
                  84.32.57.0/24
                  84.32.67.0/24
                  84.32.85.0/24
                  84.32.241.0/24
                  88.216.37.0-88.216.39.255
                  88.216.100.0/23
                  88.216.130.0/24
                  88.216.187.0/24
                  88.216.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:ee:7d:db:36:b7:75:fb:1d:94:22:70:40:f6:9b:49:54:7e:
         31:f7:c7:f5:a4:8c:36:21:ac:06:6a:20:66:ec:a5:b8:b5:f1:
         dd:94:69:25:28:42:58:dd:5c:2c:9c:c6:fb:4a:9c:a7:0b:c6:
         f1:35:d4:ac:b4:0f:c0:09:ef:56:8e:b6:7b:20:8e:c4:3b:14:
         96:26:e8:b4:84:0d:7e:9a:18:69:cb:9f:1e:a6:67:da:15:6a:
         c1:52:cf:d3:80:91:d7:ca:35:67:ba:04:26:99:51:8f:c3:b7:
         12:ad:2b:b0:17:44:9c:f6:6d:cc:04:fc:fd:8f:51:c1:88:a9:
         83:99:f2:d3:cf:f1:fb:9d:e3:00:81:86:bd:d6:ae:eb:06:a9:
         f9:a2:ae:ac:d0:c4:2d:ef:9f:99:43:6e:40:2b:1c:46:a8:4c:
         9e:bf:c1:28:5e:49:0e:78:c5:76:13:99:fc:f6:02:6e:2a:67:
         7e:89:39:ad:f7:82:8a:9f:57:3d:69:bb:8e:66:47:50:41:5d:
         54:18:b3:4a:06:5c:d1:2c:f3:67:c6:e7:fe:d7:86:9f:bb:ea:
         d3:b8:d8:ce:ac:01:4c:5c:09:01:6b:56:9c:c5:aa:58:ce:f9:
         8a:38:74:ff:bc:74:5a:37:a6:6f:6b:85:23:a7:71:c8:86:28:
         a1:af:bc:58
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYRBuA45nvjfrot6RnRX+WuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTA0MDgxODEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjQyNmU4YmI1ZGE0MzBmYmMyZmU5ZWI4NjU0ZmQ2Njg2OWVlMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJg+PK7XF/P9dDSs6IYrYQlArPKQ
t46+m7PIz7wHeHSEJ2Nvg3UJ3VYLauKGuHDwpECI0uIZ6CCAM6VM8bcwCs6jw8FS
7Zr6r+/fHnNG3bZutVsuY6KST82dI4Axaey0gqylWQnNrMeXhEXNj9bZ4gjtX0Za
bFFv0lEl6nuMVrCuTvp81uViOKo0Ay1QsEBy3pUPQW5eshyRCqm4m57LuWWKDIMq
/6U1p6qfV+iLkUvhqvIB2inWSdCOqTChaOam2p3MKrnbD25VGrDUD64dMbPf+k18
4Es5JYvCSLzhEd5oK0lT+pjL6JtN40VVd8KRlclTSELYqWUlysfTWr6C6QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFA9Cbou12kMPvC/p64ZU/WaGnuMMMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvRDBKdWk3WGFRdy04TC1ucmhsVDlab2FlNHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAVCAnAwQA
VCA5AwQAVCBDAwQAVCBVAwQAVCDxMAwDBABY2CUDBANY2CADBAFY2GQDBABY2IID
BABY2LsDBABY2MQwDQYJKoZIhvcNAQELBQADggEBAJ/ufds2t3X7HZQicED2m0lU
fjH3x/WkjDYhrAZqIGbspbi18d2UaSUoQljdXCycxvtKnKcLxvE11Ky0D8AJ71aO
tnsgjsQ7FJYm6LSEDX6aGGnLnx6mZ9oVasFSz9OAkdfKNWe6BCaZUY/DtxKtK7AX
RJz2bcwE/P2PUcGIqYOZ8tPP8fud4wCBhr3WrusGqfmirqzQxC3vn5lDbkArHEao
TJ6/wSheSQ54xXYTmfz2Am4qZ36JOa33goqfVz1pu45mR1BBXVQYs0oGXNEs82fG
5/7Xhp+76tO42M6sAUxcCQFrVpzFqljO+Yo4dP+8dFo3pm9rhSOncciGKKGvvFg=
-----END CERTIFICATE-----