Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/GNlFxCW34g0_7LXJDHx-yEdFyCw.roa
File:                     GNlFxCW34g0_7LXJDHx-yEdFyCw.roa (raw, json)
Hash identifier:          hWGGjaSsn3Go8y/k6pfv+57qBA+dy+La26AWNymBYZA=
Subject key identifier:   18:D9:45:C4:25:B7:E2:0D:3F:EC:B5:C9:0C:7C:7E:C8:47:45:C8:2C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0183ABD60BF34C4BEAF7A014ACC9C5072CE7
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/GNlFxCW34g0_7LXJDHx-yEdFyCw.roa
Signing time:             Thu 06 Oct 2022 05:47:54 +0000
ROA not before:           Thu 06 Oct 2022 05:47:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        84.32.68.0/22 maxlen: 24
                          84.32.82.0/23 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          88.216.210.0/23 maxlen: 24
                          88.216.212.0/22 maxlen: 24
                          84.32.8.0/22 maxlen: 24
                          88.216.90.0/24 maxlen: 24
                          88.216.16.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ab:d6:0b:f3:4c:4b:ea:f7:a0:14:ac:c9:c5:07:2c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct  6 05:47:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=18d945c425b7e20d3fecb5c90c7c7ec84745c82c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d7:3e:ed:37:d4:7a:06:c2:6c:f6:79:4c:d3:
                    b0:31:f6:96:fd:04:90:32:81:aa:b0:81:e1:0f:c4:
                    59:fb:a2:17:02:40:53:c7:01:79:18:ec:1b:a2:93:
                    72:60:ca:b5:65:e3:b4:3d:af:31:eb:fd:a0:a1:4e:
                    ad:e4:75:a4:6c:8e:b1:ca:f1:6f:0d:f6:73:44:8a:
                    32:c2:bf:73:35:34:14:f8:15:60:26:e5:17:d6:ac:
                    0b:1d:b7:85:8d:4d:2e:41:06:c5:46:7d:97:c3:b9:
                    43:d5:63:cc:3d:1c:08:b2:15:3a:22:f2:97:45:af:
                    96:38:70:c1:26:bc:92:07:68:b3:b0:e0:07:bd:2b:
                    23:d6:17:a4:67:29:ac:e0:d3:73:69:25:67:36:e1:
                    d6:ad:c0:26:5b:f9:d9:a5:85:3f:67:90:85:c3:c9:
                    ba:7c:82:bb:c1:1d:af:f2:fb:c5:f1:d7:2f:4f:7f:
                    37:d6:72:87:3c:b8:99:60:98:80:31:53:d1:2f:c9:
                    ad:d6:75:6e:75:b6:25:49:a9:21:d1:f3:58:30:28:
                    d7:bf:d1:07:25:f8:3c:18:68:88:72:0c:27:20:c0:
                    5b:0d:83:b9:e8:2e:85:88:ab:85:5d:a9:d9:28:81:
                    8b:5f:22:f3:60:55:06:d9:06:bf:18:33:8e:4d:ca:
                    c9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D9:45:C4:25:B7:E2:0D:3F:EC:B5:C9:0C:7C:7E:C8:47:45:C8:2C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/GNlFxCW34g0_7LXJDHx-yEdFyCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.8.0/22
                  84.32.68.0/22
                  84.32.82.0/23
                  88.216.16.0/24
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.90.0/24
                  88.216.209.0-88.216.215.255

    Signature Algorithm: sha256WithRSAEncryption
         89:5c:6b:99:d0:1c:fa:cc:7c:21:53:35:29:16:ee:4d:93:4d:
         c6:4a:be:7f:e3:93:36:db:f2:e9:79:ab:26:f0:28:6e:13:be:
         0d:45:47:98:15:b4:bc:98:4c:11:ca:cb:42:a8:6f:0f:92:ae:
         ae:c8:50:c4:e6:dc:f7:22:d7:88:79:d9:df:77:4d:7f:c7:5c:
         b0:60:33:b8:4a:fa:0c:be:d1:b3:2d:f5:b3:be:32:83:dc:db:
         d6:d4:21:29:29:cb:90:a3:59:ef:dd:3d:9d:7e:dc:7f:7b:85:
         07:ca:31:06:ce:c7:64:ff:7f:eb:6a:86:35:cd:fb:1a:14:3b:
         08:8a:12:4c:04:03:3b:dd:51:1a:e9:00:e2:f6:91:77:dc:50:
         4e:2d:c3:4b:8e:6e:2f:a5:d3:8e:9c:d5:fa:c3:95:12:47:41:
         69:8c:14:d9:8b:41:6f:c7:4b:04:d9:1f:00:03:5b:c0:2c:e7:
         2f:c7:21:d4:1c:cf:50:0a:ce:32:cb:aa:dc:fd:40:b1:b6:3b:
         e4:78:21:a0:41:2b:9a:9e:6e:67:3e:a1:e9:d8:09:36:6a:b5:
         f5:98:25:7f:d9:3e:98:87:73:6e:c9:8e:f1:9c:93:7d:72:bd:
         1c:71:15:cd:91:cc:4f:86:47:25:66:95:c7:0b:e5:02:5a:63:
         e1:00:6c:19
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYOr1gvzTEvq96AUrMnFByznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMDA2MDU0NzU0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGQ5NDVjNDI1YjdlMjBkM2ZlY2I1YzkwYzdjN2VjODQ3NDVjODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidc+7TfUegbCbPZ5TNOwMfaW/QSQ
MoGqsIHhD8RZ+6IXAkBTxwF5GOwbopNyYMq1ZeO0Pa8x6/2goU6t5HWkbI6xyvFv
DfZzRIoywr9zNTQU+BVgJuUX1qwLHbeFjU0uQQbFRn2Xw7lD1WPMPRwIshU6IvKX
Ra+WOHDBJrySB2izsOAHvSsj1hekZyms4NNzaSVnNuHWrcAmW/nZpYU/Z5CFw8m6
fIK7wR2v8vvF8dcvT3831nKHPLiZYJiAMVPRL8mt1nVudbYlSakh0fNYMCjXv9EH
Jfg8GGiIcgwnIMBbDYO56C6FiKuFXanZKIGLXyLzYFUG2Qa/GDOOTcrJWQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFBjZRcQlt+INP+y1yQx8fshHRcgsMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvR05sRnhDVzM0ZzBfN0xYSkRIeC15RWRGeUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQCVCAIAwQC
VCBEAwQBVCBSAwQAWNgQMAwDBABY2BMDBANY2BADBABY2CADBABY2C4DBABY2Fow
DAMEAFjY0QMEA1jY0DANBgkqhkiG9w0BAQsFAAOCAQEAiVxrmdAc+sx8IVM1KRbu
TZNNxkq+f+OTNtvy6XmrJvAobhO+DUVHmBW0vJhMEcrLQqhvD5KurshQxObc9yLX
iHnZ33dNf8dcsGAzuEr6DL7Rsy31s74yg9zb1tQhKSnLkKNZ7909nX7cf3uFB8ox
Bs7HZP9/62qGNc37GhQ7CIoSTAQDO91RGukA4vaRd9xQTi3DS45uL6XTjpzV+sOV
EkdBaYwU2YtBb8dLBNkfAANbwCznL8ch1BzPUArOMsuq3P1AsbY75HghoEErmp5u
Zz6h6dgJNmq19Zglf9k+mIdzbsmO8ZyTfXK9HHEVzZHMT4ZHJWaVxwvlAlpj4QBs
GQ==
-----END CERTIFICATE-----