Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/JMWaTowFnlFFaVQGA4Y7Ub65UFs.roa
File:                     JMWaTowFnlFFaVQGA4Y7Ub65UFs.roa (raw, json)
Hash identifier:          Wm//gICSfIJeNR7HS0qU/1ThIRrux80dMJZkc+nlH8s=
Subject key identifier:   24:C5:9A:4E:8C:05:9E:51:45:69:54:06:03:86:3B:51:BE:B9:50:5B
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0184E103BC16413381F10C12E956F6F86AF5
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/JMWaTowFnlFFaVQGA4Y7Ub65UFs.roa
Signing time:             Mon 05 Dec 2022 06:40:29 +0000
ROA not before:           Mon 05 Dec 2022 06:40:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205570
IP address blocks:        84.32.79.0/24 maxlen: 24
                          84.32.90.0/23 maxlen: 24
                          84.32.212.0/24 maxlen: 24
                          88.216.224.0/22 maxlen: 24
                          88.216.232.0/21 maxlen: 24
                          88.216.131.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          84.32.24.0/22 maxlen: 24
                          88.216.132.0/23 maxlen: 24
                          88.216.135.0/24 maxlen: 24
                          88.216.248.0/22 maxlen: 24
                          88.216.44.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e1:03:bc:16:41:33:81:f1:0c:12:e9:56:f6:f8:6a:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Dec  5 06:40:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=24c59a4e8c059e514569540603863b51beb9505b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:56:5e:4f:7d:78:23:16:a9:2a:28:cf:00:01:
                    36:12:a6:e2:72:ca:d8:19:6a:9b:60:00:3f:fc:bd:
                    85:1d:4e:0f:97:95:8f:f2:13:04:17:51:bc:f7:3e:
                    d7:8d:a4:55:87:b8:34:68:c3:18:4c:be:24:17:2d:
                    61:ef:a8:cd:0d:25:82:da:8a:01:69:ea:31:39:70:
                    c4:6f:53:ff:11:1e:fb:0f:d1:a2:cb:b3:88:15:a1:
                    74:8e:52:e2:92:31:63:10:a1:d9:cf:6c:6d:89:e4:
                    ea:bf:c1:19:a2:10:ee:0f:2c:93:85:f6:89:41:ba:
                    0a:2f:c8:bc:4b:71:83:3d:6d:b6:9b:06:6e:19:ac:
                    e3:94:dc:3e:42:53:61:1f:ff:ac:c7:96:cf:d5:3d:
                    52:05:fe:a8:d7:29:0e:7e:c8:76:10:ab:ed:90:9b:
                    5e:a8:d2:8d:0d:a3:4f:2b:11:dc:a0:f2:58:ac:cd:
                    93:25:8e:4e:c5:e2:e0:98:66:64:26:0d:08:e7:cb:
                    0e:05:e3:98:4a:76:17:1c:c5:59:76:80:80:a2:0d:
                    9e:cd:49:e9:88:5c:3c:08:30:e5:6f:dc:d5:27:a5:
                    d2:fb:24:53:0b:8e:f3:67:6d:b4:73:37:8a:70:7b:
                    0d:65:1f:88:55:3a:ae:90:dd:26:15:5d:b6:3c:83:
                    9f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C5:9A:4E:8C:05:9E:51:45:69:54:06:03:86:3B:51:BE:B9:50:5B
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/JMWaTowFnlFFaVQGA4Y7Ub65UFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/22
                  84.32.79.0/24
                  84.32.90.0/23
                  84.32.212.0/24
                  88.216.44.0/23
                  88.216.128.0/24
                  88.216.131.0-88.216.133.255
                  88.216.135.0/24
                  88.216.224.0/22
                  88.216.232.0/21
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:4e:4b:42:fa:8c:b5:41:79:f0:37:73:6c:ec:4d:9d:bc:2e:
         d3:0e:f2:da:e7:2b:88:34:97:57:dc:b7:ce:e0:7f:c1:d9:aa:
         d2:47:bd:f9:6c:37:09:9e:29:96:e5:68:2c:78:7f:9e:f8:36:
         00:04:f1:18:18:72:9f:84:1a:54:6d:ec:ca:3d:f2:a6:f5:e1:
         f0:65:68:62:1d:69:61:00:9f:83:e7:84:aa:3a:4a:10:a5:81:
         59:f6:79:5d:32:20:ee:53:f6:f8:7e:f9:2b:86:cd:e9:16:33:
         ee:6f:67:9d:91:57:09:12:76:97:bf:f5:75:d6:97:83:f1:2c:
         e5:45:cb:70:b7:d7:2c:64:70:7c:c8:c7:7b:a2:5c:95:15:c9:
         8d:1f:06:7d:26:52:a5:23:5d:40:de:22:9d:06:cc:eb:b7:67:
         c8:1b:eb:6a:9f:24:78:86:8f:24:d9:ce:c1:2b:73:a4:5a:a6:
         48:79:73:fa:ab:84:c1:d6:c9:18:da:cb:56:89:28:b0:4f:74:
         5c:7e:24:3a:42:a7:ad:6d:4e:4c:4c:bd:c5:37:f4:e7:57:90:
         31:bc:ca:aa:a8:f4:f5:15:26:cc:6d:ca:07:f3:10:e8:0c:42:
         27:31:81:df:bc:64:3a:04:30:a1:95:cf:f8:4c:39:7d:7e:dc:
         ca:96:a3:34
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYThA7wWQTOB8QwS6Vb2+Gr1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMjA1MDY0MDI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGM1OWE0ZThjMDU5ZTUxNDU2OTU0MDYwMzg2M2I1MWJlYjk1MDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFZeT314IxapKijPAAE2EqbicsrY
GWqbYAA//L2FHU4Pl5WP8hMEF1G89z7XjaRVh7g0aMMYTL4kFy1h76jNDSWC2ooB
aeoxOXDEb1P/ER77D9Giy7OIFaF0jlLikjFjEKHZz2xtieTqv8EZohDuDyyThfaJ
QboKL8i8S3GDPW22mwZuGazjlNw+QlNhH/+sx5bP1T1SBf6o1ykOfsh2EKvtkJte
qNKNDaNPKxHcoPJYrM2TJY5OxeLgmGZkJg0I58sOBeOYSnYXHMVZdoCAog2ezUnp
iFw8CDDlb9zVJ6XS+yRTC47zZ220czeKcHsNZR+IVTqukN0mFV22PIOfYwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFCTFmk6MBZ5RRWlUBgOGO1G+uVBbMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvSk1XYVRvd0ZubEZGYVZRR0E0WTdVYjY1VUZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQCVCAYAwQA
VCBPAwQBVCBaAwQAVCDUAwQBWNgsAwQAWNiAMAwDBABY2IMDBAFY2IQDBABY2IcD
BAJY2OADBANY2OgDBAJY2PgwDQYJKoZIhvcNAQELBQADggEBAJROS0L6jLVBefA3
c2zsTZ28LtMO8trnK4g0l1fct87gf8HZqtJHvflsNwmeKZblaCx4f574NgAE8RgY
cp+EGlRt7Mo98qb14fBlaGIdaWEAn4PnhKo6ShClgVn2eV0yIO5T9vh++SuGzekW
M+5vZ52RVwkSdpe/9XXWl4PxLOVFy3C31yxkcHzIx3uiXJUVyY0fBn0mUqUjXUDe
Ip0GzOu3Z8gb62qfJHiGjyTZzsErc6Rapkh5c/qrhMHWyRjay1aJKLBPdFx+JDpC
p61tTkxMvcU39OdXkDG8yqqo9PUVJsxtygfzEOgMQicxgd+8ZDoEMKGVz/hMOX1+
3MqWozQ=
-----END CERTIFICATE-----