Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Kk-9r-m78NhRSW05WuaB1caxL2c.roa
File:                     Kk-9r-m78NhRSW05WuaB1caxL2c.roa (raw, json)
Hash identifier:          s7/OiFsYEIHeN5Uz1ZqDYYrqBdvopkByyrOfdgN1emo=
Subject key identifier:   2A:4F:BD:AF:E9:BB:F0:D8:51:49:6D:39:5A:E6:81:D5:C6:B1:2F:67
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0181D73ED9819644E158B5259C73EE16C59D
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Kk-9r-m78NhRSW05WuaB1caxL2c.roa
Signing time:             Thu 07 Jul 2022 06:00:29 +0000
ROA not before:           Thu 07 Jul 2022 06:00:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        88.216.185.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          84.32.82.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.96.0/24 maxlen: 24
                          84.32.4.0/24 maxlen: 24
                          84.32.8.0/22 maxlen: 24
                          88.216.18.0/24 maxlen: 24
                          88.216.34.0/24 maxlen: 24
                          88.216.42.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:d7:3e:d9:81:96:44:e1:58:b5:25:9c:73:ee:16:c5:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul  7 06:00:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2a4fbdafe9bbf0d851496d395ae681d5c6b12f67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:24:30:0b:fc:30:80:1e:fb:7e:9e:1c:fd:24:
                    b8:5d:c5:98:bb:28:56:c6:01:55:45:fd:dd:d6:c1:
                    18:4d:cf:2e:ca:ad:e9:59:33:af:ae:79:fa:9a:5c:
                    fc:cf:98:93:cf:04:8b:54:e3:51:cd:38:56:d0:88:
                    93:d0:1d:b7:a1:b4:59:59:ac:02:bb:af:28:20:af:
                    26:e9:36:2a:a7:e9:c3:8f:40:a5:15:97:5e:f9:8f:
                    4d:fb:b2:0f:ba:38:71:92:33:1b:56:c4:61:8e:56:
                    8d:09:6c:b5:c5:3c:ad:75:57:3e:dc:62:ca:3d:a2:
                    62:2c:bd:74:47:1c:07:35:37:9e:ab:16:0a:ad:52:
                    ca:65:12:6d:1a:7e:c0:9f:ef:1c:ae:fd:36:1e:59:
                    df:4b:c9:eb:09:99:0f:08:48:6c:26:2c:7a:b8:19:
                    ef:ac:c2:c1:14:d7:7d:f4:fc:9e:29:95:4c:87:93:
                    1d:11:e5:c8:8b:6f:9b:5f:61:2a:c4:81:ef:34:3f:
                    1a:c7:3c:b5:d9:15:b8:07:2d:69:2a:33:f5:73:c7:
                    34:5c:ca:7f:70:27:a5:3a:f9:a4:e6:58:f4:8e:e2:
                    51:16:f5:cb:16:9a:9c:0e:67:d0:94:ba:0f:42:58:
                    0c:40:ef:5b:80:b3:a5:99:98:84:39:01:85:58:14:
                    9f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:4F:BD:AF:E9:BB:F0:D8:51:49:6D:39:5A:E6:81:D5:C6:B1:2F:67
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Kk-9r-m78NhRSW05WuaB1caxL2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.4.0/24
                  84.32.8.0/22
                  84.32.82.0/24
                  88.216.18.0/24
                  88.216.34.0/24
                  88.216.42.0/24
                  88.216.96.0/24
                  88.216.98.0/24
                  88.216.185.0-88.216.186.255

    Signature Algorithm: sha256WithRSAEncryption
         6b:35:20:a8:91:c0:4c:a1:44:5b:83:4b:e8:c3:b6:35:37:12:
         14:af:98:74:ec:80:3c:da:ab:c8:f0:7c:66:20:32:7b:06:3f:
         85:04:76:db:a8:6c:8d:ef:14:20:74:d8:a9:55:f3:51:c7:d6:
         5f:0e:c2:05:8f:3e:55:27:4f:c1:d8:78:96:1b:76:ea:d2:05:
         94:cd:f7:d0:ff:84:5b:43:e1:56:95:f0:97:ef:cf:97:36:b7:
         9a:16:7c:3c:d4:dc:38:38:28:de:ad:57:46:67:03:ed:86:00:
         0d:a4:97:d2:0f:da:e0:d7:f4:1b:20:8f:46:4a:6e:54:5f:0f:
         ee:81:ec:38:e5:31:4c:c1:89:65:d8:95:f9:37:f0:5c:a3:85:
         34:c9:df:1f:71:bb:ba:5b:b5:48:5f:3b:c6:52:1d:7c:4c:bc:
         3e:60:65:8c:76:1a:98:fa:f6:44:d9:36:9a:49:30:89:36:f7:
         65:5b:07:a4:1f:8a:dd:24:bb:a6:13:25:1f:a4:8b:44:80:fb:
         cf:f0:33:a3:f8:e1:58:2f:9a:c3:1f:83:30:79:3d:b2:44:b0:
         29:7b:3b:77:54:2a:d3:c9:f2:f8:a0:a3:e6:aa:c8:3c:a5:9c:
         b3:66:76:3d:6a:6a:0f:80:0c:20:6c:13:dd:b5:06:43:47:9f:
         1f:88:b2:9b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYHXPtmBlkThWLUlnHPuFsWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIwNzA3MDYwMDI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTRmYmRhZmU5YmJmMGQ4NTE0OTZkMzk1YWU2ODFkNWM2YjEyZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSQwC/wwgB77fp4c/SS4XcWYuyhW
xgFVRf3d1sEYTc8uyq3pWTOvrnn6mlz8z5iTzwSLVONRzThW0IiT0B23obRZWawC
u68oIK8m6TYqp+nDj0ClFZde+Y9N+7IPujhxkjMbVsRhjlaNCWy1xTytdVc+3GLK
PaJiLL10RxwHNTeeqxYKrVLKZRJtGn7An+8crv02HlnfS8nrCZkPCEhsJix6uBnv
rMLBFNd99PyeKZVMh5MdEeXIi2+bX2EqxIHvND8axzy12RW4By1pKjP1c8c0XMp/
cCelOvmk5lj0juJRFvXLFpqcDmfQlLoPQlgMQO9bgLOlmZiEOQGFWBSfbwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCpPva/pu/DYUUltOVrmgdXGsS9nMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvS2stOXItbTc4TmhSU1cwNVd1YUIxY2F4TDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAVCAEAwQC
VCAIAwQAVCBSAwQAWNgSAwQAWNgiAwQAWNgqAwQAWNhgAwQAWNhiMAwDBABY2LkD
BABY2LowDQYJKoZIhvcNAQELBQADggEBAGs1IKiRwEyhRFuDS+jDtjU3EhSvmHTs
gDzaq8jwfGYgMnsGP4UEdtuobI3vFCB02KlV81HH1l8OwgWPPlUnT8HYeJYbdurS
BZTN99D/hFtD4VaV8Jfvz5c2t5oWfDzU3Dg4KN6tV0ZnA+2GAA2kl9IP2uDX9Bsg
j0ZKblRfD+6B7DjlMUzBiWXYlfk38FyjhTTJ3x9xu7pbtUhfO8ZSHXxMvD5gZYx2
Gpj69kTZNppJMIk292VbB6Qfit0ku6YTJR+ki0SA+8/wM6P44VgvmsMfgzB5PbJE
sCl7O3dUKtPJ8vigo+aqyDylnLNmdj1qag+ADCBsE921BkNHnx+Isps=
-----END CERTIFICATE-----