Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/NZmIV8EZ0EQks-KuzuNQM-_uaDg.roa
File:                     NZmIV8EZ0EQks-KuzuNQM-_uaDg.roa (raw, json)
Hash identifier:          kO64FskL80fK5Su0FXa/w3qfX4zgLejwFONeAORI2pY=
Subject key identifier:   35:99:88:57:C1:19:D0:44:24:B3:E2:AE:CE:E3:50:33:EF:EE:68:38
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018316B376C8FA5F3077B7A4781DAEA8994C
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/NZmIV8EZ0EQks-KuzuNQM-_uaDg.roa
Signing time:             Wed 07 Sep 2022 06:46:43 +0000
ROA not before:           Wed 07 Sep 2022 06:46:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        88.216.210.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          88.216.128.0/21 maxlen: 24
                          88.216.0.0/22 maxlen: 24
                          88.216.224.0/21 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.240.0/21 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.248.0/21 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:16:b3:76:c8:fa:5f:30:77:b7:a4:78:1d:ae:a8:99:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Sep  7 06:46:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=35998857c119d04424b3e2aecee35033efee6838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:34:96:c8:17:65:48:63:c6:cd:53:42:78:9a:
                    d1:d1:63:3e:60:b4:67:04:e9:46:9b:a8:b3:7c:06:
                    b4:6c:b4:77:1f:6e:08:ad:36:04:73:b0:35:1c:b7:
                    30:91:4f:e9:64:74:cf:c2:15:5e:1d:52:4d:6e:f5:
                    73:85:a7:7a:45:a6:f7:a0:24:60:66:91:19:64:d7:
                    52:e2:9c:ef:5c:05:10:ec:b5:11:9f:48:19:6c:3f:
                    6f:e6:60:41:47:eb:15:60:11:ae:f7:27:03:5e:62:
                    0f:af:5c:d2:15:9e:55:f8:80:12:8c:29:bb:52:cb:
                    e0:f0:61:cc:3e:96:7d:de:ca:6c:cf:62:64:5c:0b:
                    c9:12:98:9d:10:a2:78:98:00:e9:50:90:0c:1f:31:
                    2b:c9:d6:bb:46:4d:87:0d:e0:6f:ee:43:84:ff:07:
                    b1:e2:4a:fb:0d:c3:da:43:4c:0d:03:a8:51:71:57:
                    4f:46:b1:3d:1d:1d:86:fb:bf:0e:4d:8d:a8:fe:57:
                    32:bf:60:6a:a7:ad:58:99:45:38:66:dc:52:f7:14:
                    5e:32:8e:85:5a:0b:b3:f5:9d:73:bb:45:3f:cf:ce:
                    e6:44:5d:96:0c:57:b1:c3:5f:0f:10:a0:c7:89:99:
                    83:16:34:4f:df:8b:a3:80:7e:0a:d8:cd:51:28:75:
                    d5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:99:88:57:C1:19:D0:44:24:B3:E2:AE:CE:E3:50:33:EF:EE:68:38
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/NZmIV8EZ0EQks-KuzuNQM-_uaDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.0.0/22
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.128.0/21
                  88.216.209.0-88.216.211.255
                  88.216.224.0/21
                  88.216.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         96:3f:ac:9a:c9:8b:16:b4:07:2f:fd:ad:44:7d:8e:a0:4b:a4:
         56:86:85:14:19:25:6d:10:af:ae:a2:41:57:8a:c8:e3:f2:ab:
         56:a5:09:d1:ad:69:01:31:43:1a:e4:cb:81:1d:ea:a8:19:09:
         5d:dc:90:2f:6d:c7:16:af:2d:45:dd:ad:de:68:c8:5c:ac:3a:
         a8:35:e1:1f:17:6d:bc:4d:a9:fc:6e:b9:6d:79:62:2a:a8:3f:
         a2:04:e6:eb:cc:14:3a:d2:eb:aa:b2:09:27:72:d1:69:7d:e3:
         34:fe:54:26:c5:2f:35:41:51:17:71:a3:05:9a:05:14:2e:aa:
         d6:cd:9d:ee:15:e9:9d:b1:53:ab:8d:8f:f2:43:b7:a4:75:07:
         48:db:dc:09:d1:d2:35:97:b1:b0:02:b4:88:9a:c6:90:1b:23:
         50:86:24:ea:62:47:e5:be:8f:73:27:2e:b9:c2:13:c2:25:5f:
         7a:59:ab:92:1b:05:8b:53:63:31:0a:5a:14:04:34:7c:54:0f:
         00:74:8a:54:f2:58:84:23:45:30:67:b9:2f:09:51:09:58:76:
         9b:e0:08:68:1f:ee:c9:23:b1:a2:9e:42:30:0f:ef:b0:cc:a6:
         fd:3f:e9:96:c4:d4:d1:60:c1:ff:22:06:74:80:2b:eb:b4:81:
         c1:66:1b:b2
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYMWs3bI+l8wd7ekeB2uqJlMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIwOTA3MDY0NjQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTk5ODg1N2MxMTlkMDQ0MjRiM2UyYWVjZWUzNTAzM2VmZWU2ODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizSWyBdlSGPGzVNCeJrR0WM+YLRn
BOlGm6izfAa0bLR3H24IrTYEc7A1HLcwkU/pZHTPwhVeHVJNbvVzhad6Rab3oCRg
ZpEZZNdS4pzvXAUQ7LURn0gZbD9v5mBBR+sVYBGu9ycDXmIPr1zSFZ5V+IASjCm7
Usvg8GHMPpZ93spsz2JkXAvJEpidEKJ4mADpUJAMHzEryda7Rk2HDeBv7kOE/wex
4kr7DcPaQ0wNA6hRcVdPRrE9HR2G+78OTY2o/lcyv2Bqp61YmUU4ZtxS9xReMo6F
Wguz9Z1zu0U/z87mRF2WDFexw18PEKDHiZmDFjRP34ujgH4K2M1RKHXVKQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFDWZiFfBGdBEJLPirs7jUDPv7mg4MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTlptSVY4RVowRVFrcy1LdXp1TlFNLV91YURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCWNgAMAwD
BABY2BMDBANY2BADBABY2CADBABY2C4DBANY2IAwDAMEAFjY0QMEAljY0AMEA1jY
4AMEBFjY8DANBgkqhkiG9w0BAQsFAAOCAQEAlj+smsmLFrQHL/2tRH2OoEukVoaF
FBklbRCvrqJBV4rI4/KrVqUJ0a1pATFDGuTLgR3qqBkJXdyQL23HFq8tRd2t3mjI
XKw6qDXhHxdtvE2p/G65bXliKqg/ogTm68wUOtLrqrIJJ3LRaX3jNP5UJsUvNUFR
F3GjBZoFFC6q1s2d7hXpnbFTq42P8kO3pHUHSNvcCdHSNZexsAK0iJrGkBsjUIYk
6mJH5b6PcycuucITwiVfelmrkhsFi1NjMQpaFAQ0fFQPAHSKVPJYhCNFMGe5LwlR
CVh2m+AIaB/uySOxop5CMA/vsMym/T/plsTU0WDB/yIGdIAr67SBwWYbsg==
-----END CERTIFICATE-----