Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Nj5JgK62GgYGFirDzPEmOCGNnuQ.roa
File:                     Nj5JgK62GgYGFirDzPEmOCGNnuQ.roa (raw, json)
Hash identifier:          Z6XT71iXF2I3vebr51RLIxsLDkA9/EUQ7Q9s+iEwt8M=
Subject key identifier:   36:3E:49:80:AE:B6:1A:06:06:16:2A:C3:CC:F1:26:38:21:8D:9E:E4
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0183ABD60C89480EBB960B2789540CD83C21
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Nj5JgK62GgYGFirDzPEmOCGNnuQ.roa
Signing time:             Thu 06 Oct 2022 05:47:55 +0000
ROA not before:           Thu 06 Oct 2022 05:47:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        88.216.210.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          84.32.6.0/24 maxlen: 24
                          84.32.50.0/23 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.224.0/21 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.240.0/21 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.248.0/21 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ab:d6:0c:89:48:0e:bb:96:0b:27:89:54:0c:d8:3c:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct  6 05:47:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=363e4980aeb61a0606162ac3ccf12638218d9ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fe:35:08:e9:6d:64:fc:d3:e7:83:b8:dc:68:
                    d7:a8:16:1e:8c:b7:a9:b2:ed:ce:19:0d:3d:f9:5f:
                    dc:aa:f2:76:dd:f5:d3:b1:6c:3a:cc:b0:53:19:a6:
                    35:5b:14:6a:e8:ef:d8:23:f1:00:12:d1:dc:f6:55:
                    5b:ac:a9:47:aa:a1:a7:bc:d7:a7:5d:ec:8e:46:a9:
                    60:b6:46:2a:10:99:06:21:f6:5d:ba:ac:af:03:49:
                    26:35:67:f4:a1:45:42:ff:cd:37:25:8d:66:a4:a3:
                    be:55:b1:31:84:9a:eb:13:3d:c0:61:15:8e:bd:2f:
                    f5:5f:1a:b0:52:94:93:d1:71:f3:84:d2:eb:f5:d6:
                    40:de:fb:d8:77:78:77:74:a1:12:58:8f:52:20:57:
                    05:d5:e9:c7:a2:98:17:60:e9:13:81:70:92:51:3c:
                    86:51:6e:6e:1b:6d:b9:7e:7e:25:f3:7f:d1:a3:cf:
                    1b:02:a3:d2:14:0d:a2:41:a4:48:5b:4d:bc:7b:86:
                    26:6b:5d:a6:c4:7a:b7:8c:30:78:25:02:73:49:00:
                    fd:99:49:00:37:94:45:21:ae:48:1d:8e:aa:8d:2d:
                    e2:86:b9:21:9f:18:b3:c2:bf:7c:16:00:16:87:cc:
                    a7:db:00:f9:28:ef:f1:1d:c9:39:52:72:c1:c4:49:
                    ea:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:3E:49:80:AE:B6:1A:06:06:16:2A:C3:CC:F1:26:38:21:8D:9E:E4
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Nj5JgK62GgYGFirDzPEmOCGNnuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.50.0/23
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.98.0/24
                  88.216.209.0-88.216.211.255
                  88.216.224.0/21
                  88.216.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         28:0b:14:66:94:dc:10:88:64:36:b5:c7:7c:69:58:a7:42:3f:
         26:d2:ce:c1:8d:7f:fa:36:aa:68:cf:96:d8:83:93:7a:f2:bd:
         00:6d:85:5f:05:d0:60:3c:a6:21:b3:53:e9:13:2e:cb:3c:0f:
         07:16:00:b1:25:a2:84:76:25:f9:81:d3:09:c6:f8:98:1e:b7:
         b6:37:eb:bb:c0:69:c3:81:1c:dd:17:41:6a:10:d4:a7:6f:44:
         ae:8a:da:7f:09:01:47:58:fb:2f:d9:0e:d2:d6:0a:32:c0:ae:
         c2:d9:2d:db:1e:b4:9c:7b:1d:8f:c1:48:e4:ab:71:d2:cc:9e:
         51:35:90:57:82:83:c5:43:0d:8a:94:21:9f:1f:90:fc:1b:ac:
         2d:cc:d6:4d:3e:19:4c:19:a6:fa:ed:4d:09:ad:67:b4:d4:66:
         a6:b6:de:bb:0a:45:29:52:e2:81:b4:c3:c4:7b:63:4b:e1:e0:
         36:80:4d:57:05:35:9b:e1:3c:0f:06:76:06:28:39:2f:dc:ef:
         08:bb:91:34:94:1b:e6:d1:4f:cc:69:bc:b8:aa:a3:88:23:ac:
         9e:76:69:74:a6:21:24:5b:87:d5:c2:bb:06:e1:19:de:dc:43:
         7b:00:a4:13:24:fe:f4:e2:0e:7f:40:9e:a0:11:d3:d5:cb:10:
         46:17:b6:7c
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYOr1gyJSA67lgsniVQM2DwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMDA2MDU0NzU1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjNlNDk4MGFlYjYxYTA2MDYxNjJhYzNjY2YxMjYzODIxOGQ5ZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf41COltZPzT54O43GjXqBYejLep
su3OGQ09+V/cqvJ23fXTsWw6zLBTGaY1WxRq6O/YI/EAEtHc9lVbrKlHqqGnvNen
XeyORqlgtkYqEJkGIfZduqyvA0kmNWf0oUVC/803JY1mpKO+VbExhJrrEz3AYRWO
vS/1XxqwUpST0XHzhNLr9dZA3vvYd3h3dKESWI9SIFcF1enHopgXYOkTgXCSUTyG
UW5uG225fn4l83/Ro88bAqPSFA2iQaRIW028e4Yma12mxHq3jDB4JQJzSQD9mUkA
N5RFIa5IHY6qjS3ihrkhnxizwr98FgAWh8yn2wD5KO/xHck5UnLBxEnqVwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDY+SYCuthoGBhYqw8zxJjghjZ7kMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTmo1SmdLNjJHZ1lHRmlyRHpQRW1PQ0dObnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAVCAGAwQB
VCAyMAwDBABY2BMDBANY2BADBABY2CADBABY2C4DBABY2GIwDAMEAFjY0QMEAljY
0AMEA1jY4AMEBFjY8DANBgkqhkiG9w0BAQsFAAOCAQEAKAsUZpTcEIhkNrXHfGlY
p0I/JtLOwY1/+jaqaM+W2IOTevK9AG2FXwXQYDymIbNT6RMuyzwPBxYAsSWihHYl
+YHTCcb4mB63tjfru8Bpw4Ec3RdBahDUp29ErorafwkBR1j7L9kO0tYKMsCuwtkt
2x60nHsdj8FI5Ktx0syeUTWQV4KDxUMNipQhnx+Q/BusLczWTT4ZTBmm+u1NCa1n
tNRmprbeuwpFKVLigbTDxHtjS+HgNoBNVwU1m+E8DwZ2Big5L9zvCLuRNJQb5tFP
zGm8uKqjiCOsnnZpdKYhJFuH1cK7BuEZ3txDewCkEyT+9OIOf0CeoBHT1csQRhe2
fA==
-----END CERTIFICATE-----