Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/RP8gEQGPv2HAGlJs1LAR-GSOdtI.roa
File:                     RP8gEQGPv2HAGlJs1LAR-GSOdtI.roa (raw, json)
Hash identifier:          KLUXFO2cVRqTnh3BlijoTuEpeIW9W8MZ3vB2s8jKJAo=
Subject key identifier:   44:FF:20:11:01:8F:BF:61:C0:1A:52:6C:D4:B0:11:F8:64:8E:76:D2
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018502593B15F8F14871A982766D6FC96D28
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/RP8gEQGPv2HAGlJs1LAR-GSOdtI.roa
Signing time:             Sun 11 Dec 2022 18:01:20 +0000
ROA not before:           Sun 11 Dec 2022 18:01:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        84.32.52.0/22 maxlen: 24
                          84.32.76.0/24 maxlen: 24
                          84.32.77.0/24 maxlen: 24
                          84.32.6.0/24 maxlen: 24
                          84.32.42.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.214.0/24 maxlen: 24
                          88.216.17.0/24 maxlen: 24
                          88.216.228.0/22 maxlen: 24
                          88.216.240.0/22 maxlen: 24
                          88.216.244.0/22 maxlen: 24
                          88.216.36.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.43.0/24 maxlen: 24
                          88.216.40.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:02:59:3b:15:f8:f1:48:71:a9:82:76:6d:6f:c9:6d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Dec 11 18:01:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=44ff2011018fbf61c01a526cd4b011f8648e76d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:06:ac:ad:c4:50:f4:01:f8:ab:3b:8e:4d:19:
                    b1:ca:34:b4:5e:a1:36:9f:5b:21:62:a8:81:c1:52:
                    95:f1:a9:35:ae:af:14:dd:05:73:e6:96:13:51:b8:
                    75:92:00:24:30:06:0a:9c:df:b0:c4:ea:42:4e:44:
                    28:7e:98:9d:52:74:24:95:34:17:b1:ca:3e:84:79:
                    8e:47:42:fa:e9:22:07:88:fe:7f:e2:09:a3:62:a7:
                    72:73:7e:e9:9b:09:03:8d:fb:78:ee:60:47:83:ea:
                    61:ab:d0:1f:59:53:f4:d8:5d:1d:e5:d5:dd:f2:ca:
                    14:6a:2e:9c:ab:c7:df:2a:3e:ec:5f:62:51:04:03:
                    b3:aa:6f:0f:83:1a:a3:22:26:6b:14:d5:9b:d2:09:
                    87:37:dc:3d:2b:62:68:02:ce:95:13:ea:d1:bf:94:
                    b2:11:bd:67:65:e9:c0:34:1b:4e:36:64:2d:31:ba:
                    ca:67:10:00:f8:c2:aa:1e:00:45:95:75:30:c7:54:
                    b7:3b:14:a5:50:a2:57:d6:b0:9b:f9:4b:8b:3a:ec:
                    dd:79:23:7f:88:b3:88:e1:60:78:84:23:cb:e2:63:
                    e7:b9:f2:e7:f9:6a:fe:85:da:b6:00:1c:e7:51:c6:
                    13:69:45:c6:b2:11:c3:4d:49:ae:26:f6:d7:d1:df:
                    22:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:FF:20:11:01:8F:BF:61:C0:1A:52:6C:D4:B0:11:F8:64:8E:76:D2
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/RP8gEQGPv2HAGlJs1LAR-GSOdtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.42.0/24
                  84.32.52.0/22
                  84.32.76.0/23
                  88.216.17.0/24
                  88.216.36.0/24
                  88.216.40.0/24
                  88.216.43.0/24
                  88.216.98.0/24
                  88.216.214.0/24
                  88.216.228.0/22
                  88.216.240.0/21
                  88.216.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:3d:82:6a:76:1e:bf:10:6c:ac:93:32:03:0a:f8:49:8e:e0:
         76:a6:9a:ed:ec:33:60:d1:63:a3:b0:6f:ec:62:5f:25:24:5f:
         45:9b:2c:ca:fb:b2:9d:30:f7:6d:3a:2a:b5:8f:1b:62:6b:8a:
         6a:a1:fe:98:69:c6:2d:8b:dd:d3:15:9f:48:91:a6:d4:ba:28:
         04:8a:30:a3:73:95:88:e2:ed:45:5c:6d:be:f5:2c:18:b2:4c:
         24:1e:d3:37:e6:34:1f:14:d2:18:ac:8e:ec:c4:6e:f5:b1:95:
         3e:7f:fb:54:cb:0f:c4:ee:df:9e:ce:91:f3:76:a9:62:a9:77:
         96:6d:95:a9:3e:3e:fc:30:1f:6a:44:c4:0d:6f:ad:17:03:28:
         b3:75:19:48:1d:0c:4d:b6:30:de:89:76:f2:36:e4:a1:fc:74:
         54:89:fa:d8:c0:4a:31:00:a7:64:76:3b:fc:d0:39:22:9a:c2:
         52:17:8a:33:1c:a4:68:5b:db:bb:a7:c2:29:da:85:8f:9c:c1:
         4c:a5:9c:f3:50:bc:06:39:09:92:57:d2:f4:e3:bf:33:1a:a2:
         89:86:22:a0:e0:24:80:34:f6:70:77:41:1d:94:25:59:fa:d4:
         98:48:80:53:95:d0:ee:2a:cc:f4:3c:fc:e6:73:dc:60:15:b2:
         e7:4e:8a:e4
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYUCWTsV+PFIcamCdm1vyW0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMjExMTgwMTIwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGZmMjAxMTAxOGZiZjYxYzAxYTUyNmNkNGIwMTFmODY0OGU3NmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgasrcRQ9AH4qzuOTRmxyjS0XqE2
n1shYqiBwVKV8ak1rq8U3QVz5pYTUbh1kgAkMAYKnN+wxOpCTkQofpidUnQklTQX
sco+hHmOR0L66SIHiP5/4gmjYqdyc37pmwkDjft47mBHg+phq9AfWVP02F0d5dXd
8soUai6cq8ffKj7sX2JRBAOzqm8PgxqjIiZrFNWb0gmHN9w9K2JoAs6VE+rRv5Sy
Eb1nZenANBtONmQtMbrKZxAA+MKqHgBFlXUwx1S3OxSlUKJX1rCb+UuLOuzdeSN/
iLOI4WB4hCPL4mPnufLn+Wr+hdq2ABznUcYTaUXGshHDTUmuJvbX0d8i6wIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFET/IBEBj79hwBpSbNSwEfhkjnbSMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUlA4Z0VRR1B2MkhBR2xKczFMQVItR1NPZHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAVCAGAwQA
VCAqAwQCVCA0AwQBVCBMAwQAWNgRAwQAWNgkAwQAWNgoAwQAWNgrAwQAWNhiAwQA
WNjWAwQCWNjkAwQDWNjwAwQCWNj8MA0GCSqGSIb3DQEBCwUAA4IBAQBSPYJqdh6/
EGyskzIDCvhJjuB2pprt7DNg0WOjsG/sYl8lJF9FmyzK+7KdMPdtOiq1jxtia4pq
of6YacYti93TFZ9IkabUuigEijCjc5WI4u1FXG2+9SwYskwkHtM35jQfFNIYrI7s
xG71sZU+f/tUyw/E7t+ezpHzdqliqXeWbZWpPj78MB9qRMQNb60XAyizdRlIHQxN
tjDeiXbyNuSh/HRUifrYwEoxAKdkdjv80DkimsJSF4ozHKRoW9u7p8Ip2oWPnMFM
pZzzULwGOQmSV9L0478zGqKJhiKg4CSANPZwd0EdlCVZ+tSYSIBTldDuKsz0PPzm
c9xgFbLnTork
-----END CERTIFICATE-----