Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/RjjThnzF_TgH0TjhH8BWU46P3L0.roa
File:                     RjjThnzF_TgH0TjhH8BWU46P3L0.roa (raw, json)
Hash identifier:          iTv2gRWCWPin3AvDkbUHjWXu9NJAjUE1v6ZvpGCKtGg=
Subject key identifier:   46:38:D3:86:7C:C5:FD:38:07:D1:38:E1:1F:C0:56:53:8E:8F:DC:BD
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0183DCC7AA51C99C0A08F6CDED444A8E7667
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/RjjThnzF_TgH0TjhH8BWU46P3L0.roa
Signing time:             Sat 15 Oct 2022 17:53:36 +0000
ROA not before:           Sat 15 Oct 2022 17:53:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205570
IP address blocks:        84.32.90.0/23 maxlen: 24
                          84.32.88.0/23 maxlen: 24
                          88.216.131.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          88.216.132.0/23 maxlen: 24
                          84.32.24.0/22 maxlen: 22
                          88.216.134.0/24 maxlen: 24
                          88.216.135.0/24 maxlen: 24
                          84.32.28.0/22 maxlen: 22
                          88.216.94.0/23 maxlen: 24
                          88.216.92.0/23 maxlen: 24
                          88.216.224.0/22 maxlen: 24
                          88.216.16.0/23 maxlen: 24
                          88.216.232.0/22 maxlen: 24
                          88.216.33.0/24 maxlen: 24
                          88.216.44.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:dc:c7:aa:51:c9:9c:0a:08:f6:cd:ed:44:4a:8e:76:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct 15 17:53:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4638d3867cc5fd3807d138e11fc056538e8fdcbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:1e:1d:4a:11:e2:b8:65:40:32:24:cd:e7:da:
                    48:20:2b:a5:16:b1:b0:ae:b9:53:5a:b5:0f:02:38:
                    5d:58:56:bf:43:fb:4b:ba:fc:f3:eb:40:79:6e:ff:
                    6e:a9:3b:b2:dd:dd:e9:00:8a:5f:a3:d4:ae:98:29:
                    78:04:0f:66:9d:e0:f4:d6:2e:41:e4:8e:1c:82:7f:
                    34:1b:75:ff:84:8f:90:08:2a:1a:b4:61:02:e8:3d:
                    c4:70:b7:19:81:79:26:e2:42:b0:49:a6:a3:3a:08:
                    3d:d0:ce:9e:ad:3a:54:59:1c:53:a1:30:20:ee:a5:
                    c5:04:11:51:66:44:f4:1c:69:ce:fd:24:7b:3c:e1:
                    a2:5d:e4:2e:e1:b0:ce:c4:d2:29:74:5e:41:3c:f7:
                    aa:b3:75:73:75:63:9c:95:92:53:83:76:1a:61:8a:
                    9f:78:2a:6b:e5:e9:e5:f8:84:4a:d6:cc:5e:c5:b4:
                    9e:ee:71:94:fb:94:8a:f8:0a:a2:3b:96:8c:74:c0:
                    78:8b:5c:88:ae:b4:20:5d:da:10:ca:a3:07:59:62:
                    c2:bb:e0:0d:26:f1:0e:02:5f:f7:12:56:c6:8d:4b:
                    f5:74:f9:8f:47:b5:0c:9f:49:f0:49:6a:f6:87:08:
                    fb:51:37:70:d6:28:ee:25:39:43:48:ac:bc:b3:c1:
                    c7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:38:D3:86:7C:C5:FD:38:07:D1:38:E1:1F:C0:56:53:8E:8F:DC:BD
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/RjjThnzF_TgH0TjhH8BWU46P3L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/21
                  84.32.88.0/22
                  88.216.16.0/23
                  88.216.33.0/24
                  88.216.44.0/23
                  88.216.92.0/22
                  88.216.128.0/24
                  88.216.131.0-88.216.135.255
                  88.216.224.0/22
                  88.216.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:10:88:97:7c:77:5f:4e:f7:a8:58:7f:85:cc:d7:17:76:60:
         ce:f7:35:0a:57:8d:59:93:f4:68:69:49:a3:56:4e:12:d0:f2:
         8b:41:48:1d:6b:bc:20:db:9b:c5:cc:ce:e0:3f:a5:40:54:e7:
         37:4b:28:69:e4:91:1b:bd:e6:75:20:36:f4:69:cf:7b:4b:d6:
         b5:12:6c:c8:0b:67:94:20:07:51:09:4d:60:97:56:37:16:d4:
         9f:df:c7:89:fc:41:10:8f:30:68:fa:f6:61:5e:c2:ac:43:ea:
         1d:e7:d1:be:72:23:42:36:03:0e:84:86:d1:69:b8:53:ea:14:
         80:0e:6b:cb:27:a2:9b:4e:c0:d2:4d:9e:f9:00:2a:40:51:82:
         26:8b:fb:ce:fc:9f:aa:d1:aa:ca:26:64:aa:6d:2e:86:7c:1c:
         48:dc:b6:a1:c1:b4:63:be:ca:18:fd:21:2f:90:66:79:ce:19:
         a6:d8:4e:08:d5:46:4e:fa:45:d2:53:26:af:98:74:62:28:4b:
         6c:d7:71:81:4e:06:96:7e:0f:3c:96:0c:6f:e3:c5:7b:27:d9:
         3b:99:3d:6e:bf:10:70:25:50:71:3f:8a:1f:af:a1:c2:44:20:
         b5:7a:40:25:ce:ee:7a:16:f1:b3:d7:30:e6:9c:aa:05:ee:53:
         8d:ed:eb:71
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYPcx6pRyZwKCPbN7URKjnZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMDE1MTc1MzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjM4ZDM4NjdjYzVmZDM4MDdkMTM4ZTExZmMwNTY1MzhlOGZkY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4x4dShHiuGVAMiTN59pIICulFrGw
rrlTWrUPAjhdWFa/Q/tLuvzz60B5bv9uqTuy3d3pAIpfo9SumCl4BA9mneD01i5B
5I4cgn80G3X/hI+QCCoatGEC6D3EcLcZgXkm4kKwSaajOgg90M6erTpUWRxToTAg
7qXFBBFRZkT0HGnO/SR7POGiXeQu4bDOxNIpdF5BPPeqs3VzdWOclZJTg3YaYYqf
eCpr5enl+IRK1sxexbSe7nGU+5SK+AqiO5aMdMB4i1yIrrQgXdoQyqMHWWLCu+AN
JvEOAl/3ElbGjUv1dPmPR7UMn0nwSWr2hwj7UTdw1ijuJTlDSKy8s8HH6wIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFEY404Z8xf04B9E44R/AVlOOj9y9MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUmpqVGhuekZfVGdIMFRqaEg4QldVNDZQM0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDVCAYAwQC
VCBYAwQBWNgQAwQAWNghAwQBWNgsAwQCWNhcAwQAWNiAMAwDBABY2IMDBANY2IAD
BAJY2OADBAJY2OgwDQYJKoZIhvcNAQELBQADggEBAFoQiJd8d19O96hYf4XM1xd2
YM73NQpXjVmT9GhpSaNWThLQ8otBSB1rvCDbm8XMzuA/pUBU5zdLKGnkkRu95nUg
NvRpz3tL1rUSbMgLZ5QgB1EJTWCXVjcW1J/fx4n8QRCPMGj69mFewqxD6h3n0b5y
I0I2Aw6EhtFpuFPqFIAOa8snoptOwNJNnvkAKkBRgiaL+878n6rRqsomZKptLoZ8
HEjctqHBtGO+yhj9IS+QZnnOGabYTgjVRk76RdJTJq+YdGIoS2zXcYFOBpZ+DzyW
DG/jxXsn2TuZPW6/EHAlUHE/ih+vocJEILV6QCXO7noW8bPXMOacqgXuU43t63E=
-----END CERTIFICATE-----