Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/YDWVI71hDYqo7hru_6-6KrjGyMY.roa
File:                     YDWVI71hDYqo7hru_6-6KrjGyMY.roa (raw, json)
Hash identifier:          /8Vvv32fsDjnba+PFISZ2YUC+6yMQsYOL7GezjX0HT4=
Subject key identifier:   60:35:95:23:BD:61:0D:8A:A8:EE:1A:EE:FF:AF:BA:2A:B8:C6:C8:C6
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018498F001293ACE402AD449A6A0014188C5
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/YDWVI71hDYqo7hru_6-6KrjGyMY.roa
Signing time:             Mon 21 Nov 2022 06:46:16 +0000
ROA not before:           Mon 21 Nov 2022 06:46:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        84.32.52.0/22 maxlen: 24
                          84.32.76.0/24 maxlen: 24
                          84.32.77.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          84.32.6.0/24 maxlen: 24
                          88.216.17.0/24 maxlen: 24
                          88.216.228.0/22 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:98:f0:01:29:3a:ce:40:2a:d4:49:a6:a0:01:41:88:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 21 06:46:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=60359523bd610d8aa8ee1aeeffafba2ab8c6c8c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c7:5d:fa:58:e0:4d:e4:ab:5b:92:12:c6:f0:
                    04:be:91:98:0d:dc:fc:b6:fa:9b:08:f0:e3:ae:96:
                    b1:08:d8:64:6d:e3:4b:c8:b9:cd:99:9b:2b:bc:45:
                    23:2a:07:e4:52:ad:01:5c:78:44:e5:ed:bb:52:d6:
                    e8:b9:33:0e:60:6f:44:50:18:b4:20:ae:92:22:c5:
                    be:8e:3e:a8:74:12:2d:9f:32:f3:56:dd:da:32:0f:
                    54:38:89:5b:0a:ae:9a:1e:2f:b6:57:b5:d5:aa:c0:
                    64:47:d6:01:8e:a7:82:57:58:d1:53:7b:7b:53:03:
                    48:e0:60:02:6c:c4:dd:73:e4:92:92:28:d1:c9:cd:
                    37:0d:78:26:70:3e:1f:e5:2e:47:2f:fc:61:9c:88:
                    20:7e:81:18:eb:da:91:93:b1:8f:6f:2e:26:35:db:
                    ad:b2:eb:1e:7d:0f:b3:3b:5b:01:1b:19:c7:f2:2f:
                    a9:8e:d4:40:de:e8:8e:a4:19:be:1f:34:9f:77:db:
                    fa:cd:43:0a:06:f4:c3:ad:3e:bb:08:0f:9a:66:f4:
                    5e:e3:2c:e6:37:75:89:3d:59:d8:25:0a:28:94:c0:
                    24:24:f7:fc:b2:43:7f:be:9b:98:d2:e9:c4:a9:7c:
                    47:77:8d:20:d1:07:72:e8:a1:ab:1c:13:3a:f4:bc:
                    dd:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:35:95:23:BD:61:0D:8A:A8:EE:1A:EE:FF:AF:BA:2A:B8:C6:C8:C6
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/YDWVI71hDYqo7hru_6-6KrjGyMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.52.0/22
                  84.32.76.0/23
                  88.216.17.0/24
                  88.216.46.0/24
                  88.216.98.0/24
                  88.216.209.0/24
                  88.216.211.0/24
                  88.216.228.0/22
                  88.216.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:f7:f1:a1:22:4f:ab:dd:70:fd:ef:0c:59:05:ea:a4:0c:81:
         65:22:f1:bb:51:89:80:65:5b:d4:e7:31:e0:1f:c9:f8:52:4e:
         38:3b:e5:4c:7d:5b:6d:48:ea:e3:d7:ce:5d:53:64:e3:8a:43:
         4b:23:9c:ae:3e:4b:f4:eb:84:56:ca:41:7d:b9:34:6c:f4:7b:
         15:51:42:cd:21:8a:85:f9:c1:9b:2e:45:83:fb:39:aa:2f:d2:
         f1:9b:4c:bb:42:9d:60:1a:07:51:98:02:73:3e:74:6d:d0:4c:
         cb:57:e3:81:51:c6:39:e3:87:9f:dc:26:88:d4:fa:ad:a6:d6:
         ff:d0:e7:eb:ce:76:15:71:00:9c:1b:16:a9:8c:6b:d1:eb:1e:
         35:02:59:86:f1:ac:2e:85:8b:be:2b:5d:e1:1f:99:c0:24:8a:
         79:57:98:19:0c:9d:5f:64:4e:34:a6:3b:19:75:56:45:45:c2:
         f6:3c:7d:70:a4:d0:13:e3:a3:30:77:2d:5f:2b:6e:e4:d2:f1:
         aa:74:4e:27:9c:3c:b1:07:34:88:b3:ec:84:70:e1:7a:c3:98:
         14:0d:94:96:80:dd:3b:8e:b6:49:c0:86:e7:5a:15:b8:a9:63:
         a3:f9:58:2c:84:88:03:89:27:8d:ba:8a:3e:c3:6c:ea:8a:4a:
         f5:3a:fc:2d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYSY8AEpOs5AKtRJpqABQYjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTIxMDY0NjE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDM1OTUyM2JkNjEwZDhhYThlZTFhZWVmZmFmYmEyYWI4YzZjOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcdd+ljgTeSrW5ISxvAEvpGYDdz8
tvqbCPDjrpaxCNhkbeNLyLnNmZsrvEUjKgfkUq0BXHhE5e27UtbouTMOYG9EUBi0
IK6SIsW+jj6odBItnzLzVt3aMg9UOIlbCq6aHi+2V7XVqsBkR9YBjqeCV1jRU3t7
UwNI4GACbMTdc+SSkijRyc03DXgmcD4f5S5HL/xhnIggfoEY69qRk7GPby4mNdut
susefQ+zO1sBGxnH8i+pjtRA3uiOpBm+HzSfd9v6zUMKBvTDrT67CA+aZvRe4yzm
N3WJPVnYJQoolMAkJPf8skN/vpuY0unEqXxHd40g0Qdy6KGrHBM69LzdnwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFGA1lSO9YQ2KqO4a7v+vuiq4xsjGMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvWURXVkk3MWhEWXFvN2hydV82LTZLcmpHeU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAVCAGAwQC
VCA0AwQBVCBMAwQAWNgRAwQAWNguAwQAWNhiAwQAWNjRAwQAWNjTAwQCWNjkAwQC
WNj8MA0GCSqGSIb3DQEBCwUAA4IBAQAX9/GhIk+r3XD97wxZBeqkDIFlIvG7UYmA
ZVvU5zHgH8n4Uk44O+VMfVttSOrj185dU2TjikNLI5yuPkv064RWykF9uTRs9HsV
UULNIYqF+cGbLkWD+zmqL9Lxm0y7Qp1gGgdRmAJzPnRt0EzLV+OBUcY544ef3CaI
1Pqtptb/0OfrznYVcQCcGxapjGvR6x41AlmG8awuhYu+K13hH5nAJIp5V5gZDJ1f
ZE40pjsZdVZFRcL2PH1wpNAT46Mwdy1fK27k0vGqdE4nnDyxBzSIs+yEcOF6w5gU
DZSWgN07jrZJwIbnWhW4qWOj+VgshIgDiSeNuoo+w2zqikr1Ovwt
-----END CERTIFICATE-----