Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/_WoiTqOnGLdzDG2OpETFWg6vRXc.roa
File:                     _WoiTqOnGLdzDG2OpETFWg6vRXc.roa (raw, json)
Hash identifier:          pxCJ1AN+Uoyj7NNuh5gjyobegte6I/UCgWtz9GGYVDo=
Subject key identifier:   FD:6A:22:4E:A3:A7:18:B7:73:0C:6D:8E:A4:44:C5:5A:0E:AF:45:77
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018278BF0EDDBEC23EC69D79144D7523431F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/_WoiTqOnGLdzDG2OpETFWg6vRXc.roa
Signing time:             Sun 07 Aug 2022 14:39:23 +0000
ROA not before:           Sun 07 Aug 2022 14:39:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        84.32.64.0/22 maxlen: 24
                          84.32.68.0/22 maxlen: 24
                          84.32.82.0/23 maxlen: 24
                          88.216.196.0/22 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          88.216.210.0/23 maxlen: 24
                          88.216.212.0/22 maxlen: 24
                          84.32.8.0/22 maxlen: 24
                          88.216.90.0/24 maxlen: 24
                          88.216.0.0/22 maxlen: 24
                          88.216.16.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:78:bf:0e:dd:be:c2:3e:c6:9d:79:14:4d:75:23:43:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Aug  7 14:39:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fd6a224ea3a718b7730c6d8ea444c55a0eaf4577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:75:31:65:a5:25:76:f9:15:9b:db:84:e3:07:
                    53:6b:1b:a3:3f:7b:22:95:a0:c1:6b:bf:c5:e9:93:
                    6f:f6:9b:7b:81:ef:0a:da:16:9b:03:d7:33:11:49:
                    64:02:a4:9d:d3:8c:6f:ab:31:4d:8e:8f:d7:ec:6e:
                    ad:03:e2:01:e1:43:9d:5f:6f:f1:35:82:a1:df:81:
                    ec:34:7e:84:b3:3d:a2:f1:93:15:dd:05:6a:f1:d8:
                    02:59:d2:3a:0d:1a:64:46:61:fa:e7:f7:81:d3:db:
                    b1:b7:08:4e:2c:cd:b7:8f:bb:cf:66:de:e2:b3:8f:
                    6f:f3:65:51:9a:42:a9:5a:b8:fb:a0:08:d5:1f:f1:
                    1d:c2:ed:75:da:a1:a8:9f:2e:f2:f0:bb:04:18:35:
                    21:ac:e9:24:25:31:5d:4d:41:ef:bc:fe:98:8a:6e:
                    7d:66:51:cb:f3:27:d4:c3:ff:e6:49:c3:c6:ff:17:
                    2c:b4:80:60:1e:0f:c4:78:67:ad:8b:93:39:b6:c1:
                    3d:d1:d2:39:a4:23:76:e9:f4:c9:65:6c:d9:13:50:
                    44:f3:08:4d:b7:02:20:57:74:2f:3a:cf:d1:09:ea:
                    ce:76:1c:d5:59:53:a5:d5:77:f2:f1:68:da:6a:4c:
                    09:2f:de:13:3b:d3:8c:2b:87:bc:09:2c:ad:1f:c9:
                    88:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:6A:22:4E:A3:A7:18:B7:73:0C:6D:8E:A4:44:C5:5A:0E:AF:45:77
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/_WoiTqOnGLdzDG2OpETFWg6vRXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.8.0/22
                  84.32.64.0/21
                  84.32.82.0/23
                  88.216.0.0/22
                  88.216.16.0/24
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.90.0/24
                  88.216.196.0/22
                  88.216.209.0-88.216.215.255

    Signature Algorithm: sha256WithRSAEncryption
         26:41:c3:34:8c:0c:ab:eb:4c:02:5a:ad:f2:f1:e8:8b:1f:34:
         2a:19:67:53:5a:68:cb:1f:ec:3e:cc:f6:50:a7:80:b3:44:f5:
         43:93:5b:d5:2b:71:95:ce:75:63:e7:3f:78:e7:2a:9f:d3:44:
         e7:75:1e:23:94:98:c7:7e:b8:9e:61:7b:8c:cb:e4:71:52:e0:
         57:e5:ce:08:8c:51:58:b1:b3:5f:a6:3e:5d:05:e4:0b:bf:15:
         21:21:d6:92:de:86:e5:d7:81:a4:c5:ba:f1:b6:24:f1:d5:27:
         cd:eb:c3:4f:52:94:37:37:37:c2:12:10:6b:02:97:49:b4:52:
         af:3d:65:49:67:f4:f9:25:6b:9b:d5:11:7f:fd:04:43:f9:62:
         cc:7e:3b:86:c8:2f:25:fc:ee:f6:5e:03:0e:4c:72:56:5d:32:
         6c:2d:4e:3c:3f:eb:2f:b9:56:a8:b5:a6:8d:5a:16:aa:d5:b6:
         48:6b:83:29:82:be:0b:49:f1:a7:93:2a:27:8d:d1:9a:6b:ae:
         7a:e3:a8:53:fd:33:6c:36:f0:5c:cf:39:ac:3d:4f:cf:bc:dd:
         44:65:c0:e0:e1:b5:9a:9a:87:5f:7b:b3:b8:12:37:ae:c4:e1:
         9e:0c:f3:b8:b5:e6:03:41:2c:28:52:2f:9c:c9:51:76:ac:f9:
         b3:81:90:87
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYJ4vw7dvsI+xp15FE11I0MfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIwODA3MTQzOTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDZhMjI0ZWEzYTcxOGI3NzMwYzZkOGVhNDQ0YzU1YTBlYWY0NTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHUxZaUldvkVm9uE4wdTaxujP3si
laDBa7/F6ZNv9pt7ge8K2habA9czEUlkAqSd04xvqzFNjo/X7G6tA+IB4UOdX2/x
NYKh34HsNH6Esz2i8ZMV3QVq8dgCWdI6DRpkRmH65/eB09uxtwhOLM23j7vPZt7i
s49v82VRmkKpWrj7oAjVH/Edwu112qGony7y8LsEGDUhrOkkJTFdTUHvvP6Yim59
ZlHL8yfUw//mScPG/xcstIBgHg/EeGeti5M5tsE90dI5pCN26fTJZWzZE1BE8whN
twIgV3QvOs/RCerOdhzVWVOl1Xfy8WjaakwJL94TO9OMK4e8CSytH8mIawIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFP1qIk6jpxi3cwxtjqRExVoOr0V3MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvX1dvaVRxT25HTGR6REcyT3BFVEZXZzZ2UlhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQCVCAIAwQD
VCBAAwQBVCBSAwQCWNgAAwQAWNgQMAwDBABY2BMDBANY2BADBABY2CADBABY2C4D
BABY2FoDBAJY2MQwDAMEAFjY0QMEA1jY0DANBgkqhkiG9w0BAQsFAAOCAQEAJkHD
NIwMq+tMAlqt8vHoix80KhlnU1poyx/sPsz2UKeAs0T1Q5Nb1Stxlc51Y+c/eOcq
n9NE53UeI5SYx364nmF7jMvkcVLgV+XOCIxRWLGzX6Y+XQXkC78VISHWkt6G5deB
pMW68bYk8dUnzevDT1KUNzc3whIQawKXSbRSrz1lSWf0+SVrm9URf/0EQ/lizH47
hsgvJfzu9l4DDkxyVl0ybC1OPD/rL7lWqLWmjVoWqtW2SGuDKYK+C0nxp5MqJ43R
mmuueuOoU/0zbDbwXM85rD1Pz7zdRGXA4OG1mpqHX3uzuBI3rsThngzzuLXmA0Es
KFIvnMlRdqz5s4GQhw==
-----END CERTIFICATE-----