Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/b9mXcw8d3vpLHsV1Eg8BfXfMJ58.roa
File:                     b9mXcw8d3vpLHsV1Eg8BfXfMJ58.roa (raw, json)
Hash identifier:          h6BEq0NZtjob6QNb/AhFx/LCNOExQu30RJ6wD0NHhLI=
Subject key identifier:   6F:D9:97:73:0F:1D:DE:FA:4B:1E:C5:75:12:0F:01:7D:77:CC:27:9F
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018461932A14D62AFC29318762EC816A30D1
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/b9mXcw8d3vpLHsV1Eg8BfXfMJ58.roa
Signing time:             Thu 10 Nov 2022 12:45:45 +0000
ROA not before:           Thu 10 Nov 2022 12:45:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        84.32.52.0/22 maxlen: 24
                          84.32.76.0/24 maxlen: 24
                          84.32.77.0/24 maxlen: 24
                          88.216.210.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          84.32.6.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.224.0/21 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.248.0/21 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:61:93:2a:14:d6:2a:fc:29:31:87:62:ec:81:6a:30:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 10 12:45:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6fd997730f1ddefa4b1ec575120f017d77cc279f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:51:2c:24:15:22:39:d0:cf:2e:7c:3b:e6:7e:
                    8b:98:65:ce:be:9e:c7:ea:a0:d0:5d:75:ce:9b:b0:
                    9d:f9:a6:ee:46:a0:bb:7a:24:57:2c:6c:47:bc:d5:
                    d8:36:9f:a6:d1:05:9a:af:d0:aa:04:36:35:16:97:
                    0b:48:17:a4:a9:f9:da:ea:81:22:89:06:02:39:b0:
                    46:28:74:f7:8e:d8:cd:c9:e5:41:d7:1b:60:e6:be:
                    dd:c5:fd:9a:b3:2e:34:50:24:64:e4:73:43:8b:ce:
                    ad:25:5a:bb:fd:9d:b1:f4:2d:19:8d:18:27:e6:3d:
                    27:03:63:16:68:ea:58:28:d2:e7:0a:6a:84:23:9c:
                    3a:36:6b:2b:5a:47:d6:bb:e9:af:c9:bf:4f:7e:3b:
                    8b:13:69:78:90:30:b2:cf:3f:15:4f:7f:fc:f3:b0:
                    7d:22:77:15:ac:d9:69:bd:06:39:9d:35:d0:b1:bb:
                    aa:69:8a:ae:ed:2e:fe:14:a4:98:52:e9:df:cb:2b:
                    ff:23:12:d9:74:2f:51:f1:25:37:8e:05:2a:5b:e8:
                    51:93:de:17:5a:ca:38:8d:aa:b3:5d:b7:10:af:b0:
                    38:e3:df:83:92:53:ee:fd:75:12:06:94:79:4c:3b:
                    d8:6f:e3:17:bb:ca:a5:dd:0a:eb:8f:c5:d8:b6:b7:
                    21:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:D9:97:73:0F:1D:DE:FA:4B:1E:C5:75:12:0F:01:7D:77:CC:27:9F
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/b9mXcw8d3vpLHsV1Eg8BfXfMJ58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.52.0/22
                  84.32.76.0/23
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.98.0/24
                  88.216.209.0-88.216.211.255
                  88.216.224.0/21
                  88.216.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         39:8e:20:00:c1:1b:f7:ce:27:f8:c5:75:43:0c:42:c2:04:ff:
         01:0a:d3:06:50:1d:bd:c8:40:4a:82:df:29:1b:db:9d:52:9f:
         bd:90:3f:d4:a5:ef:09:d9:62:fb:a6:e4:17:1e:cd:05:b1:ba:
         29:0e:4b:e2:5f:39:90:53:78:bc:9a:ae:f8:4e:7a:69:78:c9:
         a2:06:07:b8:8c:0a:d7:db:9d:ce:de:e7:71:b7:56:f3:84:e8:
         8d:68:04:36:47:61:75:68:b4:05:1d:45:bb:d2:67:35:a2:e8:
         52:e8:99:c6:8a:05:0b:b5:7b:45:95:a2:08:7a:72:0d:79:4e:
         60:3a:0a:33:25:c4:99:e2:4a:ec:a8:98:a2:ec:62:91:c4:7d:
         1d:f1:71:ed:c9:7a:42:0a:7e:77:79:ee:a8:7a:76:fa:63:21:
         3c:90:65:f7:e6:ac:07:40:b9:9d:08:5b:60:79:a0:9f:65:26:
         b9:01:c0:77:53:e3:50:7a:db:20:27:44:4a:88:86:5e:7c:29:
         4f:0d:9c:2a:2a:2d:04:b2:fe:50:b1:1d:a2:89:cf:8d:35:42:
         c5:ed:e7:6c:66:44:d1:f7:4d:bc:0c:92:50:01:8e:d2:3b:a1:
         0b:7e:8e:ac:19:e1:ef:45:2e:73:63:aa:5e:67:20:3e:86:e6:
         31:f3:20:d4
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYRhkyoU1ir8KTGHYuyBajDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTEwMTI0NTQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmQ5OTc3MzBmMWRkZWZhNGIxZWM1NzUxMjBmMDE3ZDc3Y2MyNzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVEsJBUiOdDPLnw75n6LmGXOvp7H
6qDQXXXOm7Cd+abuRqC7eiRXLGxHvNXYNp+m0QWar9CqBDY1FpcLSBekqfna6oEi
iQYCObBGKHT3jtjNyeVB1xtg5r7dxf2asy40UCRk5HNDi86tJVq7/Z2x9C0ZjRgn
5j0nA2MWaOpYKNLnCmqEI5w6NmsrWkfWu+mvyb9PfjuLE2l4kDCyzz8VT3/887B9
IncVrNlpvQY5nTXQsbuqaYqu7S7+FKSYUunfyyv/IxLZdC9R8SU3jgUqW+hRk94X
Wso4jaqzXbcQr7A449+DklPu/XUSBpR5TDvYb+MXu8ql3Qrrj8XYtrchFQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFG/Zl3MPHd76Sx7FdRIPAX13zCefMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvYjltWGN3OGQzdnBMSHNWMUVnOEJmWGZNSjU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAVCAGAwQC
VCA0AwQBVCBMMAwDBABY2BMDBANY2BADBABY2CADBABY2C4DBABY2GIwDAMEAFjY
0QMEAljY0AMEA1jY4AMEA1jY+DANBgkqhkiG9w0BAQsFAAOCAQEAOY4gAMEb984n
+MV1QwxCwgT/AQrTBlAdvchASoLfKRvbnVKfvZA/1KXvCdli+6bkFx7NBbG6KQ5L
4l85kFN4vJqu+E56aXjJogYHuIwK19udzt7ncbdW84TojWgENkdhdWi0BR1Fu9Jn
NaLoUuiZxooFC7V7RZWiCHpyDXlOYDoKMyXEmeJK7KiYouxikcR9HfFx7cl6Qgp+
d3nuqHp2+mMhPJBl9+asB0C5nQhbYHmgn2UmuQHAd1PjUHrbICdESoiGXnwpTw2c
KiotBLL+ULEdoonPjTVCxe3nbGZE0fdNvAySUAGO0juhC36OrBnh70Uuc2OqXmcg
PobmMfMg1A==
-----END CERTIFICATE-----