Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/cMm5_LHgchiV2_XETq1Dlm_DXw8.roa
File:                     cMm5_LHgchiV2_XETq1Dlm_DXw8.roa (raw, json)
Hash identifier:          Bcqgzq6exmxZkLKRJ34jIdr5ahFfzkhTjnUezUmZAkw=
Subject key identifier:   70:C9:B9:FC:B1:E0:72:18:95:DB:F5:C4:4E:AD:43:96:6F:C3:5F:0F
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0184947303CB4247EF95496102FB5EEFCE42
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/cMm5_LHgchiV2_XETq1Dlm_DXw8.roa
Signing time:             Sun 20 Nov 2022 09:51:16 +0000
ROA not before:           Sun 20 Nov 2022 09:51:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        84.32.52.0/22 maxlen: 24
                          84.32.76.0/24 maxlen: 24
                          84.32.77.0/24 maxlen: 24
                          88.216.210.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          84.32.6.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.17.0/24 maxlen: 24
                          88.216.228.0/22 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.248.0/21 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:94:73:03:cb:42:47:ef:95:49:61:02:fb:5e:ef:ce:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 20 09:51:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=70c9b9fcb1e0721895dbf5c44ead43966fc35f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:42:f7:df:c3:06:22:ab:74:76:64:fb:35:85:
                    1a:10:0b:b1:d2:99:16:2f:30:16:79:e2:0c:c6:a0:
                    ac:97:dd:ba:dd:81:2e:01:15:90:35:74:ac:86:5e:
                    70:23:9d:77:a2:43:ce:0b:df:11:e2:2a:a3:b4:1c:
                    49:b4:93:f4:75:b9:d5:c1:73:87:98:e3:ce:ee:4b:
                    cc:8e:58:da:e3:53:c3:0c:d0:bf:0d:f0:de:36:19:
                    6f:7f:1b:6d:8e:b4:b5:90:27:e6:d6:1f:28:34:3c:
                    0a:17:7d:c6:20:07:6d:2c:5a:81:b5:cc:52:fe:eb:
                    d7:9e:fa:0a:c1:15:f6:b8:32:a3:a1:5f:d6:3d:50:
                    23:59:32:66:f2:45:01:50:b4:68:37:e8:0d:7e:cd:
                    61:30:66:95:3d:7c:77:be:b1:20:84:6f:69:90:d2:
                    4c:05:f0:92:3f:82:bd:85:97:af:ee:13:e8:ee:27:
                    1c:0a:ff:7b:8d:92:6e:5f:33:b2:ff:15:ff:91:fa:
                    cc:c2:66:e9:41:28:d8:ba:11:c4:a1:0f:9f:e8:12:
                    aa:55:af:f6:72:78:63:22:46:be:3c:19:2c:ff:5f:
                    f7:26:80:ef:a8:19:a6:3b:da:16:07:c0:54:3f:9c:
                    39:7d:56:d3:c7:04:89:ec:02:b1:c3:32:be:29:9a:
                    ee:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:C9:B9:FC:B1:E0:72:18:95:DB:F5:C4:4E:AD:43:96:6F:C3:5F:0F
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/cMm5_LHgchiV2_XETq1Dlm_DXw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.52.0/22
                  84.32.76.0/23
                  88.216.17.0/24
                  88.216.19.0/24
                  88.216.46.0/24
                  88.216.98.0/24
                  88.216.209.0-88.216.211.255
                  88.216.228.0/22
                  88.216.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         61:ab:28:e4:50:1d:2b:9d:62:a5:ef:79:dd:d6:d9:42:89:2a:
         44:32:2f:d5:93:81:c4:66:4d:1b:0a:9a:e4:af:d5:02:e2:f8:
         32:84:03:42:33:73:bd:cd:28:45:49:75:09:2f:5c:e7:f0:72:
         47:be:e7:7c:6d:c1:cf:9a:ac:5f:aa:e8:d8:98:80:1a:87:78:
         cd:65:04:d4:32:53:dd:1c:61:9b:44:c2:01:f0:fe:dd:80:38:
         1c:45:e7:c7:a2:58:c1:23:ad:7b:72:a2:12:f1:51:03:e1:10:
         43:89:b8:dc:00:e8:ae:f1:b9:99:d7:60:7a:f3:21:03:bf:3a:
         b1:60:d1:7f:89:75:23:80:52:5a:92:b7:28:32:d0:d1:fd:ea:
         6d:45:dc:c9:2b:a0:a4:d6:6c:07:ac:79:a0:74:7b:5c:bd:f6:
         af:fd:b7:5b:7d:dc:ef:86:23:fa:0a:9f:6d:ec:e6:65:9a:9b:
         a3:7d:49:55:3f:cf:93:ff:1d:36:df:c6:d1:e7:7a:3f:0b:e9:
         07:80:2c:1f:7a:9f:80:f7:1e:08:04:73:47:fa:4b:4e:02:2c:
         5a:90:57:86:99:4d:af:5c:e4:15:b8:2e:bd:b5:72:20:b2:f4:
         d2:eb:02:da:4b:48:02:78:1a:df:4b:29:3d:c6:9a:14:e0:a5:
         ae:d9:5e:72
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYSUcwPLQkfvlUlhAvte785CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTIwMDk1MTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGM5YjlmY2IxZTA3MjE4OTVkYmY1YzQ0ZWFkNDM5NjZmYzM1ZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUL338MGIqt0dmT7NYUaEAux0pkW
LzAWeeIMxqCsl9263YEuARWQNXSshl5wI513okPOC98R4iqjtBxJtJP0dbnVwXOH
mOPO7kvMjlja41PDDNC/DfDeNhlvfxttjrS1kCfm1h8oNDwKF33GIAdtLFqBtcxS
/uvXnvoKwRX2uDKjoV/WPVAjWTJm8kUBULRoN+gNfs1hMGaVPXx3vrEghG9pkNJM
BfCSP4K9hZev7hPo7iccCv97jZJuXzOy/xX/kfrMwmbpQSjYuhHEoQ+f6BKqVa/2
cnhjIka+PBks/1/3JoDvqBmmO9oWB8BUP5w5fVbTxwSJ7AKxwzK+KZrulQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFHDJufyx4HIYldv1xE6tQ5Zvw18PMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvY01tNV9MSGdjaGlWMl9YRVRxMURsbV9EWHc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAVCAGAwQC
VCA0AwQBVCBMAwQAWNgRAwQAWNgTAwQAWNguAwQAWNhiMAwDBABY2NEDBAJY2NAD
BAJY2OQDBANY2PgwDQYJKoZIhvcNAQELBQADggEBAGGrKORQHSudYqXved3W2UKJ
KkQyL9WTgcRmTRsKmuSv1QLi+DKEA0Izc73NKEVJdQkvXOfwcke+53xtwc+arF+q
6NiYgBqHeM1lBNQyU90cYZtEwgHw/t2AOBxF58eiWMEjrXtyohLxUQPhEEOJuNwA
6K7xuZnXYHrzIQO/OrFg0X+JdSOAUlqStygy0NH96m1F3MkroKTWbAeseaB0e1y9
9q/9t1t93O+GI/oKn23s5mWam6N9SVU/z5P/HTbfxtHnej8L6QeALB96n4D3HggE
c0f6S04CLFqQV4aZTa9c5BW4Lr21ciCy9NLrAtpLSAJ4Gt9LKT3GmhTgpa7ZXnI=
-----END CERTIFICATE-----