Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/eW7NIpklVpnOldT-99DV6eIB8h0.roa
File:                     eW7NIpklVpnOldT-99DV6eIB8h0.roa (raw, json)
Hash identifier:          WTU8TF4ipzEQyUV2WqdJkF1Rec19KjqNDzWhYXGD+Kk=
Subject key identifier:   79:6E:CD:22:99:25:56:99:CE:95:D4:FE:F7:D0:D5:E9:E2:01:F2:1D
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0184E64F9F4EC6B7DC412C578F2705840E0D
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/eW7NIpklVpnOldT-99DV6eIB8h0.roa
Signing time:             Tue 06 Dec 2022 07:21:28 +0000
ROA not before:           Tue 06 Dec 2022 07:21:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61138
IP address blocks:        84.32.57.0/24 maxlen: 24
                          84.32.67.0/24 maxlen: 24
                          88.216.187.0/24 maxlen: 24
                          84.32.85.0/24 maxlen: 24
                          84.32.91.0/24 maxlen: 24
                          88.216.93.0/24 maxlen: 24
                          88.216.101.0/24 maxlen: 24
                          88.216.130.0/24 maxlen: 24
                          88.216.38.0/24 maxlen: 24
                          84.32.39.0/24 maxlen: 24
                          88.216.39.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e6:4f:9f:4e:c6:b7:dc:41:2c:57:8f:27:05:84:0e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Dec  6 07:21:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=796ecd2299255699ce95d4fef7d0d5e9e201f21d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:1b:d1:73:24:4e:67:ae:28:d2:2d:ff:12:d3:
                    af:07:c8:9b:99:f0:ea:c3:41:bc:53:cc:f8:47:1b:
                    e1:8c:9e:07:04:ec:91:ca:2f:1f:22:3b:d4:9e:cd:
                    9e:35:c2:8c:56:f5:92:de:2e:ad:b7:a2:6a:60:ab:
                    bf:ce:66:3f:90:bb:98:bd:ff:94:f8:df:3f:0a:80:
                    5f:12:16:a7:e9:9b:54:d2:88:cb:f4:6f:8e:1d:4c:
                    45:c2:a3:bb:ad:d5:a3:e9:56:b3:f6:6b:ff:42:31:
                    38:28:b3:59:f1:7a:69:ea:9f:e2:5f:2d:1d:a5:72:
                    8d:b7:38:ed:2d:2d:5d:9f:0f:8f:59:65:53:66:6e:
                    fe:3a:49:d1:3a:96:af:e2:97:5e:eb:26:e9:e9:43:
                    24:d6:b9:da:0f:d0:70:26:19:f1:fe:0b:66:57:6c:
                    bc:0e:f0:7c:89:7b:0c:40:de:cb:48:12:c5:24:2f:
                    84:3d:ac:94:e0:92:6a:64:21:b5:d9:1c:a4:0f:c1:
                    23:9f:df:78:bf:63:48:ad:50:be:29:b1:bf:d9:2e:
                    b8:c7:0d:57:64:4d:b0:44:83:b9:42:8e:45:7d:fe:
                    48:0a:8e:98:9b:56:a1:83:bb:40:bf:66:05:63:04:
                    cf:e3:da:e9:c2:60:39:2a:56:7e:69:55:14:99:dd:
                    28:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:6E:CD:22:99:25:56:99:CE:95:D4:FE:F7:D0:D5:E9:E2:01:F2:1D
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/eW7NIpklVpnOldT-99DV6eIB8h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.39.0/24
                  84.32.57.0/24
                  84.32.67.0/24
                  84.32.85.0/24
                  84.32.91.0/24
                  88.216.38.0/23
                  88.216.93.0/24
                  88.216.101.0/24
                  88.216.130.0/24
                  88.216.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:0f:20:d3:d4:31:dd:2a:90:42:c5:da:99:31:87:d1:52:95:
         4d:a1:5c:22:c2:72:e7:79:15:ce:23:06:e9:26:d1:5c:9a:44:
         5f:6e:78:07:c8:52:c0:46:6a:3f:ea:f0:8a:ee:09:01:e8:12:
         4b:e0:2c:3c:28:ee:e4:fe:6d:73:f2:f0:b4:46:8f:6c:c7:96:
         a1:cc:e6:48:13:3e:6a:e9:d2:6e:6d:88:3d:d1:f2:14:32:5e:
         a1:02:e4:76:4b:67:bf:02:ba:8b:b9:e5:42:c8:92:78:80:9b:
         a6:bc:46:89:fb:07:1a:5d:0d:e6:10:2c:d9:f6:51:41:a4:34:
         03:dc:35:ee:bb:e6:88:fe:a8:8a:cb:4b:98:ea:85:b2:c6:4c:
         d4:84:ab:5b:0b:62:a6:ad:49:61:a2:ab:c2:d8:61:59:31:29:
         a2:5c:17:01:fa:2c:bf:be:68:cf:c2:fe:11:27:c1:d2:30:1b:
         56:7c:31:b5:d4:51:a7:2c:75:ed:a7:0b:39:99:1f:9b:87:9d:
         7b:de:23:8b:d9:0d:5a:6d:33:38:c3:17:7b:1f:98:cb:52:ce:
         66:cc:ab:af:56:cb:eb:67:5d:ee:b0:7b:40:ea:57:0d:84:a2:
         15:2b:2f:2e:90:59:76:ab:a5:72:82:47:94:25:2a:8d:ac:98:
         e5:aa:27:bf
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYTmT59OxrfcQSxXjycFhA4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMjA2MDcyMTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTZlY2QyMjk5MjU1Njk5Y2U5NWQ0ZmVmN2QwZDVlOWUyMDFmMjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghvRcyROZ64o0i3/EtOvB8ibmfDq
w0G8U8z4RxvhjJ4HBOyRyi8fIjvUns2eNcKMVvWS3i6tt6JqYKu/zmY/kLuYvf+U
+N8/CoBfEhan6ZtU0ojL9G+OHUxFwqO7rdWj6Vaz9mv/QjE4KLNZ8Xpp6p/iXy0d
pXKNtzjtLS1dnw+PWWVTZm7+OknROpav4pde6ybp6UMk1rnaD9BwJhnx/gtmV2y8
DvB8iXsMQN7LSBLFJC+EPayU4JJqZCG12RykD8Ejn994v2NIrVC+KbG/2S64xw1X
ZE2wRIO5Qo5Fff5ICo6Ym1ahg7tAv2YFYwTP49rpwmA5KlZ+aVUUmd0onwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFHluzSKZJVaZzpXU/vfQ1eniAfIdMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZVc3Tklwa2xWcG5PbGRULTk5RFY2ZUlCOGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAVCAnAwQA
VCA5AwQAVCBDAwQAVCBVAwQAVCBbAwQBWNgmAwQAWNhdAwQAWNhlAwQAWNiCAwQA
WNi7MA0GCSqGSIb3DQEBCwUAA4IBAQCeDyDT1DHdKpBCxdqZMYfRUpVNoVwiwnLn
eRXOIwbpJtFcmkRfbngHyFLARmo/6vCK7gkB6BJL4Cw8KO7k/m1z8vC0Ro9sx5ah
zOZIEz5q6dJubYg90fIUMl6hAuR2S2e/ArqLueVCyJJ4gJumvEaJ+wcaXQ3mECzZ
9lFBpDQD3DXuu+aI/qiKy0uY6oWyxkzUhKtbC2KmrUlhoqvC2GFZMSmiXBcB+iy/
vmjPwv4RJ8HSMBtWfDG11FGnLHXtpws5mR+bh5173iOL2Q1abTM4wxd7H5jLUs5m
zKuvVsvrZ13usHtA6lcNhKIVKy8ukFl2q6VygkeUJSqNrJjlqie/
-----END CERTIFICATE-----