Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/fkewuF1dFY2rnz4rSECTkEsFSB8.roa
File:                     fkewuF1dFY2rnz4rSECTkEsFSB8.roa (raw, json)
Hash identifier:          xfhWa1twvjFonDHXacyCMnc7SYWjt0tMW08ZCAFNq0U=
Subject key identifier:   7E:47:B0:B8:5D:5D:15:8D:AB:9F:3E:2B:48:40:93:90:4B:05:48:1F
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01846686874D612EB3CA27C2538674123FD7
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/fkewuF1dFY2rnz4rSECTkEsFSB8.roa
Signing time:             Fri 11 Nov 2022 11:50:03 +0000
ROA not before:           Fri 11 Nov 2022 11:50:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49999
IP address blocks:        88.216.188.0/22 maxlen: 24
                          84.32.79.0/24 maxlen: 24
                          88.216.187.0/24 maxlen: 24
                          84.32.88.0/24 maxlen: 24
                          84.32.220.0/22 maxlen: 24
                          84.32.14.0/24 maxlen: 24
                          88.216.248.0/22 maxlen: 24
                          84.32.34.0/24 maxlen: 24
                          88.216.40.0/24 maxlen: 24
                          84.32.40.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:66:86:87:4d:61:2e:b3:ca:27:c2:53:86:74:12:3f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 11 11:50:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7e47b0b85d5d158dab9f3e2b484093904b05481f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9c:39:3b:1d:ae:a9:bc:21:24:c7:05:a4:d8:
                    68:69:d6:3b:9b:0d:83:ce:b0:5d:66:10:55:0f:2b:
                    45:79:80:f4:d6:0a:c7:f3:7c:1a:04:01:c1:ab:0b:
                    51:e5:e2:42:cc:db:37:fe:f3:1c:b0:ac:2e:e6:9a:
                    7e:6d:bd:57:23:25:34:4d:76:0f:4f:4e:ef:d5:fb:
                    7c:28:8e:1c:60:28:9e:ae:d9:1d:41:3a:20:60:ba:
                    a4:fe:ad:25:20:07:55:e8:4c:3b:b9:4e:3b:1f:7e:
                    16:99:ac:99:8d:5f:45:98:a0:c3:82:e0:8d:82:ed:
                    63:f8:f0:61:d4:61:bc:b6:ea:90:90:7a:9c:9f:77:
                    ae:3c:78:cc:ed:49:2d:2b:2b:e3:76:bf:24:92:a5:
                    84:e8:df:e1:e1:94:62:15:52:17:35:df:66:c7:a4:
                    31:aa:bb:66:9a:72:b1:68:b4:75:a1:9f:2b:86:2b:
                    0c:60:77:b5:89:b1:5a:2d:7b:6f:1c:ed:2a:7a:0e:
                    9d:02:eb:0c:0d:41:27:38:b4:4f:5a:26:58:bc:ed:
                    2f:26:1c:7d:a6:53:54:59:cb:35:f1:1e:39:72:b6:
                    ea:a8:50:97:b8:21:cd:2b:3f:1a:f0:29:8a:47:20:
                    2f:ef:40:a7:11:0d:87:a1:86:98:bf:d6:4a:da:5a:
                    4b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:47:B0:B8:5D:5D:15:8D:AB:9F:3E:2B:48:40:93:90:4B:05:48:1F
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/fkewuF1dFY2rnz4rSECTkEsFSB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.14.0/24
                  84.32.34.0/24
                  84.32.40.0/22
                  84.32.79.0/24
                  84.32.88.0/24
                  84.32.220.0/22
                  88.216.40.0/24
                  88.216.187.0-88.216.191.255
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:2e:b0:93:05:3b:a8:6c:1a:ba:94:f1:5d:78:37:69:b1:a6:
         fb:8f:00:19:5b:dd:88:44:ce:2c:3e:e9:65:b8:2d:d0:3d:6b:
         56:18:e8:92:c7:07:db:dd:ea:26:e6:59:7e:87:3a:c3:70:e6:
         35:12:ef:d1:5b:f0:4f:36:75:03:eb:3a:89:7a:93:5f:44:6d:
         3a:3a:57:d9:c6:5d:3b:c3:d7:48:75:16:9c:8e:bf:6f:64:60:
         86:3a:ce:12:95:d4:3f:ae:10:42:c9:51:6f:48:8e:63:f9:a6:
         40:33:b3:c6:9a:44:24:98:bf:d8:b9:45:2f:83:14:6b:64:3e:
         04:9e:c8:8f:67:61:a3:67:e4:a3:79:27:85:59:50:68:ac:43:
         7f:0d:3d:8f:36:77:18:70:e3:7c:19:2f:6f:b8:16:10:88:72:
         ba:e9:39:1c:b7:a3:3f:7e:00:48:0d:f3:08:98:fb:03:82:b2:
         11:5d:bb:7c:d4:75:87:1a:5c:2a:62:61:18:ae:4f:a5:c3:75:
         a6:30:3f:c1:4c:5f:c0:9d:f1:71:74:9a:fb:d4:17:b7:16:80:
         f5:88:e2:c6:b3:ea:9f:7b:bb:bf:00:bf:37:6c:67:23:ed:15:
         24:76:fa:05:b9:f3:c1:41:75:b6:b2:f3:03:fc:d4:38:61:b4:
         31:c8:d2:78
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYRmhodNYS6zyifCU4Z0Ej/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTExMTE1MDAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQ3YjBiODVkNWQxNThkYWI5ZjNlMmI0ODQwOTM5MDRiMDU0ODFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJw5Ox2uqbwhJMcFpNhoadY7mw2D
zrBdZhBVDytFeYD01grH83waBAHBqwtR5eJCzNs3/vMcsKwu5pp+bb1XIyU0TXYP
T07v1ft8KI4cYCiertkdQTogYLqk/q0lIAdV6Ew7uU47H34WmayZjV9FmKDDguCN
gu1j+PBh1GG8tuqQkHqcn3euPHjM7UktKyvjdr8kkqWE6N/h4ZRiFVIXNd9mx6Qx
qrtmmnKxaLR1oZ8rhisMYHe1ibFaLXtvHO0qeg6dAusMDUEnOLRPWiZYvO0vJhx9
plNUWcs18R45crbqqFCXuCHNKz8a8CmKRyAv70CnEQ2HoYaYv9ZK2lpLDQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFH5HsLhdXRWNq58+K0hAk5BLBUgfMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZmtld3VGMWRGWTJybno0clNFQ1RrRXNGU0I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAVCAOAwQA
VCAiAwQCVCAoAwQAVCBPAwQAVCBYAwQCVCDcAwQAWNgoMAwDBABY2LsDBAZY2IAD
BAJY2PgwDQYJKoZIhvcNAQELBQADggEBAHkusJMFO6hsGrqU8V14N2mxpvuPABlb
3YhEziw+6WW4LdA9a1YY6JLHB9vd6ibmWX6HOsNw5jUS79Fb8E82dQPrOol6k19E
bTo6V9nGXTvD10h1FpyOv29kYIY6zhKV1D+uEELJUW9IjmP5pkAzs8aaRCSYv9i5
RS+DFGtkPgSeyI9nYaNn5KN5J4VZUGisQ38NPY82dxhw43wZL2+4FhCIcrrpORy3
oz9+AEgN8wiY+wOCshFdu3zUdYcaXCpiYRiuT6XDdaYwP8FMX8Cd8XF0mvvUF7cW
gPWI4saz6p97u78AvzdsZyPtFSR2+gW588FBdbay8wP81DhhtDHI0ng=
-----END CERTIFICATE-----