Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/fzs37GB0KGBvjUEgcTeBV9k-CKA.roa
File:                     fzs37GB0KGBvjUEgcTeBV9k-CKA.roa (raw, json)
Hash identifier:          GT87nqXYhg8MBJ+rfpEg3ZHOOb5dTR3s7j32VaUvhJI=
Subject key identifier:   7F:3B:37:EC:60:74:28:60:6F:8D:41:20:71:37:81:57:D9:3E:08:A0
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01853561A8A659F45E341DA92202995FA33D
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/fzs37GB0KGBvjUEgcTeBV9k-CKA.roa
Signing time:             Wed 21 Dec 2022 15:51:10 +0000
ROA not before:           Wed 21 Dec 2022 15:51:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207279
IP address blocks:        84.32.172.0/24 maxlen: 24
                          84.32.176.0/24 maxlen: 24
                          84.32.175.0/24 maxlen: 24
                          84.32.89.0/24 maxlen: 24
                          88.216.213.0/24 maxlen: 24
                          88.216.215.0/24 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          84.32.31.0/24 maxlen: 24
                          84.32.250.0/24 maxlen: 24
                          88.216.45.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:35:61:a8:a6:59:f4:5e:34:1d:a9:22:02:99:5f:a3:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Dec 21 15:51:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7f3b37ec607428606f8d412071378157d93e08a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bf:ff:1f:5c:93:4d:14:0d:f1:2a:fb:c9:21:
                    6c:6b:19:77:bb:5d:e5:56:fc:fe:f2:53:66:40:df:
                    3f:14:5b:fb:c4:8a:d2:21:d0:55:e5:35:21:7c:d9:
                    93:9a:c0:d4:29:77:a0:40:4a:47:4c:c7:15:6d:a7:
                    15:41:da:c9:5d:5d:aa:37:a7:1e:53:a5:41:c3:3d:
                    89:a3:97:da:c4:df:38:d1:fb:92:74:0b:de:6d:4c:
                    0d:8a:84:d0:6a:8d:ae:bd:74:3e:ab:55:65:b4:ca:
                    c8:36:7c:a5:b2:90:f5:c1:36:d1:05:55:70:80:45:
                    1f:ea:a0:ec:55:97:1a:78:10:2b:4f:0b:95:64:81:
                    d8:af:2b:c8:d8:3c:c1:1a:7a:c9:05:aa:9a:0e:80:
                    9f:fd:4f:11:3b:84:6c:40:b9:e1:34:10:98:67:e4:
                    ae:65:bb:2d:05:53:e5:31:4b:54:bf:d1:af:03:48:
                    3a:35:d5:b5:6f:db:fb:c3:73:19:39:cd:1e:98:b2:
                    2c:5e:02:ee:22:71:11:54:a8:40:bc:6f:14:e2:62:
                    4d:fa:ba:a7:5d:19:6b:8a:0c:2b:5f:94:18:ef:e3:
                    43:ae:18:f7:64:24:66:fb:d6:99:58:86:cb:83:60:
                    34:87:2f:fd:1e:10:f2:dc:fa:1f:b5:6b:b7:46:0c:
                    b4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:3B:37:EC:60:74:28:60:6F:8D:41:20:71:37:81:57:D9:3E:08:A0
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/fzs37GB0KGBvjUEgcTeBV9k-CKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.31.0/24
                  84.32.89.0/24
                  84.32.172.0/24
                  84.32.175.0-84.32.176.255
                  84.32.250.0/24
                  88.216.20.0/24
                  88.216.23.0/24
                  88.216.45.0/24
                  88.216.213.0/24
                  88.216.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:de:ba:b5:7f:43:f5:be:b7:57:dd:a9:6f:45:6f:73:01:8d:
         6a:11:e3:9b:49:32:b4:e0:c9:a8:4a:92:d5:be:ad:42:dd:99:
         ba:2e:19:aa:20:81:90:41:41:c0:f5:b6:cb:6b:5f:af:c0:84:
         5e:03:f5:7c:a9:b4:55:78:7c:de:b2:e3:42:4c:f6:5f:1e:f6:
         cf:34:76:18:f5:a4:82:8e:fa:25:8b:47:7d:d2:ef:ab:ef:7b:
         2b:2b:4f:68:1a:73:3d:86:18:46:9b:19:35:39:5b:f1:96:b9:
         43:8d:c5:0e:26:78:49:9c:fd:c0:6f:b2:4a:bb:eb:b4:dc:ac:
         5a:c9:f2:03:79:25:ad:fe:ca:79:88:bf:ed:35:2f:ca:f9:84:
         95:7b:ff:0e:3d:0f:6f:a0:0c:13:cb:af:90:7d:d0:14:e5:14:
         0f:4c:69:92:ab:e0:6f:33:e0:3a:21:49:b3:72:44:d0:66:ab:
         b6:e5:4e:0e:d1:a3:09:f0:05:be:e9:2b:34:59:28:54:08:9c:
         13:8e:c4:9b:3d:c8:ca:65:a9:51:c3:4f:8f:fc:c0:d4:5c:3f:
         68:1b:79:f0:20:79:b8:41:00:98:3a:57:fc:0e:ac:69:4f:bc:
         5d:14:fc:fb:fd:25:3c:8d:70:7b:c0:d7:9a:3a:15:dc:d9:02:
         ff:c4:bc:98
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYU1YaimWfReNB2pIgKZX6M9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMjIxMTU1MTEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjNiMzdlYzYwNzQyODYwNmY4ZDQxMjA3MTM3ODE1N2Q5M2UwOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkr//H1yTTRQN8Sr7ySFsaxl3u13l
Vvz+8lNmQN8/FFv7xIrSIdBV5TUhfNmTmsDUKXegQEpHTMcVbacVQdrJXV2qN6ce
U6VBwz2Jo5faxN840fuSdAvebUwNioTQao2uvXQ+q1VltMrINnylspD1wTbRBVVw
gEUf6qDsVZcaeBArTwuVZIHYryvI2DzBGnrJBaqaDoCf/U8RO4RsQLnhNBCYZ+Su
ZbstBVPlMUtUv9GvA0g6NdW1b9v7w3MZOc0emLIsXgLuInERVKhAvG8U4mJN+rqn
XRlrigwrX5QY7+NDrhj3ZCRm+9aZWIbLg2A0hy/9HhDy3PoftWu3Rgy0fQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFH87N+xgdChgb41BIHE3gVfZPgigMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZnpzMzdHQjBLR0J2alVFZ2NUZUJWOWstQ0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAVCAfAwQA
VCBZAwQAVCCsMAwDBABUIK8DBABUILADBABUIPoDBABY2BQDBABY2BcDBABY2C0D
BABY2NUDBABY2NcwDQYJKoZIhvcNAQELBQADggEBAAHeurV/Q/W+t1fdqW9Fb3MB
jWoR45tJMrTgyahKktW+rULdmbouGaoggZBBQcD1tstrX6/AhF4D9XyptFV4fN6y
40JM9l8e9s80dhj1pIKO+iWLR33S76vveysrT2gacz2GGEabGTU5W/GWuUONxQ4m
eEmc/cBvskq767TcrFrJ8gN5Ja3+ynmIv+01L8r5hJV7/w49D2+gDBPLr5B90BTl
FA9MaZKr4G8z4DohSbNyRNBmq7blTg7RownwBb7pKzRZKFQInBOOxJs9yMplqVHD
T4/8wNRcP2gbefAgebhBAJg6V/wOrGlPvF0U/Pv9JTyNcHvA15o6FdzZAv/EvJg=
-----END CERTIFICATE-----