Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kGC9VnFLs8QVahC7nYn9yKCe9OI.roa
File:                     kGC9VnFLs8QVahC7nYn9yKCe9OI.roa (raw, json)
Hash identifier:          oKYgIz4kIEuQqzc0BDmwgE2HM/HJB1Px8A2/pP7126g=
Subject key identifier:   90:60:BD:56:71:4B:B3:C4:15:6A:10:BB:9D:89:FD:C8:A0:9E:F4:E2
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0184AD770DDE6422E7B9E6E94FB7BBB1D587
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kGC9VnFLs8QVahC7nYn9yKCe9OI.roa
Signing time:             Fri 25 Nov 2022 06:26:11 +0000
ROA not before:           Fri 25 Nov 2022 06:26:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205570
IP address blocks:        84.32.79.0/24 maxlen: 24
                          84.32.90.0/23 maxlen: 24
                          84.32.88.0/23 maxlen: 24
                          88.216.131.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          84.32.24.0/22 maxlen: 22
                          88.216.132.0/23 maxlen: 24
                          88.216.134.0/24 maxlen: 24
                          88.216.135.0/24 maxlen: 24
                          84.32.28.0/22 maxlen: 22
                          88.216.94.0/23 maxlen: 24
                          88.216.92.0/23 maxlen: 24
                          84.32.212.0/24 maxlen: 24
                          88.216.232.0/21 maxlen: 24
                          88.216.248.0/22 maxlen: 24
                          88.216.44.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:ad:77:0d:de:64:22:e7:b9:e6:e9:4f:b7:bb:b1:d5:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 25 06:26:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9060bd56714bb3c4156a10bb9d89fdc8a09ef4e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9d:ed:08:42:89:cb:22:b7:c7:19:ce:cf:f0:
                    c3:2e:5b:9d:cc:77:32:50:ec:64:db:d7:d4:a7:f5:
                    72:7c:b7:33:c3:25:20:e4:8f:90:1c:47:87:c7:83:
                    79:ad:39:06:5b:02:42:ee:83:b5:b2:89:46:c3:2d:
                    08:0f:6d:48:39:14:68:73:0c:69:44:69:5f:8a:e6:
                    90:6c:a0:8b:2a:92:4e:11:47:c6:43:29:63:50:06:
                    30:19:ae:06:e8:af:b1:ab:91:15:9f:8d:b9:d7:67:
                    f3:cc:20:16:92:0c:a0:16:5f:e5:85:3d:e5:49:f2:
                    b8:72:ff:83:70:6e:f5:0c:84:05:d1:aa:a3:0f:3c:
                    64:34:47:22:ad:26:7d:93:56:87:fd:35:12:12:1f:
                    0d:5d:b7:95:7e:f4:8c:74:18:ee:00:44:46:52:12:
                    8c:66:bf:a2:88:96:c3:b9:05:f0:63:fa:07:7e:ef:
                    3d:48:ed:fb:88:37:92:7f:fe:60:24:a7:ca:de:29:
                    09:ea:f5:db:f5:fb:85:55:c7:4f:e7:a4:ca:ce:21:
                    88:4d:ce:fc:14:88:5a:c5:92:2e:81:45:55:ae:14:
                    60:13:39:ce:3f:c5:0c:10:a8:60:6a:c4:14:90:8a:
                    51:2a:af:be:44:7a:ac:07:a7:99:c7:96:9e:66:da:
                    8b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:60:BD:56:71:4B:B3:C4:15:6A:10:BB:9D:89:FD:C8:A0:9E:F4:E2
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kGC9VnFLs8QVahC7nYn9yKCe9OI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/21
                  84.32.79.0/24
                  84.32.88.0/22
                  84.32.212.0/24
                  88.216.44.0/23
                  88.216.92.0/22
                  88.216.128.0/24
                  88.216.131.0-88.216.135.255
                  88.216.232.0/21
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:bf:46:77:85:9b:ff:dd:70:c0:52:3f:8c:15:8a:f5:8e:94:
         ff:8f:b0:25:75:8b:7a:3e:5b:30:65:88:36:99:87:bd:1b:49:
         9a:a9:93:fd:2d:e7:8e:bd:ca:ae:be:9b:0f:62:3d:42:3f:7c:
         3c:a2:04:a0:d7:7a:a7:36:60:de:62:ba:8c:f4:f8:18:23:03:
         d7:02:c2:a0:92:44:c3:f6:e1:a0:d1:28:aa:92:4a:90:c3:74:
         c0:78:3f:75:68:9f:7f:c9:0a:9d:07:f5:df:d0:9d:72:f5:1b:
         ff:6b:83:52:d1:0c:e1:52:7a:94:42:c1:7b:b4:45:6a:c5:1e:
         6d:7b:79:86:22:a0:eb:1e:f5:1f:be:1f:81:23:bd:20:d2:8e:
         7c:24:73:0d:2b:f5:34:31:0c:80:d1:97:96:05:3b:f2:80:f0:
         bd:8c:30:0f:56:38:7e:37:39:f4:db:d1:fc:cc:05:ae:50:13:
         b8:53:1a:c4:84:93:cf:d3:19:63:1e:fd:ed:10:15:ac:e7:61:
         06:d2:ca:d7:6c:61:ec:dd:a4:e2:1f:04:10:e3:ca:8d:e4:a0:
         63:44:52:94:06:10:f3:1e:2c:a9:de:07:ff:70:2c:79:47:8c:
         15:83:a2:51:8c:6d:63:9f:09:54:d4:38:95:c5:cd:4a:6d:c2:
         5e:1d:6a:da
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYStdw3eZCLnuebpT7e7sdWHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTI1MDYyNjExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDYwYmQ1NjcxNGJiM2M0MTU2YTEwYmI5ZDg5ZmRjOGEwOWVmNGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZ3tCEKJyyK3xxnOz/DDLludzHcy
UOxk29fUp/VyfLczwyUg5I+QHEeHx4N5rTkGWwJC7oO1solGwy0ID21IORRocwxp
RGlfiuaQbKCLKpJOEUfGQyljUAYwGa4G6K+xq5EVn42512fzzCAWkgygFl/lhT3l
SfK4cv+DcG71DIQF0aqjDzxkNEcirSZ9k1aH/TUSEh8NXbeVfvSMdBjuAERGUhKM
Zr+iiJbDuQXwY/oHfu89SO37iDeSf/5gJKfK3ikJ6vXb9fuFVcdP56TKziGITc78
FIhaxZIugUVVrhRgEznOP8UMEKhgasQUkIpRKq++RHqsB6eZx5aeZtqLjQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJBgvVZxS7PEFWoQu52J/cignvTiMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEva0dDOVZuRkxzOFFWYWhDN25Zbjl5S0NlOU9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDVCAYAwQA
VCBPAwQCVCBYAwQAVCDUAwQBWNgsAwQCWNhcAwQAWNiAMAwDBABY2IMDBANY2IAD
BANY2OgDBAJY2PgwDQYJKoZIhvcNAQELBQADggEBAAq/RneFm//dcMBSP4wVivWO
lP+PsCV1i3o+WzBliDaZh70bSZqpk/0t5469yq6+mw9iPUI/fDyiBKDXeqc2YN5i
uoz0+BgjA9cCwqCSRMP24aDRKKqSSpDDdMB4P3Von3/JCp0H9d/QnXL1G/9rg1LR
DOFSepRCwXu0RWrFHm17eYYioOse9R++H4EjvSDSjnwkcw0r9TQxDIDRl5YFO/KA
8L2MMA9WOH43OfTb0fzMBa5QE7hTGsSEk8/TGWMe/e0QFaznYQbSytdsYezdpOIf
BBDjyo3koGNEUpQGEPMeLKneB/9wLHlHjBWDolGMbWOfCVTUOJXFzUptwl4dato=
-----END CERTIFICATE-----