Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mEz7z1RwSsGVDeyRd_eacA62VzI.roa
File:                     mEz7z1RwSsGVDeyRd_eacA62VzI.roa (raw, json)
Hash identifier:          /MFD0MWHczJZlArNmbRLVc1EgBIC0DNS8YFXmKCVpAc=
Subject key identifier:   98:4C:FB:CF:54:70:4A:C1:95:0D:EC:91:77:F7:9A:70:0E:B6:57:32
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0185149037933D0DE0D49EC2A536A7F9371B
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mEz7z1RwSsGVDeyRd_eacA62VzI.roa
Signing time:             Thu 15 Dec 2022 06:54:33 +0000
ROA not before:           Thu 15 Dec 2022 06:54:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205570
IP address blocks:        84.32.90.0/23 maxlen: 24
                          84.32.220.0/24 maxlen: 24
                          84.32.221.0/24 maxlen: 24
                          84.32.222.0/24 maxlen: 24
                          88.216.131.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          84.32.24.0/22 maxlen: 24
                          88.216.135.0/24 maxlen: 24
                          84.32.178.0/24 maxlen: 24
                          84.32.179.0/24 maxlen: 24
                          84.32.212.0/24 maxlen: 24
                          88.216.224.0/22 maxlen: 24
                          88.216.248.0/22 maxlen: 24
                          88.216.42.0/24 maxlen: 24
                          88.216.44.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:14:90:37:93:3d:0d:e0:d4:9e:c2:a5:36:a7:f9:37:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Dec 15 06:54:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=984cfbcf54704ac1950dec9177f79a700eb65732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:52:fa:55:c7:56:4b:82:67:00:40:fd:4f:18:
                    df:cf:c3:1c:5c:32:5a:ff:f5:35:65:0a:7b:74:df:
                    39:48:62:69:20:16:67:02:4d:3a:ff:3f:d3:6f:35:
                    92:62:a8:22:35:02:53:ce:a5:c9:d7:d1:eb:56:63:
                    a9:16:2a:c1:f7:73:5b:0d:82:71:29:98:d4:8b:c1:
                    26:ee:37:66:32:51:4a:4b:a0:94:85:75:92:28:86:
                    a7:69:66:90:af:d3:ec:41:fd:81:24:d6:3d:91:36:
                    d8:4b:e5:b8:2d:ee:f1:2a:0e:1a:0a:66:5b:a2:17:
                    8d:7c:b3:c2:6f:0c:84:a9:d0:25:b7:d9:92:e5:3f:
                    1e:98:89:7b:48:d7:fb:06:b5:a2:d0:14:aa:e9:10:
                    b7:bf:cb:d6:f5:28:73:bb:3a:c7:40:d6:56:1e:c8:
                    99:65:bb:57:5e:9f:1f:89:f0:10:3a:c7:d1:f3:94:
                    2b:db:d9:10:57:8f:8a:05:cb:11:ae:e5:00:72:76:
                    11:2d:8e:7c:c6:dc:5b:4a:e2:6c:dc:08:0d:57:e3:
                    bb:a9:d1:a1:d9:1f:af:3a:b2:45:1d:a5:21:69:18:
                    7f:ed:57:e1:48:47:6d:6e:1c:d8:71:52:e3:ca:6e:
                    57:bb:75:5c:52:cc:94:23:76:24:67:65:95:b5:f9:
                    2a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:4C:FB:CF:54:70:4A:C1:95:0D:EC:91:77:F7:9A:70:0E:B6:57:32
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/mEz7z1RwSsGVDeyRd_eacA62VzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/22
                  84.32.90.0/23
                  84.32.178.0/23
                  84.32.212.0/24
                  84.32.220.0-84.32.222.255
                  88.216.42.0/24
                  88.216.44.0/23
                  88.216.128.0/24
                  88.216.131.0/24
                  88.216.135.0/24
                  88.216.224.0/22
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:a1:3e:37:49:a1:98:42:b6:81:45:8e:18:22:ff:57:0e:30:
         65:9a:2b:6c:a9:3e:9d:01:0a:9b:58:9c:c6:8d:7b:63:20:42:
         45:bb:81:94:e2:c5:d2:5b:55:87:3e:10:2c:3f:f7:8b:74:95:
         4d:ac:e3:13:19:26:f7:4a:02:a4:0a:d8:59:55:e7:2d:0d:1e:
         57:24:b2:b5:93:90:83:b9:1b:9c:40:41:7c:db:0f:e5:4e:88:
         ae:55:e1:fd:b1:cb:46:7a:60:b6:9f:07:b8:84:cb:1e:6a:92:
         51:52:a1:0a:69:de:0c:80:6d:52:b9:bd:5f:0c:32:60:ef:1a:
         14:ee:d8:db:5b:0e:d6:6f:02:ef:09:82:d8:d6:1e:61:65:42:
         78:59:3b:c9:8d:13:bc:b6:3f:1c:d6:2e:6a:00:b6:29:03:c8:
         a4:1e:eb:c1:3b:16:99:99:75:e4:14:5d:e6:b3:0b:e3:fd:b7:
         99:29:ac:4a:b8:40:d1:3f:4c:0d:58:ab:11:7a:fe:49:b3:c8:
         6f:df:f1:6c:07:cf:d3:69:60:b3:a8:86:2f:7a:ab:c4:7b:ee:
         9c:88:57:6c:10:6e:94:43:9a:7a:18:11:09:bf:ed:22:b9:39:
         34:21:7e:fe:a5:e7:71:25:7e:de:ef:74:58:57:29:38:97:e6:
         63:e9:2b:0d
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYUUkDeTPQ3g1J7CpTan+TcbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMjE1MDY1NDMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODRjZmJjZjU0NzA0YWMxOTUwZGVjOTE3N2Y3OWE3MDBlYjY1NzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lL6VcdWS4JnAED9Txjfz8McXDJa
//U1ZQp7dN85SGJpIBZnAk06/z/TbzWSYqgiNQJTzqXJ19HrVmOpFirB93NbDYJx
KZjUi8Em7jdmMlFKS6CUhXWSKIanaWaQr9PsQf2BJNY9kTbYS+W4Le7xKg4aCmZb
oheNfLPCbwyEqdAlt9mS5T8emIl7SNf7BrWi0BSq6RC3v8vW9ShzuzrHQNZWHsiZ
ZbtXXp8fifAQOsfR85Qr29kQV4+KBcsRruUAcnYRLY58xtxbSuJs3AgNV+O7qdGh
2R+vOrJFHaUhaRh/7VfhSEdtbhzYcVLjym5Xu3VcUsyUI3YkZ2WVtfkq8QIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFJhM+89UcErBlQ3skXf3mnAOtlcyMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbUV6N3oxUndTc0dWRGV5UmRfZWFjQTYyVnpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQCVCAYAwQB
VCBaAwQBVCCyAwQAVCDUMAwDBAJUINwDBABUIN4DBABY2CoDBAFY2CwDBABY2IAD
BABY2IMDBABY2IcDBAJY2OADBAJY2PgwDQYJKoZIhvcNAQELBQADggEBAAWhPjdJ
oZhCtoFFjhgi/1cOMGWaK2ypPp0BCptYnMaNe2MgQkW7gZTixdJbVYc+ECw/94t0
lU2s4xMZJvdKAqQK2FlV5y0NHlcksrWTkIO5G5xAQXzbD+VOiK5V4f2xy0Z6YLaf
B7iEyx5qklFSoQpp3gyAbVK5vV8MMmDvGhTu2NtbDtZvAu8JgtjWHmFlQnhZO8mN
E7y2PxzWLmoAtikDyKQe68E7FpmZdeQUXeazC+P9t5kprEq4QNE/TA1YqxF6/kmz
yG/f8WwHz9NpYLOohi96q8R77pyIV2wQbpRDmnoYEQm/7SK5OTQhfv6l53Elft7v
dFhXKTiX5mPpKw0=
-----END CERTIFICATE-----