Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/oGPd5WFEiqNLe-FcexpOpVxjtUg.roa
File:                     oGPd5WFEiqNLe-FcexpOpVxjtUg.roa (raw, json)
Hash identifier:          TEy7t+uf75KjhyX9/E/+ZW6HuUiIDIIW6xEpdhPqsDs=
Subject key identifier:   A0:63:DD:E5:61:44:8A:A3:4B:7B:E1:5C:7B:1A:4E:A5:5C:63:B5:48
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0183B10D54ECB871F9E9D4AE983F756D1194
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/oGPd5WFEiqNLe-FcexpOpVxjtUg.roa
Signing time:             Fri 07 Oct 2022 06:06:24 +0000
ROA not before:           Fri 07 Oct 2022 06:06:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        84.32.64.0/24 maxlen: 24
                          84.32.70.0/24 maxlen: 24
                          88.216.185.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          84.32.82.0/24 maxlen: 24
                          84.32.4.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          88.216.135.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.96.0/24 maxlen: 24
                          88.216.18.0/24 maxlen: 24
                          88.216.34.0/24 maxlen: 24
                          88.216.42.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b1:0d:54:ec:b8:71:f9:e9:d4:ae:98:3f:75:6d:11:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct  7 06:06:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a063dde561448aa34b7be15c7b1a4ea55c63b548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9c:e9:63:85:df:4c:33:8a:12:02:e5:d6:3d:
                    32:64:71:1a:3b:ef:e8:94:fd:52:c4:33:57:50:8d:
                    3d:0d:eb:8c:37:80:f0:aa:d3:3c:7a:f4:b1:d6:62:
                    0b:bc:6e:70:97:4d:7b:53:1e:9a:c6:88:92:51:3a:
                    da:1e:f6:12:ae:18:06:8a:a5:a4:5d:32:93:c5:df:
                    f0:e6:2d:ef:67:05:e0:22:a6:c3:11:3e:51:de:0b:
                    04:d8:85:4d:13:c5:6c:91:7d:fb:43:79:07:78:21:
                    94:87:3b:03:2f:98:03:59:71:58:07:34:ac:90:de:
                    5a:82:a5:c0:9c:a8:a2:1d:09:6d:34:51:8d:5a:73:
                    bd:75:fb:be:a1:10:d5:df:29:2b:9f:a5:3b:68:90:
                    d0:67:2d:2a:0e:ed:78:1b:ee:68:0c:b3:ba:a0:78:
                    6d:fc:d5:98:eb:3c:ac:8e:7d:57:db:df:da:2d:ac:
                    11:0d:11:9d:a3:e1:5c:1b:52:66:db:d0:0e:75:45:
                    5e:6e:74:fa:e4:75:87:e1:81:a1:24:c8:0a:0b:3d:
                    0f:41:6d:98:08:2d:b8:65:97:99:6a:a5:25:ed:68:
                    1f:0e:a7:14:fc:a3:c5:46:2a:e3:2f:4b:c8:3e:ce:
                    aa:65:8b:49:04:92:1f:c4:55:16:58:18:9a:5f:55:
                    39:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:63:DD:E5:61:44:8A:A3:4B:7B:E1:5C:7B:1A:4E:A5:5C:63:B5:48
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/oGPd5WFEiqNLe-FcexpOpVxjtUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.4.0/24
                  84.32.64.0/24
                  84.32.70.0/24
                  84.32.82.0/24
                  88.216.18.0/24
                  88.216.34.0/24
                  88.216.42.0/24
                  88.216.96.0/24
                  88.216.98.0/24
                  88.216.128.0/24
                  88.216.135.0/24
                  88.216.185.0-88.216.186.255

    Signature Algorithm: sha256WithRSAEncryption
         93:f0:b2:c1:e1:b0:f5:63:f1:33:b9:e6:b9:31:9a:17:08:ed:
         e6:24:fc:db:7b:d6:33:52:08:89:04:bb:40:58:21:9a:3f:a4:
         22:f3:25:a4:99:90:e6:80:b8:78:38:db:f4:50:e8:67:9f:b3:
         97:28:b5:89:5c:97:0a:10:88:96:df:f1:df:29:7f:e0:b2:e6:
         26:0f:2e:73:a1:ef:ae:ad:5b:48:84:d5:53:2b:6f:0f:2c:3f:
         6c:a9:ed:18:30:46:3d:6a:24:68:dc:66:8a:fb:0a:50:8e:17:
         33:a2:fa:d2:d7:60:31:2c:e3:ad:38:79:46:58:13:11:a6:db:
         8a:63:0b:0a:30:72:bc:9a:28:70:e0:4f:96:f2:8e:1a:25:26:
         f1:93:2c:11:7f:e1:37:fe:2c:87:99:21:da:27:cc:69:f6:c8:
         23:94:f2:42:05:34:a3:bc:a3:0f:47:7d:e0:d3:56:1e:63:c9:
         14:28:83:fa:6d:86:79:50:c1:48:31:4d:54:15:05:3e:d8:5e:
         f1:9b:65:52:95:06:56:cc:7a:cd:7c:32:25:6b:98:0d:59:cd:
         ee:09:63:88:2b:80:3a:b3:7e:30:c0:9e:64:05:b5:6d:c2:8c:
         af:e3:18:84:c5:fa:aa:17:98:2f:94:dc:4e:b5:8d:3c:e5:d3:
         0b:99:d5:30
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYOxDVTsuHH56dSumD91bRGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMDA3MDYwNjI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDYzZGRlNTYxNDQ4YWEzNGI3YmUxNWM3YjFhNGVhNTVjNjNiNTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJzpY4XfTDOKEgLl1j0yZHEaO+/o
lP1SxDNXUI09DeuMN4DwqtM8evSx1mILvG5wl017Ux6axoiSUTraHvYSrhgGiqWk
XTKTxd/w5i3vZwXgIqbDET5R3gsE2IVNE8VskX37Q3kHeCGUhzsDL5gDWXFYBzSs
kN5agqXAnKiiHQltNFGNWnO9dfu+oRDV3ykrn6U7aJDQZy0qDu14G+5oDLO6oHht
/NWY6zysjn1X29/aLawRDRGdo+FcG1Jm29AOdUVebnT65HWH4YGhJMgKCz0PQW2Y
CC24ZZeZaqUl7WgfDqcU/KPFRirjL0vIPs6qZYtJBJIfxFUWWBiaX1U5HQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFKBj3eVhRIqjS3vhXHsaTqVcY7VIMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvb0dQZDVXRkVpcU5MZS1GY2V4cE9wVnhqdFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAVCAEAwQA
VCBAAwQAVCBGAwQAVCBSAwQAWNgSAwQAWNgiAwQAWNgqAwQAWNhgAwQAWNhiAwQA
WNiAAwQAWNiHMAwDBABY2LkDBABY2LowDQYJKoZIhvcNAQELBQADggEBAJPwssHh
sPVj8TO55rkxmhcI7eYk/Nt71jNSCIkEu0BYIZo/pCLzJaSZkOaAuHg42/RQ6Gef
s5cotYlclwoQiJbf8d8pf+Cy5iYPLnOh766tW0iE1VMrbw8sP2yp7RgwRj1qJGjc
Zor7ClCOFzOi+tLXYDEs4604eUZYExGm24pjCwowcryaKHDgT5byjholJvGTLBF/
4Tf+LIeZIdonzGn2yCOU8kIFNKO8ow9HfeDTVh5jyRQog/pthnlQwUgxTVQVBT7Y
XvGbZVKVBlbMes18MiVrmA1Zze4JY4grgDqzfjDAnmQFtW3CjK/jGITF+qoXmC+U
3E61jTzl0wuZ1TA=
-----END CERTIFICATE-----