Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/pCn780_hMvJWrcGtO3hZ87XaL8A.roa
File:                     pCn780_hMvJWrcGtO3hZ87XaL8A.roa (raw, json)
Hash identifier:          Q1uQ1ixbcFkGC5eoXxD8Tz8n9fHYTWeT+4kbaS76b2A=
Subject key identifier:   A4:29:FB:F3:4F:E1:32:F2:56:AD:C1:AD:3B:78:59:F3:B5:DA:2F:C0
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0183FB6DFA49622733F3C255F18FE6B0AFE5
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/pCn780_hMvJWrcGtO3hZ87XaL8A.roa
Signing time:             Fri 21 Oct 2022 16:43:52 +0000
ROA not before:           Fri 21 Oct 2022 16:43:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        84.32.68.0/22 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          88.216.210.0/23 maxlen: 24
                          88.216.212.0/22 maxlen: 24
                          88.216.16.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:fb:6d:fa:49:62:27:33:f3:c2:55:f1:8f:e6:b0:af:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct 21 16:43:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a429fbf34fe132f256adc1ad3b7859f3b5da2fc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5a:01:c8:f4:3f:7f:ae:a6:d8:d0:58:8b:47:
                    80:bd:ae:4c:20:a2:34:06:99:bb:1e:68:71:63:c4:
                    5d:c4:a2:3f:1b:91:93:65:34:6e:de:d9:02:e6:fd:
                    5a:a9:51:9d:da:99:01:1e:74:25:3f:d6:06:e1:49:
                    d7:3e:e5:8e:70:74:48:75:e2:1c:8f:76:ac:8a:88:
                    ae:04:f8:c1:5e:17:30:3c:de:44:c7:ed:18:44:35:
                    c3:dc:94:96:e9:58:df:8d:7e:56:16:cf:ef:72:d2:
                    84:d3:d6:f5:d1:81:b9:13:70:14:fc:22:e4:15:43:
                    2f:02:66:8a:1a:42:37:71:7b:7f:33:f6:05:23:fc:
                    8e:c9:5f:d2:fc:76:cd:91:c1:cc:bd:df:c6:ca:76:
                    0d:3a:85:57:82:d5:6f:ec:d8:d9:a9:ab:ba:78:b7:
                    9b:4b:5f:a4:02:1f:3c:01:9b:cd:a0:58:47:ac:8c:
                    db:7b:3a:12:d7:ce:da:2b:78:f7:19:1c:1e:fb:88:
                    4a:6f:d3:52:f3:c9:32:25:e1:0f:25:13:6b:93:12:
                    8f:55:de:39:06:c4:b5:82:94:11:96:78:cd:b4:cb:
                    52:bf:59:ed:2c:f9:98:34:a2:e7:f4:4b:6b:bd:e1:
                    76:60:d4:0a:3a:a1:a5:71:ff:5b:cb:38:6d:b4:98:
                    21:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:29:FB:F3:4F:E1:32:F2:56:AD:C1:AD:3B:78:59:F3:B5:DA:2F:C0
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/pCn780_hMvJWrcGtO3hZ87XaL8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.68.0/22
                  88.216.16.0/24
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.209.0-88.216.215.255

    Signature Algorithm: sha256WithRSAEncryption
         54:34:cd:cc:af:42:ff:89:4e:4a:58:3e:31:ec:b2:e1:8a:c3:
         f1:bd:3a:cf:62:ac:15:87:55:ab:16:1a:13:07:6f:d3:8f:48:
         09:20:90:99:d9:89:5e:fe:38:6e:47:6a:1d:ab:7f:82:75:ed:
         9a:5c:3d:f4:a0:8f:98:8b:7f:83:0b:46:30:1e:d4:a3:6b:35:
         82:cf:1c:bb:92:f6:ff:b7:67:ce:cb:94:df:18:4f:0b:3d:cc:
         98:8d:bd:1c:54:62:c0:7f:57:d5:22:83:d8:07:fe:f0:aa:f1:
         4b:e0:d9:b4:e0:03:7e:48:64:57:cc:c0:0a:2a:14:cf:04:52:
         cf:6e:67:d5:a5:79:7e:88:ab:b6:87:3a:c3:16:99:7a:95:b9:
         0f:82:88:0b:22:b1:2e:fe:8b:48:f4:b9:38:a2:22:fd:ab:be:
         7e:2f:52:de:56:75:c0:8e:8e:8c:df:54:50:ba:25:69:d3:7a:
         7a:18:4c:05:bc:dc:4d:96:ec:58:66:7d:89:a5:c5:1a:92:58:
         e6:75:2c:5b:21:c9:5d:d9:8b:a7:2b:f6:9c:d2:c4:b4:85:4f:
         36:b6:f2:a2:63:b6:7d:ef:ab:17:36:14:58:76:04:da:f5:99:
         16:7c:22:99:68:f3:f1:44:4d:f2:dc:0a:bf:d3:ba:ec:48:10:
         f6:fb:a3:d7
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYP7bfpJYicz88JV8Y/msK/lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMDIxMTY0MzUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDI5ZmJmMzRmZTEzMmYyNTZhZGMxYWQzYjc4NTlmM2I1ZGEyZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1oByPQ/f66m2NBYi0eAva5MIKI0
Bpm7HmhxY8RdxKI/G5GTZTRu3tkC5v1aqVGd2pkBHnQlP9YG4UnXPuWOcHRIdeIc
j3asioiuBPjBXhcwPN5Ex+0YRDXD3JSW6VjfjX5WFs/vctKE09b10YG5E3AU/CLk
FUMvAmaKGkI3cXt/M/YFI/yOyV/S/HbNkcHMvd/GynYNOoVXgtVv7NjZqau6eLeb
S1+kAh88AZvNoFhHrIzbezoS187aK3j3GRwe+4hKb9NS88kyJeEPJRNrkxKPVd45
BsS1gpQRlnjNtMtSv1ntLPmYNKLn9EtrveF2YNQKOqGlcf9byzhttJghFQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFKQp+/NP4TLyVq3BrTt4WfO12i/AMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvcENuNzgwX2hNdkpXcmNHdE8zaFo4N1hhTDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQCVCBEAwQA
WNgQMAwDBABY2BMDBANY2BADBABY2CADBABY2C4wDAMEAFjY0QMEA1jY0DANBgkq
hkiG9w0BAQsFAAOCAQEAVDTNzK9C/4lOSlg+Meyy4YrD8b06z2KsFYdVqxYaEwdv
049ICSCQmdmJXv44bkdqHat/gnXtmlw99KCPmIt/gwtGMB7Uo2s1gs8cu5L2/7dn
zsuU3xhPCz3MmI29HFRiwH9X1SKD2Af+8KrxS+DZtOADfkhkV8zACioUzwRSz25n
1aV5foirtoc6wxaZepW5D4KICyKxLv6LSPS5OKIi/au+fi9S3lZ1wI6OjN9UULol
adN6ehhMBbzcTZbsWGZ9iaXFGpJY5nUsWyHJXdmLpyv2nNLEtIVPNrbyomO2fe+r
FzYUWHYE2vWZFnwimWjz8URN8twKv9O67EgQ9vuj1w==
-----END CERTIFICATE-----