Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/pR-JE5hXj6ivzI9Zv5TPBADj4SA.roa
File:                     pR-JE5hXj6ivzI9Zv5TPBADj4SA.roa (raw, json)
Hash identifier:          xyDLhtAHcXYaZnGkIFvSK6Wo5ywpEx1h9JKfq/NHCV8=
Subject key identifier:   A5:1F:89:13:98:57:8F:A8:AF:CC:8F:59:BF:94:CF:04:00:E3:E1:20
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0182C6FF9B4A49E7F09AFEBE11029032F071
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/pR-JE5hXj6ivzI9Zv5TPBADj4SA.roa
Signing time:             Mon 22 Aug 2022 19:20:16 +0000
ROA not before:           Mon 22 Aug 2022 19:20:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        88.216.210.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          88.216.128.0/21 maxlen: 24
                          88.216.224.0/21 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.240.0/21 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.248.0/21 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:c6:ff:9b:4a:49:e7:f0:9a:fe:be:11:02:90:32:f0:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Aug 22 19:20:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a51f891398578fa8afcc8f59bf94cf0400e3e120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f5:6f:d9:29:b7:5d:9b:23:96:83:d7:b7:7c:
                    a4:b7:2b:30:9a:57:84:f0:f0:b6:62:a0:c5:f6:5c:
                    0c:f9:3b:3b:5b:51:61:16:be:72:56:0c:48:44:48:
                    6f:31:61:c7:5c:3e:56:f2:5d:f9:db:bd:16:4b:af:
                    3f:d4:23:8f:91:e1:c9:c3:c1:c1:ac:51:54:cd:fa:
                    f1:e6:25:61:62:e0:df:ca:73:9d:db:d4:72:76:f7:
                    b4:a1:92:35:41:dc:67:c9:54:dd:9e:23:fe:0b:92:
                    b6:38:34:d9:75:ec:d2:d8:fc:b2:5c:1c:2e:7f:f4:
                    30:62:74:f7:f3:3e:12:50:90:87:20:db:1c:1c:33:
                    e2:02:1b:a2:0d:bf:de:e4:0d:57:86:e1:ee:9f:ca:
                    90:61:8d:80:1f:43:54:90:62:59:27:f6:db:91:2d:
                    54:e1:72:ec:70:4a:6a:db:71:90:56:1c:d9:f3:0d:
                    78:67:7d:9c:11:a3:cc:e4:72:54:9f:11:11:30:1a:
                    4d:bd:f1:16:03:14:cc:98:fa:92:67:94:3c:81:7a:
                    7e:99:5a:ed:c3:47:08:59:70:6c:db:fe:1e:33:a2:
                    b5:8a:a4:89:15:fc:6b:00:e9:00:68:18:a4:62:b4:
                    93:30:a5:7f:d9:fc:dc:b7:1b:06:5a:c7:18:4a:22:
                    af:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:1F:89:13:98:57:8F:A8:AF:CC:8F:59:BF:94:CF:04:00:E3:E1:20
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/pR-JE5hXj6ivzI9Zv5TPBADj4SA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.128.0/21
                  88.216.209.0-88.216.211.255
                  88.216.224.0/21
                  88.216.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         02:c1:2f:6f:18:88:35:c4:df:ec:57:4a:ca:7a:48:4f:f0:19:
         33:e7:74:fe:8c:76:fa:06:04:e8:31:c8:44:48:8c:11:6d:2c:
         3a:61:5c:c9:b0:8c:f0:2f:74:32:58:c8:a1:c0:6a:39:10:b1:
         85:76:c9:41:83:f7:42:8d:76:7b:65:63:4d:2f:f0:ae:50:68:
         22:64:1f:f3:56:29:58:bf:35:97:63:ad:6c:c4:6f:55:e5:a8:
         9c:26:a3:d2:06:41:e9:0d:e7:94:c3:f7:4a:d9:c6:18:48:8b:
         88:1b:5c:9e:b9:cb:8e:a4:80:e9:98:19:af:13:9e:45:e5:8e:
         d2:dd:a1:33:34:e6:0f:45:f5:37:db:4c:9c:86:f9:f5:af:c5:
         ee:31:6e:7e:d2:75:dc:dd:9b:7f:87:50:92:69:76:0c:e1:ab:
         e6:f6:0b:9b:f5:bc:b7:03:40:49:ff:60:a6:37:8a:e6:10:90:
         73:d8:b9:3e:ee:0a:fc:81:cc:2b:f8:37:c1:8c:f4:a4:59:27:
         82:b4:42:7e:fe:70:e8:51:c2:70:8c:d2:84:b7:55:61:9b:0b:
         cc:00:2a:a3:0f:51:c2:77:62:77:8f:8d:54:15:b1:18:a7:27:
         1d:aa:4e:9d:54:74:5a:aa:f8:82:9d:f7:ea:e6:16:1d:bb:8c:
         3d:8b:12:b9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYLG/5tKSefwmv6+EQKQMvBxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIwODIyMTkyMDE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTFmODkxMzk4NTc4ZmE4YWZjYzhmNTliZjk0Y2YwNDAwZTNlMTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfVv2Sm3XZsjloPXt3yktyswmleE
8PC2YqDF9lwM+Ts7W1FhFr5yVgxIREhvMWHHXD5W8l35270WS68/1COPkeHJw8HB
rFFUzfrx5iVhYuDfynOd29Rydve0oZI1QdxnyVTdniP+C5K2ODTZdezS2PyyXBwu
f/QwYnT38z4SUJCHINscHDPiAhuiDb/e5A1XhuHun8qQYY2AH0NUkGJZJ/bbkS1U
4XLscEpq23GQVhzZ8w14Z32cEaPM5HJUnxERMBpNvfEWAxTMmPqSZ5Q8gXp+mVrt
w0cIWXBs2/4eM6K1iqSJFfxrAOkAaBikYrSTMKV/2fzctxsGWscYSiKvAwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFKUfiROYV4+or8yPWb+UzwQA4+EgMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvcFItSkU1aFhqNml2ekk5WnY1VFBCQURqNFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6MAwDBABY2BMD
BANY2BADBABY2CADBABY2C4DBANY2IAwDAMEAFjY0QMEAljY0AMEA1jY4AMEBFjY
8DANBgkqhkiG9w0BAQsFAAOCAQEAAsEvbxiINcTf7FdKynpIT/AZM+d0/ox2+gYE
6DHIREiMEW0sOmFcybCM8C90MljIocBqORCxhXbJQYP3Qo12e2VjTS/wrlBoImQf
81YpWL81l2OtbMRvVeWonCaj0gZB6Q3nlMP3StnGGEiLiBtcnrnLjqSA6ZgZrxOe
ReWO0t2hMzTmD0X1N9tMnIb59a/F7jFuftJ13N2bf4dQkml2DOGr5vYLm/W8twNA
Sf9gpjeK5hCQc9i5Pu4K/IHMK/g3wYz0pFkngrRCfv5w6FHCcIzShLdVYZsLzAAq
ow9Rwndid4+NVBWxGKcnHapOnVR0Wqr4gp336uYWHbuMPYsSuQ==
-----END CERTIFICATE-----