Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rXLFN_u1dd_iARLy8dEJyYcuKbw.roa
File:                     rXLFN_u1dd_iARLy8dEJyYcuKbw.roa (raw, json)
Hash identifier:          BzVjVIG6V3EyPiPXpnCpM0LuRxxmfVFLvIGTmHqMDZ8=
Subject key identifier:   AD:72:C5:37:FB:B5:75:DF:E2:01:12:F2:F1:D1:09:C9:87:2E:29:BC
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01836F7E419B1DC0DBD3E7DDAC9A579AD154
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rXLFN_u1dd_iARLy8dEJyYcuKbw.roa
Signing time:             Sat 24 Sep 2022 12:34:48 +0000
ROA not before:           Sat 24 Sep 2022 12:34:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205570
IP address blocks:        84.32.90.0/23 maxlen: 24
                          84.32.88.0/23 maxlen: 24
                          88.216.129.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          88.216.132.0/23 maxlen: 24
                          84.32.24.0/22 maxlen: 22
                          88.216.134.0/24 maxlen: 24
                          84.32.28.0/22 maxlen: 22
                          88.216.94.0/23 maxlen: 24
                          88.216.92.0/23 maxlen: 24
                          88.216.224.0/22 maxlen: 24
                          88.216.16.0/23 maxlen: 24
                          88.216.232.0/22 maxlen: 24
                          88.216.33.0/24 maxlen: 24
                          88.216.44.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:6f:7e:41:9b:1d:c0:db:d3:e7:dd:ac:9a:57:9a:d1:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Sep 24 12:34:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ad72c537fbb575dfe20112f2f1d109c9872e29bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:73:04:6f:78:82:d7:39:12:2e:d5:57:97:44:
                    cf:3c:b0:2b:77:85:f7:09:77:0b:93:06:24:b6:33:
                    ef:15:d6:c0:0b:c2:12:c0:be:ae:b2:a9:00:c1:82:
                    f7:22:25:0a:e3:68:af:ae:b2:a8:68:9c:6b:04:e2:
                    94:5c:a9:c7:e9:b0:40:99:67:84:ef:05:04:32:d4:
                    df:69:67:85:53:e3:a3:62:27:54:d0:d5:89:91:79:
                    ab:1f:fe:c9:a3:ba:d1:e0:29:20:98:b7:8c:29:f4:
                    af:92:60:b5:1f:c2:15:c4:c1:94:16:dc:08:de:03:
                    b9:4e:8e:43:b5:f5:fe:6d:1c:84:55:c2:03:fd:05:
                    f5:43:92:12:2a:ff:63:af:13:c2:7f:b7:e8:14:a0:
                    d9:52:cb:64:c7:35:78:35:42:cf:76:9f:b4:bd:1e:
                    2b:aa:4b:77:76:c5:15:63:f5:a3:95:fd:7e:bc:cd:
                    d4:4a:c2:05:36:50:c4:f7:52:d2:43:ff:42:b3:a6:
                    10:13:9e:dd:84:2e:e8:1e:61:dc:53:07:4c:e1:11:
                    07:29:ff:7e:e1:0c:ab:5d:9b:9a:3d:14:d3:07:8c:
                    2a:43:e4:72:1b:3c:ef:3c:e6:bf:92:a9:37:24:4e:
                    9c:5f:4b:aa:cf:03:e6:6b:be:1a:2e:87:5b:8f:75:
                    bd:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:72:C5:37:FB:B5:75:DF:E2:01:12:F2:F1:D1:09:C9:87:2E:29:BC
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rXLFN_u1dd_iARLy8dEJyYcuKbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/21
                  84.32.88.0/22
                  88.216.16.0/23
                  88.216.33.0/24
                  88.216.44.0/23
                  88.216.92.0/22
                  88.216.128.0/23
                  88.216.132.0-88.216.134.255
                  88.216.224.0/22
                  88.216.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:ab:aa:ad:5b:05:42:54:54:e4:3c:c8:d5:35:f1:28:dc:5e:
         4c:f6:e1:00:c7:4e:e1:ac:d7:6c:d4:a5:3b:97:1b:0c:d5:99:
         fa:f0:cf:46:46:c3:1e:aa:44:6f:ef:91:86:2c:8b:68:90:60:
         7a:4f:9f:1c:48:a8:32:67:ec:62:fa:92:21:13:a9:09:62:3b:
         7a:63:1e:f5:00:4d:a5:27:38:32:de:e1:a1:92:99:15:93:80:
         bd:67:fb:a3:ec:6b:35:75:aa:d8:ea:74:8c:c4:ac:0d:4c:d0:
         41:68:18:15:d5:30:4b:e5:f0:50:63:b6:c0:4b:93:48:60:bb:
         a8:fd:f3:04:a0:ce:9b:30:79:fe:2e:b4:d4:4d:a0:42:72:0c:
         b0:b2:80:87:9b:17:01:3f:d5:c5:4c:2a:d8:60:8e:52:82:51:
         b6:5a:0a:07:45:9c:1b:7b:b3:04:46:2f:8d:d4:95:ce:9c:18:
         98:4a:d7:a2:fa:23:b0:5d:77:bb:a1:4f:5e:a6:3b:37:ab:1a:
         84:01:e4:54:72:bb:d8:66:f4:9a:4a:8c:94:fc:48:8d:dd:82:
         7b:05:2f:be:ab:c7:02:3d:c1:b0:ad:9c:c1:39:52:43:72:24:
         fa:2f:0b:6e:24:31:e9:fe:19:0e:87:46:3d:09:65:ab:53:b5:
         66:3c:bd:85
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYNvfkGbHcDb0+fdrJpXmtFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIwOTI0MTIzNDQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDcyYzUzN2ZiYjU3NWRmZTIwMTEyZjJmMWQxMDljOTg3MmUyOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXMEb3iC1zkSLtVXl0TPPLArd4X3
CXcLkwYktjPvFdbAC8ISwL6usqkAwYL3IiUK42ivrrKoaJxrBOKUXKnH6bBAmWeE
7wUEMtTfaWeFU+OjYidU0NWJkXmrH/7Jo7rR4CkgmLeMKfSvkmC1H8IVxMGUFtwI
3gO5To5DtfX+bRyEVcID/QX1Q5ISKv9jrxPCf7foFKDZUstkxzV4NULPdp+0vR4r
qkt3dsUVY/Wjlf1+vM3USsIFNlDE91LSQ/9Cs6YQE57dhC7oHmHcUwdM4REHKf9+
4QyrXZuaPRTTB4wqQ+RyGzzvPOa/kqk3JE6cX0uqzwPma74aLodbj3W96QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFK1yxTf7tXXf4gES8vHRCcmHLim8MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvclhMRk5fdTFkZF9pQVJMeThkRUp5WWN1S2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDVCAYAwQC
VCBYAwQBWNgQAwQAWNghAwQBWNgsAwQCWNhcAwQBWNiAMAwDBAJY2IQDBABY2IYD
BAJY2OADBAJY2OgwDQYJKoZIhvcNAQELBQADggEBAGGrqq1bBUJUVOQ8yNU18Sjc
Xkz24QDHTuGs12zUpTuXGwzVmfrwz0ZGwx6qRG/vkYYsi2iQYHpPnxxIqDJn7GL6
kiETqQliO3pjHvUATaUnODLe4aGSmRWTgL1n+6PsazV1qtjqdIzErA1M0EFoGBXV
MEvl8FBjtsBLk0hgu6j98wSgzpswef4utNRNoEJyDLCygIebFwE/1cVMKthgjlKC
UbZaCgdFnBt7swRGL43Ulc6cGJhK16L6I7Bdd7uhT16mOzerGoQB5FRyu9hm9JpK
jJT8SI3dgnsFL76rxwI9wbCtnME5UkNyJPovC24kMen+GQ6HRj0JZatTtWY8vYU=
-----END CERTIFICATE-----