Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rw-NXHv1ALJDKZab7ox1Q0O8nx4.roa
File:                     rw-NXHv1ALJDKZab7ox1Q0O8nx4.roa (raw, json)
Hash identifier:          eQO6L1IfKGqCcikDcyDSIEpmKZ8x9Dxgm9Db1umdrZU=
Subject key identifier:   AF:0F:8D:5C:7B:F5:00:B2:43:29:96:9B:EE:8C:75:43:43:BC:9F:1E
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0183C1EB2638B666C77A2D3390D0133E70A4
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rw-NXHv1ALJDKZab7ox1Q0O8nx4.roa
Signing time:             Mon 10 Oct 2022 12:42:36 +0000
ROA not before:           Mon 10 Oct 2022 12:42:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        84.32.64.0/24 maxlen: 24
                          84.32.70.0/24 maxlen: 24
                          88.216.185.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          84.32.82.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.96.0/24 maxlen: 24
                          84.32.4.0/24 maxlen: 24
                          88.216.18.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          88.216.34.0/24 maxlen: 24
                          88.216.42.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c1:eb:26:38:b6:66:c7:7a:2d:33:90:d0:13:3e:70:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct 10 12:42:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af0f8d5c7bf500b24329969bee8c754343bc9f1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e1:35:94:2e:a8:f0:1e:c5:4f:b0:d8:d7:47:
                    cd:a8:58:99:b0:32:35:04:41:40:f7:08:2b:99:c3:
                    fd:f0:79:57:fa:e7:0f:af:ce:bc:02:c2:30:5d:41:
                    1f:bf:91:09:be:94:34:bd:02:08:26:fe:7d:a9:3c:
                    8e:37:2d:a2:b2:04:60:0f:6d:92:90:5e:23:95:6b:
                    43:a6:2c:02:7c:6a:84:89:7a:cf:d7:16:07:11:89:
                    a8:8a:c2:7f:29:e7:4e:35:69:0d:65:9f:dc:ed:99:
                    96:ba:e9:41:c5:97:9c:d6:ef:6b:26:ba:40:79:42:
                    9c:3e:6e:b0:09:2b:b7:1c:76:8c:ee:69:92:ad:8e:
                    85:78:20:62:c1:a0:a9:2e:5e:b0:de:c2:81:80:46:
                    b7:0f:7b:c3:e5:9d:42:ff:e0:2e:47:c3:3d:d0:25:
                    40:94:6d:7e:fb:6d:ea:e9:ad:c3:73:e9:79:25:1b:
                    ba:25:e1:ea:bb:63:0b:0e:5a:ca:91:c5:8f:a3:53:
                    96:aa:30:55:0c:94:dc:26:b3:5f:ab:e7:b6:58:9b:
                    22:02:ae:54:dd:01:4f:ee:9c:13:08:d1:af:3a:4f:
                    f1:f1:2b:ef:23:70:e0:d1:b8:26:e9:22:0f:5b:ef:
                    4e:35:4d:1f:1d:35:27:bf:3d:ad:46:f4:5c:14:b5:
                    d0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:0F:8D:5C:7B:F5:00:B2:43:29:96:9B:EE:8C:75:43:43:BC:9F:1E
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rw-NXHv1ALJDKZab7ox1Q0O8nx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.4.0/24
                  84.32.64.0/24
                  84.32.70.0/24
                  84.32.82.0/24
                  88.216.18.0/24
                  88.216.34.0/24
                  88.216.42.0/24
                  88.216.96.0/24
                  88.216.98.0/24
                  88.216.128.0/24
                  88.216.185.0-88.216.186.255

    Signature Algorithm: sha256WithRSAEncryption
         09:f0:9a:74:82:98:5a:3c:9d:13:ed:88:20:cb:24:13:dc:49:
         1c:5b:f4:bf:74:78:46:05:39:bc:76:36:91:c8:de:bc:f3:c0:
         3e:ea:26:14:0f:14:e2:a8:59:15:23:83:61:d9:fe:d4:51:47:
         7e:e3:81:dc:b8:28:58:8f:b3:75:59:8b:70:5d:fc:53:f9:b7:
         1b:b9:ae:b4:35:02:5f:ec:97:b5:1f:98:20:68:fb:1d:c7:cf:
         85:12:3e:13:69:2f:da:f8:f4:f3:c9:a3:0b:d0:2a:75:66:d5:
         23:ee:79:25:9f:e0:95:b1:ee:44:6e:95:2e:69:26:cf:fa:25:
         56:20:44:4d:34:ba:6f:1d:ea:7c:7b:1a:c8:8a:b3:d6:d2:e0:
         b0:2c:d9:7c:1b:3b:bb:fc:f9:e7:7d:8d:61:48:4d:fd:08:0c:
         ab:19:44:7c:cd:17:05:e5:2e:d4:bd:45:73:10:48:f4:a3:a8:
         7b:f0:a4:da:e8:97:53:42:36:41:e6:bd:fb:ba:5c:d6:ab:8e:
         eb:7a:c7:2d:24:87:52:bb:18:ad:a1:9a:98:0c:b5:f8:4c:85:
         ad:31:fa:ea:0b:bb:19:c8:ce:c7:ab:32:24:67:7f:d3:89:f5:
         e1:9d:76:f6:2e:d5:72:d6:88:c5:0f:26:cb:fb:e4:2d:66:ba:
         1c:1b:07:7d
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYPB6yY4tmbHei0zkNATPnCkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMDEwMTI0MjM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjBmOGQ1YzdiZjUwMGIyNDMyOTk2OWJlZThjNzU0MzQzYmM5ZjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeE1lC6o8B7FT7DY10fNqFiZsDI1
BEFA9wgrmcP98HlX+ucPr868AsIwXUEfv5EJvpQ0vQIIJv59qTyONy2isgRgD22S
kF4jlWtDpiwCfGqEiXrP1xYHEYmoisJ/KedONWkNZZ/c7ZmWuulBxZec1u9rJrpA
eUKcPm6wCSu3HHaM7mmSrY6FeCBiwaCpLl6w3sKBgEa3D3vD5Z1C/+AuR8M90CVA
lG1++23q6a3Dc+l5JRu6JeHqu2MLDlrKkcWPo1OWqjBVDJTcJrNfq+e2WJsiAq5U
3QFP7pwTCNGvOk/x8SvvI3Dg0bgm6SIPW+9ONU0fHTUnvz2tRvRcFLXQHwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFK8PjVx79QCyQymWm+6MdUNDvJ8eMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvcnctTlhIdjFBTEpES1phYjdveDFRME84bng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAVCAEAwQA
VCBAAwQAVCBGAwQAVCBSAwQAWNgSAwQAWNgiAwQAWNgqAwQAWNhgAwQAWNhiAwQA
WNiAMAwDBABY2LkDBABY2LowDQYJKoZIhvcNAQELBQADggEBAAnwmnSCmFo8nRPt
iCDLJBPcSRxb9L90eEYFObx2NpHI3rzzwD7qJhQPFOKoWRUjg2HZ/tRRR37jgdy4
KFiPs3VZi3Bd/FP5txu5rrQ1Al/sl7UfmCBo+x3Hz4USPhNpL9r49PPJowvQKnVm
1SPueSWf4JWx7kRulS5pJs/6JVYgRE00um8d6nx7GsiKs9bS4LAs2XwbO7v8+ed9
jWFITf0IDKsZRHzNFwXlLtS9RXMQSPSjqHvwpNrol1NCNkHmvfu6XNarjut6xy0k
h1K7GK2hmpgMtfhMha0x+uoLuxnIzserMiRnf9OJ9eGddvYu1XLWiMUPJsv75C1m
uhwbB30=
-----END CERTIFICATE-----