Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rzUrdosGZXi1WPNxfNM0T-UD23w.roa
File:                     rzUrdosGZXi1WPNxfNM0T-UD23w.roa (raw, json)
Hash identifier:          rNSKToHyn2Zy6ghKGs2NF2J9IP8nhUZSkQ2dieWX1+w=
Subject key identifier:   AF:35:2B:76:8B:06:65:78:B5:58:F3:71:7C:D3:34:4F:E5:03:DB:7C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01849E1661CEC9E8CDBF227BECC639E74195
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rzUrdosGZXi1WPNxfNM0T-UD23w.roa
Signing time:             Tue 22 Nov 2022 06:46:17 +0000
ROA not before:           Tue 22 Nov 2022 06:46:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205570
IP address blocks:        84.32.79.0/24 maxlen: 24
                          84.32.90.0/23 maxlen: 24
                          84.32.88.0/23 maxlen: 24
                          88.216.131.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          84.32.24.0/22 maxlen: 22
                          88.216.132.0/23 maxlen: 24
                          88.216.134.0/24 maxlen: 24
                          88.216.135.0/24 maxlen: 24
                          84.32.28.0/22 maxlen: 22
                          88.216.94.0/23 maxlen: 24
                          88.216.92.0/23 maxlen: 24
                          84.32.212.0/24 maxlen: 24
                          88.216.224.0/22 maxlen: 24
                          88.216.232.0/21 maxlen: 24
                          88.216.248.0/22 maxlen: 24
                          88.216.41.0/24 maxlen: 24
                          88.216.43.0/24 maxlen: 24
                          88.216.44.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9e:16:61:ce:c9:e8:cd:bf:22:7b:ec:c6:39:e7:41:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 22 06:46:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af352b768b066578b558f3717cd3344fe503db7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3f:0e:45:1c:dc:21:26:dd:7f:cc:90:15:2a:
                    e7:20:79:ca:55:64:ba:3c:35:2b:f5:e8:01:cf:a2:
                    16:f9:74:f8:08:7b:b4:91:cb:49:13:49:87:b5:6e:
                    4e:8c:97:dd:58:87:e0:94:d8:d2:d5:b5:cc:e2:90:
                    fa:18:da:be:50:8c:2c:56:28:09:19:a4:b9:7d:7b:
                    17:da:9a:d3:4c:2b:d6:38:34:34:72:55:47:5e:eb:
                    38:cc:19:61:b7:47:82:95:8c:73:b6:a2:25:07:57:
                    43:21:1b:18:35:fb:29:33:fd:ca:10:35:89:1a:7a:
                    7f:37:a1:87:34:9c:d5:78:cf:f3:ec:a7:a7:14:f0:
                    de:b4:76:1b:4f:e1:b6:0f:86:92:ce:6d:72:4b:39:
                    78:49:1b:81:c6:38:b4:27:46:0a:38:c1:1e:dc:ae:
                    52:1d:3e:3c:89:df:27:e2:8b:b1:9c:1c:e6:1f:af:
                    58:47:b7:2b:2b:75:22:bc:91:8f:4f:9d:7f:3f:95:
                    e0:d7:2d:30:bb:c6:23:4a:61:c0:8d:ca:5f:ec:fe:
                    a1:7c:45:7e:6a:68:fb:5d:fc:1b:df:70:eb:c2:c6:
                    a7:24:6b:72:b6:80:58:11:08:e8:ff:37:48:f5:38:
                    fb:2b:b3:3b:f4:e9:72:63:92:4d:8f:d0:e6:d0:99:
                    a2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:35:2B:76:8B:06:65:78:B5:58:F3:71:7C:D3:34:4F:E5:03:DB:7C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rzUrdosGZXi1WPNxfNM0T-UD23w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/21
                  84.32.79.0/24
                  84.32.88.0/22
                  84.32.212.0/24
                  88.216.41.0/24
                  88.216.43.0-88.216.45.255
                  88.216.92.0/22
                  88.216.128.0/24
                  88.216.131.0-88.216.135.255
                  88.216.224.0/22
                  88.216.232.0/21
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:16:d6:fa:1f:f4:86:1f:08:82:f7:3a:ed:8f:18:6e:b9:db:
         1f:15:d7:ce:11:74:43:46:da:da:f5:9d:3e:98:d1:6a:b4:5d:
         18:60:fa:f8:35:5f:d9:fe:95:36:77:6d:94:49:be:cb:b8:00:
         fa:e3:66:1e:c2:7f:8b:2c:7b:f3:c0:d6:d4:8d:1b:01:17:9c:
         cf:33:2f:26:ac:93:71:15:3d:6a:94:3d:46:d4:c6:ae:9b:1f:
         6b:c7:7d:b9:f3:e9:41:9c:2c:df:e7:19:fa:3d:b9:92:ba:3b:
         c0:0b:a4:6b:3c:25:e2:28:56:5d:29:ef:76:ea:db:2c:58:02:
         c3:6b:9f:ee:14:a6:26:3f:cf:11:8d:18:82:b1:72:0e:ee:13:
         cc:a6:ec:a7:87:b4:69:c9:cc:9e:16:db:6b:9f:38:3b:81:72:
         9e:18:9c:89:99:8b:2e:9e:8a:cb:8c:8c:65:0e:73:83:82:33:
         e7:0d:f1:53:7a:7c:7b:8d:5f:5b:f3:18:a3:91:3d:72:01:cc:
         5f:06:2d:06:c8:2d:ca:0e:d6:ff:28:55:4b:73:14:10:af:a3:
         f7:dd:dd:46:29:6a:ba:14:a0:9e:90:59:b7:0f:2e:93:3a:d4:
         b3:fe:8a:85:27:a6:59:a9:72:bd:e1:d1:f0:f3:1d:dd:64:71:
         1a:fc:69:24
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYSeFmHOyejNvyJ77MY550GVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTIyMDY0NjE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjM1MmI3NjhiMDY2NTc4YjU1OGYzNzE3Y2QzMzQ0ZmU1MDNkYjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4T8ORRzcISbdf8yQFSrnIHnKVWS6
PDUr9egBz6IW+XT4CHu0kctJE0mHtW5OjJfdWIfglNjS1bXM4pD6GNq+UIwsVigJ
GaS5fXsX2prTTCvWODQ0clVHXus4zBlht0eClYxztqIlB1dDIRsYNfspM/3KEDWJ
Gnp/N6GHNJzVeM/z7KenFPDetHYbT+G2D4aSzm1ySzl4SRuBxji0J0YKOMEe3K5S
HT48id8n4ouxnBzmH69YR7crK3UivJGPT51/P5Xg1y0wu8YjSmHAjcpf7P6hfEV+
amj7Xfwb33DrwsanJGtytoBYEQjo/zdI9Tj7K7M79OlyY5JNj9Dm0JmiDwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFK81K3aLBmV4tVjzcXzTNE/lA9t8MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvcnpVcmRvc0daWGkxV1BOeGZOTTBULVVEMjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQDVCAYAwQA
VCBPAwQCVCBYAwQAVCDUAwQAWNgpMAwDBABY2CsDBAFY2CwDBAJY2FwDBABY2IAw
DAMEAFjYgwMEA1jYgAMEAljY4AMEA1jY6AMEAljY+DANBgkqhkiG9w0BAQsFAAOC
AQEAHBbW+h/0hh8Igvc67Y8YbrnbHxXXzhF0Q0ba2vWdPpjRarRdGGD6+DVf2f6V
NndtlEm+y7gA+uNmHsJ/iyx788DW1I0bAReczzMvJqyTcRU9apQ9RtTGrpsfa8d9
ufPpQZws3+cZ+j25kro7wAukazwl4ihWXSnvdurbLFgCw2uf7hSmJj/PEY0YgrFy
Du4TzKbsp4e0acnMnhbba584O4FynhiciZmLLp6Ky4yMZQ5zg4Iz5w3xU3p8e41f
W/MYo5E9cgHMXwYtBsgtyg7W/yhVS3MUEK+j993dRilquhSgnpBZtw8ukzrUs/6K
hSemWalyveHR8PMd3WRxGvxpJA==
-----END CERTIFICATE-----