Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/uyMNaU2Mu3WDIfsntcpJ9Lh2LGw.roa
File:                     uyMNaU2Mu3WDIfsntcpJ9Lh2LGw.roa (raw, json)
Hash identifier:          71RxcHyiwcLbCCHcS58nmudktGDJq3O5sPNw2IOYDUw=
Subject key identifier:   BB:23:0D:69:4D:8C:BB:75:83:21:FB:27:B5:CA:49:F4:B8:76:2C:6C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       6D49E4
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/uyMNaU2Mu3WDIfsntcpJ9Lh2LGw.roa
Signing time:             Fri 25 Mar 2022 16:52:06 +0000
ROA not before:           Fri 25 Mar 2022 16:52:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        88.216.180.0/22 maxlen: 24
                          88.216.188.0/22 maxlen: 24
                          88.216.196.0/22 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          88.216.210.0/23 maxlen: 24
                          88.216.212.0/22 maxlen: 24
                          84.32.4.0/22 maxlen: 24
                          84.32.8.0/22 maxlen: 24
                          84.32.40.0/21 maxlen: 24
                          88.216.0.0/22 maxlen: 24
                          88.216.16.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.20.0/22 maxlen: 22
                          88.216.33.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.47.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7162340 (0x6d49e4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 25 16:52:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bb230d694d8cbb758321fb27b5ca49f4b8762c6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a3:ae:3b:08:cd:61:b9:74:9f:0d:de:d9:a2:
                    70:b9:07:55:b7:68:a5:81:a6:6d:d3:bd:9d:e6:9a:
                    79:bf:81:ea:1d:df:57:8e:69:23:a1:41:9e:9f:4b:
                    d0:58:f7:bf:ac:d5:62:15:99:1e:6d:db:21:76:22:
                    62:25:c3:da:eb:fa:ae:fb:fd:6d:1b:bb:4f:ef:ec:
                    2a:23:d1:08:c7:03:29:fa:81:63:a9:cf:80:44:ff:
                    79:35:4d:d0:c3:2c:34:d1:f9:98:ad:84:68:78:17:
                    38:b2:56:43:fb:d1:ba:68:93:9e:1c:5a:b3:54:cf:
                    9a:aa:c0:c0:0e:f7:ff:12:fa:07:30:e3:cc:ff:0a:
                    f9:d0:d5:55:f6:e3:b9:fa:12:a7:51:ae:73:7a:5b:
                    f8:04:fc:7a:a2:b3:38:1e:be:e2:f5:b6:8b:26:c4:
                    27:26:b4:56:68:c6:61:68:80:8d:18:bb:76:a4:46:
                    e6:eb:b6:6d:c9:c8:02:98:35:82:33:7f:d8:7f:ca:
                    6c:c7:f3:cc:9c:34:3f:47:a9:50:7c:77:c0:f2:26:
                    67:0f:15:2d:14:d6:31:32:e9:d1:a5:57:c3:8a:5a:
                    04:80:50:ba:cb:c9:17:8f:90:c7:46:b6:2d:54:78:
                    5d:39:44:88:08:61:cc:35:44:e7:8c:30:4f:5f:c9:
                    c7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:23:0D:69:4D:8C:BB:75:83:21:FB:27:B5:CA:49:F4:B8:76:2C:6C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/uyMNaU2Mu3WDIfsntcpJ9Lh2LGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.4.0-84.32.11.255
                  84.32.40.0/21
                  88.216.0.0/22
                  88.216.16.0/24
                  88.216.19.0-88.216.23.255
                  88.216.32.0/23
                  88.216.46.0/23
                  88.216.180.0/22
                  88.216.188.0/22
                  88.216.196.0/22
                  88.216.209.0-88.216.215.255

    Signature Algorithm: sha256WithRSAEncryption
         a0:7b:7a:23:1a:a8:d6:93:e9:6b:fc:20:36:72:43:c8:0f:31:
         b2:c1:85:16:77:61:a7:a2:db:af:ba:9b:5d:9b:b1:f6:e9:23:
         00:75:35:ae:61:c5:e2:ab:ef:79:cd:0c:37:cf:20:16:a2:92:
         67:8e:55:8a:2b:db:81:84:04:ca:3d:fe:88:d7:84:b0:26:e0:
         57:9e:9e:a7:3f:7b:ff:a8:36:8b:ba:12:d6:8c:4e:db:1b:b4:
         73:90:59:ef:31:33:d2:92:1c:38:7e:16:66:bf:f8:2c:60:74:
         db:2e:3b:c5:7e:6f:c9:01:8a:ee:c4:24:9e:73:26:0f:1c:8b:
         71:0d:49:21:3c:cd:8d:c4:68:f7:84:2b:4a:72:34:44:de:fd:
         ec:66:bf:6b:c3:5e:13:6b:1d:2f:e7:75:bf:30:cf:40:76:d9:
         16:3d:a5:07:fb:49:dc:a6:84:23:34:6d:fa:c5:f6:e5:c3:5a:
         b4:da:e8:39:c4:8d:b3:f1:c0:cf:67:30:a4:cf:8e:3b:22:a8:
         ff:33:65:a6:86:99:d0:8f:d9:43:29:79:04:67:c1:17:e3:2c:
         f6:ad:a3:b7:b7:7b:36:d8:b5:86:1d:d3:16:05:22:31:38:88:
         54:1b:5c:bd:db:91:c7:04:05:76:a2:1c:56:6b:7d:2a:db:29:
         86:98:b9:81
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgIDbUnkMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDRm
YmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZiZGEzYzUwHhcNMjIwMzI1
MTY1MjA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhiYjIzMGQ2OTRkOGNi
Yjc1ODMyMWZiMjdiNWNhNDlmNGI4NzYyYzZjMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAr6OuOwjNYbl0nw3e2aJwuQdVt2ilgaZt072d5pp5v4HqHd9X
jmkjoUGen0vQWPe/rNViFZkebdshdiJiJcPa6/qu+/1tG7tP7+wqI9EIxwMp+oFj
qc+ARP95NU3Qwyw00fmYrYRoeBc4slZD+9G6aJOeHFqzVM+aqsDADvf/EvoHMOPM
/wr50NVV9uO5+hKnUa5zelv4BPx6orM4Hr7i9baLJsQnJrRWaMZhaICNGLt2pEbm
67ZtycgCmDWCM3/Yf8psx/PMnDQ/R6lQfHfA8iZnDxUtFNYxMunRpVfDiloEgFC6
y8kXj5DHRrYtVHhdOUSICGHMNUTnjDBPX8nHIwIDAQABo4ICXTCCAlkwHQYDVR0O
BBYEFLsjDWlNjLt1gyH7J7XKSfS4dixsMB8GA1UdIwQYMBaAFE+9RfzjVuKmXx5N
Ha94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
VDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMzLzEv
dXlNTmFVMk11M1dESWZzbnRjcEo5TGgyTEd3LnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8z
OTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMzLzEvVDcxRl9PTlc0cVpm
SGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMHMG
CCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaMAwDBAJUIAQDBAJUIAgDBANUICgDBAJY
2AADBABY2BAwDAMEAFjYEwMEA1jYEAMEAVjYIAMEAVjYLgMEAljYtAMEAljYvAME
AljYxDAMAwQAWNjRAwQDWNjQMA0GCSqGSIb3DQEBCwUAA4IBAQCge3ojGqjWk+lr
/CA2ckPIDzGywYUWd2Gnotuvuptdm7H26SMAdTWuYcXiq+95zQw3zyAWopJnjlWK
K9uBhATKPf6I14SwJuBXnp6nP3v/qDaLuhLWjE7bG7RzkFnvMTPSkhw4fhZmv/gs
YHTbLjvFfm/JAYruxCSecyYPHItxDUkhPM2NxGj3hCtKcjRE3v3sZr9rw14Tax0v
53W/MM9AdtkWPaUH+0ncpoQjNG36xfblw1q02ug5xI2z8cDPZzCkz447Iqj/M2Wm
hpnQj9lDKXkEZ8EX4yz2raO3t3s22LWGHdMWBSIxOIhUG1y925HHBAV2ohxWa30q
2ymGmLmB
-----END CERTIFICATE-----