Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/vydLUlqroVBH3_3IHnjcjMSIydU.roa
File:                     vydLUlqroVBH3_3IHnjcjMSIydU.roa (raw, json)
Hash identifier:          QL5DwvE4ifjYGXXDPlFMk+PfdfGJAr2v1vZmqoY9WTI=
Subject key identifier:   BF:27:4B:52:5A:AB:A1:50:47:DF:FD:C8:1E:78:DC:8C:C4:88:C9:D5
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018455EC73B9B12A2A9179323162089C08B5
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/vydLUlqroVBH3_3IHnjcjMSIydU.roa
Signing time:             Tue 08 Nov 2022 06:27:50 +0000
ROA not before:           Tue 08 Nov 2022 06:27:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49999
IP address blocks:        84.32.76.0/24 maxlen: 24
                          88.216.188.0/22 maxlen: 24
                          84.32.79.0/24 maxlen: 24
                          88.216.187.0/24 maxlen: 24
                          84.32.88.0/24 maxlen: 24
                          84.32.220.0/22 maxlen: 24
                          84.32.14.0/24 maxlen: 24
                          88.216.18.0/24 maxlen: 24
                          88.216.248.0/22 maxlen: 24
                          84.32.34.0/24 maxlen: 24
                          88.216.40.0/24 maxlen: 24
                          84.32.40.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:55:ec:73:b9:b1:2a:2a:91:79:32:31:62:08:9c:08:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov  8 06:27:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bf274b525aaba15047dffdc81e78dc8cc488c9d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:aa:43:ef:3a:52:9b:36:08:1b:22:14:bf:9d:
                    fb:52:2d:b5:d8:39:8b:70:0c:37:79:35:65:10:05:
                    1a:53:43:97:5f:f6:0f:ad:ac:7c:33:32:b2:83:a4:
                    36:b0:3f:8b:b5:b9:93:5a:36:4a:a9:99:37:e7:42:
                    1a:a7:16:30:9b:87:95:36:9e:b1:32:68:ca:00:b2:
                    51:c6:26:2c:90:92:34:28:67:dc:23:62:56:8d:67:
                    86:cb:d1:27:05:8a:54:de:5f:d4:87:8a:f3:3b:8e:
                    4c:b3:35:c1:c9:8e:45:08:a8:ad:87:fc:81:5d:b2:
                    b9:2a:cd:b8:7d:2d:de:f1:6a:dc:dd:17:cc:4d:50:
                    e7:82:92:bc:08:ff:54:ab:9d:a7:f7:65:c7:d7:fd:
                    3a:ee:34:e5:71:0c:91:15:5f:bb:61:33:22:4b:a7:
                    1c:60:87:6d:5d:04:61:ab:b2:8b:70:31:ff:43:cd:
                    d1:cb:8c:50:6a:e9:bc:b4:1b:b7:d2:de:8d:99:b9:
                    48:da:20:30:37:1e:56:2d:d4:e4:b0:1a:40:8d:c8:
                    cc:7a:6e:cf:94:b3:72:3a:90:e8:9b:4f:6b:20:07:
                    28:37:0e:f8:12:8d:5c:f9:4f:98:eb:6b:95:81:83:
                    46:26:c2:dd:50:27:e0:2d:88:a5:5b:a1:c4:56:a0:
                    c0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:27:4B:52:5A:AB:A1:50:47:DF:FD:C8:1E:78:DC:8C:C4:88:C9:D5
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/vydLUlqroVBH3_3IHnjcjMSIydU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.14.0/24
                  84.32.34.0/24
                  84.32.40.0/22
                  84.32.76.0/24
                  84.32.79.0/24
                  84.32.88.0/24
                  84.32.220.0/22
                  88.216.18.0/24
                  88.216.40.0/24
                  88.216.187.0-88.216.191.255
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:22:63:92:83:96:ac:06:45:70:0c:8f:4b:7b:86:b1:f6:6a:
         c5:da:2e:05:bc:fb:ba:9c:48:15:c6:86:70:1e:c7:21:85:26:
         ab:3f:bc:df:ce:b6:41:5f:94:9b:1c:fc:4b:1f:1c:28:af:b2:
         9e:c0:1e:11:3b:cc:58:61:47:49:d5:ad:7f:15:06:e4:51:8f:
         61:da:ea:8d:58:7a:9c:16:93:5d:0e:a1:c2:8b:b1:ba:e4:91:
         71:93:b7:d6:7e:72:16:2b:c1:7b:97:33:3e:bd:8c:66:81:4c:
         82:a6:92:52:37:a6:99:80:24:f0:32:25:90:8d:08:fd:41:b7:
         23:5e:30:d5:8e:ef:32:01:ec:30:59:c0:2c:46:ea:50:ce:e5:
         0b:0f:50:b2:a0:0d:71:b1:52:ae:74:00:a9:e5:0a:db:6a:80:
         36:9a:d9:b2:45:c2:31:e2:2e:f3:48:34:4e:bd:8e:76:61:8a:
         93:e3:4c:7d:ff:e3:e6:f7:62:60:f0:66:f9:fb:94:9f:a4:51:
         48:25:c5:57:ca:51:e7:1f:85:01:42:40:c3:d3:42:77:ab:cd:
         ec:82:8c:04:98:3b:2c:8e:c8:6b:e1:92:02:29:4d:aa:b1:29:
         57:2c:8d:74:63:6d:9d:9f:c0:38:f7:ab:26:35:9d:d1:11:c5:
         0d:1d:62:fb
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYRV7HO5sSoqkXkyMWIInAi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTA4MDYyNzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjI3NGI1MjVhYWJhMTUwNDdkZmZkYzgxZTc4ZGM4Y2M0ODhjOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKpD7zpSmzYIGyIUv537Ui212DmL
cAw3eTVlEAUaU0OXX/YPrax8MzKyg6Q2sD+LtbmTWjZKqZk350IapxYwm4eVNp6x
MmjKALJRxiYskJI0KGfcI2JWjWeGy9EnBYpU3l/Uh4rzO45MszXByY5FCKith/yB
XbK5Ks24fS3e8Wrc3RfMTVDngpK8CP9Uq52n92XH1/067jTlcQyRFV+7YTMiS6cc
YIdtXQRhq7KLcDH/Q83Ry4xQaum8tBu30t6NmblI2iAwNx5WLdTksBpAjcjMem7P
lLNyOpDom09rIAcoNw74Eo1c+U+Y62uVgYNGJsLdUCfgLYilW6HEVqDA3wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFL8nS1Jaq6FQR9/9yB543IzEiMnVMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvdnlkTFVscXJvVkJIM18zSUhuamNqTVNJeWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAVCAOAwQA
VCAiAwQCVCAoAwQAVCBMAwQAVCBPAwQAVCBYAwQCVCDcAwQAWNgSAwQAWNgoMAwD
BABY2LsDBAZY2IADBAJY2PgwDQYJKoZIhvcNAQELBQADggEBAEMiY5KDlqwGRXAM
j0t7hrH2asXaLgW8+7qcSBXGhnAexyGFJqs/vN/OtkFflJsc/EsfHCivsp7AHhE7
zFhhR0nVrX8VBuRRj2Ha6o1YepwWk10OocKLsbrkkXGTt9Z+chYrwXuXMz69jGaB
TIKmklI3ppmAJPAyJZCNCP1BtyNeMNWO7zIB7DBZwCxG6lDO5QsPULKgDXGxUq50
AKnlCttqgDaa2bJFwjHiLvNINE69jnZhipPjTH3/4+b3YmDwZvn7lJ+kUUglxVfK
UecfhQFCQMPTQnerzeyCjASYOyyOyGvhkgIpTaqxKVcsjXRjbZ2fwDj3qyY1ndER
xQ0dYvs=
-----END CERTIFICATE-----