Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/w5NgM2REfOAdCgaNYYXA3R7kTr0.roa
File:                     w5NgM2REfOAdCgaNYYXA3R7kTr0.roa (raw, json)
Hash identifier:          vPkD03XltVa/0s827fNsTyOVFaPxGpnClfystsNtxnk=
Subject key identifier:   C3:93:60:33:64:44:7C:E0:1D:0A:06:8D:61:85:C0:DD:1E:E4:4E:BD
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0184A5F2B192B320CCD4C87317DF342AF2A0
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/w5NgM2REfOAdCgaNYYXA3R7kTr0.roa
Signing time:             Wed 23 Nov 2022 19:24:16 +0000
ROA not before:           Wed 23 Nov 2022 19:24:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205570
IP address blocks:        84.32.79.0/24 maxlen: 24
                          84.32.90.0/23 maxlen: 24
                          84.32.88.0/23 maxlen: 24
                          88.216.131.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          84.32.24.0/22 maxlen: 22
                          88.216.132.0/23 maxlen: 24
                          88.216.134.0/24 maxlen: 24
                          88.216.135.0/24 maxlen: 24
                          84.32.28.0/22 maxlen: 22
                          88.216.94.0/23 maxlen: 24
                          88.216.92.0/23 maxlen: 24
                          84.32.212.0/24 maxlen: 24
                          88.216.224.0/22 maxlen: 24
                          88.216.232.0/21 maxlen: 24
                          88.216.248.0/22 maxlen: 24
                          88.216.43.0/24 maxlen: 24
                          88.216.44.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:a5:f2:b1:92:b3:20:cc:d4:c8:73:17:df:34:2a:f2:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 23 19:24:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c393603364447ce01d0a068d6185c0dd1ee44ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:16:a7:a8:54:0d:f6:15:46:c0:73:44:2c:31:
                    9c:20:71:b0:2d:d1:17:e5:2c:f4:36:96:81:64:cd:
                    a4:c2:ef:7a:0f:fc:dc:9b:1f:23:b3:bb:e9:f5:5e:
                    0c:d1:c5:22:af:03:97:b4:78:43:82:d7:7e:f0:ac:
                    9e:3d:0d:b6:41:53:35:21:c6:ef:8c:5c:b8:9a:f7:
                    f6:d4:eb:a3:fe:8d:87:b2:03:73:b9:00:8a:5e:a9:
                    99:c4:50:c8:0c:8c:48:62:eb:57:a4:85:0a:ff:52:
                    b6:fb:1a:dc:84:52:d4:43:06:d0:50:ed:42:84:85:
                    de:22:b9:68:a5:72:9b:bc:3a:86:8b:7c:6a:e6:81:
                    fb:24:f3:a9:5e:74:a8:65:b9:1f:e8:e8:96:4c:9b:
                    a8:6a:14:ab:8b:ab:a7:5f:73:40:92:b3:3d:c5:2a:
                    86:18:82:fe:26:10:02:54:00:50:c5:74:9c:5b:13:
                    bd:79:3f:e5:bc:f9:c9:20:c1:a3:ff:12:1d:e8:b9:
                    67:85:a4:02:2a:ef:d0:a2:c3:6e:03:b5:1f:06:a6:
                    a0:12:72:fb:a3:ec:25:f1:f2:fe:8f:24:13:af:c4:
                    87:fe:ff:38:d7:cc:38:3d:1d:2f:f1:59:7d:4a:2c:
                    fd:43:69:a5:24:09:ab:08:1a:58:18:2f:c9:6b:b4:
                    93:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:93:60:33:64:44:7C:E0:1D:0A:06:8D:61:85:C0:DD:1E:E4:4E:BD
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/w5NgM2REfOAdCgaNYYXA3R7kTr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/21
                  84.32.79.0/24
                  84.32.88.0/22
                  84.32.212.0/24
                  88.216.43.0-88.216.45.255
                  88.216.92.0/22
                  88.216.128.0/24
                  88.216.131.0-88.216.135.255
                  88.216.224.0/22
                  88.216.232.0/21
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:ac:94:c3:e4:83:b3:38:5f:01:e6:8d:4c:28:f1:b2:dc:2b:
         74:70:1a:cc:47:56:da:86:31:fd:8d:c5:e5:ee:94:24:1f:3e:
         19:36:65:be:0c:c7:f2:8f:a2:1b:6b:f3:9c:30:07:28:88:dd:
         90:96:89:a7:87:b1:ad:95:e9:c1:79:a4:e8:a1:5c:21:5b:7c:
         b0:c5:8b:c7:50:a2:6f:0f:03:54:e7:19:da:99:40:84:0c:d9:
         c6:c0:88:59:b3:65:1b:08:8b:98:a5:38:da:0e:af:09:ef:2b:
         2b:8e:66:17:0f:fa:37:98:7c:ae:97:00:31:cc:69:6e:67:f3:
         14:c5:7c:77:d8:51:04:6f:11:d7:5b:52:cb:95:ee:d9:94:b8:
         00:89:21:10:b0:31:df:42:dd:a3:55:b7:e3:de:47:f2:ea:11:
         06:93:92:f1:29:da:04:0e:37:cc:13:de:f9:9a:cf:c8:dc:a4:
         32:db:c3:bd:c5:33:47:24:16:8a:fb:d1:c9:f9:d1:80:33:c3:
         d9:01:fc:85:f6:29:c5:c5:1c:49:d3:d3:e5:0f:56:c1:d9:26:
         b8:1a:b9:53:25:e2:f1:e4:26:cb:1d:fa:9e:c0:34:67:35:d8:
         cc:e2:37:a9:ea:e2:23:56:e7:31:2d:3f:25:23:16:57:7b:1f:
         0e:3d:8c:ee
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYSl8rGSsyDM1MhzF980KvKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTIzMTkyNDE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzkzNjAzMzY0NDQ3Y2UwMWQwYTA2OGQ2MTg1YzBkZDFlZTQ0ZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphanqFQN9hVGwHNELDGcIHGwLdEX
5Sz0NpaBZM2kwu96D/zcmx8js7vp9V4M0cUirwOXtHhDgtd+8KyePQ22QVM1Icbv
jFy4mvf21Ouj/o2HsgNzuQCKXqmZxFDIDIxIYutXpIUK/1K2+xrchFLUQwbQUO1C
hIXeIrlopXKbvDqGi3xq5oH7JPOpXnSoZbkf6OiWTJuoahSri6unX3NAkrM9xSqG
GIL+JhACVABQxXScWxO9eT/lvPnJIMGj/xId6LlnhaQCKu/QosNuA7UfBqagEnL7
o+wl8fL+jyQTr8SH/v8418w4PR0v8Vl9Siz9Q2mlJAmrCBpYGC/Ja7STjwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFMOTYDNkRHzgHQoGjWGFwN0e5E69MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvdzVOZ00yUkVmT0FkQ2dhTllZWEEzUjdrVHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQDVCAYAwQA
VCBPAwQCVCBYAwQAVCDUMAwDBABY2CsDBAFY2CwDBAJY2FwDBABY2IAwDAMEAFjY
gwMEA1jYgAMEAljY4AMEA1jY6AMEAljY+DANBgkqhkiG9w0BAQsFAAOCAQEAGayU
w+SDszhfAeaNTCjxstwrdHAazEdW2oYx/Y3F5e6UJB8+GTZlvgzH8o+iG2vznDAH
KIjdkJaJp4exrZXpwXmk6KFcIVt8sMWLx1Cibw8DVOcZ2plAhAzZxsCIWbNlGwiL
mKU42g6vCe8rK45mFw/6N5h8rpcAMcxpbmfzFMV8d9hRBG8R11tSy5Xu2ZS4AIkh
ELAx30Ldo1W3495H8uoRBpOS8SnaBA43zBPe+ZrPyNykMtvDvcUzRyQWivvRyfnR
gDPD2QH8hfYpxcUcSdPT5Q9WwdkmuBq5UyXi8eQmyx36nsA0ZzXYzOI3qeriI1bn
MS0/JSMWV3sfDj2M7g==
-----END CERTIFICATE-----