Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/xia7IKdWRto5mLViSZoLIivq4uE.roa
File:                     xia7IKdWRto5mLViSZoLIivq4uE.roa (raw, json)
Hash identifier:          /RFT3jdE/QhuaXWnYGZZbgNyS18D93dcNJB3Ab3/gJM=
Subject key identifier:   C6:26:BB:20:A7:56:46:DA:39:98:B5:62:49:9A:0B:22:2B:EA:E2:E1
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0182DAA78DB001C7211E35632E0F8320D6DF
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/xia7IKdWRto5mLViSZoLIivq4uE.roa
Signing time:             Fri 26 Aug 2022 14:56:30 +0000
ROA not before:           Fri 26 Aug 2022 14:56:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49999
IP address blocks:        84.32.60.0/22 maxlen: 24
                          88.216.188.0/22 maxlen: 24
                          88.216.187.0/24 maxlen: 24
                          84.32.88.0/24 maxlen: 24
                          84.32.92.0/22 maxlen: 24
                          84.32.14.0/24 maxlen: 24
                          84.32.34.0/24 maxlen: 24
                          84.32.40.0/22 maxlen: 24
                          88.216.90.0/23 maxlen: 24
                          88.216.100.0/22 maxlen: 24
                          88.216.18.0/24 maxlen: 24
                          88.216.248.0/22 maxlen: 24
                          88.216.36.0/22 maxlen: 24
                          88.216.35.0/24 maxlen: 24
                          88.216.43.0/24 maxlen: 24
                          88.216.41.0/24 maxlen: 24
                          88.216.40.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:da:a7:8d:b0:01:c7:21:1e:35:63:2e:0f:83:20:d6:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Aug 26 14:56:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c626bb20a75646da3998b562499a0b222beae2e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5d:9c:4b:ef:d4:68:29:34:9b:dc:6d:d1:78:
                    99:1b:8e:a1:86:10:ca:b0:19:d4:11:06:62:90:59:
                    24:9f:fe:84:7c:ad:60:81:a1:86:c6:a5:58:15:e1:
                    8a:56:8a:62:a1:14:32:31:f6:48:24:94:a7:62:d2:
                    01:ce:a8:55:50:ce:47:d0:4a:c4:23:f0:72:9d:fc:
                    73:0e:32:27:8d:ba:9a:bc:b4:8d:11:c2:11:cd:42:
                    bc:8f:c7:5d:83:a6:ee:d3:c0:65:9d:7e:e4:9a:0e:
                    76:b5:56:5a:13:4d:20:97:e9:11:d2:4b:76:84:b1:
                    20:d6:6f:32:59:d3:e0:15:dc:0c:28:0f:1d:68:40:
                    16:6f:b9:43:72:de:c5:3a:9e:76:ae:17:1d:7d:60:
                    5b:39:9b:c1:85:5d:88:0b:5a:f7:0d:f5:b7:3c:27:
                    d8:fc:76:57:d2:5c:87:bc:45:79:a1:3c:f3:78:9b:
                    f8:39:43:9e:ba:cf:8e:d4:45:58:a4:f5:a7:5f:80:
                    a7:78:3e:d5:3d:5f:39:7a:9a:bc:95:60:5b:46:58:
                    e3:a0:d8:e3:94:65:0f:07:f0:b3:60:03:85:87:9d:
                    4d:ae:50:1d:18:9b:af:62:c7:0a:87:2d:cb:b3:4d:
                    bf:f6:60:8c:1c:e6:3f:2c:af:20:c2:4a:05:b7:2d:
                    c4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:26:BB:20:A7:56:46:DA:39:98:B5:62:49:9A:0B:22:2B:EA:E2:E1
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/xia7IKdWRto5mLViSZoLIivq4uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.14.0/24
                  84.32.34.0/24
                  84.32.40.0/22
                  84.32.60.0/22
                  84.32.88.0/24
                  84.32.92.0/22
                  88.216.18.0/24
                  88.216.35.0-88.216.41.255
                  88.216.43.0/24
                  88.216.90.0/23
                  88.216.100.0/22
                  88.216.187.0-88.216.191.255
                  88.216.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:1d:02:26:4c:fa:8a:f2:6d:d2:3f:b2:cd:9c:34:72:71:b7:
         d5:23:27:5f:01:f1:5f:b3:bb:4d:3f:38:4b:94:65:a7:e9:be:
         8a:32:bc:a4:3b:e2:cb:bf:d5:57:1b:77:28:74:59:e0:ac:5d:
         4f:d7:60:cd:a8:e8:35:19:28:6f:0b:c3:f0:77:e2:c7:b6:f4:
         eb:a8:91:9a:4a:7f:37:6f:46:9d:55:30:0c:d6:68:3e:84:91:
         5a:14:b8:ad:c2:5e:7c:e5:bc:9c:23:6f:6a:a9:99:75:ba:5c:
         8e:bb:39:09:ee:54:76:9d:18:af:72:50:e5:ef:8f:f3:cd:2f:
         54:fc:32:ae:c2:91:44:72:89:b0:57:7e:5a:ad:79:bf:59:8b:
         c6:73:db:78:f8:fc:5f:2a:e4:b4:02:a0:b3:76:29:d8:45:33:
         c5:c1:83:28:24:e6:c5:23:c7:c4:ac:cd:c2:c7:65:83:c9:bd:
         94:c7:82:ad:15:89:49:87:bc:15:4e:8f:3c:30:0c:a9:e5:73:
         15:0e:eb:f5:60:9e:fc:b3:6d:2d:a1:fd:8a:e3:43:3a:63:a0:
         d0:e9:1a:f2:ba:01:10:27:46:51:ee:10:da:b2:3a:6a:a3:48:
         63:af:51:09:11:01:ee:18:22:61:59:5c:43:06:c6:0d:27:fe:
         30:b8:45:74
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYLap42wAcchHjVjLg+DINbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIwODI2MTQ1NjMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjI2YmIyMGE3NTY0NmRhMzk5OGI1NjI0OTlhMGIyMjJiZWFlMmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF2cS+/UaCk0m9xt0XiZG46hhhDK
sBnUEQZikFkkn/6EfK1ggaGGxqVYFeGKVopioRQyMfZIJJSnYtIBzqhVUM5H0ErE
I/BynfxzDjInjbqavLSNEcIRzUK8j8ddg6bu08BlnX7kmg52tVZaE00gl+kR0kt2
hLEg1m8yWdPgFdwMKA8daEAWb7lDct7FOp52rhcdfWBbOZvBhV2IC1r3DfW3PCfY
/HZX0lyHvEV5oTzzeJv4OUOeus+O1EVYpPWnX4CneD7VPV85epq8lWBbRljjoNjj
lGUPB/CzYAOFh51NrlAdGJuvYscKhy3Ls02/9mCMHOY/LK8gwkoFty3EVwIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFMYmuyCnVkbaOZi1YkmaCyIr6uLhMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEveGlhN0lLZFdSdG81bUxWaVNab0xJaXZxNHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQAVCAOAwQA
VCAiAwQCVCAoAwQCVCA8AwQAVCBYAwQCVCBcAwQAWNgSMAwDBABY2CMDBAFY2CgD
BABY2CsDBAFY2FoDBAJY2GQwDAMEAFjYuwMEBljYgAMEAljY+DANBgkqhkiG9w0B
AQsFAAOCAQEAhR0CJkz6ivJt0j+yzZw0cnG31SMnXwHxX7O7TT84S5Rlp+m+ijK8
pDviy7/VVxt3KHRZ4KxdT9dgzajoNRkobwvD8Hfix7b066iRmkp/N29GnVUwDNZo
PoSRWhS4rcJefOW8nCNvaqmZdbpcjrs5Ce5Udp0Yr3JQ5e+P880vVPwyrsKRRHKJ
sFd+Wq15v1mLxnPbePj8XyrktAKgs3Yp2EUzxcGDKCTmxSPHxKzNwsdlg8m9lMeC
rRWJSYe8FU6PPDAMqeVzFQ7r9WCe/LNtLaH9iuNDOmOg0Oka8roBECdGUe4Q2rI6
aqNIY69RCREB7hgiYVlcQwbGDSf+MLhFdA==
-----END CERTIFICATE-----