Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/z3Gpj0p-vt3vP8RZ2VCvCRF1Lq4.roa
File:                     z3Gpj0p-vt3vP8RZ2VCvCRF1Lq4.roa (raw, json)
Hash identifier:          ABVrIK650vupJq520pcB76B1o5951ziC6zbrkqB01hg=
Subject key identifier:   CF:71:A9:8F:4A:7E:BE:DD:EF:3F:C4:59:D9:50:AF:09:11:75:2E:AE
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0183A2E515B861A56367D01D8264B817760C
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/z3Gpj0p-vt3vP8RZ2VCvCRF1Lq4.roa
Signing time:             Tue 04 Oct 2022 12:07:45 +0000
ROA not before:           Tue 04 Oct 2022 12:07:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        88.216.210.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          84.32.50.0/23 maxlen: 24
                          88.216.0.0/22 maxlen: 24
                          88.216.224.0/21 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.240.0/21 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.248.0/21 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:a2:e5:15:b8:61:a5:63:67:d0:1d:82:64:b8:17:76:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct  4 12:07:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cf71a98f4a7ebeddef3fc459d950af0911752eae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3a:64:1b:2a:13:8d:ec:99:70:e0:04:0c:76:
                    a6:25:3a:24:52:f3:53:b8:0c:3f:29:85:9f:9b:ef:
                    fc:f4:16:5a:e8:b9:5b:fe:5a:ff:fb:cc:67:f4:2c:
                    b5:a3:e2:18:8f:ec:ca:09:52:1f:56:84:ed:b9:6a:
                    4b:c9:07:3d:80:8b:ae:4f:48:0c:1b:b6:00:c4:97:
                    98:08:66:e3:3c:87:a5:5b:10:b4:9a:a1:88:64:e2:
                    34:22:b9:d8:ae:91:c4:5e:95:b0:08:ad:8c:8b:a1:
                    26:32:5a:c8:82:00:06:22:f9:57:19:09:ce:67:79:
                    83:0b:8f:55:12:35:ef:bf:31:4c:26:df:09:b4:5d:
                    19:4b:ee:4f:10:6a:42:1a:28:68:a9:a6:e6:5f:ba:
                    a1:df:16:4a:91:5b:0b:01:cd:55:74:9d:72:71:ce:
                    d0:87:dd:12:4a:40:21:8b:cc:f8:1f:69:3a:01:41:
                    24:a5:25:2b:a1:72:08:42:d3:fc:4d:3b:f5:b2:64:
                    a9:0d:ea:5a:e9:69:ae:1e:93:84:f0:7f:ca:25:22:
                    04:d2:fd:03:c2:67:47:c5:7f:84:7b:c0:f2:c2:17:
                    f0:91:4d:cc:9d:9d:60:c6:32:47:8a:43:12:39:05:
                    0c:d0:cc:97:88:eb:c1:8c:10:9d:d2:4d:93:68:f2:
                    c3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:71:A9:8F:4A:7E:BE:DD:EF:3F:C4:59:D9:50:AF:09:11:75:2E:AE
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/z3Gpj0p-vt3vP8RZ2VCvCRF1Lq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.50.0/23
                  88.216.0.0/22
                  88.216.19.0-88.216.23.255
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.209.0-88.216.211.255
                  88.216.224.0/21
                  88.216.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         89:e1:b8:91:6c:0b:89:0c:b4:cc:a5:73:c3:03:2a:6f:cb:2a:
         14:de:6f:22:75:b0:87:90:de:71:41:24:0b:70:1c:7b:0c:34:
         0e:fd:f8:73:25:41:9f:47:61:47:82:75:a6:dc:0e:35:25:c0:
         a5:c0:ec:e6:a5:00:fc:89:58:46:f1:ce:2d:e3:8e:38:43:07:
         50:3e:76:34:aa:43:a4:d4:ba:be:82:50:1d:e9:0c:df:6a:68:
         0f:3f:7c:6c:23:e7:f7:45:dc:d0:ad:ff:4f:17:c6:75:9b:ec:
         df:d9:e0:71:f8:8e:dc:97:60:e6:8d:1c:46:44:59:33:b2:80:
         60:9c:c7:c0:34:07:01:d1:80:92:7d:c0:06:32:01:16:b4:02:
         0e:e4:7b:f5:23:06:78:15:ba:60:f3:84:c6:4f:99:6b:7b:6d:
         34:f8:9d:a4:cc:74:79:2c:7f:8c:fd:ba:ab:70:0c:a4:0d:95:
         3e:f0:c3:27:4b:20:89:06:c9:cc:ae:02:3b:e7:66:bd:ee:1e:
         d6:a8:87:3f:29:5e:96:41:b1:55:db:a2:db:b1:58:1d:42:2e:
         bd:05:0a:af:2e:6a:e9:4f:93:ce:3e:18:31:c1:e7:e8:73:94:
         da:8f:f4:53:fb:45:4f:db:7a:08:fa:c0:03:3f:75:d5:26:d0:
         35:c4:4c:84
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYOi5RW4YaVjZ9AdgmS4F3YMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMDA0MTIwNzQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjcxYTk4ZjRhN2ViZWRkZWYzZmM0NTlkOTUwYWYwOTExNzUyZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjpkGyoTjeyZcOAEDHamJTokUvNT
uAw/KYWfm+/89BZa6Llb/lr/+8xn9Cy1o+IYj+zKCVIfVoTtuWpLyQc9gIuuT0gM
G7YAxJeYCGbjPIelWxC0mqGIZOI0IrnYrpHEXpWwCK2Mi6EmMlrIggAGIvlXGQnO
Z3mDC49VEjXvvzFMJt8JtF0ZS+5PEGpCGihoqabmX7qh3xZKkVsLAc1VdJ1ycc7Q
h90SSkAhi8z4H2k6AUEkpSUroXIIQtP8TTv1smSpDepa6WmuHpOE8H/KJSIE0v0D
wmdHxX+Ee8DywhfwkU3MnZ1gxjJHikMSOQUM0MyXiOvBjBCd0k2TaPLDgwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFM9xqY9Kfr7d7z/EWdlQrwkRdS6uMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvejNHcGowcC12dDN2UDhSWjJWQ3ZDUkYxTHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQBVCAyAwQC
WNgAMAwDBABY2BMDBANY2BADBABY2CADBABY2C4wDAMEAFjY0QMEAljY0AMEA1jY
4AMEBFjY8DANBgkqhkiG9w0BAQsFAAOCAQEAieG4kWwLiQy0zKVzwwMqb8sqFN5v
InWwh5DecUEkC3Aceww0Dv34cyVBn0dhR4J1ptwONSXApcDs5qUA/IlYRvHOLeOO
OEMHUD52NKpDpNS6voJQHekM32poDz98bCPn90Xc0K3/TxfGdZvs39ngcfiO3Jdg
5o0cRkRZM7KAYJzHwDQHAdGAkn3ABjIBFrQCDuR79SMGeBW6YPOExk+Za3ttNPid
pMx0eSx/jP26q3AMpA2VPvDDJ0sgiQbJzK4CO+dmve4e1qiHPylelkGxVdui27FY
HUIuvQUKry5q6U+Tzj4YMcHn6HOU2o/0U/tFT9t6CPrAAz911SbQNcRMhA==
-----END CERTIFICATE-----