Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/zOrsH_v_ZjDd6hV_9PxsjSD6c-w.roa
File:                     zOrsH_v_ZjDd6hV_9PxsjSD6c-w.roa (raw, json)
Hash identifier:          YN+rn3JG49XK+7/xual0oJErN0pJteify82BEpQgjaA=
Subject key identifier:   CC:EA:EC:1F:FB:FF:66:30:DD:EA:15:7F:F4:FC:6C:8D:20:FA:73:EC
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018494712F8583360CD90E1523EB3A650D46
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/zOrsH_v_ZjDd6hV_9PxsjSD6c-w.roa
Signing time:             Sun 20 Nov 2022 09:49:16 +0000
ROA not before:           Sun 20 Nov 2022 09:49:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        84.32.58.0/24 maxlen: 24
                          84.32.71.0/24 maxlen: 24
                          88.216.199.0/24 maxlen: 24
                          84.32.93.0/24 maxlen: 24
                          84.32.238.0/24 maxlen: 24
                          84.32.41.0/24 maxlen: 24
                          84.32.48.0/24 maxlen: 24
                          84.32.51.0/24 maxlen: 24
                          84.32.50.0/24 maxlen: 24
                          88.216.223.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:94:71:2f:85:83:36:0c:d9:0e:15:23:eb:3a:65:0d:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 20 09:49:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cceaec1ffbff6630ddea157ff4fc6c8d20fa73ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:cd:92:6c:fc:cc:50:b4:3b:9c:46:af:11:b5:
                    29:f2:f6:c3:04:da:d6:81:d7:47:1c:95:31:7e:70:
                    dc:67:2e:16:92:81:bd:27:46:c5:39:6d:99:af:31:
                    81:9e:45:fd:60:51:f8:02:f4:01:9f:1a:dd:46:d1:
                    d4:49:a6:8b:db:c5:93:2b:64:19:b0:6c:d3:78:19:
                    61:89:25:8e:86:fe:22:f1:3c:14:f3:ec:7b:4c:42:
                    ba:2e:0d:34:56:23:30:82:92:3f:f3:91:62:7a:3a:
                    16:8d:f0:c5:a6:b6:18:61:98:75:d2:f6:19:40:88:
                    4f:d2:dd:b6:2c:a7:42:5e:a4:52:c5:d1:f5:c7:ae:
                    f5:1c:02:af:bd:f3:75:ca:de:62:55:52:91:ff:96:
                    58:80:da:30:c9:1b:1a:b2:df:d4:4f:d6:a0:0a:f2:
                    a4:45:be:fd:9e:3a:29:dd:de:a6:af:ed:dd:9e:27:
                    d3:5c:36:44:25:bd:bf:31:14:ea:34:86:6e:cc:38:
                    f0:71:be:37:e6:19:00:db:c8:fb:a2:22:ae:2d:9c:
                    fb:40:fb:a7:11:77:2d:9c:ea:dd:b7:11:5f:14:70:
                    7c:a1:51:74:51:f9:60:cf:e7:d6:77:39:96:63:4b:
                    6a:7e:3a:a1:5c:18:ec:24:04:a0:33:f3:4f:47:7e:
                    ec:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EA:EC:1F:FB:FF:66:30:DD:EA:15:7F:F4:FC:6C:8D:20:FA:73:EC
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/zOrsH_v_ZjDd6hV_9PxsjSD6c-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.41.0/24
                  84.32.48.0/24
                  84.32.50.0/23
                  84.32.58.0/24
                  84.32.71.0/24
                  84.32.93.0/24
                  84.32.238.0/24
                  88.216.21.0-88.216.22.255
                  88.216.32.0/24
                  88.216.199.0/24
                  88.216.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:9e:5f:be:cf:d5:52:f9:56:81:7f:64:13:c5:24:75:0a:d0:
         2e:29:94:ac:8e:61:fc:db:c5:40:54:dc:c4:a9:19:85:e2:11:
         e1:d1:d3:68:2e:d4:9f:3f:d3:02:6c:99:9a:e7:57:1c:ef:fb:
         aa:ba:4f:95:bb:e7:75:75:cd:e3:32:b0:40:96:ac:45:ed:af:
         f3:e9:8b:b8:8f:c8:71:ba:50:9d:6a:03:e5:ca:0a:38:c3:b3:
         c5:35:a6:43:2a:05:6e:57:be:ed:36:10:1b:35:1d:64:f3:0d:
         4c:7f:df:61:20:75:55:8a:3f:f1:f8:8f:04:a8:5a:e7:b8:20:
         0b:e6:33:a7:56:78:b1:a5:38:15:96:df:6e:68:23:45:7b:3f:
         67:b8:1f:cf:91:39:b3:31:08:e7:cb:2f:63:3a:b9:14:af:90:
         e8:ca:d2:7a:5c:3b:41:cd:c6:54:8f:ae:ef:cd:05:c8:04:33:
         df:49:97:a1:51:d9:50:de:4d:a6:6d:f9:10:80:61:37:8a:f8:
         84:e7:b3:45:50:6c:3b:23:e7:48:58:90:20:7c:a3:05:87:07:
         38:ab:d9:44:cb:41:18:25:4d:04:cd:87:e9:de:4d:93:3e:26:
         eb:e7:a4:e2:79:ad:f4:22:87:c3:43:84:39:b4:0c:ba:c0:0c:
         45:26:f5:02
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYSUcS+FgzYM2Q4VI+s6ZQ1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTIwMDk0OTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2VhZWMxZmZiZmY2NjMwZGRlYTE1N2ZmNGZjNmM4ZDIwZmE3M2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjc2SbPzMULQ7nEavEbUp8vbDBNrW
gddHHJUxfnDcZy4WkoG9J0bFOW2ZrzGBnkX9YFH4AvQBnxrdRtHUSaaL28WTK2QZ
sGzTeBlhiSWOhv4i8TwU8+x7TEK6Lg00ViMwgpI/85FiejoWjfDFprYYYZh10vYZ
QIhP0t22LKdCXqRSxdH1x671HAKvvfN1yt5iVVKR/5ZYgNowyRsast/UT9agCvKk
Rb79njop3d6mr+3dnifTXDZEJb2/MRTqNIZuzDjwcb435hkA28j7oiKuLZz7QPun
EXctnOrdtxFfFHB8oVF0Uflgz+fWdzmWY0tqfjqhXBjsJASgM/NPR37sEQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFMzq7B/7/2Yw3eoVf/T8bI0g+nPsMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvek9yc0hfdl9aakRkNmhWXzlQeHNqU0Q2Yy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAVCApAwQA
VCAwAwQBVCAyAwQAVCA6AwQAVCBHAwQAVCBdAwQAVCDuMAwDBABY2BUDBABY2BYD
BABY2CADBABY2McDBABY2N8wDQYJKoZIhvcNAQELBQADggEBAEueX77P1VL5VoF/
ZBPFJHUK0C4plKyOYfzbxUBU3MSpGYXiEeHR02gu1J8/0wJsmZrnVxzv+6q6T5W7
53V1zeMysECWrEXtr/Ppi7iPyHG6UJ1qA+XKCjjDs8U1pkMqBW5Xvu02EBs1HWTz
DUx/32EgdVWKP/H4jwSoWue4IAvmM6dWeLGlOBWW325oI0V7P2e4H8+RObMxCOfL
L2M6uRSvkOjK0npcO0HNxlSPru/NBcgEM99Jl6FR2VDeTaZt+RCAYTeK+ITns0VQ
bDsj50hYkCB8owWHBzir2UTLQRglTQTNh+neTZM+JuvnpOJ5rfQih8NDhDm0DLrA
DEUm9QI=
-----END CERTIFICATE-----