Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1IrsQ579LHfjjyPTriMqnUSQEDw.roa
File:                     1IrsQ579LHfjjyPTriMqnUSQEDw.roa (raw, json)
Hash identifier:          GDTRSQs+lnFXrqZxQeNGrogjW69dbqhsVtGyNKPMDtM=
Subject key identifier:   D4:8A:EC:43:9E:FD:2C:77:E3:8F:23:D3:AE:23:2A:9D:44:90:10:3C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0184F6F9C4AC88DD90289A5D03E5BD97647B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1IrsQ579LHfjjyPTriMqnUSQEDw.roa
Signing time:             Fri 09 Dec 2022 13:01:14 +0000
ROA not before:           Fri 09 Dec 2022 13:01:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        81.5.191.0/24 maxlen: 24
                          82.153.245.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:f6:f9:c4:ac:88:dd:90:28:9a:5d:03:e5:bd:97:64:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec  9 13:01:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d48aec439efd2c77e38f23d3ae232a9d4490103c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4f:10:5c:26:0d:7b:b4:b6:1a:20:72:a4:1d:
                    80:5e:62:8c:d9:23:38:eb:3d:f5:75:2c:18:40:6f:
                    8d:a4:9d:7b:d0:2b:c2:6d:7f:61:e8:58:28:0b:ac:
                    e9:aa:db:cc:e3:2e:78:83:c4:0e:88:99:8f:ad:82:
                    d3:3e:8c:08:2a:ac:c9:be:9a:7b:59:e6:5e:9e:ce:
                    bb:50:d1:19:95:ed:f5:a7:77:c1:ee:cd:2e:3b:48:
                    ed:5d:6c:52:7e:c5:49:af:83:a9:0a:39:5d:0a:24:
                    cc:8c:9b:4f:ed:8b:c6:78:db:ba:06:10:9d:e8:f6:
                    7e:29:62:aa:f7:61:46:70:4c:58:bf:31:a8:09:a8:
                    3d:2f:fc:7a:c5:b1:cf:67:86:67:72:94:d6:e2:1e:
                    39:f0:7d:f6:f0:4a:43:b0:d2:87:b8:b0:d6:b0:61:
                    be:fb:c1:10:c6:06:ef:b8:c6:17:e9:48:11:e1:e8:
                    c7:d0:6c:48:97:7d:90:78:77:a8:46:8f:63:05:0f:
                    88:15:5b:ed:f0:5f:25:6f:2f:09:01:a4:71:d8:21:
                    c0:d9:c4:9f:2f:c5:85:bc:7c:9d:79:5a:58:c3:dd:
                    87:19:2b:92:5a:ce:be:48:7b:5c:04:ff:3e:b3:14:
                    16:1e:4e:08:ec:66:98:21:a8:7f:3e:fb:0d:2c:d4:
                    32:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:8A:EC:43:9E:FD:2C:77:E3:8F:23:D3:AE:23:2A:9D:44:90:10:3C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1IrsQ579LHfjjyPTriMqnUSQEDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.191.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.153.1.0/24
                  82.153.64.0/24
                  82.153.72.0/24
                  82.153.78.0/24
                  82.153.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:53:f4:e7:33:98:e1:6a:45:49:68:d7:1e:db:4a:d9:ce:7c:
         ca:2e:b2:9b:89:da:58:1e:f1:e4:5f:22:d5:6c:42:85:87:04:
         6c:22:79:85:ff:64:88:95:4a:48:dd:bb:97:8b:86:f8:a1:52:
         e8:c5:34:29:31:ea:47:c9:52:f5:e2:76:72:1a:54:ce:d4:24:
         5a:ed:c8:72:5c:7a:02:5f:a1:e5:41:c7:f1:8f:af:66:89:df:
         e7:9d:33:08:74:22:2b:a2:2a:0b:08:3d:e2:c5:ce:c2:72:08:
         48:32:c9:73:dc:ca:69:9c:39:32:cb:4c:e1:78:f2:99:d9:08:
         00:ba:0f:de:6c:a8:7d:6a:12:1d:70:41:1e:4c:0a:74:65:7c:
         fc:11:7e:3a:be:d3:5b:82:8b:4f:ca:5f:be:04:18:1c:d2:fd:
         78:c0:75:11:1a:cb:6d:ea:0a:98:ee:20:44:67:15:e5:f1:70:
         7f:4a:2f:d5:73:57:82:57:c6:d3:f7:9a:8c:31:3c:6c:ac:db:
         ee:f5:05:b8:bb:67:de:33:27:ab:2c:c4:e9:f9:01:a1:55:19:
         74:ef:12:e5:b9:31:91:d5:89:0c:a1:d7:1d:28:02:01:67:03:
         be:8d:a0:62:1c:6b:aa:23:eb:c7:08:84:34:ee:48:9a:2f:e1:
         6e:3f:ed:9b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYT2+cSsiN2QKJpdA+W9l2R7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMjA5MTMwMTE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDhhZWM0MzllZmQyYzc3ZTM4ZjIzZDNhZTIzMmE5ZDQ0OTAxMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx08QXCYNe7S2GiBypB2AXmKM2SM4
6z31dSwYQG+NpJ170CvCbX9h6FgoC6zpqtvM4y54g8QOiJmPrYLTPowIKqzJvpp7
WeZens67UNEZle31p3fB7s0uO0jtXWxSfsVJr4OpCjldCiTMjJtP7YvGeNu6BhCd
6PZ+KWKq92FGcExYvzGoCag9L/x6xbHPZ4ZncpTW4h458H328EpDsNKHuLDWsGG+
+8EQxgbvuMYX6UgR4ejH0GxIl32QeHeoRo9jBQ+IFVvt8F8lby8JAaRx2CHA2cSf
L8WFvHydeVpYw92HGSuSWs6+SHtcBP8+sxQWHk4I7GaYIah/PvsNLNQyLwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNSK7EOe/Sx3448j064jKp1EkBA8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMUlyc1E1NzlMSGZqanlQVHJpTXFuVVNRRUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUQW/MAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmQEDBABSmUADBABSmUgDBABSmU4D
BABSmfUwDQYJKoZIhvcNAQELBQADggEBADJT9OczmOFqRUlo1x7bStnOfMouspuJ
2lge8eRfItVsQoWHBGwieYX/ZIiVSkjdu5eLhvihUujFNCkx6kfJUvXidnIaVM7U
JFrtyHJcegJfoeVBx/GPr2aJ3+edMwh0IiuiKgsIPeLFzsJyCEgyyXPcymmcOTLL
TOF48pnZCAC6D95sqH1qEh1wQR5MCnRlfPwRfjq+01uCi0/KX74EGBzS/XjAdREa
y23qCpjuIERnFeXxcH9KL9VzV4JXxtP3mowxPGys2+71Bbi7Z94zJ6ssxOn5AaFV
GXTvEuW5MZHViQyh1x0oAgFnA76NoGIca6oj68cIhDTuSJov4W4/7Zs=
-----END CERTIFICATE-----