Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4_Z_czy1PEa3paUx68b-iwS7vEE.roa
File:                     4_Z_czy1PEa3paUx68b-iwS7vEE.roa (raw, json)
Hash identifier:          C3MmsbowCKCjTdjonDwrSAGkbxnuNgzAUmX9RysYODw=
Subject key identifier:   E3:F6:7F:73:3C:B5:3C:46:B7:A5:A5:31:EB:C6:FE:8B:04:BB:BC:41
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C9C535DBDFD87BB40503F413233C2EE86
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4_Z_czy1PEa3paUx68b-iwS7vEE.roa
Signing time:             Sun 24 Dec 2023 14:55:58 +0000
ROA not before:           Sun 24 Dec 2023 14:55:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:9c:53:5d:bd:fd:87:bb:40:50:3f:41:32:33:c2:ee:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 24 14:55:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e3f67f733cb53c46b7a5a531ebc6fe8b04bbbc41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a1:e1:17:2d:ed:b4:da:e1:36:69:99:ad:2f:
                    9b:e4:5e:5d:02:64:56:8f:03:b7:da:07:24:10:e5:
                    84:df:f8:5f:f9:a4:55:b4:02:20:f6:9c:5d:18:45:
                    8f:c2:e0:a0:4b:36:56:4c:1a:21:bb:fc:c4:f9:03:
                    4d:10:1c:34:ab:c5:80:10:d7:9b:1c:05:85:b9:08:
                    61:ed:a7:c4:00:be:4e:a1:8b:6e:bc:d9:01:87:ce:
                    7b:a5:61:61:07:3e:0b:5b:50:81:49:1d:a2:44:18:
                    fa:bb:6b:e3:0c:5a:4b:a7:6c:ef:75:98:2e:6d:a5:
                    07:b0:4b:04:9c:8f:3b:fd:54:90:02:18:3d:09:1a:
                    d8:5a:36:33:4b:26:38:a5:90:30:02:35:a5:6b:54:
                    cf:a9:62:c4:07:27:15:24:3d:ea:a9:e3:24:3a:a8:
                    16:f2:a3:03:ff:04:ac:c6:a2:03:58:b8:5b:7f:59:
                    a1:44:25:4e:93:df:17:ea:ad:eb:26:78:fa:95:83:
                    3e:d4:42:5e:29:5b:a5:d7:72:5c:11:cb:f1:45:c8:
                    8b:5c:93:c0:81:8f:a0:27:1e:39:3c:11:24:f5:23:
                    44:56:bc:1c:23:b4:64:75:7c:a2:5a:c9:8c:91:ee:
                    b4:2c:d2:a9:6e:5e:e4:7f:db:f6:e1:27:21:11:77:
                    a5:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:F6:7F:73:3C:B5:3C:46:B7:A5:A5:31:EB:C6:FE:8B:04:BB:BC:41
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4_Z_czy1PEa3paUx68b-iwS7vEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.1.0/24
                  82.153.136.0/22
                  89.213.147.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/23
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:8b:d6:1f:27:80:45:90:9e:bc:4c:30:36:5c:09:e7:5f:83:
         eb:44:5f:d8:0a:b2:8b:17:0a:09:ec:4d:76:f8:1c:83:10:24:
         1b:77:da:aa:14:31:75:8d:85:7d:94:62:67:14:72:1f:8c:35:
         01:52:1f:7e:1e:cd:b6:22:81:64:29:cc:58:99:6b:4e:0c:0a:
         a7:08:d8:60:bc:b8:35:f6:6c:06:56:97:62:2a:fd:f2:18:dc:
         bc:1f:e8:38:52:14:40:a3:70:76:3b:81:2e:cb:af:4f:f4:89:
         e5:e5:50:e9:89:d0:64:a1:b9:1d:20:67:9d:d7:cc:ea:1a:2a:
         86:28:2e:8a:1d:d6:3c:51:de:30:14:db:a9:02:a5:c1:0a:2e:
         f4:1a:17:d1:b4:96:36:cb:41:46:27:a6:ba:e3:5f:fa:fe:de:
         16:0e:ad:07:e5:45:1e:8b:a6:e0:49:b8:2c:bf:64:d4:65:64:
         5a:47:a6:3f:60:3b:61:38:f1:25:78:c0:ae:93:2b:38:8b:75:
         09:52:9d:b7:52:39:77:e7:4d:4e:f7:75:93:d2:b3:2b:75:0e:
         4a:2e:89:1d:ba:c0:aa:82:af:2e:ba:9f:d6:51:d9:ba:f3:24:
         e7:b6:b3:3b:7d:24:db:75:3d:0a:c6:dc:8b:eb:1d:18:e7:ae:
         b4:4d:08:42
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYycU129/Ye7QFA/QTIzwu6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjI0MTQ1NTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2Y2N2Y3MzNjYjUzYzQ2YjdhNWE1MzFlYmM2ZmU4YjA0YmJiYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKHhFy3ttNrhNmmZrS+b5F5dAmRW
jwO32gckEOWE3/hf+aRVtAIg9pxdGEWPwuCgSzZWTBohu/zE+QNNEBw0q8WAENeb
HAWFuQhh7afEAL5OoYtuvNkBh857pWFhBz4LW1CBSR2iRBj6u2vjDFpLp2zvdZgu
baUHsEsEnI87/VSQAhg9CRrYWjYzSyY4pZAwAjWla1TPqWLEBycVJD3qqeMkOqgW
8qMD/wSsxqIDWLhbf1mhRCVOk98X6q3rJnj6lYM+1EJeKVul13JcEcvxRciLXJPA
gY+gJx45PBEk9SNEVrwcI7RkdXyiWsmMke60LNKpbl7kf9v24SchEXelpQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFOP2f3M8tTxGt6WlMevG/osEu7xBMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNF9aX2N6eTFQRWEzcGFVeDY4Yi1pd1M3dkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQA
UpkBAwQCUpmIMAwDBABZ1ZMDBAVZ1YADBAJZ1awDBAFZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAAyL1h8ngEWQnrxMMDZcCedfg+tEX9gKsosXCgns
TXb4HIMQJBt32qoUMXWNhX2UYmcUch+MNQFSH34ezbYigWQpzFiZa04MCqcI2GC8
uDX2bAZWl2Iq/fIY3Lwf6DhSFECjcHY7gS7Lr0/0ieXlUOmJ0GShuR0gZ53XzOoa
KoYoLood1jxR3jAU26kCpcEKLvQaF9G0ljbLQUYnprrjX/r+3hYOrQflRR6LpuBJ
uCy/ZNRlZFpHpj9gO2E48SV4wK6TKziLdQlSnbdSOXfnTU73dZPSsyt1DkouiR26
wKqCry66n9ZR2brzJOe2szt9JNt1PQrG3IvrHRjnrrRNCEI=
-----END CERTIFICATE-----