Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7jGp-X9C-9QSQFcQRLCda2fSMM4.roa
File:                     7jGp-X9C-9QSQFcQRLCda2fSMM4.roa (raw, json)
Hash identifier:          QHAmRFaUIBssrIurdFRq8+U0tmmQwBPnFv/ADYZjQqw=
Subject key identifier:   EE:31:A9:F9:7F:42:FB:D4:12:40:57:10:44:B0:9D:6B:67:D2:30:CE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018996386A4FA117745E784AB2514F320C50
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7jGp-X9C-9QSQFcQRLCda2fSMM4.roa
Signing time:             Thu 27 Jul 2023 07:20:26 +0000
ROA not before:           Thu 27 Jul 2023 07:20:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49999
IP address blocks:        109.176.219.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          109.176.212.0/24 maxlen: 24
                          109.176.209.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.170.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:96:38:6a:4f:a1:17:74:5e:78:4a:b2:51:4f:32:0c:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 27 07:20:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee31a9f97f42fbd41240571044b09d6b67d230ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:04:a7:20:9b:9d:3d:bd:6f:96:00:b7:7b:63:
                    99:4e:5d:32:12:f7:3a:c1:5a:1d:bc:f4:fe:73:c3:
                    0c:a5:93:55:38:42:0c:82:89:39:76:12:7d:e6:9a:
                    73:de:23:5b:eb:57:57:52:6f:00:01:a5:95:91:1e:
                    d7:93:28:c3:f0:ab:a4:1a:7c:2f:c8:30:93:69:73:
                    b4:1e:2f:df:a2:ae:d9:6a:53:c2:56:61:e8:a9:2e:
                    ff:26:e0:b9:53:57:a8:13:dc:54:8f:91:39:cb:49:
                    ee:5d:d4:5e:ff:01:de:c8:a3:9a:ed:5c:9d:c6:ad:
                    28:7d:51:4c:d4:ee:a6:bf:d6:c5:72:9b:10:dd:f3:
                    25:34:6a:86:55:3c:6f:9a:5a:74:fc:6e:33:be:79:
                    a7:51:55:18:05:0a:e8:a7:ec:d2:cc:f0:3c:8c:79:
                    c1:e8:a8:aa:f5:e3:51:d0:d4:91:8e:b6:ce:4b:a8:
                    a7:d1:57:76:3c:ac:2b:8d:1f:5f:f4:84:6a:04:87:
                    f7:cf:fe:f1:bd:b6:9c:cb:f9:2f:da:b1:88:48:97:
                    8a:f7:27:de:fa:fb:fe:93:6b:49:24:ca:47:66:4c:
                    aa:d5:db:cb:4f:45:1a:4a:dc:c2:d0:de:bd:34:c4:
                    49:a0:bc:ea:63:61:00:10:d0:8e:94:a5:30:b0:e0:
                    ea:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:31:A9:F9:7F:42:FB:D4:12:40:57:10:44:B0:9D:6B:67:D2:30:CE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7jGp-X9C-9QSQFcQRLCda2fSMM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.41.0/24
                  89.213.46.0/24
                  89.213.151.0/24
                  89.213.169.0-89.213.170.255
                  109.176.208.0/23
                  109.176.212.0/24
                  109.176.217.0/24
                  109.176.219.0/24
                  109.176.221.0/24
                  109.176.223.0/24
                  109.176.245.0/24
                  109.176.247.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:61:24:41:1c:4b:72:33:98:7b:bc:17:98:ac:46:3d:39:95:
         ac:7f:5d:c7:43:de:4e:e7:44:95:8e:42:38:78:24:00:62:ec:
         a4:13:8f:8e:f9:14:2c:35:47:39:56:ce:aa:1b:ed:b6:3d:ac:
         d6:17:59:49:82:62:51:77:52:22:66:94:1c:a2:41:eb:ff:69:
         6d:a8:09:e7:8d:da:08:be:5e:58:c5:eb:e8:65:0f:21:ea:71:
         a7:23:4a:9f:8c:fb:c6:76:f4:2a:02:74:75:90:e0:87:af:26:
         9f:8c:47:26:b7:5c:e9:4e:ac:29:d1:1f:08:42:d8:0e:56:35:
         3d:51:e5:a0:37:74:fe:ab:a1:71:54:4d:06:09:80:19:0d:12:
         62:a6:d4:0a:02:f7:60:ef:01:2b:b8:d9:0d:90:6b:2c:a3:99:
         30:ea:ad:ce:b0:85:ba:f4:0d:90:5e:e1:81:a2:02:7a:40:db:
         7a:fb:cc:ab:da:b4:51:8a:1f:a6:19:ac:c5:db:20:40:68:f7:
         8d:ed:79:33:d7:93:20:ec:1c:64:0c:40:9e:00:63:15:b3:0b:
         c4:af:9f:8f:b7:57:d2:c1:82:d9:bf:c1:50:79:7b:c1:36:10:
         d6:be:1f:2f:ad:27:d8:75:54:a7:48:6f:60:96:56:f5:78:78:
         c8:bd:a2:89
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYmWOGpPoRd0XnhKslFPMgxQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzI3MDcyMDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTMxYTlmOTdmNDJmYmQ0MTI0MDU3MTA0NGIwOWQ2YjY3ZDIzMGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQSnIJudPb1vlgC3e2OZTl0yEvc6
wVodvPT+c8MMpZNVOEIMgok5dhJ95ppz3iNb61dXUm8AAaWVkR7XkyjD8KukGnwv
yDCTaXO0Hi/foq7ZalPCVmHoqS7/JuC5U1eoE9xUj5E5y0nuXdRe/wHeyKOa7Vyd
xq0ofVFM1O6mv9bFcpsQ3fMlNGqGVTxvmlp0/G4zvnmnUVUYBQrop+zSzPA8jHnB
6Kiq9eNR0NSRjrbOS6in0Vd2PKwrjR9f9IRqBIf3z/7xvbacy/kv2rGISJeK9yfe
+vv+k2tJJMpHZkyq1dvLT0UaStzC0N69NMRJoLzqY2EAENCOlKUwsODqBwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFO4xqfl/QvvUEkBXEESwnWtn0jDOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN2pHcC1YOUMtOVFTUUZjUVJMQ2RhMmZTTU00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAWdUpAwQA
WdUuAwQAWdWXMAwDBABZ1akDBABZ1aoDBAFtsNADBABtsNQDBABtsNkDBABtsNsD
BABtsN0DBABtsN8DBABtsPUDBABtsPcDBADVmD0wDQYJKoZIhvcNAQELBQADggEB
AChhJEEcS3IzmHu8F5isRj05lax/XcdD3k7nRJWOQjh4JABi7KQTj475FCw1RzlW
zqob7bY9rNYXWUmCYlF3UiJmlByiQev/aW2oCeeN2gi+XljF6+hlDyHqcacjSp+M
+8Z29CoCdHWQ4IevJp+MRya3XOlOrCnRHwhC2A5WNT1R5aA3dP6roXFUTQYJgBkN
EmKm1AoC92DvASu42Q2QayyjmTDqrc6whbr0DZBe4YGiAnpA23r7zKvatFGKH6YZ
rMXbIEBo943teTPXkyDsHGQMQJ4AYxWzC8Svn4+3V9LBgtm/wVB5e8E2ENa+Hy+t
J9h1VKdIb2CWVvV4eMi9ook=
-----END CERTIFICATE-----