Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/83Y97FtglkbrpHIjmRcu5yhw5pU.roa
File:                     83Y97FtglkbrpHIjmRcu5yhw5pU.roa (raw, json)
Hash identifier:          TdDGm0iEAEoGM7++BSJoM48Re87/f4WmdMds2hcC60Y=
Subject key identifier:   F3:76:3D:EC:5B:60:96:46:EB:A4:72:23:99:17:2E:E7:28:70:E6:95
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BDC73FD21EF83BF40BE914627EE272D2A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/83Y97FtglkbrpHIjmRcu5yhw5pU.roa
Signing time:             Fri 17 Nov 2023 08:44:30 +0000
ROA not before:           Fri 17 Nov 2023 08:44:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.158.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:dc:73:fd:21:ef:83:bf:40:be:91:46:27:ee:27:2d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 17 08:44:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f3763dec5b609646eba4722399172ee72870e695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:23:f7:bf:18:4b:22:19:c3:8d:e0:45:6f:b6:
                    af:9f:53:e7:5a:5e:be:7b:14:7c:13:06:d9:98:91:
                    a2:84:b5:8a:44:0c:ac:22:f0:6f:d4:59:cf:54:ac:
                    4a:97:30:d3:63:55:cf:b6:6b:a3:d0:7e:3a:5b:b0:
                    a9:12:e4:cc:22:f0:45:80:17:63:59:b2:9a:80:2d:
                    5e:69:a6:bb:0c:8e:38:99:31:99:f0:de:9b:2f:bf:
                    44:99:fb:c1:a8:d8:f6:46:94:37:e2:64:d8:26:40:
                    85:2d:e2:41:9f:64:3e:72:b5:2a:39:bc:93:d2:62:
                    91:08:5a:de:61:64:5d:6f:8f:58:57:30:6a:a9:3b:
                    4c:7b:1a:4f:82:16:e4:0d:f6:15:dc:f2:86:df:07:
                    81:95:dc:07:ac:1c:c2:f6:e3:b2:00:e9:74:c9:36:
                    28:f7:c5:ac:2b:05:36:52:08:0b:f0:2b:d8:31:8e:
                    81:65:68:cd:07:2c:91:0b:3c:c7:ac:e8:1b:b8:fb:
                    92:e3:26:fb:26:21:16:90:da:3f:e3:66:dc:cd:20:
                    eb:a5:ef:3a:21:6b:58:10:72:30:0a:6d:cd:c3:ed:
                    e6:ed:ed:0c:78:5c:00:b3:a2:96:ce:f8:5a:66:23:
                    df:5f:ad:95:34:ca:7c:b8:e6:27:21:f5:d3:46:70:
                    11:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:76:3D:EC:5B:60:96:46:EB:A4:72:23:99:17:2E:E7:28:70:E6:95
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/83Y97FtglkbrpHIjmRcu5yhw5pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.180.0/22
                  109.176.245.0-109.176.246.255
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:4f:45:16:b2:c8:55:2f:9a:ec:a8:24:6d:12:07:17:fa:dc:
         5e:a5:23:f9:c7:82:44:7b:c7:1d:48:2f:44:bb:b0:85:66:ee:
         5f:05:bd:35:90:19:dc:cb:51:33:be:4f:67:5a:2e:55:ab:0e:
         ee:ce:b1:cf:86:88:0e:5d:af:87:46:27:2b:8b:9b:db:6e:9f:
         59:2a:3c:07:f3:69:db:6e:74:72:03:db:9e:95:12:15:39:b6:
         49:74:4d:fc:e5:1b:59:73:71:6c:20:ca:6c:33:cb:42:e3:42:
         e6:24:7b:a1:3d:c9:1d:d7:5e:af:e0:07:45:3b:b1:30:45:8d:
         47:fb:88:8f:c5:15:66:0b:a0:5c:ff:f9:7a:2f:10:62:e7:c2:
         f7:53:0a:d6:08:0a:50:dc:88:49:70:bd:55:2a:9d:af:3f:0c:
         d9:e9:68:b8:06:79:7a:78:ac:e0:8a:4d:50:d0:16:cd:be:77:
         48:54:1e:65:c2:70:89:c8:61:b1:f6:62:69:1a:20:7c:e6:99:
         e7:f1:95:0f:0f:3d:28:b3:d9:5c:f0:e0:d6:61:00:ed:83:59:
         fc:17:38:84:e1:35:7c:d3:0c:3e:88:67:0b:16:ab:ec:f9:70:
         bb:ec:a1:ce:04:ab:ae:7f:08:72:db:e9:69:c0:44:3f:c2:43:
         37:65:c2:aa
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYvcc/0h74O/QL6RRifuJy0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTE3MDg0NDMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzc2M2RlYzViNjA5NjQ2ZWJhNDcyMjM5OTE3MmVlNzI4NzBlNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiP3vxhLIhnDjeBFb7avn1PnWl6+
exR8EwbZmJGihLWKRAysIvBv1FnPVKxKlzDTY1XPtmuj0H46W7CpEuTMIvBFgBdj
WbKagC1eaaa7DI44mTGZ8N6bL79EmfvBqNj2RpQ34mTYJkCFLeJBn2Q+crUqObyT
0mKRCFreYWRdb49YVzBqqTtMexpPghbkDfYV3PKG3weBldwHrBzC9uOyAOl0yTYo
98WsKwU2UggL8CvYMY6BZWjNByyRCzzHrOgbuPuS4yb7JiEWkNo/42bczSDrpe86
IWtYEHIwCm3Nw+3m7e0MeFwAs6KWzvhaZiPfX62VNMp8uOYnIfXTRnARDQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFPN2PexbYJZG66RyI5kXLucocOaVMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvODNZOTdGdGdsa2JycEhJam1SY3U1eWh3NXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAUah3AwQA
Uah7AwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1bQwDAMEAG2w9QMEAG2w9gMEAG2w
+AMEAbkxfgMEANWYKjANBgkqhkiG9w0BAQsFAAOCAQEAHk9FFrLIVS+a7KgkbRIH
F/rcXqUj+ceCRHvHHUgvRLuwhWbuXwW9NZAZ3MtRM75PZ1ouVasO7s6xz4aIDl2v
h0YnK4ub226fWSo8B/Np2250cgPbnpUSFTm2SXRN/OUbWXNxbCDKbDPLQuNC5iR7
oT3JHdder+AHRTuxMEWNR/uIj8UVZgugXP/5ei8QYufC91MK1ggKUNyISXC9VSqd
rz8M2elouAZ5enis4IpNUNAWzb53SFQeZcJwichhsfZiaRogfOaZ5/GVDw89KLPZ
XPDg1mEA7YNZ/Bc4hOE1fNMMPohnCxar7Plwu+yhzgSrrn8IctvpacBEP8JDN2XC
qg==
-----END CERTIFICATE-----