Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8gWGY1S_-AXl3y1qZtOTW1FjUWE.roa
File:                     8gWGY1S_-AXl3y1qZtOTW1FjUWE.roa (raw, json)
Hash identifier:          zQFwEiDD43DbReWd10OUlL8NeCe19x/XIium2L0TKF0=
Subject key identifier:   F2:05:86:63:54:BF:F8:05:E5:DF:2D:6A:66:D3:93:5B:51:63:51:61
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189166756198B08C3AEDC1FEBA8498EDC16
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8gWGY1S_-AXl3y1qZtOTW1FjUWE.roa
Signing time:             Sun 02 Jul 2023 11:40:18 +0000
ROA not before:           Sun 02 Jul 2023 11:40:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.5.189.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.108.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.142.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:16:67:56:19:8b:08:c3:ae:dc:1f:eb:a8:49:8e:dc:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  2 11:40:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f205866354bff805e5df2d6a66d3935b51635161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:06:a2:fd:da:37:16:4e:09:cd:39:03:7f:e7:
                    73:a2:a6:bc:62:ef:6e:d6:03:c2:10:28:01:78:e5:
                    6c:d8:c8:67:e6:35:53:6d:a8:56:20:cb:03:05:e2:
                    d9:79:6b:51:e7:e0:ae:d0:0d:ba:d5:ba:0e:70:c1:
                    d7:85:6f:24:0c:47:9f:a5:69:94:7c:f2:ab:a5:22:
                    19:37:9a:ae:d8:d3:7f:e1:76:10:07:f3:8c:56:0a:
                    ba:79:d6:60:90:e3:9b:2a:fe:69:28:5c:0c:ce:7d:
                    36:97:4b:a9:42:fe:c4:e3:a8:ed:d3:b3:58:30:a6:
                    60:eb:87:e5:e6:61:3b:ef:5c:04:ea:d4:f4:4c:e6:
                    f0:a0:c7:3b:f7:c2:ef:9e:eb:b2:5d:c1:66:5c:cd:
                    87:2c:76:8f:b3:17:eb:bb:57:66:f7:17:6d:1a:43:
                    91:64:e7:b5:b9:21:d9:39:f3:5a:d1:d9:ce:db:ff:
                    2a:35:d0:69:fa:ea:ce:a7:df:4a:c5:a9:e9:1b:d8:
                    04:de:89:b1:be:02:83:7c:b5:fd:5e:ac:1b:b9:1b:
                    c7:a7:e3:61:5e:67:61:83:d3:0e:15:80:0c:64:d2:
                    26:82:81:14:38:be:37:73:2c:98:60:9b:2b:9f:22:
                    c7:e0:16:b6:5e:19:73:3d:6d:97:44:8d:42:b1:9a:
                    94:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:05:86:63:54:BF:F8:05:E5:DF:2D:6A:66:D3:93:5B:51:63:51:61
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8gWGY1S_-AXl3y1qZtOTW1FjUWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.189.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.253.0/24
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.246.0/24
                  82.153.248.0/23
                  89.213.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:d1:78:fb:a1:79:80:a6:08:60:a0:22:71:dc:ed:c3:e7:2e:
         07:e5:69:93:29:16:7f:f1:88:a9:02:a8:11:63:d4:8b:80:d7:
         8e:6f:90:e7:38:77:d9:d9:a4:7a:ab:7e:85:a6:ae:5f:32:cd:
         66:4d:7f:ff:36:f5:68:6b:e7:51:66:34:0c:a9:40:74:1c:2a:
         06:a4:1a:b4:1e:96:cc:9f:34:c4:15:f0:ce:21:71:35:2e:52:
         d8:aa:f1:b3:69:e1:4b:fb:7f:78:94:d6:ae:3d:1d:c2:1c:85:
         f5:ac:f9:50:fc:d0:e2:45:71:b6:4a:28:c2:32:24:78:8e:8c:
         dd:02:b5:54:bc:cf:3c:d1:40:5b:d5:af:69:6f:57:ad:a4:44:
         02:d4:46:1a:5d:05:50:ea:67:c5:f4:df:96:c7:ae:ee:e8:f9:
         80:41:10:35:e3:6e:5e:c8:6c:7d:51:b8:3e:60:ef:45:40:27:
         06:51:fd:6e:58:3b:d4:00:f4:9c:4a:0c:ff:67:55:cd:29:f7:
         09:be:40:e6:6a:79:64:4e:ea:6b:9d:d7:77:ec:f1:0a:39:61:
         b3:91:68:19:ad:2a:e6:58:be:44:85:1a:f7:1c:d1:78:b2:64:
         18:a3:d6:ec:29:eb:df:17:27:41:7d:e7:c1:fc:77:de:1a:db:
         25:a8:7c:75
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYkWZ1YZiwjDrtwf66hJjtwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzAyMTE0MDE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjA1ODY2MzU0YmZmODA1ZTVkZjJkNmE2NmQzOTM1YjUxNjM1MTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAai/do3Fk4JzTkDf+dzoqa8Yu9u
1gPCECgBeOVs2Mhn5jVTbahWIMsDBeLZeWtR5+Cu0A261boOcMHXhW8kDEefpWmU
fPKrpSIZN5qu2NN/4XYQB/OMVgq6edZgkOObKv5pKFwMzn02l0upQv7E46jt07NY
MKZg64fl5mE771wE6tT0TObwoMc798LvnuuyXcFmXM2HLHaPsxfru1dm9xdtGkOR
ZOe1uSHZOfNa0dnO2/8qNdBp+urOp99KxanpG9gE3omxvgKDfLX9XqwbuRvHp+Nh
Xmdhg9MOFYAMZNImgoEUOL43cyyYYJsrnyLH4Ba2XhlzPW2XRI1CsZqUPwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPIFhmNUv/gF5d8tambTk1tRY1FhMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOGdXR1kxU18tQVhsM3kxcVp0T1RXMUZqVVdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAUQW9AwQA
Uah3AwQAUah7AwQAUphsAwQAUpj9AwQAUplJAwQCUpmIAwQAUpn2AwQBUpn4AwQA
WdWOMA0GCSqGSIb3DQEBCwUAA4IBAQAm0Xj7oXmApghgoCJx3O3D5y4H5WmTKRZ/
8YipAqgRY9SLgNeOb5DnOHfZ2aR6q36Fpq5fMs1mTX//NvVoa+dRZjQMqUB0HCoG
pBq0HpbMnzTEFfDOIXE1LlLYqvGzaeFL+394lNauPR3CHIX1rPlQ/NDiRXG2SijC
MiR4jozdArVUvM880UBb1a9pb1etpEQC1EYaXQVQ6mfF9N+Wx67u6PmAQRA1425e
yGx9Ubg+YO9FQCcGUf1uWDvUAPScSgz/Z1XNKfcJvkDmanlkTuprndd37PEKOWGz
kWgZrSrmWL5EhRr3HNF4smQYo9bsKevfFydBfefB/HfeGtslqHx1
-----END CERTIFICATE-----