Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/91-UzJNMTkGliHJmbsQQcJ7FtiI.roa
File:                     91-UzJNMTkGliHJmbsQQcJ7FtiI.roa (raw, json)
Hash identifier:          VyF77wNX50zqdpQ7m+aw3co82ZuB5N9g5wLAVoFCTVk=
Subject key identifier:   F7:5F:94:CC:93:4C:4E:41:A5:88:72:66:6E:C4:10:70:9E:C5:B6:22
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BA39162BFF1F09C36FEEB5EAB32065272
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/91-UzJNMTkGliHJmbsQQcJ7FtiI.roa
Signing time:             Mon 06 Nov 2023 07:38:16 +0000
ROA not before:           Mon 06 Nov 2023 07:38:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.4.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a3:91:62:bf:f1:f0:9c:36:fe:eb:5e:ab:32:06:52:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  6 07:38:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f75f94cc934c4e41a58872666ec410709ec5b622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:10:cd:a5:38:6d:20:21:00:ba:a0:30:80:f6:
                    b8:fd:0c:e0:7e:eb:e4:cf:8a:76:15:12:41:b0:34:
                    3e:bc:b9:c9:f1:0f:a6:bd:b4:9d:ce:20:42:d4:f1:
                    cf:ff:64:08:0c:fc:c3:a7:d0:37:ef:85:b2:71:91:
                    68:d2:54:2b:9a:39:ca:d7:ed:9b:9b:92:49:22:0a:
                    43:fa:28:1b:6e:63:af:6c:e2:c4:22:b2:de:ba:b8:
                    f2:aa:bb:23:87:8b:03:f4:a9:a2:a5:95:1a:2c:ba:
                    a7:03:14:bb:0f:83:09:0c:e7:42:64:a2:b2:91:11:
                    13:ba:3f:1a:8f:b9:19:6b:8c:7e:7e:43:f9:c2:12:
                    72:fe:33:5c:50:d6:f6:f4:c9:0d:c2:45:22:87:fe:
                    26:8b:d6:ce:1d:3f:64:e4:58:df:9e:75:7f:39:be:
                    2e:dc:18:13:f6:a6:85:19:9f:f0:bc:f6:23:e4:72:
                    35:00:20:7d:bb:40:ae:af:20:9a:f7:c9:3b:bf:72:
                    e4:71:72:ee:9e:1c:07:0b:8f:d8:c4:73:94:03:95:
                    44:8b:c5:70:c4:97:4a:7a:6a:f4:8b:4d:bd:5f:e3:
                    2c:88:71:80:a1:86:59:0e:89:3a:f4:4d:ec:dd:14:
                    35:c5:af:b6:73:fd:8e:9f:d6:5e:31:e3:08:6c:86:
                    16:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:5F:94:CC:93:4C:4E:41:A5:88:72:66:6E:C4:10:70:9E:C5:B6:22
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/91-UzJNMTkGliHJmbsQQcJ7FtiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  89.213.4.0/24
                  89.213.148.0-89.213.159.255
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ff:85:c6:4c:d0:bd:05:05:9c:34:c5:fa:2c:e1:41:7a:62:
         05:c0:83:16:eb:93:c0:91:57:f6:ff:cd:bd:85:91:2c:1a:26:
         4e:3d:64:8f:85:14:4e:24:fa:4b:2b:44:f4:6f:ce:9c:7f:58:
         d7:3e:fb:2e:68:83:30:a3:e5:2e:45:5d:37:9b:5d:10:dc:85:
         f0:f2:30:b9:a7:1c:e6:79:56:e9:fe:57:9f:d8:c4:e2:d1:ff:
         99:19:e8:f5:6d:58:f2:33:70:9c:b9:c6:35:57:9e:5e:d5:7d:
         30:24:fb:c9:bf:19:98:a4:f6:56:af:3a:ff:d8:b5:52:02:5a:
         a8:b4:3e:9b:cb:62:91:99:d9:8b:95:8e:fa:3c:67:42:19:76:
         94:92:61:b8:32:fc:28:91:46:36:fd:49:e3:c6:99:e9:ee:8d:
         04:ec:75:14:db:6a:bc:2d:99:ca:6c:34:15:50:af:29:37:07:
         69:07:96:d8:12:4f:8e:f1:7b:46:80:3c:44:e5:f1:1b:a1:27:
         e8:11:27:92:24:13:ef:ec:66:d4:00:ea:fd:3b:ec:0b:df:4a:
         3c:44:af:69:0d:16:b4:65:43:42:a6:24:52:f9:25:66:12:ed:
         f3:07:47:f9:57:1d:5c:1e:5d:5c:4f:2e:8a:93:cc:00:4b:22:
         11:36:54:2d
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYujkWK/8fCcNv7rXqsyBlJyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTA2MDczODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzVmOTRjYzkzNGM0ZTQxYTU4ODcyNjY2ZWM0MTA3MDllYzViNjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRDNpThtICEAuqAwgPa4/Qzgfuvk
z4p2FRJBsDQ+vLnJ8Q+mvbSdziBC1PHP/2QIDPzDp9A374WycZFo0lQrmjnK1+2b
m5JJIgpD+igbbmOvbOLEIrLeurjyqrsjh4sD9KmipZUaLLqnAxS7D4MJDOdCZKKy
kRETuj8aj7kZa4x+fkP5whJy/jNcUNb29MkNwkUih/4mi9bOHT9k5FjfnnV/Ob4u
3BgT9qaFGZ/wvPYj5HI1ACB9u0CuryCa98k7v3LkcXLunhwHC4/YxHOUA5VEi8Vw
xJdKemr0i029X+MsiHGAoYZZDok69E3s3RQ1xa+2c/2On9ZeMeMIbIYW7wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPdflMyTTE5BpYhyZm7EEHCexbYiMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOTEtVXpKTk1Ua0dsaUhKbWJzUVFjSjdGdGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQA
Uah7AwQCUpmIAwQAWdUEMAwDBAJZ1ZQDBAVZ1YADBAJZ1bQDBABtsPgDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBAED/hcZM0L0FBZw0xfos4UF6YgXAgxbr
k8CRV/b/zb2FkSwaJk49ZI+FFE4k+ksrRPRvzpx/WNc++y5ogzCj5S5FXTebXRDc
hfDyMLmnHOZ5Vun+V5/YxOLR/5kZ6PVtWPIzcJy5xjVXnl7VfTAk+8m/GZik9lav
Ov/YtVICWqi0PpvLYpGZ2YuVjvo8Z0IZdpSSYbgy/CiRRjb9SePGmenujQTsdRTb
arwtmcpsNBVQryk3B2kHltgST47xe0aAPETl8RuhJ+gRJ5IkE+/sZtQA6v077Avf
SjxEr2kNFrRlQ0KmJFL5JWYS7fMHR/lXHVweXVxPLoqTzABLIhE2VC0=
-----END CERTIFICATE-----