Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ClkhwVvPffUj-l478ynCRMt3mus.roa
File:                     ClkhwVvPffUj-l478ynCRMt3mus.roa (raw, json)
Hash identifier:          fJcAJI++E3ZxSyc4NWrS2/Qgh4IzhrksKx2YNFpYD6k=
Subject key identifier:   0A:59:21:C1:5B:CF:7D:F5:23:FA:5E:3B:F3:29:C2:44:CB:77:9A:EB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BF646E034CD3E065142E0A8D97B9A0535
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ClkhwVvPffUj-l478ynCRMt3mus.roa
Signing time:             Wed 22 Nov 2023 09:05:21 +0000
ROA not before:           Wed 22 Nov 2023 09:05:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          89.213.182.0/23 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          82.153.10.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f6:46:e0:34:cd:3e:06:51:42:e0:a8:d9:7b:9a:05:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 22 09:05:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a5921c15bcf7df523fa5e3bf329c244cb779aeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c0:48:06:e2:2d:f9:ab:23:14:7b:03:fd:f9:
                    a0:29:99:dc:34:20:44:3f:3d:6a:7d:e6:d2:35:b3:
                    2f:48:b3:72:b0:8f:84:1e:42:b4:09:71:97:31:34:
                    7a:a9:8f:25:b7:83:a9:a4:01:22:69:e1:ac:67:b2:
                    2f:cc:36:7c:78:ca:de:81:76:d9:01:14:f1:dd:21:
                    f5:d7:05:a0:45:61:22:d2:4d:4d:0a:0d:23:c6:63:
                    3d:fd:b7:d4:6e:d1:3f:6a:59:b8:d3:12:d5:5f:88:
                    f7:aa:0f:3c:7b:4f:53:e7:78:86:3d:96:df:30:cc:
                    0e:d0:3d:fd:03:da:1c:39:60:93:59:86:d2:46:80:
                    7c:38:2d:be:d6:87:42:d4:46:12:26:ed:4b:b7:58:
                    48:e5:62:53:64:5b:0d:cd:9e:c5:e4:67:1a:4f:f2:
                    fd:6b:18:61:3a:52:ee:33:a4:12:19:6e:fc:1e:a2:
                    ee:bf:4e:3e:8c:b7:31:20:31:48:42:48:ba:bc:7e:
                    34:ba:93:2a:8c:eb:8e:2b:0b:38:1e:79:f3:91:16:
                    12:55:8f:0d:82:ac:4c:d6:35:67:92:d6:6d:ad:ec:
                    f8:28:71:6a:6e:dd:a6:3b:88:65:89:da:4f:f6:0a:
                    9c:09:af:77:4b:2a:d2:41:9e:8c:d1:67:df:b6:ca:
                    3f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:59:21:C1:5B:CF:7D:F5:23:FA:5E:3B:F3:29:C2:44:CB:77:9A:EB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ClkhwVvPffUj-l478ynCRMt3mus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.1.0/24
                  82.153.10.0/24
                  82.153.136.0/22
                  82.153.227.0/24
                  89.213.147.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:ec:b1:7c:3e:21:b8:8a:58:95:71:8a:77:bd:ae:c2:ae:fb:
         a4:fe:f6:97:e2:75:3b:7e:4f:34:01:35:b0:be:63:0b:99:a7:
         66:fe:f5:d3:2d:1a:39:ee:2f:53:0b:e3:fe:e9:05:d1:7e:4e:
         47:6a:7e:88:65:1d:7e:77:d6:ed:1c:69:d5:78:23:62:9d:2c:
         cc:8b:f0:94:93:f7:19:a3:32:4f:38:3b:79:4a:4a:ab:08:50:
         c3:33:21:0b:4c:18:63:e3:a1:c7:00:f4:56:a4:8d:af:37:9b:
         17:45:aa:5f:fa:3d:59:c2:ec:14:8f:cd:bf:20:c7:e8:22:f6:
         66:c9:c7:83:81:14:66:46:14:1e:7b:46:c2:6f:f0:fb:c2:5e:
         34:0a:c0:dd:ae:b5:6c:a2:ef:73:47:b9:99:1c:6d:7f:05:51:
         98:d7:2f:f1:b6:4a:48:a7:6b:b8:1c:13:17:70:8d:3d:2c:d4:
         17:99:1d:af:25:4c:6f:4a:94:3b:40:cb:e9:06:de:69:65:cc:
         2e:6f:84:57:3f:7d:2e:5e:1f:20:a1:5f:b9:0b:0e:cd:d0:c2:
         b4:c1:c7:2d:33:18:83:08:9d:19:1a:41:ec:ec:f9:c4:5c:a2:
         98:40:f6:b5:14:4f:b2:0d:63:6b:f7:4a:c9:9a:1e:0d:28:fb:
         5f:d9:d2:ec
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYv2RuA0zT4GUULgqNl7mgU1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTIyMDkwNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTU5MjFjMTViY2Y3ZGY1MjNmYTVlM2JmMzI5YzI0NGNiNzc5YWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8BIBuIt+asjFHsD/fmgKZncNCBE
Pz1qfebSNbMvSLNysI+EHkK0CXGXMTR6qY8lt4OppAEiaeGsZ7IvzDZ8eMregXbZ
ARTx3SH11wWgRWEi0k1NCg0jxmM9/bfUbtE/alm40xLVX4j3qg88e09T53iGPZbf
MMwO0D39A9ocOWCTWYbSRoB8OC2+1odC1EYSJu1Lt1hI5WJTZFsNzZ7F5GcaT/L9
axhhOlLuM6QSGW78HqLuv04+jLcxIDFIQki6vH40upMqjOuOKws4HnnzkRYSVY8N
gqxM1jVnktZtrez4KHFqbt2mO4hlidpP9gqcCa93SyrSQZ6M0Wfftso/jQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFApZIcFbz331I/peO/MpwkTLd5rrMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ2xraHdWdlBmZlVqLWw0Nzh5bkNSTXQzbXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAUah3AwQA
Uah7AwQAUpkBAwQAUpkKAwQCUpmIAwQAUpnjMAwDBABZ1ZMDBAVZ1YADBAJZ1awD
BAJZ1bQDBABtsPgDBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAD/ssXw+
IbiKWJVxine9rsKu+6T+9pfidTt+TzQBNbC+YwuZp2b+9dMtGjnuL1ML4/7pBdF+
TkdqfohlHX531u0cadV4I2KdLMyL8JST9xmjMk84O3lKSqsIUMMzIQtMGGPjoccA
9Fakja83mxdFql/6PVnC7BSPzb8gx+gi9mbJx4OBFGZGFB57RsJv8PvCXjQKwN2u
tWyi73NHuZkcbX8FUZjXL/G2Skina7gcExdwjT0s1BeZHa8lTG9KlDtAy+kG3mll
zC5vhFc/fS5eHyChX7kLDs3QwrTBxy0zGIMInRkaQezs+cRcophA9rUUT7INY2v3
SsmaHg0o+1/Z0uw=
-----END CERTIFICATE-----