Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Is0cfWRrb6FXo-eM-AS7S44D6VQ.roa
File:                     Is0cfWRrb6FXo-eM-AS7S44D6VQ.roa (raw, json)
Hash identifier:          8QGPXpO5TRtXTzWn5DpNgUHbYdODKChnVCSq9J/D9CY=
Subject key identifier:   22:CD:1C:7D:64:6B:6F:A1:57:A3:E7:8C:F8:04:BB:4B:8E:03:E9:54
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018AEF24C936729B781E403B896F50C53054
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Is0cfWRrb6FXo-eM-AS7S44D6VQ.roa
Signing time:             Mon 02 Oct 2023 06:47:59 +0000
ROA not before:           Mon 02 Oct 2023 06:47:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.176.0/22 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.65.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.240.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ef:24:c9:36:72:9b:78:1e:40:3b:89:6f:50:c5:30:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct  2 06:47:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=22cd1c7d646b6fa157a3e78cf804bb4b8e03e954
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d7:ac:1e:df:ef:e2:8b:96:cc:2b:7c:80:6b:
                    0f:1e:b7:6d:75:6e:5b:65:c1:c2:42:d9:d0:de:39:
                    fd:c1:c3:b8:ac:ed:cb:c2:f6:41:ce:8d:cc:8e:27:
                    ab:6d:df:11:68:45:ab:5f:3c:4b:34:98:71:c4:c4:
                    6d:67:e9:58:fd:fd:05:88:e7:39:6b:46:4f:94:1b:
                    17:80:e9:6e:07:56:b7:73:42:45:19:21:b8:11:f5:
                    d0:b4:36:fc:3e:1b:86:62:c9:e2:a2:3d:68:61:87:
                    e4:e0:46:a3:10:1b:88:ee:04:4e:6d:df:0c:fe:4a:
                    58:7b:3d:34:83:cc:63:58:c8:e4:96:75:ec:69:f1:
                    17:21:39:bb:c3:c2:e2:0f:16:dc:8d:68:03:7a:70:
                    2b:39:3f:55:2e:4f:09:c9:ef:17:70:c6:b2:aa:cf:
                    1d:13:56:87:7b:e1:d8:ef:cc:30:80:47:0f:06:09:
                    b4:1b:5f:b9:c9:f9:ff:ff:bd:af:e3:d2:ba:01:2f:
                    89:6a:30:0e:a9:0f:c3:f1:27:b8:5a:16:33:b6:ad:
                    29:5d:65:6e:d0:d5:2e:8b:9f:d6:3a:72:94:3d:1b:
                    ac:ca:81:39:21:69:e3:8e:1e:00:7b:60:b3:7f:eb:
                    a1:bb:81:f0:2e:cd:ac:cc:e6:24:34:0a:a7:db:98:
                    93:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:CD:1C:7D:64:6B:6F:A1:57:A3:E7:8C:F8:04:BB:4B:8E:03:E9:54
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Is0cfWRrb6FXo-eM-AS7S44D6VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.65.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.155.255
                  89.213.176.0/21
                  109.176.240.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:02:66:ee:e5:3f:b2:d7:04:4a:af:d7:d8:3b:5c:22:e6:46:
         0f:bc:fd:89:c9:12:6b:bc:ae:14:43:24:30:d3:21:b2:51:37:
         5f:11:5e:41:11:ec:55:55:a6:7c:be:9e:62:b7:c5:4a:81:c8:
         e9:53:f3:a2:77:74:e4:64:72:98:a2:72:57:32:18:c6:da:0b:
         b2:cc:76:bc:77:f6:5b:a6:1d:c6:5d:30:c2:90:0c:a9:27:07:
         fb:ce:70:f2:a6:03:3b:0b:3b:70:be:e3:5a:3d:6a:cd:56:c9:
         d0:55:ae:0e:82:35:04:df:c7:60:74:ab:77:8b:c0:d8:d4:55:
         92:00:a8:f0:e2:70:af:ac:65:c8:79:1b:ae:61:56:f1:23:ca:
         7b:99:0b:ce:0a:d2:27:2d:d3:29:ab:5d:db:a7:b9:38:db:c3:
         3e:90:ec:8b:f3:bb:3d:1b:74:9e:b4:90:e2:ea:e0:71:c2:73:
         4e:a8:c1:40:9f:cd:9b:a6:08:01:40:96:08:ac:86:98:96:ff:
         e0:8c:65:8c:82:79:bc:67:de:71:39:0f:f7:51:42:9c:71:d5:
         d8:e6:f2:1c:70:28:e1:f5:9b:84:c3:15:cb:5d:94:98:f4:62:
         5b:b7:2e:a5:2a:da:99:ec:d1:88:50:07:aa:db:c1:64:29:a5:
         3d:67:3f:32
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYrvJMk2cpt4HkA7iW9QxTBUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDAyMDY0NzU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmNkMWM3ZDY0NmI2ZmExNTdhM2U3OGNmODA0YmI0YjhlMDNlOTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdesHt/v4ouWzCt8gGsPHrdtdW5b
ZcHCQtnQ3jn9wcO4rO3LwvZBzo3Mjierbd8RaEWrXzxLNJhxxMRtZ+lY/f0FiOc5
a0ZPlBsXgOluB1a3c0JFGSG4EfXQtDb8PhuGYsnioj1oYYfk4EajEBuI7gRObd8M
/kpYez00g8xjWMjklnXsafEXITm7w8LiDxbcjWgDenArOT9VLk8Jye8XcMayqs8d
E1aHe+HY78wwgEcPBgm0G1+5yfn//72v49K6AS+JajAOqQ/D8Se4WhYztq0pXWVu
0NUui5/WOnKUPRusyoE5IWnjjh4Ae2Czf+uhu4HwLs2szOYkNAqn25iTLQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCLNHH1ka2+hV6PnjPgEu0uOA+lUMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSXMwY2ZXUnJiNkZYby1lTS1BUzdTNDRENlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQA
Uah7AwQAUplBAwQCUpmIMAwDBAJZ1ZQDBAJZ1ZgDBANZ1bADBABtsPADBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBAEMCZu7lP7LXBEqv19g7XCLmRg+8/YnJ
Emu8rhRDJDDTIbJRN18RXkER7FVVpny+nmK3xUqByOlT86J3dORkcpiiclcyGMba
C7LMdrx39lumHcZdMMKQDKknB/vOcPKmAzsLO3C+41o9as1WydBVrg6CNQTfx2B0
q3eLwNjUVZIAqPDicK+sZch5G65hVvEjynuZC84K0ict0ymrXdunuTjbwz6Q7Ivz
uz0bdJ60kOLq4HHCc06owUCfzZumCAFAlgishpiW/+CMZYyCebxn3nE5D/dRQpxx
1djm8hxwKOH1m4TDFctdlJj0Ylu3LqUq2pns0YhQB6rbwWQppT1nPzI=
-----END CERTIFICATE-----