Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/J9BPNH4pg384Evx5Xx6jYKh0B4s.roa
File:                     J9BPNH4pg384Evx5Xx6jYKh0B4s.roa (raw, json)
Hash identifier:          qxPNgaB8bWqFmls3zzQYOaSYaQlup8UwM9l+3t0Y6k4=
Subject key identifier:   27:D0:4F:34:7E:29:83:7F:38:12:FC:79:5F:1E:A3:60:A8:74:07:8B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BED79C1CF6171A0B77CA6A6EB134D6D3F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/J9BPNH4pg384Evx5Xx6jYKh0B4s.roa
Signing time:             Mon 20 Nov 2023 16:04:21 +0000
ROA not before:           Mon 20 Nov 2023 16:04:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          89.213.182.0/23 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ed:79:c1:cf:61:71:a0:b7:7c:a6:a6:eb:13:4d:6d:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 20 16:04:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=27d04f347e29837f3812fc795f1ea360a874078b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6b:6c:03:64:94:2c:a9:99:fd:6d:6c:13:16:
                    72:15:d1:33:38:e8:9e:c7:04:5a:9d:da:09:f8:c3:
                    9f:92:e6:bf:9e:c5:94:d8:5f:a0:3b:b7:31:28:85:
                    9f:55:14:87:06:4b:1c:79:28:c5:b5:56:5f:5c:53:
                    1b:fb:c7:70:03:d7:5c:25:5f:aa:fd:30:10:b5:fd:
                    57:4c:f2:bc:7b:a8:88:e4:06:f0:47:db:ed:d1:4d:
                    77:d5:2c:5d:e2:2e:56:97:2d:d2:8c:89:8f:8b:da:
                    76:7e:a3:b8:2c:60:3e:26:51:3d:9d:d9:20:7e:34:
                    8b:66:cf:0c:c0:cd:24:0a:a7:90:0f:9a:cd:81:4c:
                    60:5c:26:29:a5:f2:d8:72:94:11:a0:a6:ee:b4:c5:
                    34:97:40:a9:9f:4c:9e:6a:6b:44:78:9a:8f:5f:88:
                    35:92:00:96:86:93:a8:a6:a0:7c:27:2b:32:72:d3:
                    b7:75:6c:12:7d:db:96:91:66:cd:27:e0:1d:aa:08:
                    b5:91:29:e8:74:90:e9:de:10:ec:18:71:52:4f:93:
                    e0:e4:09:c7:79:51:f9:34:81:b6:eb:96:26:72:13:
                    22:8f:2e:00:15:f6:b1:f7:96:79:cb:28:53:8a:0b:
                    b6:60:8f:28:8d:70:d6:70:cf:38:b2:4a:dd:cd:fa:
                    e1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:D0:4F:34:7E:29:83:7F:38:12:FC:79:5F:1E:A3:60:A8:74:07:8B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/J9BPNH4pg384Evx5Xx6jYKh0B4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.1.0/24
                  82.153.136.0/22
                  82.153.227.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:a2:ec:b0:f7:c3:3c:39:30:36:be:18:c5:bc:17:ec:75:26:
         52:bd:28:ab:19:c5:19:ec:9d:3a:08:2b:4e:1a:da:22:c3:93:
         ab:15:c8:98:3b:23:a0:8a:93:8f:d5:89:a3:7c:4b:8d:63:c3:
         88:dc:40:69:d5:1f:55:4c:76:bb:ba:e0:83:9b:d7:0e:af:96:
         d7:ea:47:27:1f:b0:02:db:fa:5c:fb:d5:ec:2c:fd:db:75:8d:
         5a:f9:df:65:0c:32:75:de:b9:db:56:b6:72:99:84:66:71:d7:
         a8:e6:93:2e:45:f8:9f:a6:0a:c1:63:82:7b:ba:ad:98:1e:8e:
         35:a1:ff:b4:bc:88:dc:30:27:32:9e:5a:bd:46:ce:89:f4:98:
         d0:2f:08:a9:ff:fe:3f:de:1b:44:f1:00:da:70:a6:0f:a3:d1:
         de:41:d9:8d:1f:5d:a4:77:0d:85:56:91:40:45:16:48:e7:3e:
         52:73:5c:cc:e5:ea:ac:ae:df:20:37:4f:51:1b:02:a7:6f:27:
         17:88:a2:94:ab:5d:a3:a9:f6:22:d8:00:c2:d4:c8:d0:06:f2:
         fc:65:7d:e1:d2:cf:94:af:42:df:14:d4:49:49:27:6c:88:6c:
         62:67:21:63:b8:57:f0:3b:9e:20:00:06:17:ca:54:95:0c:40:
         d8:0d:a9:1e
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYvtecHPYXGgt3ympusTTW0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTIwMTYwNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2QwNGYzNDdlMjk4MzdmMzgxMmZjNzk1ZjFlYTM2MGE4NzQwNzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWtsA2SULKmZ/W1sExZyFdEzOOie
xwRandoJ+MOfkua/nsWU2F+gO7cxKIWfVRSHBksceSjFtVZfXFMb+8dwA9dcJV+q
/TAQtf1XTPK8e6iI5AbwR9vt0U131Sxd4i5Wly3SjImPi9p2fqO4LGA+JlE9ndkg
fjSLZs8MwM0kCqeQD5rNgUxgXCYppfLYcpQRoKbutMU0l0Cpn0yeamtEeJqPX4g1
kgCWhpOopqB8JysyctO3dWwSfduWkWbNJ+Adqgi1kSnodJDp3hDsGHFST5Pg5AnH
eVH5NIG265YmchMijy4AFfax95Z5yyhTigu2YI8ojXDWcM84skrdzfrhzQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFCfQTzR+KYN/OBL8eV8eo2CodAeLMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSjlCUE5INHBnMzg0RXZ4NVh4NmpZS2gwQjRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUah3AwQA
Uah7AwQAUpkBAwQCUpmIAwQAUpnjMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBAJZ1bQD
BABtsPgDBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBABWi7LD3wzw5MDa+
GMW8F+x1JlK9KKsZxRnsnToIK04a2iLDk6sVyJg7I6CKk4/ViaN8S41jw4jcQGnV
H1VMdru64IOb1w6vltfqRycfsALb+lz71ews/dt1jVr532UMMnXeudtWtnKZhGZx
16jmky5F+J+mCsFjgnu6rZgejjWh/7S8iNwwJzKeWr1Gzon0mNAvCKn//j/eG0Tx
ANpwpg+j0d5B2Y0fXaR3DYVWkUBFFkjnPlJzXMzl6qyu3yA3T1EbAqdvJxeIopSr
XaOp9iLYAMLUyNAG8vxlfeHSz5SvQt8U1ElJJ2yIbGJnIWO4V/A7niAABhfKVJUM
QNgNqR4=
-----END CERTIFICATE-----