Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JVlMyDUpVYv6V2VFJ6D38pYZ5Oo.roa
File:                     JVlMyDUpVYv6V2VFJ6D38pYZ5Oo.roa (raw, json)
Hash identifier:          cObJjb7FvZu0uXpucimRlP0gLKmP78hLSVv4Q1AEoZ8=
Subject key identifier:   25:59:4C:C8:35:29:55:8B:FA:57:65:45:27:A0:F7:F2:96:19:E4:EA
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BD2B4AB5BDC1F01F3A76AA58729ADC34B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JVlMyDUpVYv6V2VFJ6D38pYZ5Oo.roa
Signing time:             Wed 15 Nov 2023 11:18:57 +0000
ROA not before:           Wed 15 Nov 2023 11:18:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.179.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.246.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.162.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d2:b4:ab:5b:dc:1f:01:f3:a7:6a:a5:87:29:ad:c3:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 15 11:18:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=25594cc83529558bfa57654527a0f7f29619e4ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:fa:0b:bf:50:9b:c5:0d:69:30:b7:d6:04:11:
                    06:43:41:91:e0:80:53:15:5a:d1:de:86:df:e7:6c:
                    3a:18:97:ee:0b:b4:3d:34:bb:10:7e:93:e8:96:b8:
                    4b:91:25:1b:91:7d:fa:3c:da:86:73:66:42:90:78:
                    2f:86:63:34:10:e1:1a:11:c7:8c:14:2a:6b:4f:53:
                    ae:13:84:c7:e1:0c:57:d6:ad:ca:4f:29:bb:ad:36:
                    fb:0a:c2:4a:df:d3:0e:c3:d3:40:26:fe:75:d0:b5:
                    b3:ae:f5:03:cf:64:9d:ca:fd:1c:cf:64:dd:e0:4d:
                    32:51:e9:34:15:ab:74:16:3d:b1:9c:25:f2:7f:c8:
                    98:5a:5c:02:b4:06:df:dd:29:a8:fb:d1:0c:1c:d9:
                    88:dd:16:90:92:ea:e2:66:20:d1:3c:1c:96:37:cf:
                    fa:5d:77:09:ed:99:83:5a:8e:f6:c0:de:0f:b0:f0:
                    64:df:e2:47:e5:e1:8c:83:08:8a:46:4e:6e:d3:e3:
                    ea:3e:0c:79:88:36:2c:e9:81:d5:87:b8:a1:70:82:
                    63:1a:38:14:7b:95:9f:c5:00:af:d2:6c:67:1e:9a:
                    92:97:ff:c6:91:57:af:f4:e1:05:38:a3:d9:03:f0:
                    b1:db:29:8d:50:5f:a0:d8:b6:82:0d:20:ff:af:00:
                    8e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:59:4C:C8:35:29:55:8B:FA:57:65:45:27:A0:F7:F2:96:19:E4:EA
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JVlMyDUpVYv6V2VFJ6D38pYZ5Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.179.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.162.0/24
                  89.213.180.0/22
                  109.176.246.0/24
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:fb:1f:fa:86:f6:7c:36:89:bd:68:75:ae:27:57:43:3f:a0:
         ef:1e:89:32:64:16:f0:c3:ce:62:23:e9:43:30:ca:8c:24:d4:
         e7:9e:07:17:92:61:fe:86:30:54:42:e9:65:e4:f9:c9:e5:ce:
         8a:23:3c:75:84:51:a7:a3:b6:2f:c3:ab:46:04:a3:3a:b1:b0:
         37:8b:af:48:1f:b6:b7:6b:b6:22:62:0f:10:d2:ad:90:2a:4c:
         7b:a1:be:23:55:92:d2:8c:a8:c0:c6:97:b8:d5:86:1a:3f:bf:
         b3:ea:11:17:b4:ae:ba:0f:33:c5:71:b8:68:cb:a7:51:4e:eb:
         5c:e6:19:e0:77:4e:f3:cc:38:46:a1:62:af:a3:69:b6:04:1d:
         94:80:17:b5:72:47:8e:dc:a1:1d:26:c0:0d:21:80:74:0d:ec:
         f7:dc:94:1b:36:65:1e:20:f0:b3:e1:5a:37:cf:03:42:b5:b1:
         ab:2a:e6:1d:d2:90:15:36:69:d7:f2:3e:3d:f0:87:d0:15:ff:
         8f:69:3e:db:ea:79:c3:c3:32:dc:63:e1:8e:8d:90:35:18:e8:
         1d:c4:05:0c:a4:ca:7b:b9:c5:3f:c2:ca:ec:33:4a:58:12:08:
         0e:31:1e:4b:a5:a9:e6:a1:8c:f6:b4:99:c7:ed:ae:e7:ae:73:
         dc:8a:c8:20
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYvStKtb3B8B86dqpYcprcNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTE1MTExODU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTU5NGNjODM1Mjk1NThiZmE1NzY1NDUyN2EwZjdmMjk2MTllNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivoLv1CbxQ1pMLfWBBEGQ0GR4IBT
FVrR3obf52w6GJfuC7Q9NLsQfpPolrhLkSUbkX36PNqGc2ZCkHgvhmM0EOEaEceM
FCprT1OuE4TH4QxX1q3KTym7rTb7CsJK39MOw9NAJv510LWzrvUDz2Sdyv0cz2Td
4E0yUek0Fat0Fj2xnCXyf8iYWlwCtAbf3Smo+9EMHNmI3RaQkuriZiDRPByWN8/6
XXcJ7ZmDWo72wN4PsPBk3+JH5eGMgwiKRk5u0+PqPgx5iDYs6YHVh7ihcIJjGjgU
e5WfxQCv0mxnHpqSl//GkVev9OEFOKPZA/Cx2ymNUF+g2LaCDSD/rwCOUQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFCVZTMg1KVWL+ldlRSeg9/KWGeTqMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSlZsTXlEVXBWWXY2VjJWRko2RDM4cFlaNU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUah3AwQA
Uah7AwQAUpizAwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aIDBAJZ1bQDBABtsPYD
BABtsPgDBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAC77H/qG9nw2ib1o
da4nV0M/oO8eiTJkFvDDzmIj6UMwyowk1OeeBxeSYf6GMFRC6WXk+cnlzoojPHWE
Uaejti/Dq0YEozqxsDeLr0gftrdrtiJiDxDSrZAqTHuhviNVktKMqMDGl7jVhho/
v7PqERe0rroPM8VxuGjLp1FO61zmGeB3TvPMOEahYq+jabYEHZSAF7VyR47coR0m
wA0hgHQN7PfclBs2ZR4g8LPhWjfPA0K1sasq5h3SkBU2adfyPj3wh9AV/49pPtvq
ecPDMtxj4Y6NkDUY6B3EBQykynu5xT/CyuwzSlgSCA4xHkulqeahjPa0mcftrueu
c9yKyCA=
-----END CERTIFICATE-----