Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JfETuLgEjuHuj42oxcjv-xhvLO4.roa
File:                     JfETuLgEjuHuj42oxcjv-xhvLO4.roa (raw, json)
Hash identifier:          yH8R0RoL3cVndgh93f/H4BVedKkN1M5+YHhfYJrC3Dk=
Subject key identifier:   25:F1:13:B8:B8:04:8E:E1:EE:8F:8D:A8:C5:C8:EF:FB:18:6F:2C:EE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01894A79ED3E3FFC5FDA17C0401CA2DAEEBE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JfETuLgEjuHuj42oxcjv-xhvLO4.roa
Signing time:             Wed 12 Jul 2023 14:20:51 +0000
ROA not before:           Wed 12 Jul 2023 14:20:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49999
IP address blocks:        109.176.219.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          109.176.212.0/24 maxlen: 24
                          109.176.211.0/24 maxlen: 24
                          109.176.209.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.170.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4a:79:ed:3e:3f:fc:5f:da:17:c0:40:1c:a2:da:ee:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 12 14:20:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=25f113b8b8048ee1ee8f8da8c5c8effb186f2cee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5a:15:7e:67:d7:7e:ce:3d:20:b7:2c:93:17:
                    97:8f:34:85:87:cd:1c:73:bb:9a:e0:49:03:b1:df:
                    6c:5c:33:08:0a:15:1c:d0:95:e6:89:5d:7e:30:c9:
                    1e:12:73:c3:df:44:7f:da:3d:6c:d3:f7:37:a2:91:
                    20:8d:e5:17:0c:0e:ad:31:9f:97:8e:18:ca:8d:a9:
                    af:f2:d9:17:7c:46:49:9d:f6:ac:18:d3:49:44:4e:
                    41:de:b3:95:ee:5d:62:91:ab:57:e1:7e:47:a4:e7:
                    e9:5e:95:8f:20:29:8d:45:76:11:c8:24:bd:80:fa:
                    0e:aa:35:82:6d:24:36:57:a7:1a:e8:db:61:a9:9c:
                    8c:45:48:fe:41:37:80:47:ba:5d:7b:66:7e:e6:55:
                    65:96:37:5e:ab:73:60:c8:fc:39:ca:46:e9:ac:cf:
                    b2:ce:5f:89:b1:50:16:6d:34:d5:2d:d5:6f:a9:58:
                    a2:34:63:2e:8a:6f:cb:b3:aa:ac:69:39:ec:da:7c:
                    4b:35:84:11:f5:4c:a0:ef:bf:80:ad:4a:3f:37:47:
                    a9:31:d0:4a:8b:57:14:08:19:c4:d3:c5:69:f1:2a:
                    02:e9:a9:da:ec:aa:95:59:a6:ad:10:1e:df:ba:b7:
                    85:dc:b6:41:7e:78:a0:01:c6:f7:ef:ba:4a:a6:b7:
                    27:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F1:13:B8:B8:04:8E:E1:EE:8F:8D:A8:C5:C8:EF:FB:18:6F:2C:EE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JfETuLgEjuHuj42oxcjv-xhvLO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.41.0/24
                  89.213.46.0/24
                  89.213.151.0/24
                  89.213.169.0-89.213.170.255
                  109.176.208.0/23
                  109.176.211.0-109.176.212.255
                  109.176.217.0/24
                  109.176.219.0/24
                  109.176.221.0/24
                  109.176.223.0/24
                  109.176.245.0/24
                  109.176.247.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:3e:b0:e4:29:5a:62:55:6a:74:2e:d7:95:87:7e:6c:66:df:
         d9:9b:3b:dc:64:f5:56:c9:8e:9c:d8:b3:e2:17:a4:8a:f0:f9:
         bb:2e:a1:a6:f2:2d:62:d6:89:8a:3f:16:e4:2b:b8:77:f0:6d:
         71:5d:0c:60:a2:fc:81:1a:51:3c:e3:14:72:e4:d2:99:f6:82:
         ad:9e:05:31:a0:bb:8c:b3:e8:4d:69:41:7b:36:a9:be:3b:a6:
         d5:1d:95:c9:f2:cd:4b:7b:4d:bf:97:62:47:7f:2f:f6:ff:81:
         1f:57:b4:85:0e:2b:03:14:4e:a8:cd:2d:9f:64:6b:03:06:11:
         6d:6b:91:fb:b4:bd:b3:f6:92:49:1d:d2:43:74:fb:ef:81:ac:
         d6:87:40:e6:5e:a6:ed:69:19:09:89:a6:90:b2:2d:95:e7:02:
         75:01:66:52:78:0f:bd:d9:40:b6:4e:eb:ac:a8:21:f3:f7:9c:
         26:20:a9:fc:d1:1d:f1:c1:8d:d8:21:29:2b:7f:1f:51:52:20:
         cc:68:9b:81:db:07:7d:5e:a3:28:74:ae:0c:08:37:dd:52:9a:
         97:e6:fa:d0:cd:52:cf:82:95:46:a7:ba:91:1c:2d:4c:28:6e:
         9e:c3:91:b5:c4:e2:89:15:d5:5b:dd:5c:d9:2b:9f:44:ec:e9:
         4c:68:bb:be
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYlKee0+P/xf2hfAQByi2u6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzEyMTQyMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWYxMTNiOGI4MDQ4ZWUxZWU4ZjhkYThjNWM4ZWZmYjE4NmYyY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkloVfmfXfs49ILcskxeXjzSFh80c
c7ua4EkDsd9sXDMIChUc0JXmiV1+MMkeEnPD30R/2j1s0/c3opEgjeUXDA6tMZ+X
jhjKjamv8tkXfEZJnfasGNNJRE5B3rOV7l1ikatX4X5HpOfpXpWPICmNRXYRyCS9
gPoOqjWCbSQ2V6ca6NthqZyMRUj+QTeAR7pde2Z+5lVlljdeq3NgyPw5ykbprM+y
zl+JsVAWbTTVLdVvqViiNGMuim/Ls6qsaTns2nxLNYQR9Uyg77+ArUo/N0epMdBK
i1cUCBnE08Vp8SoC6ana7KqVWaatEB7fureF3LZBfnigAcb377pKprcnAQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFCXxE7i4BI7h7o+NqMXI7/sYbyzuMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSmZFVHVMZ0VqdUh1ajQyb3hjanYteGh2TE80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQAWdUpAwQA
WdUuAwQAWdWXMAwDBABZ1akDBABZ1aoDBAFtsNAwDAMEAG2w0wMEAG2w1AMEAG2w
2QMEAG2w2wMEAG2w3QMEAG2w3wMEAG2w9QMEAG2w9wMEANWYPTANBgkqhkiG9w0B
AQsFAAOCAQEAZj6w5ClaYlVqdC7XlYd+bGbf2Zs73GT1VsmOnNiz4hekivD5uy6h
pvItYtaJij8W5Cu4d/BtcV0MYKL8gRpRPOMUcuTSmfaCrZ4FMaC7jLPoTWlBezap
vjum1R2VyfLNS3tNv5diR38v9v+BH1e0hQ4rAxROqM0tn2RrAwYRbWuR+7S9s/aS
SR3SQ3T774Gs1odA5l6m7WkZCYmmkLItlecCdQFmUngPvdlAtk7rrKgh8/ecJiCp
/NEd8cGN2CEpK38fUVIgzGibgdsHfV6jKHSuDAg33VKal+b60M1Sz4KVRqe6kRwt
TChunsORtcTiiRXVW91c2SufROzpTGi7vg==
-----END CERTIFICATE-----