Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KXqnoQWnpZVplJlikOx9TUeBfhU.roa
File:                     KXqnoQWnpZVplJlikOx9TUeBfhU.roa (raw, json)
Hash identifier:          skfIKiJ3KcwH/+sjrQXgCqVPKJkzk/xhkBT7TFfMP74=
Subject key identifier:   29:7A:A7:A1:05:A7:A5:95:69:94:99:62:90:EC:7D:4D:47:81:7E:15
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01890CD476696AF06A60F4E2018CBCC0AF89
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KXqnoQWnpZVplJlikOx9TUeBfhU.roa
Signing time:             Fri 30 Jun 2023 15:03:17 +0000
ROA not before:           Fri 30 Jun 2023 15:03:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        81.5.189.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.246.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.65.0/24 maxlen: 24
                          82.152.108.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          213.152.43.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:0c:d4:76:69:6a:f0:6a:60:f4:e2:01:8c:bc:c0:af:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 30 15:03:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=297aa7a105a7a5956994996290ec7d4d47817e15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0a:ff:e4:72:5b:c5:3c:96:2c:3e:4d:b0:f6:
                    8f:0c:0b:e9:58:aa:ed:97:a9:f2:15:b5:6d:6f:3e:
                    f9:b3:9b:06:17:31:98:39:ed:df:ca:6a:1b:a1:a4:
                    74:4d:c2:1d:a5:62:71:ff:6d:8d:c3:e8:9f:6d:c2:
                    2b:6d:bd:3a:2d:19:31:e7:f0:62:6e:df:15:6b:da:
                    9b:56:7a:8b:f1:03:ae:7c:d9:f5:59:02:1c:59:01:
                    40:26:d2:41:8a:e2:f8:78:6a:d5:3e:54:e3:05:8c:
                    ab:52:7b:11:26:b1:6a:aa:db:23:66:0d:4d:84:fa:
                    8b:53:64:68:53:2f:f5:ad:24:31:a0:d1:93:50:18:
                    f3:5f:9c:41:40:46:17:e5:62:cd:3a:63:c6:68:4b:
                    7c:43:6a:20:d0:c1:10:dd:21:03:cb:35:29:cf:c6:
                    31:b2:f2:53:0c:fa:5d:b0:9d:89:41:4f:fe:f3:1c:
                    a0:71:0f:75:ce:e1:9c:30:44:27:4b:81:86:ee:a3:
                    f3:7d:e7:04:cb:1f:66:35:48:6f:f3:ca:4c:75:dd:
                    0c:75:0f:30:56:fb:e1:7d:fe:6d:a9:61:fc:28:94:
                    03:a0:67:d9:e5:4d:d7:ab:bc:b4:8a:2d:36:ed:bc:
                    1a:13:9d:4f:78:01:27:85:63:cc:ee:88:ad:90:54:
                    7e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:7A:A7:A1:05:A7:A5:95:69:94:99:62:90:EC:7D:4D:47:81:7E:15
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KXqnoQWnpZVplJlikOx9TUeBfhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.189.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.253.0/24
                  82.153.65.0/24
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.246.0/24
                  82.153.249.0/24
                  213.152.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:cc:36:b0:a7:a6:a3:11:68:be:8a:30:ea:cf:76:9b:b8:d2:
         e6:3d:32:fd:48:aa:e6:83:ae:1a:66:26:58:c6:13:5a:e2:4e:
         c6:bf:5d:b1:61:61:d6:d5:7b:5a:1e:36:e7:81:d8:b1:ae:b8:
         c8:90:9e:5c:44:33:3d:31:1a:b0:d5:b5:32:ab:5f:95:f2:9b:
         61:11:cc:90:25:0b:95:7d:f8:39:c0:fe:ad:8e:67:68:4f:ef:
         dd:22:a3:53:02:61:de:48:b8:82:ef:1d:d0:73:aa:6c:d9:2a:
         4b:8b:90:c6:61:70:43:37:ae:e9:2f:c1:77:ea:71:0f:27:c7:
         32:1d:95:af:b5:4a:eb:c6:f5:38:35:90:c9:c6:88:14:b8:de:
         d5:f4:69:a6:e2:53:9b:09:cf:2f:b0:46:66:f2:b4:78:7c:9f:
         63:b3:16:2b:fc:9f:96:db:6b:5d:aa:5d:cd:69:be:04:16:e6:
         dc:97:20:2a:d3:92:8a:50:38:6f:dc:e7:e0:c0:60:70:b3:d1:
         58:91:d8:e1:9a:aa:ae:1a:c3:72:8c:7a:64:d4:ac:96:9c:bd:
         5c:ec:8b:6c:ad:48:92:68:ee:8a:c3:4d:9c:91:b6:fa:f8:e4:
         63:57:ce:38:27:70:2f:18:cd:64:a4:7b:f2:41:08:7e:18:d0:
         0c:ca:6f:25
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYkM1HZpavBqYPTiAYy8wK+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNjMwMTUwMzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdhYTdhMTA1YTdhNTk1Njk5NDk5NjI5MGVjN2Q0ZDQ3ODE3ZTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwr/5HJbxTyWLD5NsPaPDAvpWKrt
l6nyFbVtbz75s5sGFzGYOe3fymoboaR0TcIdpWJx/22Nw+ifbcIrbb06LRkx5/Bi
bt8Va9qbVnqL8QOufNn1WQIcWQFAJtJBiuL4eGrVPlTjBYyrUnsRJrFqqtsjZg1N
hPqLU2RoUy/1rSQxoNGTUBjzX5xBQEYX5WLNOmPGaEt8Q2og0MEQ3SEDyzUpz8Yx
svJTDPpdsJ2JQU/+8xygcQ91zuGcMEQnS4GG7qPzfecEyx9mNUhv88pMdd0MdQ8w
Vvvhff5tqWH8KJQDoGfZ5U3Xq7y0ii027bwaE51PeAEnhWPM7oitkFR+9QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCl6p6EFp6WVaZSZYpDsfU1HgX4VMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS1hxbm9RV25wWlZwbEpsaWtPeDlUVWVCZmhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAUQW9AwQA
Uah3AwQAUah7AwQAUphsAwQAUpj9AwQAUplBAwQAUplJAwQCUpmIAwQAUpn2AwQA
Upn5AwQA1ZgrMA0GCSqGSIb3DQEBCwUAA4IBAQCfzDawp6ajEWi+ijDqz3abuNLm
PTL9SKrmg64aZiZYxhNa4k7Gv12xYWHW1XtaHjbngdixrrjIkJ5cRDM9MRqw1bUy
q1+V8pthEcyQJQuVffg5wP6tjmdoT+/dIqNTAmHeSLiC7x3Qc6ps2SpLi5DGYXBD
N67pL8F36nEPJ8cyHZWvtUrrxvU4NZDJxogUuN7V9Gmm4lObCc8vsEZm8rR4fJ9j
sxYr/J+W22tdql3Nab4EFubclyAq05KKUDhv3OfgwGBws9FYkdjhmqquGsNyjHpk
1KyWnL1c7ItsrUiSaO6Kw02ckbb6+ORjV844J3AvGM1kpHvyQQh+GNAMym8l
-----END CERTIFICATE-----