Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MNkTZR9wkiS-xwptQYK5xKMKt-Y.roa
File:                     MNkTZR9wkiS-xwptQYK5xKMKt-Y.roa (raw, json)
Hash identifier:          9/68ykNRjMmBps5goR3Q/kX/Fqjaz3xVF1pFiIen8wA=
Subject key identifier:   30:D9:13:65:1F:70:92:24:BE:C7:0A:6D:41:82:B9:C4:A3:0A:B7:E6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BA8BF12BB3240D32E746136D3F14E6E40
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MNkTZR9wkiS-xwptQYK5xKMKt-Y.roa
Signing time:             Tue 07 Nov 2023 07:46:16 +0000
ROA not before:           Tue 07 Nov 2023 07:46:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.245.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.4.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a8:bf:12:bb:32:40:d3:2e:74:61:36:d3:f1:4e:6e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  7 07:46:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=30d913651f709224bec70a6d4182b9c4a30ab7e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:be:b7:b6:1e:b5:b8:32:5d:eb:61:06:8d:93:
                    55:15:6e:dc:44:65:13:b2:5a:8c:60:a7:88:11:85:
                    ee:44:f0:9a:b0:2c:67:0e:8f:32:00:57:91:14:b9:
                    2a:8b:99:39:8c:95:a7:19:2d:1f:7a:06:f4:e0:ea:
                    60:d1:71:c4:5f:5d:45:01:5b:2a:bb:e4:e6:b5:1a:
                    7e:59:c9:bf:83:bc:20:21:6f:6f:88:5c:2e:5a:6a:
                    ba:d2:42:a1:6b:30:a3:90:2e:17:a6:59:a2:ba:84:
                    f7:48:1e:fc:f3:1f:44:07:c6:1d:8c:ef:a4:cc:ed:
                    16:18:86:04:33:34:bb:93:14:b9:b6:aa:71:7e:f1:
                    08:a5:12:c4:31:3e:26:19:a2:17:ac:e4:a5:95:34:
                    fe:4e:b5:fc:67:34:7e:4a:69:b1:99:35:19:ba:42:
                    3f:f2:23:f0:17:f3:be:40:22:a3:60:f3:e0:76:36:
                    8b:c5:ad:f2:c1:73:ef:36:72:a4:18:90:22:37:1d:
                    27:20:35:24:dd:f9:f7:55:17:95:23:7e:68:70:f3:
                    3f:17:20:d0:9b:46:6e:34:7a:ee:0b:23:e3:2d:cd:
                    52:81:15:89:69:b7:f3:57:aa:7f:bb:3b:fe:b7:29:
                    e1:5f:4f:7d:43:b6:03:30:97:01:5b:14:f5:4f:b7:
                    25:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D9:13:65:1F:70:92:24:BE:C7:0A:6D:41:82:B9:C4:A3:0A:B7:E6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MNkTZR9wkiS-xwptQYK5xKMKt-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.4.0/24
                  89.213.148.0-89.213.159.255
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:be:38:e7:fa:9d:e4:c4:cf:ba:e7:d9:6c:45:0f:a3:0e:a1:
         1e:84:12:6a:c6:72:86:94:29:50:93:e6:29:72:33:fc:dc:f7:
         21:1d:b2:cc:28:f3:25:ad:f5:46:2e:32:95:8d:9e:aa:7a:3c:
         19:b6:67:96:75:9e:95:d2:be:32:83:54:ac:b2:d8:58:f3:96:
         73:d0:51:e9:1b:89:7b:91:ac:5b:49:18:85:30:bf:b8:69:b9:
         ac:ae:0b:c4:22:cd:b7:73:7d:50:79:15:8b:16:bd:7e:8a:5b:
         6f:3e:1f:67:c4:15:a5:ff:c7:74:df:69:4c:e6:d8:cf:57:53:
         d3:1f:d6:d1:5d:f4:ad:95:f5:c7:5a:9e:f3:0e:04:85:54:d2:
         78:cd:52:8c:40:3b:a6:c4:17:8f:65:28:ce:e8:bd:00:9c:fa:
         cf:24:21:cd:75:f4:e5:11:62:63:e1:4d:3f:06:12:e1:e8:52:
         d1:8b:08:9b:5c:7d:2f:92:0d:2c:a9:9b:b7:8d:80:bd:ce:fd:
         c8:75:20:ae:2f:2e:5b:01:51:88:0a:8a:3c:dc:e1:f7:d6:37:
         f3:d2:70:ac:12:64:95:7d:da:06:34:87:7c:cd:0b:34:64:a2:
         17:90:b5:3a:04:b6:58:51:0e:5d:ee:8c:fc:4e:d4:86:1b:88:
         da:74:c5:d7
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYuovxK7MkDTLnRhNtPxTm5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTA3MDc0NjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGQ5MTM2NTFmNzA5MjI0YmVjNzBhNmQ0MTgyYjljNGEzMGFiN2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1b63th61uDJd62EGjZNVFW7cRGUT
slqMYKeIEYXuRPCasCxnDo8yAFeRFLkqi5k5jJWnGS0fegb04Opg0XHEX11FAVsq
u+TmtRp+Wcm/g7wgIW9viFwuWmq60kKhazCjkC4XplmiuoT3SB788x9EB8YdjO+k
zO0WGIYEMzS7kxS5tqpxfvEIpRLEMT4mGaIXrOSllTT+TrX8ZzR+SmmxmTUZukI/
8iPwF/O+QCKjYPPgdjaLxa3ywXPvNnKkGJAiNx0nIDUk3fn3VReVI35ocPM/FyDQ
m0ZuNHruCyPjLc1SgRWJabfzV6p/uzv+tynhX099Q7YDMJcBWxT1T7clpwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFDDZE2UfcJIkvscKbUGCucSjCrfmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTU5rVFpSOXdraVMteHdwdFFZSzV4S01LdC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAUah3AwQA
Uah7AwQCUpmIAwQAUpn1AwQAWdUEMAwDBAJZ1ZQDBAVZ1YADBAJZ1bQDBABtsPgD
BAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAFu+OOf6neTEz7rn2WxFD6MO
oR6EEmrGcoaUKVCT5ilyM/zc9yEdsswo8yWt9UYuMpWNnqp6PBm2Z5Z1npXSvjKD
VKyy2FjzlnPQUekbiXuRrFtJGIUwv7hpuayuC8QizbdzfVB5FYsWvX6KW28+H2fE
FaX/x3TfaUzm2M9XU9Mf1tFd9K2V9cdanvMOBIVU0njNUoxAO6bEF49lKM7ovQCc
+s8kIc119OURYmPhTT8GEuHoUtGLCJtcfS+SDSypm7eNgL3O/ch1IK4vLlsBUYgK
ijzc4ffWN/PScKwSZJV92gY0h3zNCzRkoheQtToEtlhRDl3ujPxO1IYbiNp0xdc=
-----END CERTIFICATE-----