Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RrgHVRcgZ-Sx6H4Lnhvg3tAF38M.roa
File:                     RrgHVRcgZ-Sx6H4Lnhvg3tAF38M.roa (raw, json)
Hash identifier:          H8z4OIRAyoCn8NYWjmRER+Kh4NvkcFOEEfwrAJSh2Hw=
Subject key identifier:   46:B8:07:55:17:20:67:E4:B1:E8:7E:0B:9E:1B:E0:DE:D0:05:DF:C3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018930FEC45E943521922BCCCB6FFC19BA84
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RrgHVRcgZ-Sx6H4Lnhvg3tAF38M.roa
Signing time:             Fri 07 Jul 2023 15:35:49 +0000
ROA not before:           Fri 07 Jul 2023 15:35:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.249.0/24 maxlen: 24
                          82.153.242.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:30:fe:c4:5e:94:35:21:92:2b:cc:cb:6f:fc:19:ba:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  7 15:35:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=46b80755172067e4b1e87e0b9e1be0ded005dfc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:eb:86:89:97:7b:4b:40:d4:bb:68:30:7a:70:
                    e4:6b:bc:0f:eb:41:cd:5c:aa:64:0e:d4:ff:8c:af:
                    7d:2a:bf:c0:37:c1:7f:51:7e:d0:cf:a6:6c:b8:36:
                    a9:49:ec:1f:db:21:21:d7:06:80:58:f2:27:12:65:
                    bd:80:9c:6e:98:78:32:24:12:73:56:e1:68:cb:c7:
                    93:1e:36:ca:4b:e3:8a:6d:d6:f6:11:88:0b:a9:0b:
                    d3:30:9a:8e:2b:f6:86:16:0d:9c:c4:a8:4d:92:30:
                    a9:a7:22:85:b7:fd:ee:65:29:27:cd:cc:a0:b5:4e:
                    95:2e:9e:58:2c:01:19:44:bd:41:66:eb:1b:91:e7:
                    3b:a6:7b:82:ac:91:a4:84:8d:ea:ba:2a:1f:60:90:
                    51:41:8c:a8:ea:91:6d:c3:b2:ea:b3:f5:c9:62:78:
                    09:d1:36:25:4e:15:b8:68:f4:4a:52:84:04:2b:eb:
                    d4:cf:76:a0:1b:c3:a7:d6:61:f9:86:bf:32:b9:70:
                    5e:df:84:72:82:aa:87:e2:00:cc:8f:76:1b:ef:3b:
                    34:df:de:9f:8d:22:33:b1:26:92:44:3e:40:27:5b:
                    72:72:86:30:46:5b:a5:f5:48:bd:6a:88:7c:0d:58:
                    aa:2b:8e:28:a3:58:33:8c:fe:5a:df:ab:f2:2b:24:
                    f1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:B8:07:55:17:20:67:E4:B1:E8:7E:0B:9E:1B:E0:DE:D0:05:DF:C3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RrgHVRcgZ-Sx6H4Lnhvg3tAF38M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.153.4.0/24
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.242.0/24
                  82.153.246.0/24
                  82.153.248.0/23
                  109.176.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:05:bf:67:4d:8f:a5:c0:b9:6d:c0:8c:06:e2:37:5f:87:69:
         b8:0a:21:a2:d1:a7:72:0b:09:90:4a:19:68:88:bd:fe:7e:e9:
         1e:d3:66:1a:42:be:28:b2:68:53:a2:d3:7c:89:c6:7b:ea:fb:
         26:94:bb:36:bb:60:74:12:33:72:a6:e8:51:f1:41:79:5d:7e:
         2a:7d:f4:97:0d:64:8c:ba:0f:9b:2e:fb:c7:30:af:d8:62:fb:
         ea:34:94:89:51:1f:26:8a:0b:a4:b7:a1:b2:40:fe:2e:2c:e2:
         ea:1c:ad:a4:50:df:4e:a9:e7:b1:6d:21:4e:57:ae:a6:40:4d:
         e1:91:63:5a:17:1e:07:4e:2a:d5:f6:f0:c4:c4:e3:e2:62:76:
         10:97:75:c8:c7:c2:2e:e3:03:7c:58:85:64:20:7d:76:59:e2:
         19:81:ab:da:ae:f0:8e:73:24:52:9e:6f:b5:72:a2:c2:88:d9:
         02:7b:e6:f2:08:75:f2:e9:37:74:bb:ad:02:9f:eb:b0:a6:b3:
         33:aa:7f:d7:1f:bb:45:3b:7b:03:73:8c:b8:67:a8:05:cf:aa:
         e3:a1:06:d8:a4:63:10:75:fb:8c:f1:4a:6f:93:e1:e1:54:46:
         24:eb:0a:c3:7c:81:25:20:c3:5f:1a:e3:ef:1a:0d:ff:9d:e7:
         f4:d7:ab:93
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYkw/sRelDUhkivMy2/8GbqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA3MTUzNTQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmI4MDc1NTE3MjA2N2U0YjFlODdlMGI5ZTFiZTBkZWQwMDVkZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuuGiZd7S0DUu2gwenDka7wP60HN
XKpkDtT/jK99Kr/AN8F/UX7Qz6ZsuDapSewf2yEh1waAWPInEmW9gJxumHgyJBJz
VuFoy8eTHjbKS+OKbdb2EYgLqQvTMJqOK/aGFg2cxKhNkjCppyKFt/3uZSknzcyg
tU6VLp5YLAEZRL1BZusbkec7pnuCrJGkhI3quiofYJBRQYyo6pFtw7Lqs/XJYngJ
0TYlThW4aPRKUoQEK+vUz3agG8On1mH5hr8yuXBe34RygqqH4gDMj3Yb7zs0396f
jSIzsSaSRD5AJ1tycoYwRlul9Ui9aoh8DViqK44oo1gzjP5a36vyKyTxvwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFEa4B1UXIGfkseh+C54b4N7QBd/DMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUnJnSFZSY2daLVN4Nkg0TG5odmczdEFGMzhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAUah3AwQA
Uah7AwQAUphsAwQAUphvAwQBUpj8AwQAUpkEAwQAUplJAwQCUpmIAwQAUpnfAwQA
UpnyAwQAUpn2AwQBUpn4AwQAbbD5MA0GCSqGSIb3DQEBCwUAA4IBAQCaBb9nTY+l
wLltwIwG4jdfh2m4CiGi0adyCwmQShloiL3+fuke02YaQr4osmhTotN8icZ76vsm
lLs2u2B0EjNypuhR8UF5XX4qffSXDWSMug+bLvvHMK/YYvvqNJSJUR8migukt6Gy
QP4uLOLqHK2kUN9OqeexbSFOV66mQE3hkWNaFx4HTirV9vDExOPiYnYQl3XIx8Iu
4wN8WIVkIH12WeIZgavarvCOcyRSnm+1cqLCiNkCe+byCHXy6Td0u60Cn+uwprMz
qn/XH7tFO3sDc4y4Z6gFz6rjoQbYpGMQdfuM8Upvk+HhVEYk6wrDfIElIMNfGuPv
Gg3/nef016uT
-----END CERTIFICATE-----