Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XVKnihygNA2SrmFpUV5QpITewXc.roa
File:                     XVKnihygNA2SrmFpUV5QpITewXc.roa (raw, json)
Hash identifier:          JVaiv4vSYHV8kjLBbQXdPNrVSL1iJrpgqi7rYGwoHUM=
Subject key identifier:   5D:52:A7:8A:1C:A0:34:0D:92:AE:61:69:51:5E:50:A4:84:DE:C1:77
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BE800FFD210E453A620E127D2C57F2904
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XVKnihygNA2SrmFpUV5QpITewXc.roa
Signing time:             Sun 19 Nov 2023 14:34:21 +0000
ROA not before:           Sun 19 Nov 2023 14:34:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          89.213.178.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          89.213.182.0/23 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:e8:00:ff:d2:10:e4:53:a6:20:e1:27:d2:c5:7f:29:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 19 14:34:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5d52a78a1ca0340d92ae6169515e50a484dec177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:60:76:e4:a2:8e:bc:53:34:4e:f6:86:a1:de:
                    31:da:3e:85:09:b0:6a:e0:f1:17:dd:c8:36:c6:ed:
                    99:1e:f0:4f:46:7a:0e:1a:e2:31:30:61:11:e2:a6:
                    97:84:6d:bd:c3:3b:6c:fd:04:58:6e:59:a7:84:ea:
                    6f:b0:55:21:09:30:0f:75:e4:1d:f2:a7:b3:2b:10:
                    68:82:98:a7:cb:ab:f8:f3:48:69:4b:af:7e:90:25:
                    81:99:4b:ea:c6:f8:38:77:f1:b1:f8:4b:13:90:50:
                    b0:c5:a9:19:13:11:12:34:86:7e:18:67:1f:3d:e5:
                    56:52:3b:7a:7d:56:75:e8:44:1a:a2:02:ce:6b:56:
                    f4:fc:86:4b:e0:47:2c:3c:6b:8d:46:3a:24:96:98:
                    fc:d1:30:1b:05:b9:0a:f8:91:89:07:10:91:9b:c9:
                    de:32:57:7a:70:78:e0:f7:df:cc:86:3f:07:f6:73:
                    b3:e1:0b:2c:6e:cc:cc:4e:52:41:5b:3e:96:ce:b7:
                    3e:b6:b5:34:9d:3f:94:d2:f3:26:5f:28:67:2e:c6:
                    62:47:2d:af:0e:b8:83:87:9d:a4:ee:31:4e:c9:0f:
                    f0:a1:50:99:3f:1c:1a:a9:08:95:00:42:87:53:42:
                    ac:55:75:f2:68:0c:da:30:fc:ba:9e:58:66:32:0e:
                    63:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:52:A7:8A:1C:A0:34:0D:92:AE:61:69:51:5E:50:A4:84:DE:C1:77
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XVKnihygNA2SrmFpUV5QpITewXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.1.0/24
                  82.153.136.0/22
                  82.153.227.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.178.0/24
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:3a:14:f9:35:ca:a2:60:71:a4:51:d1:2b:ab:6e:02:59:77:
         4b:ee:3b:92:7b:2a:3d:93:78:98:c3:8a:33:ef:34:65:51:87:
         75:0b:68:ac:e9:9c:64:df:47:1c:8a:cb:5f:34:e8:c6:3c:65:
         f5:e6:4b:f5:a4:58:5a:cd:8c:9e:ce:24:cf:87:45:c0:64:94:
         88:c0:71:ec:40:e0:53:06:fa:03:97:78:2e:1f:83:31:3a:68:
         35:d1:14:9c:13:a5:2e:28:3b:a8:32:81:8d:87:da:76:98:6b:
         5d:9f:c7:8f:c1:78:11:8d:cd:fb:f1:53:26:ca:3d:85:c4:2e:
         80:cd:37:5c:ea:92:c2:0b:87:4d:46:b0:20:85:1d:35:55:75:
         17:31:83:b6:1f:e4:47:04:85:f2:3f:5a:77:d4:d6:87:65:06:
         df:b5:64:08:cb:b4:f1:d9:0b:62:e8:7c:12:47:61:15:5a:1a:
         bb:1a:6c:b2:6f:bf:23:8b:1e:74:8d:a8:5d:ca:dc:f0:13:8b:
         f4:fa:05:de:53:6e:4f:32:3f:5a:38:93:c8:73:1c:52:b4:0d:
         6a:d5:b0:b8:41:b2:3a:69:95:48:ef:2a:ee:14:6e:4b:31:72:
         54:e6:dc:bd:ef:a9:fc:92:c6:24:f9:87:36:67:1a:6c:b8:95:
         05:55:35:4e
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYvoAP/SEORTpiDhJ9LFfykEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTE5MTQzNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDUyYTc4YTFjYTAzNDBkOTJhZTYxNjk1MTVlNTBhNDg0ZGVjMTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWB25KKOvFM0TvaGod4x2j6FCbBq
4PEX3cg2xu2ZHvBPRnoOGuIxMGER4qaXhG29wzts/QRYblmnhOpvsFUhCTAPdeQd
8qezKxBogpiny6v480hpS69+kCWBmUvqxvg4d/Gx+EsTkFCwxakZExESNIZ+GGcf
PeVWUjt6fVZ16EQaogLOa1b0/IZL4EcsPGuNRjoklpj80TAbBbkK+JGJBxCRm8ne
Mld6cHjg99/Mhj8H9nOz4QssbszMTlJBWz6Wzrc+trU0nT+U0vMmXyhnLsZiRy2v
DriDh52k7jFOyQ/woVCZPxwaqQiVAEKHU0KsVXXyaAzaMPy6nlhmMg5jVQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFF1Sp4ocoDQNkq5haVFeUKSE3sF3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWFZLbmloeWdOQTJTcm1GcFVWNVFwSVRld1hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAUah3AwQA
Uah7AwQAUpkBAwQCUpmIAwQAUpnjMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bID
BAJZ1bQDBABtsPgDBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAEM6FPk1
yqJgcaRR0SurbgJZd0vuO5J7Kj2TeJjDijPvNGVRh3ULaKzpnGTfRxyKy1806MY8
ZfXmS/WkWFrNjJ7OJM+HRcBklIjAcexA4FMG+gOXeC4fgzE6aDXRFJwTpS4oO6gy
gY2H2naYa12fx4/BeBGNzfvxUybKPYXELoDNN1zqksILh01GsCCFHTVVdRcxg7Yf
5EcEhfI/WnfU1odlBt+1ZAjLtPHZC2LofBJHYRVaGrsabLJvvyOLHnSNqF3K3PAT
i/T6Bd5Tbk8yP1o4k8hzHFK0DWrVsLhBsjpplUjvKu4UbksxclTm3L3vqfySxiT5
hzZnGmy4lQVVNU4=
-----END CERTIFICATE-----