Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_5Tosyz97jJj8aDhsdzQv34fzpM.roa
File:                     _5Tosyz97jJj8aDhsdzQv34fzpM.roa (raw, json)
Hash identifier:          LGvVDtLu+66KxBDF0VLprqCXS5Q19EqBg4Jkt+RhAKE=
Subject key identifier:   FF:94:E8:B3:2C:FD:EE:32:63:F1:A0:E1:B1:DC:D0:BF:7E:1F:CE:93
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018870EB3DA6B23D270EBCB980A429E5F3D3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_5Tosyz97jJj8aDhsdzQv34fzpM.roa
Signing time:             Wed 31 May 2023 08:27:24 +0000
ROA not before:           Wed 31 May 2023 08:27:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.73.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.5.189.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:70:eb:3d:a6:b2:3d:27:0e:bc:b9:80:a4:29:e5:f3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 31 08:27:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff94e8b32cfdee3263f1a0e1b1dcd0bf7e1fce93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cb:cc:3b:a4:b2:90:46:d7:77:97:81:70:51:
                    a1:5c:0d:e2:3f:8a:d9:24:22:06:b0:77:00:2c:79:
                    61:56:bc:07:ba:1f:5b:df:ec:d0:19:15:e1:af:42:
                    54:2f:18:18:d6:66:73:bc:d4:46:ab:2a:b0:4c:0c:
                    00:f4:ed:4b:02:ff:b7:90:bf:d7:04:d2:2e:58:a9:
                    8d:d5:0b:b1:37:51:1b:da:36:16:cf:06:4f:fa:93:
                    99:78:a3:99:ce:fd:61:59:18:ec:76:99:0b:8a:2b:
                    64:0a:25:41:73:80:40:d5:61:ac:60:18:8c:4a:f8:
                    de:0d:84:57:b3:db:e8:7e:e3:74:1a:9f:36:77:82:
                    77:43:90:ed:76:4f:b0:e3:0c:c0:fb:de:b9:96:e8:
                    ed:9d:48:e5:03:7d:cb:af:6b:28:3b:7d:b3:9d:f6:
                    5e:67:82:1d:e7:a5:3e:15:5f:3e:25:bd:84:d4:c9:
                    9d:e4:c0:f1:ca:fc:f4:a2:6e:0c:49:f8:28:2f:a0:
                    1a:45:7f:dd:a1:d3:1a:cd:eb:e8:4c:8f:22:e5:9d:
                    40:7c:a3:b4:29:b2:ab:53:c0:5e:0e:fe:a1:ce:ed:
                    0a:70:ef:4e:be:3b:88:e7:ce:1c:66:32:87:29:58:
                    31:e7:02:ea:6e:73:ab:89:93:95:95:f6:92:73:55:
                    77:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:94:E8:B3:2C:FD:EE:32:63:F1:A0:E1:B1:DC:D0:BF:7E:1F:CE:93
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_5Tosyz97jJj8aDhsdzQv34fzpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.189.0/24
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.253.0/24
                  82.152.255.0/24
                  82.153.73.0/24
                  82.153.222.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:58:d4:55:da:8a:01:06:b9:18:24:65:cc:84:90:b7:61:6c:
         17:23:f5:00:95:b5:8a:d0:61:f8:80:b2:c2:52:a0:ce:ed:ae:
         51:8e:a3:cc:a5:f5:c2:7a:b8:1f:e3:b0:3f:ab:b6:fb:70:e1:
         35:d2:15:02:79:21:c8:c2:c8:75:8c:34:5f:2e:04:78:bd:1d:
         fa:f9:cb:b7:a2:a0:54:76:99:d0:6f:ba:03:a3:a1:79:de:c3:
         7a:51:63:88:b8:a7:15:dc:93:43:18:bb:1e:81:4c:cd:fc:43:
         f0:72:97:23:54:6b:f2:ee:ee:ac:21:48:61:3f:91:c9:a0:35:
         39:a0:df:47:a2:a1:91:96:ec:2d:9b:05:7b:3a:63:ea:d4:ce:
         e9:e0:3c:d6:af:93:75:d7:26:87:05:c3:7c:51:cf:57:3d:f4:
         3d:f4:8d:69:9e:33:6b:a8:f3:c6:22:24:86:12:ab:f6:71:6a:
         98:a1:03:f7:16:f1:0b:77:93:77:aa:ea:71:bd:8d:57:a0:e6:
         5e:07:b4:ce:37:be:57:ae:e3:42:ea:1c:83:52:99:48:7f:57:
         e3:bd:e6:a4:b6:39:92:ef:e9:40:e3:9f:52:1d:50:4d:2e:2b:
         60:dc:7b:59:3e:46:66:25:86:79:b9:62:cd:76:d3:ce:fe:92:
         b1:3a:2f:06
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYhw6z2msj0nDry5gKQp5fPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTMxMDgyNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjk0ZThiMzJjZmRlZTMyNjNmMWEwZTFiMWRjZDBiZjdlMWZjZTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcvMO6SykEbXd5eBcFGhXA3iP4rZ
JCIGsHcALHlhVrwHuh9b3+zQGRXhr0JULxgY1mZzvNRGqyqwTAwA9O1LAv+3kL/X
BNIuWKmN1QuxN1Eb2jYWzwZP+pOZeKOZzv1hWRjsdpkLiitkCiVBc4BA1WGsYBiM
SvjeDYRXs9vofuN0Gp82d4J3Q5Dtdk+w4wzA+965lujtnUjlA33Lr2soO32znfZe
Z4Id56U+FV8+Jb2E1Mmd5MDxyvz0om4MSfgoL6AaRX/dodMazevoTI8i5Z1AfKO0
KbKrU8BeDv6hzu0KcO9OvjuI584cZjKHKVgx5wLqbnOriZOVlfaSc1V3VwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFP+U6LMs/e4yY/Gg4bHc0L9+H86TMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvXzVUb3N5ejk3akpqOGFEaHNkelF2MzRmenBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAUQW9AwQA
Uah0AwQAUah3AwQAUah7AwQBUpiuAwQAUpj5AwQAUpj7AwQAUpj9AwQAUpj/AwQA
UplJAwQAUpneAwQBUpn4MA0GCSqGSIb3DQEBCwUAA4IBAQAJWNRV2ooBBrkYJGXM
hJC3YWwXI/UAlbWK0GH4gLLCUqDO7a5RjqPMpfXCergf47A/q7b7cOE10hUCeSHI
wsh1jDRfLgR4vR36+cu3oqBUdpnQb7oDo6F53sN6UWOIuKcV3JNDGLsegUzN/EPw
cpcjVGvy7u6sIUhhP5HJoDU5oN9HoqGRluwtmwV7OmPq1M7p4DzWr5N11yaHBcN8
Uc9XPfQ99I1pnjNrqPPGIiSGEqv2cWqYoQP3FvELd5N3qupxvY1XoOZeB7TON75X
ruNC6hyDUplIf1fjveaktjmS7+lA459SHVBNLitg3HtZPkZmJYZ5uWLNdtPO/pKx
Oi8G
-----END CERTIFICATE-----