Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fOspGP0L5QNppCnZ_-sI7Rn93Mk.roa
File:                     fOspGP0L5QNppCnZ_-sI7Rn93Mk.roa (raw, json)
Hash identifier:          aNHd9mbFWSAx8yWZsPVltdxD9YI5xHXeWbt+Q32OfBs=
Subject key identifier:   7C:EB:29:18:FD:0B:E5:03:69:A4:29:D9:FF:EB:08:ED:19:FD:DC:C9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C7DE19A3BC209E9115499C0C6D5A07C27
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fOspGP0L5QNppCnZ_-sI7Rn93Mk.roa
Signing time:             Mon 18 Dec 2023 17:03:06 +0000
ROA not before:           Mon 18 Dec 2023 17:03:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          89.213.176.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          89.213.182.0/23 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:7d:e1:9a:3b:c2:09:e9:11:54:99:c0:c6:d5:a0:7c:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 18 17:03:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ceb2918fd0be50369a429d9ffeb08ed19fddcc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:60:b0:f9:bc:40:c2:6a:10:06:8d:d3:8c:22:
                    60:4b:e2:3e:d0:f4:09:b7:bf:3e:ec:4f:a5:04:a3:
                    38:00:5d:54:d6:94:09:b0:d1:06:6e:42:8b:37:db:
                    9b:6d:06:9e:7b:3c:0e:f8:48:4f:8b:6c:ea:1b:dc:
                    ca:ec:37:b9:67:84:34:6b:e0:37:42:db:5e:c6:36:
                    d8:b7:88:39:34:00:d5:c7:86:9c:87:73:2a:90:f7:
                    b5:6d:b9:7d:83:7f:1c:10:b4:b7:3f:0c:cd:d1:e9:
                    48:1a:1b:30:05:05:d3:00:2e:ee:bd:54:97:c9:ba:
                    9b:c4:95:f2:10:07:64:57:eb:9b:9c:6a:35:15:bc:
                    14:7b:4b:67:7b:98:63:7e:61:80:b2:14:a9:58:f9:
                    22:a5:69:bd:fe:26:89:18:1a:f9:d2:dd:86:30:18:
                    f2:3a:6f:b3:4e:7d:ff:7a:13:1d:58:0f:68:b7:e6:
                    87:45:60:95:8d:fc:b8:b6:53:17:f1:ea:57:d0:78:
                    4d:58:76:e6:93:a8:e8:22:3b:31:64:88:db:d4:84:
                    f2:a8:27:26:61:eb:96:fc:74:60:81:6f:f1:53:76:
                    41:6d:4b:9f:66:d7:ea:82:90:f6:10:32:51:77:94:
                    0a:c4:08:57:bd:80:d2:c0:7b:64:07:14:c7:4a:c7:
                    d2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:EB:29:18:FD:0B:E5:03:69:A4:29:D9:FF:EB:08:ED:19:FD:DC:C9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fOspGP0L5QNppCnZ_-sI7Rn93Mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.126.0/24
                  82.153.136.0/22
                  82.153.246.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0-89.213.177.255
                  89.213.180.0/22
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:48:7f:dc:32:a5:c3:a2:ad:4f:9a:c7:5f:15:0f:ec:f8:d5:
         d8:8b:71:e7:f6:bb:89:bf:2d:18:b9:a6:4a:38:3d:af:1b:40:
         99:32:c7:e9:1a:5b:81:97:75:57:34:0b:c8:20:e3:c7:41:36:
         76:fc:ec:f9:9b:ac:46:4e:ef:8e:7e:09:01:1e:d8:51:18:3a:
         20:cd:21:49:5a:de:19:7c:74:4d:01:77:d9:89:1d:0a:ca:4e:
         7c:90:fe:92:f1:dd:1e:36:23:01:86:ab:d3:31:8a:1f:d3:85:
         9c:8a:21:d0:19:f5:a5:4e:a3:18:3f:f9:c8:12:76:72:27:9e:
         06:76:e0:e4:1c:04:ff:56:ef:ca:ea:0b:21:79:61:a3:25:2b:
         2b:b3:ac:03:80:c7:9e:6d:86:25:bc:6b:49:eb:23:2f:70:ec:
         4a:cc:8e:24:93:32:00:22:d4:b7:26:68:79:7b:18:55:d5:26:
         16:1a:c0:65:fe:ed:6c:3a:ae:da:74:97:3e:44:18:9a:eb:94:
         84:01:f9:a8:83:f2:d6:bc:76:91:d5:51:4c:a0:c7:8c:68:85:
         4b:0f:d7:db:77:55:f2:04:7b:4b:bd:89:94:87:0d:2f:2b:26:
         73:84:a6:a9:57:90:ed:f3:1c:f6:90:fe:19:ac:42:92:88:28:
         2e:cd:0a:ea
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYx94Zo7wgnpEVSZwMbVoHwnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjE4MTcwMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2ViMjkxOGZkMGJlNTAzNjlhNDI5ZDlmZmViMDhlZDE5ZmRkY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmCw+bxAwmoQBo3TjCJgS+I+0PQJ
t78+7E+lBKM4AF1U1pQJsNEGbkKLN9ubbQaeezwO+EhPi2zqG9zK7De5Z4Q0a+A3
QttexjbYt4g5NADVx4ach3MqkPe1bbl9g38cELS3PwzN0elIGhswBQXTAC7uvVSX
ybqbxJXyEAdkV+ubnGo1FbwUe0tne5hjfmGAshSpWPkipWm9/iaJGBr50t2GMBjy
Om+zTn3/ehMdWA9ot+aHRWCVjfy4tlMX8epX0HhNWHbmk6joIjsxZIjb1ITyqCcm
YeuW/HRggW/xU3ZBbUufZtfqgpD2EDJRd5QKxAhXvYDSwHtkBxTHSsfS1wIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHzrKRj9C+UDaaQp2f/rCO0Z/dzJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZk9zcEdQMEw1UU5wcENuWl8tc0k3Um45M01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAUah3AwQA
Uah+AwQCUpmIAwQAUpn2MAwDBAJZ1ZQDBAVZ1YAwDAMEAlnVrAMEAVnVsAMEAlnV
tAMEAbkxfgMEANWYKjANBgkqhkiG9w0BAQsFAAOCAQEAiEh/3DKlw6KtT5rHXxUP
7PjV2Itx5/a7ib8tGLmmSjg9rxtAmTLH6RpbgZd1VzQLyCDjx0E2dvzs+ZusRk7v
jn4JAR7YURg6IM0hSVreGXx0TQF32YkdCspOfJD+kvHdHjYjAYar0zGKH9OFnIoh
0Bn1pU6jGD/5yBJ2cieeBnbg5BwE/1bvyuoLIXlhoyUrK7OsA4DHnm2GJbxrSesj
L3DsSsyOJJMyACLUtyZoeXsYVdUmFhrAZf7tbDqu2nSXPkQYmuuUhAH5qIPy1rx2
kdVRTKDHjGiFSw/X23dV8gR7S72JlIcNLysmc4SmqVeQ7fMc9pD+GaxCkogoLs0K
6g==
-----END CERTIFICATE-----