Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/i6gg21kT4YLmWbZmjPeJju2efRQ.roa
File:                     i6gg21kT4YLmWbZmjPeJju2efRQ.roa (raw, json)
Hash identifier:          kq0ajNVyQJ83fTGuzR8tpiB6ecMn+yfKh7MebzWZTBQ=
Subject key identifier:   8B:A8:20:DB:59:13:E1:82:E6:59:B6:66:8C:F7:89:8E:ED:9E:7D:14
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018AB74528A6A9AD273091DFB704A14B25B3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/i6gg21kT4YLmWbZmjPeJju2efRQ.roa
Signing time:             Thu 21 Sep 2023 10:24:37 +0000
ROA not before:           Thu 21 Sep 2023 10:24:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.227.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.40.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b7:45:28:a6:a9:ad:27:30:91:df:b7:04:a1:4b:25:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 21 10:24:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8ba820db5913e182e659b6668cf7898eed9e7d14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:75:7f:23:65:68:df:b1:a5:7b:60:d3:c3:e5:
                    d0:94:59:f9:ee:e3:b2:fb:62:1e:32:e8:0d:ac:81:
                    d5:a6:7d:27:f7:c4:fb:21:90:79:67:8a:26:85:e8:
                    39:d8:b7:3f:01:4a:bc:d6:06:95:9b:eb:f9:ea:1e:
                    c7:2c:51:25:9c:c6:ae:cc:91:58:57:c5:04:c4:50:
                    03:7c:14:85:f0:98:cd:0f:62:ed:63:4b:d3:fb:d6:
                    6d:dc:b0:c7:47:be:19:fd:bd:60:82:c6:fa:0f:8a:
                    73:2c:a3:7b:35:c9:7a:70:6a:c8:1f:ad:bd:32:6b:
                    8e:cd:2c:77:76:b1:97:49:79:4a:d6:a8:a9:73:e3:
                    5c:00:26:55:5e:05:6e:9d:a7:3e:ab:3a:7d:79:7b:
                    8c:de:8f:2a:48:46:41:d4:31:22:10:ed:bb:b6:ea:
                    17:a5:fe:be:38:62:ec:aa:4c:82:b9:67:e7:40:79:
                    38:9d:1d:3f:0e:2c:3c:3a:05:ee:08:40:9b:fc:16:
                    ad:41:a2:87:b9:02:df:1c:3c:f8:cc:9b:0e:85:c8:
                    f1:86:4c:b0:0c:da:60:13:47:2b:87:3d:b4:5f:65:
                    a4:4a:0a:91:fa:1c:74:77:eb:ec:0f:0d:63:29:19:
                    52:f0:d3:01:23:fb:5a:a0:07:66:03:30:6a:15:28:
                    28:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A8:20:DB:59:13:E1:82:E6:59:B6:66:8C:F7:89:8E:ED:9E:7D:14
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/i6gg21kT4YLmWbZmjPeJju2efRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  82.153.227.0/24
                  89.213.40.0/22
                  89.213.145.0-89.213.146.255
                  89.213.172.0-89.213.174.255
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:ad:e9:10:f2:50:d0:30:7a:95:26:81:a6:7d:bf:88:e0:3a:
         20:61:86:42:69:36:b4:a4:cc:68:51:c2:9e:cd:5d:6e:91:40:
         29:37:a0:cd:6f:09:c0:ad:54:33:3a:19:ee:51:52:36:4f:1c:
         48:bc:af:b9:66:b3:8b:07:88:2b:97:f8:17:b5:ee:b6:fb:0f:
         aa:3d:01:7a:2d:18:f9:dc:2f:18:2e:99:60:18:68:52:a5:57:
         04:11:e1:8c:35:b5:9f:2e:4a:67:a3:5b:9e:d8:96:a3:d7:e7:
         d9:a1:ef:b8:3a:32:4f:2f:14:2a:46:4c:c6:d7:ba:14:ce:1d:
         19:a0:cf:b7:a8:9b:a4:9a:83:38:b5:6c:5f:65:da:49:49:ab:
         5c:b9:02:1b:33:3c:77:8c:91:1a:e9:4f:49:98:43:11:90:1d:
         e4:f6:2f:42:60:5f:53:a9:d3:c0:90:34:af:3b:e6:33:2a:9a:
         cc:c3:41:45:90:d9:ea:bb:97:51:9b:bf:1a:c4:1a:11:a9:9b:
         86:94:b1:07:d4:10:2c:ab:e1:08:bb:11:d5:3b:fe:6e:ed:04:
         dc:e8:29:2a:90:05:a3:c4:b4:f4:c2:4b:36:70:b6:4b:14:91:
         e0:ec:e6:bd:89:e0:c6:e7:0c:e4:3c:11:4d:55:aa:d2:7f:f8:
         44:47:32:1d
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYq3RSimqa0nMJHftwShSyWzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTIxMTAyNDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE4MjBkYjU5MTNlMTgyZTY1OWI2NjY4Y2Y3ODk4ZWVkOWU3ZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHV/I2Vo37Gle2DTw+XQlFn57uOy
+2IeMugNrIHVpn0n98T7IZB5Z4omheg52Lc/AUq81gaVm+v56h7HLFElnMauzJFY
V8UExFADfBSF8JjND2LtY0vT+9Zt3LDHR74Z/b1ggsb6D4pzLKN7Ncl6cGrIH629
MmuOzSx3drGXSXlK1qipc+NcACZVXgVunac+qzp9eXuM3o8qSEZB1DEiEO27tuoX
pf6+OGLsqkyCuWfnQHk4nR0/Diw8OgXuCECb/BatQaKHuQLfHDz4zJsOhcjxhkyw
DNpgE0crhz20X2WkSgqR+hx0d+vsDw1jKRlS8NMBI/taoAdmAzBqFSgopwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFIuoINtZE+GC5lm2Zoz3iY7tnn0UMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaTZnZzIxa1Q0WUxtV2JabWpQZUpqdTJlZlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAUah3AwQA
Uah7AwQCUpmIAwQAUpnjAwQCWdUoMAwDBABZ1ZEDBABZ1ZIwDAMEAlnVrAMEAFnV
rgMEAbkxfgMEANWYKjANBgkqhkiG9w0BAQsFAAOCAQEARq3pEPJQ0DB6lSaBpn2/
iOA6IGGGQmk2tKTMaFHCns1dbpFAKTegzW8JwK1UMzoZ7lFSNk8cSLyvuWaziweI
K5f4F7XutvsPqj0Bei0Y+dwvGC6ZYBhoUqVXBBHhjDW1ny5KZ6NbntiWo9fn2aHv
uDoyTy8UKkZMxte6FM4dGaDPt6ibpJqDOLVsX2XaSUmrXLkCGzM8d4yRGulPSZhD
EZAd5PYvQmBfU6nTwJA0rzvmMyqazMNBRZDZ6ruXUZu/GsQaEambhpSxB9QQLKvh
CLsR1Tv+bu0E3OgpKpAFo8S09MJLNnC2SxSR4OzmvYngxucM5DwRTVWq0n/4REcy
HQ==
-----END CERTIFICATE-----