Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/keT4zsWyi7VrO48iXpw7TVqW_wY.roa
File:                     keT4zsWyi7VrO48iXpw7TVqW_wY.roa (raw, json)
Hash identifier:          ra50tCpxEkSa6q3LIi/wnANe3KvvoB+xzr961MtOSTk=
Subject key identifier:   91:E4:F8:CE:C5:B2:8B:B5:6B:3B:8F:22:5E:9C:3B:4D:5A:96:FF:06
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018B6285C6D20283797ED7DBAADABBD457F0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/keT4zsWyi7VrO48iXpw7TVqW_wY.roa
Signing time:             Tue 24 Oct 2023 16:30:16 +0000
ROA not before:           Tue 24 Oct 2023 16:30:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:62:85:c6:d2:02:83:79:7e:d7:db:aa:da:bb:d4:57:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 24 16:30:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91e4f8cec5b28bb56b3b8f225e9c3b4d5a96ff06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c9:7e:5f:44:3f:55:80:0b:df:5f:93:bc:85:
                    65:51:45:da:8b:03:02:8e:00:95:90:21:08:38:9d:
                    5e:f3:aa:0a:42:60:83:f3:86:e6:df:91:bd:03:17:
                    85:d4:cd:11:2f:46:13:55:55:26:fa:8c:2a:eb:bc:
                    41:00:22:8e:3f:f0:0d:31:dd:30:43:00:36:33:6d:
                    75:b8:7d:e8:9c:33:bd:57:45:18:0d:76:f3:35:24:
                    69:59:69:b7:de:a6:7d:0c:14:74:1b:70:2e:de:6d:
                    61:7c:5a:6c:4d:a8:94:8c:8e:5f:7d:a2:d7:e5:7f:
                    b0:15:70:a8:12:ce:fe:c8:c9:8b:fb:eb:38:6c:c5:
                    8b:61:a1:b9:68:92:83:52:b6:45:f5:25:0d:9c:ee:
                    e5:ad:70:87:e4:0e:5e:9f:70:4e:35:dc:14:7b:da:
                    79:50:ad:1f:c4:62:c9:9d:e1:f3:2b:c1:e6:02:37:
                    1c:92:f8:f4:09:b0:7d:c8:5a:4e:d5:61:96:f0:34:
                    d6:be:af:1f:ae:0d:30:18:09:d2:f3:73:d1:ee:25:
                    11:4d:bc:10:06:67:7f:53:a4:eb:7e:c5:c6:28:4e:
                    c0:75:ed:ba:35:ea:1f:b5:ca:44:07:37:fc:db:ef:
                    79:c7:b7:05:3d:c4:22:4d:37:a1:3a:d2:55:ce:2b:
                    39:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E4:F8:CE:C5:B2:8B:B5:6B:3B:8F:22:5E:9C:3B:4D:5A:96:FF:06
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/keT4zsWyi7VrO48iXpw7TVqW_wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:9c:31:be:b2:0d:4c:ed:98:40:ff:23:49:fd:05:d7:34:9d:
         17:7f:19:b5:2e:97:76:ac:79:db:91:ff:a5:20:6f:35:1c:de:
         96:bf:10:ff:b5:cb:7d:0f:2f:e3:bc:37:22:87:6c:43:3b:b1:
         8b:a5:dc:aa:26:3f:83:ce:41:d7:73:13:4b:29:22:d7:ee:b3:
         10:cc:7e:7f:9b:be:0f:ba:e5:0d:6f:c3:48:6c:15:b2:e0:99:
         09:db:1c:48:27:33:38:cf:85:cf:7c:88:e8:9b:6b:22:99:a0:
         24:b4:40:d0:80:f0:8f:fe:d8:6a:d2:f2:c4:78:7e:c8:9f:97:
         91:11:7d:cf:01:eb:c3:92:a4:6f:d2:fe:5a:48:42:7d:ca:ae:
         bd:92:fb:86:5e:d5:98:fe:01:ab:ee:f6:8a:bc:4c:98:29:32:
         18:3a:b2:ff:49:75:1b:c9:0e:ab:b6:2f:7e:4b:24:37:79:98:
         c5:f8:48:6f:91:86:f7:85:0b:54:02:83:db:c1:4c:5c:1c:df:
         ea:91:60:54:8d:c3:07:87:43:2a:d4:41:82:99:72:59:5e:0b:
         5c:1d:00:70:d3:39:04:3b:af:4a:da:1a:ad:4d:f4:3f:3d:ae:
         6d:d6:0c:a7:c0:25:7e:73:56:17:55:4d:4c:27:97:c2:52:0c:
         c6:46:43:e3
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYtihcbSAoN5ftfbqtq71FfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDI0MTYzMDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWU0ZjhjZWM1YjI4YmI1NmIzYjhmMjI1ZTljM2I0ZDVhOTZmZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8l+X0Q/VYAL31+TvIVlUUXaiwMC
jgCVkCEIOJ1e86oKQmCD84bm35G9AxeF1M0RL0YTVVUm+owq67xBACKOP/ANMd0w
QwA2M211uH3onDO9V0UYDXbzNSRpWWm33qZ9DBR0G3Au3m1hfFpsTaiUjI5ffaLX
5X+wFXCoEs7+yMmL++s4bMWLYaG5aJKDUrZF9SUNnO7lrXCH5A5en3BONdwUe9p5
UK0fxGLJneHzK8HmAjcckvj0CbB9yFpO1WGW8DTWvq8frg0wGAnS83PR7iURTbwQ
Bmd/U6TrfsXGKE7Ade26NeoftcpEBzf82+95x7cFPcQiTTehOtJVzis5eQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJHk+M7Fsou1azuPIl6cO01alv8GMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEva2VUNHpzV3lpN1ZyTzQ4aVhwdzdUVnFXX3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQA
Uah7AwQAUphsAwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1bQDBABtsPgDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBAKOcMb6yDUztmED/I0n9Bdc0nRd/GbUu
l3aseduR/6UgbzUc3pa/EP+1y30PL+O8NyKHbEM7sYul3KomP4POQddzE0spItfu
sxDMfn+bvg+65Q1vw0hsFbLgmQnbHEgnMzjPhc98iOibayKZoCS0QNCA8I/+2GrS
8sR4fsifl5ERfc8B68OSpG/S/lpIQn3Krr2S+4Ze1Zj+Aavu9oq8TJgpMhg6sv9J
dRvJDqu2L35LJDd5mMX4SG+RhveFC1QCg9vBTFwc3+qRYFSNwweHQyrUQYKZclle
C1wdAHDTOQQ7r0raGq1N9D89rm3WDKfAJX5zVhdVTUwnl8JSDMZGQ+M=
-----END CERTIFICATE-----