Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/o-OXOFNkjantSCW-rjZCQmO5VG8.roa
File:                     o-OXOFNkjantSCW-rjZCQmO5VG8.roa (raw, json)
Hash identifier:          e8gNS76seSY7P+2+KZe1g2HGYhT8oMvm/t1igGC3MSM=
Subject key identifier:   A3:E3:97:38:53:64:8D:A9:ED:48:25:BE:AE:36:42:42:63:B9:54:6F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01891C82F0198D555E791A307B950E1D3DCC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/o-OXOFNkjantSCW-rjZCQmO5VG8.roa
Signing time:             Mon 03 Jul 2023 16:08:10 +0000
ROA not before:           Mon 03 Jul 2023 16:08:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:1c:82:f0:19:8d:55:5e:79:1a:30:7b:95:0e:1d:3d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  3 16:08:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3e3973853648da9ed4825beae36424263b9546f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:da:22:1f:15:c4:ec:07:4b:d7:dc:0b:74:d9:
                    77:94:df:f6:de:40:23:a5:5b:48:b1:0a:99:b3:52:
                    37:a2:a4:b0:3a:dc:1f:ec:03:2f:1e:c1:dd:b6:4c:
                    ac:c9:6d:aa:c3:77:b3:e3:9b:f6:d2:25:fc:43:fa:
                    45:35:00:02:72:1b:cd:93:44:de:53:ab:db:ed:07:
                    0a:83:2d:ed:85:72:7f:71:b2:73:a9:5d:2f:2a:47:
                    bb:79:05:a8:13:3c:57:09:e0:b6:40:e7:1f:ff:59:
                    41:78:a0:9b:c1:94:18:8d:cc:02:aa:00:27:92:af:
                    de:10:2c:86:84:0f:95:e4:46:99:e4:60:3e:e5:bc:
                    bf:b6:2d:b9:60:b7:30:1f:d2:43:ac:a2:42:8b:9b:
                    68:09:71:28:88:62:1d:76:ad:aa:7c:97:92:b7:40:
                    7d:29:ef:12:66:bf:c0:0b:3b:23:42:6d:19:8c:ae:
                    05:94:aa:48:1e:7f:6e:2b:8f:7f:da:cd:05:39:9f:
                    4a:9c:96:dc:0e:98:8f:cf:b9:ed:d7:b3:eb:5d:e1:
                    8d:38:bb:d3:62:9f:b0:23:6d:cf:97:f2:b4:f5:00:
                    eb:97:28:f9:fb:b5:cf:6f:ff:40:4b:ad:6b:a7:a4:
                    9e:05:6e:45:67:61:16:2d:e0:59:fe:61:b1:47:a8:
                    3e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:E3:97:38:53:64:8D:A9:ED:48:25:BE:AE:36:42:42:63:B9:54:6F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/o-OXOFNkjantSCW-rjZCQmO5VG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.253.0/24
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:fe:bf:b6:27:05:a9:63:ce:10:88:ae:3f:1b:23:b3:73:71:
         b2:fa:c4:dd:b2:a5:ad:89:db:0a:d4:5b:25:47:70:b3:e1:16:
         fb:a6:50:cb:a6:03:b2:72:e3:e0:1c:e5:41:72:2b:51:74:38:
         9e:fb:b8:31:85:5c:2f:20:83:14:56:03:e2:df:a2:89:01:c8:
         a2:33:a0:f0:29:7b:fe:98:f1:73:02:17:03:56:12:df:f6:de:
         99:dd:65:19:6a:f1:b4:6c:be:75:3c:84:79:2f:9a:d8:3e:09:
         26:9f:1d:bc:f4:50:b1:d4:aa:b3:7c:fc:91:a6:c5:cb:1b:f1:
         57:8f:73:c3:56:13:ac:76:8a:a7:06:5b:64:75:fe:08:e1:fd:
         06:97:87:39:49:16:ba:76:75:e9:b1:34:06:17:aa:e7:0c:94:
         e9:c8:8c:82:14:96:a7:52:1e:db:26:81:41:12:e6:c4:10:93:
         0b:03:84:2f:e9:e2:ad:5d:df:c4:ec:31:c7:e1:87:22:8d:51:
         c2:1e:ed:55:55:25:e2:73:f3:f1:5a:e8:c8:2d:c6:81:29:3f:
         2b:43:59:60:95:32:73:ba:e6:16:f2:bc:89:5f:b2:2a:6a:7b:
         bb:57:b4:2a:52:b8:fd:3f:14:b6:ac:33:59:f8:08:07:af:db:
         92:b7:51:7c
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYkcgvAZjVVeeRowe5UOHT3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzAzMTYwODEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2UzOTczODUzNjQ4ZGE5ZWQ0ODI1YmVhZTM2NDI0MjYzYjk1NDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtoiHxXE7AdL19wLdNl3lN/23kAj
pVtIsQqZs1I3oqSwOtwf7AMvHsHdtkysyW2qw3ez45v20iX8Q/pFNQACchvNk0Te
U6vb7QcKgy3thXJ/cbJzqV0vKke7eQWoEzxXCeC2QOcf/1lBeKCbwZQYjcwCqgAn
kq/eECyGhA+V5EaZ5GA+5by/ti25YLcwH9JDrKJCi5toCXEoiGIddq2qfJeSt0B9
Ke8SZr/ACzsjQm0ZjK4FlKpIHn9uK49/2s0FOZ9KnJbcDpiPz7nt17PrXeGNOLvT
Yp+wI23Pl/K09QDrlyj5+7XPb/9AS61rp6SeBW5FZ2EWLeBZ/mGxR6g+mwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFKPjlzhTZI2p7Uglvq42QkJjuVRvMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvby1PWE9GTmtqYW50U0NXLXJqWkNRbU81Vkc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAUah3AwQA
Uah7AwQAUphsAwQAUphvAwQAUpj9AwQAUplJAwQCUpmIAwQAUpnfAwQAUpn2AwQB
Upn4MA0GCSqGSIb3DQEBCwUAA4IBAQBt/r+2JwWpY84QiK4/GyOzc3Gy+sTdsqWt
idsK1FslR3Cz4Rb7plDLpgOycuPgHOVBcitRdDie+7gxhVwvIIMUVgPi36KJAcii
M6DwKXv+mPFzAhcDVhLf9t6Z3WUZavG0bL51PIR5L5rYPgkmnx289FCx1KqzfPyR
psXLG/FXj3PDVhOsdoqnBltkdf4I4f0Gl4c5SRa6dnXpsTQGF6rnDJTpyIyCFJan
Uh7bJoFBEubEEJMLA4Qv6eKtXd/E7DHH4YcijVHCHu1VVSXic/PxWujILcaBKT8r
Q1lglTJzuuYW8ryJX7Iqanu7V7QqUrj9PxS2rDNZ+AgHr9uSt1F8
-----END CERTIFICATE-----