Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oLj1UQ7BgmmvnmLBMjMEXMPx4Ok.roa
File:                     oLj1UQ7BgmmvnmLBMjMEXMPx4Ok.roa (raw, json)
Hash identifier:          JJy1l5PyIRVpyl49ai3s64xXWRoPt92lF0c3+1emqS0=
Subject key identifier:   A0:B8:F5:51:0E:C1:82:69:AF:9E:62:C1:32:33:04:5C:C3:F1:E0:E9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01887268D57F3C04C94787D5497495A3BC27
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oLj1UQ7BgmmvnmLBMjMEXMPx4Ok.roa
Signing time:             Wed 31 May 2023 15:24:13 +0000
ROA not before:           Wed 31 May 2023 15:24:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.68.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          81.5.189.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:72:68:d5:7f:3c:04:c9:47:87:d5:49:74:95:a3:bc:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 31 15:24:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a0b8f5510ec18269af9e62c13233045cc3f1e0e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4b:d6:5b:8c:fd:9b:48:17:d8:b1:b3:28:11:
                    b2:b7:52:0a:ac:25:9d:ac:00:7a:98:87:2e:14:8a:
                    f1:6c:a4:70:cf:62:56:d6:64:b1:83:40:d7:d8:e9:
                    9d:ec:e4:72:b7:a4:53:38:cf:a5:d6:c0:7b:f9:6e:
                    f2:24:d6:58:f7:32:bb:91:4c:7b:4e:6f:b7:71:d2:
                    8d:97:11:04:01:b0:84:c5:e9:ce:3f:cd:91:ee:e5:
                    8c:a9:0f:56:38:b1:cd:9c:c8:01:c4:30:81:6b:b6:
                    48:48:a2:4e:65:05:6b:09:03:a5:95:60:3e:c8:1c:
                    28:5a:67:76:a2:ec:e3:88:42:c0:36:91:49:59:f7:
                    16:bb:d0:7c:c2:8f:ab:ce:9f:ea:98:23:ad:e7:68:
                    34:cb:b8:b6:31:bc:86:27:66:38:b5:88:98:88:1a:
                    41:bb:6e:b8:3c:c0:71:57:4a:ad:d6:e0:e8:b8:ca:
                    72:f8:ea:6b:8d:64:fa:59:78:fb:22:0f:24:7b:f7:
                    c0:e0:1b:42:86:9b:3d:41:9f:2d:87:ee:eb:4e:87:
                    c6:0a:15:3f:81:75:67:a5:c3:19:aa:d5:5a:31:87:
                    1e:83:43:e5:85:28:3e:f9:2d:ed:2c:bd:09:12:1e:
                    6f:e8:59:d8:ed:4f:39:de:3e:5f:63:8f:03:81:fe:
                    e4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B8:F5:51:0E:C1:82:69:AF:9E:62:C1:32:33:04:5C:C3:F1:E0:E9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oLj1UQ7BgmmvnmLBMjMEXMPx4Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.189.0/24
                  81.168.35.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.253.0-82.152.254.255
                  82.153.1.0/24
                  82.153.68.0/23
                  82.153.71.0-82.153.72.255
                  82.153.78.0/24
                  82.153.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:f6:8c:cc:f8:42:e6:eb:a4:c3:64:43:35:69:fc:b6:13:40:
         56:14:cd:da:10:e3:ba:f8:c9:53:f4:d7:1e:8a:e7:37:a2:65:
         f1:a8:01:de:ca:eb:2a:44:85:78:47:f0:2e:89:b3:7e:ee:6c:
         3c:1f:f3:d5:49:81:58:7b:57:48:60:d8:a7:ca:f9:4c:27:5e:
         fc:e9:5a:e9:e1:ab:91:a1:37:fd:38:63:d7:73:e6:bb:eb:4f:
         68:15:4d:c0:f8:29:12:0b:40:a0:66:97:de:1d:ed:b9:2f:8c:
         d1:8c:6f:08:e7:5b:31:44:9c:97:65:dd:0d:9b:03:69:e8:98:
         71:57:88:db:5b:18:3c:5f:22:3f:82:30:b4:9d:61:ef:de:75:
         95:f9:95:0e:a4:30:5e:87:e3:11:bc:70:e0:02:66:5b:20:d7:
         ad:a5:8e:3d:ea:e2:53:5d:a8:d2:f5:52:2e:8a:22:75:90:71:
         85:59:71:e7:b5:c0:11:f6:f1:07:17:67:d5:58:11:d0:b2:ba:
         2a:f6:ce:ef:e2:2b:42:e8:55:10:26:2e:38:8c:1a:72:16:88:
         66:d9:c7:05:9b:f1:1e:e8:2b:0a:f7:e3:a1:bd:c3:f2:50:f1:
         38:c2:07:fc:23:5c:13:48:07:01:a6:eb:24:11:a5:a6:72:a9:
         51:93:09:75
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYhyaNV/PATJR4fVSXSVo7wnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTMxMTUyNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGI4ZjU1MTBlYzE4MjY5YWY5ZTYyYzEzMjMzMDQ1Y2MzZjFlMGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUvWW4z9m0gX2LGzKBGyt1IKrCWd
rAB6mIcuFIrxbKRwz2JW1mSxg0DX2Omd7ORyt6RTOM+l1sB7+W7yJNZY9zK7kUx7
Tm+3cdKNlxEEAbCExenOP82R7uWMqQ9WOLHNnMgBxDCBa7ZISKJOZQVrCQOllWA+
yBwoWmd2ouzjiELANpFJWfcWu9B8wo+rzp/qmCOt52g0y7i2MbyGJ2Y4tYiYiBpB
u264PMBxV0qt1uDouMpy+OprjWT6WXj7Ig8ke/fA4BtChps9QZ8th+7rTofGChU/
gXVnpcMZqtVaMYceg0PlhSg++S3tLL0JEh5v6FnY7U853j5fY48Dgf7kYwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFKC49VEOwYJpr55iwTIzBFzD8eDpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb0xqMVVRN0JnbW12bm1MQk1qTUVYTVB4NE9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQAUQW9AwQA
UagjMAwDBABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmPgDBABSmPswDAMEAFKY
/QMEAFKY/gMEAFKZAQMEAVKZRDAMAwQAUplHAwQAUplIAwQAUplOAwQAUpmEMA0G
CSqGSIb3DQEBCwUAA4IBAQAx9ozM+ELm66TDZEM1afy2E0BWFM3aEOO6+MlT9Nce
iuc3omXxqAHeyusqRIV4R/AuibN+7mw8H/PVSYFYe1dIYNinyvlMJ1786Vrp4auR
oTf9OGPXc+a7609oFU3A+CkSC0CgZpfeHe25L4zRjG8I51sxRJyXZd0NmwNp6Jhx
V4jbWxg8XyI/gjC0nWHv3nWV+ZUOpDBeh+MRvHDgAmZbINetpY496uJTXajS9VIu
iiJ1kHGFWXHntcAR9vEHF2fVWBHQsroq9s7v4itC6FUQJi44jBpyFohm2ccFm/Ee
6CsK9+OhvcPyUPE4wgf8I1wTSAcBpuskEaWmcqlRkwl1
-----END CERTIFICATE-----