Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ohZkyyd8LiBa0q71fJfg8vShh68.roa
File:                     ohZkyyd8LiBa0q71fJfg8vShh68.roa (raw, json)
Hash identifier:          mCIM63z/ueFP4NhTtHkRxEmg7BXM86GR4gvyfIgjm8s=
Subject key identifier:   A2:16:64:CB:27:7C:2E:20:5A:D2:AE:F5:7C:97:E0:F2:F4:A1:87:AF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018870D8ED70C832B33DDA0633EE68F72934
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ohZkyyd8LiBa0q71fJfg8vShh68.roa
Signing time:             Wed 31 May 2023 08:07:24 +0000
ROA not before:           Wed 31 May 2023 08:07:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.68.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:70:d8:ed:70:c8:32:b3:3d:da:06:33:ee:68:f7:29:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 31 08:07:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a21664cb277c2e205ad2aef57c97e0f2f4a187af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:85:f4:d6:2b:d0:dc:7a:56:30:36:a7:d6:1a:
                    82:48:f6:ed:c2:34:c7:d4:e4:d0:a8:69:e6:b8:d1:
                    07:4e:ec:d1:be:e5:0c:ad:ea:74:b6:e7:15:38:c8:
                    88:60:25:41:86:a9:f7:b4:13:01:cb:91:2a:76:67:
                    78:1b:47:5c:8c:0d:e6:41:65:e3:6b:a8:45:f6:40:
                    d1:9e:e0:d9:7b:d4:ae:f5:13:d4:b2:1c:70:05:c7:
                    bc:6c:cc:32:d5:e8:48:9b:81:7b:03:73:89:22:b3:
                    b7:26:92:e6:44:b3:41:c1:9a:7c:d2:36:05:fa:69:
                    da:9c:64:c1:42:93:fd:8e:bd:4b:38:13:06:18:58:
                    1f:8d:79:87:90:a8:37:0f:14:54:7d:82:39:e3:eb:
                    bc:77:45:b0:32:cd:3a:9e:6e:df:ca:45:d2:a7:34:
                    d4:c2:c8:fb:4a:96:d2:6f:d0:53:c1:e0:6e:52:e8:
                    b1:7d:09:23:d6:03:d6:34:69:f7:9d:ed:0c:8d:60:
                    e9:60:55:23:fb:fa:34:f0:1c:82:51:de:4f:67:c7:
                    75:c6:4c:f0:d4:6b:4d:aa:85:5f:a7:c0:e0:14:93:
                    ed:91:be:e3:09:aa:9c:18:07:4e:99:b0:9f:cc:84:
                    2e:a2:f9:3d:cd:17:10:bc:6d:97:89:df:08:5d:8e:
                    aa:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:16:64:CB:27:7C:2E:20:5A:D2:AE:F5:7C:97:E0:F2:F4:A1:87:AF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ohZkyyd8LiBa0q71fJfg8vShh68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.152.248.0/24
                  82.152.254.0/24
                  82.153.1.0/24
                  82.153.68.0/23
                  82.153.71.0-82.153.72.255
                  82.153.78.0/24
                  82.153.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:9a:aa:6d:41:fa:54:45:dd:1e:04:a4:d1:9e:b6:f2:8b:34:
         79:77:00:6e:45:f5:15:1f:86:ee:e3:ea:06:78:a4:da:4f:b4:
         c1:8a:30:db:2b:5a:16:4c:da:a8:a0:e5:16:fd:5b:9a:0c:13:
         3d:fd:11:d9:64:a2:f1:72:f5:b9:bf:9e:91:87:04:8a:a1:44:
         5c:22:8c:73:cb:75:e4:e4:77:c9:8a:54:dd:03:1e:ef:58:61:
         2a:9c:a0:8c:32:73:54:6a:5e:c2:ed:86:28:96:13:40:2f:01:
         c4:8d:0a:ce:e0:e9:73:17:9b:13:5e:4d:88:48:d3:43:de:7d:
         18:37:41:88:a9:56:9d:93:92:b0:57:c3:3a:a2:81:8b:1a:51:
         a0:c9:3a:23:a3:fe:44:ed:11:df:c8:e7:b3:80:23:b9:58:cb:
         e9:b2:3d:4f:39:1c:cf:3b:e1:2b:65:48:c6:da:b1:d9:ad:d1:
         38:44:23:d3:d4:c9:c4:63:1c:b0:a3:d2:0e:fe:49:51:a2:37:
         70:56:69:4e:bd:3a:ee:50:10:6f:3d:ce:88:b2:64:ca:03:12:
         76:ca:0b:84:7c:cb:fa:63:76:66:69:f3:4c:55:7f:e9:0c:ae:
         6b:e6:02:6e:ad:28:3f:11:2b:6a:53:bc:be:50:f5:51:ac:bb:
         e0:41:c9:24
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYhw2O1wyDKzPdoGM+5o9yk0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTMxMDgwNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE2NjRjYjI3N2MyZTIwNWFkMmFlZjU3Yzk3ZTBmMmY0YTE4N2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYX01ivQ3HpWMDan1hqCSPbtwjTH
1OTQqGnmuNEHTuzRvuUMrep0tucVOMiIYCVBhqn3tBMBy5Eqdmd4G0dcjA3mQWXj
a6hF9kDRnuDZe9Su9RPUshxwBce8bMwy1ehIm4F7A3OJIrO3JpLmRLNBwZp80jYF
+mnanGTBQpP9jr1LOBMGGFgfjXmHkKg3DxRUfYI54+u8d0WwMs06nm7fykXSpzTU
wsj7SpbSb9BTweBuUuixfQkj1gPWNGn3ne0MjWDpYFUj+/o08ByCUd5PZ8d1xkzw
1GtNqoVfp8DgFJPtkb7jCaqcGAdOmbCfzIQuovk9zRcQvG2Xid8IXY6qsQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFKIWZMsnfC4gWtKu9XyX4PL0oYevMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb2haa3l5ZDhMaUJhMHE3MWZKZmc4dlNoaDY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAUagjMAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmPgDBABSmP4DBABSmQEDBAFSmUQw
DAMEAFKZRwMEAFKZSAMEAFKZTgMEAFKZhDANBgkqhkiG9w0BAQsFAAOCAQEAX5qq
bUH6VEXdHgSk0Z628os0eXcAbkX1FR+G7uPqBnik2k+0wYow2ytaFkzaqKDlFv1b
mgwTPf0R2WSi8XL1ub+ekYcEiqFEXCKMc8t15OR3yYpU3QMe71hhKpygjDJzVGpe
wu2GKJYTQC8BxI0KzuDpcxebE15NiEjTQ959GDdBiKlWnZOSsFfDOqKBixpRoMk6
I6P+RO0R38jns4AjuVjL6bI9TzkczzvhK2VIxtqx2a3ROEQj09TJxGMcsKPSDv5J
UaI3cFZpTr067lAQbz3OiLJkygMSdsoLhHzL+mN2ZmnzTFV/6Qyua+YCbq0oPxEr
alO8vlD1Uay74EHJJA==
-----END CERTIFICATE-----