Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pXjnsK6EESChtwoi71Ua0ha08y0.roa
File:                     pXjnsK6EESChtwoi71Ua0ha08y0.roa (raw, json)
Hash identifier:          OzWZOOTo3JvppcA7JC0epkK1V+QuKjwtqry9xjEKo5g=
Subject key identifier:   A5:78:E7:B0:AE:84:11:20:A1:B7:0A:22:EF:55:1A:D2:16:B4:F3:2D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CB1686665428B546C980ADDDAB570E1A4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pXjnsK6EESChtwoi71Ua0ha08y0.roa
Signing time:             Thu 28 Dec 2023 17:10:58 +0000
ROA not before:           Thu 28 Dec 2023 17:10:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.191.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:b1:68:66:65:42:8b:54:6c:98:0a:dd:da:b5:70:e1:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 28 17:10:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a578e7b0ae841120a1b70a22ef551ad216b4f32d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:65:62:8f:9e:28:e5:8d:01:2e:a1:0a:3d:1e:
                    6e:3e:49:27:b5:46:2f:d2:39:d7:07:fe:af:fd:1d:
                    7c:58:71:27:3d:04:36:56:a9:38:c6:54:c0:cc:b5:
                    07:17:1a:79:c8:fe:f1:91:c7:30:10:75:96:73:e2:
                    0e:33:0e:0b:94:e6:af:2a:06:a8:3b:60:9e:d1:f4:
                    bf:61:04:da:af:9e:ce:5f:04:36:16:5b:fa:a3:47:
                    ad:f4:54:69:0e:f6:3d:82:9a:01:0e:94:75:d3:e0:
                    dc:c7:34:0d:cb:f8:76:66:65:82:8e:eb:45:ce:62:
                    c0:e6:f7:c3:77:32:7d:c4:df:23:d6:f3:41:17:b3:
                    3f:53:13:96:70:bc:3b:e4:ef:db:51:d2:7f:1e:bb:
                    c8:1e:05:f5:20:9c:e0:06:14:c2:c9:19:da:03:51:
                    91:9b:b2:51:1d:c7:82:13:75:f3:72:2b:87:6d:0a:
                    da:10:1b:05:df:19:e4:9a:f5:60:1b:cf:f4:e0:1f:
                    9f:bf:4d:8a:94:17:72:bd:c3:06:d0:ba:d2:3c:01:
                    d4:c0:90:86:b2:90:59:81:12:c8:62:98:a5:87:ed:
                    dd:a2:bf:f0:8f:a8:58:63:8c:b1:77:3a:4c:53:c7:
                    ca:88:2e:2b:75:1a:93:0b:9a:c8:55:4c:35:8d:84:
                    51:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:78:E7:B0:AE:84:11:20:A1:B7:0A:22:EF:55:1A:D2:16:B4:F3:2D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pXjnsK6EESChtwoi71Ua0ha08y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  89.213.147.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/23
                  89.213.191.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:47:32:c7:83:e6:8c:0a:4b:cd:02:1d:b6:7b:d2:06:08:21:
         70:8d:33:0d:c9:47:00:7f:d0:4e:2e:b9:8b:98:bc:11:d1:1a:
         41:58:9c:76:d9:27:05:87:66:bf:46:d4:ea:21:dc:bb:b7:e7:
         4c:a3:39:87:b5:72:8d:35:86:71:04:61:93:56:22:31:e4:69:
         5f:f1:08:16:35:ac:62:1a:bf:4f:eb:40:06:af:65:a6:0e:42:
         78:df:78:1a:3d:bd:41:d8:7d:9a:f5:c6:7a:f1:66:af:9d:33:
         d4:16:db:41:64:89:0c:50:07:d2:74:f3:9e:c4:06:69:c2:31:
         67:25:f3:90:bd:af:9e:8b:c6:01:40:f6:68:cf:9f:8e:66:38:
         99:48:ca:07:a3:11:95:36:b2:f8:6c:f8:95:da:c6:08:85:00:
         49:1c:8e:a5:be:db:13:9c:37:83:8d:e8:c1:49:73:c0:d7:e1:
         28:53:b3:cd:dc:59:26:a7:68:63:38:fe:6d:85:a2:76:77:e7:
         81:e7:11:49:14:ce:5a:ff:91:24:98:4c:04:2d:79:73:b4:95:
         fe:aa:01:a9:e7:39:86:34:3f:1b:84:96:7f:27:fe:01:bc:8d:
         94:c2:1a:34:23:49:8f:c7:46:6d:2b:1f:f6:64:62:69:74:5e:
         33:23:33:a0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYyxaGZlQotUbJgK3dq1cOGkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjI4MTcxMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTc4ZTdiMGFlODQxMTIwYTFiNzBhMjJlZjU1MWFkMjE2YjRmMzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmVij54o5Y0BLqEKPR5uPkkntUYv
0jnXB/6v/R18WHEnPQQ2Vqk4xlTAzLUHFxp5yP7xkccwEHWWc+IOMw4LlOavKgao
O2Ce0fS/YQTar57OXwQ2Flv6o0et9FRpDvY9gpoBDpR10+DcxzQNy/h2ZmWCjutF
zmLA5vfDdzJ9xN8j1vNBF7M/UxOWcLw75O/bUdJ/HrvIHgX1IJzgBhTCyRnaA1GR
m7JRHceCE3XzciuHbQraEBsF3xnkmvVgG8/04B+fv02KlBdyvcMG0LrSPAHUwJCG
spBZgRLIYpilh+3dor/wj6hYY4yxdzpMU8fKiC4rdRqTC5rIVUw1jYRR7QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKV457CuhBEgobcKIu9VGtIWtPMtMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcFhqbnNLNkVFU0NodHdvaTcxVWEwaGEwOHkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQC
UpmIMAwDBABZ1ZMDBAVZ1YADBAJZ1awDBAFZ1bQDBABZ1b8DBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAIdHMseD5owKS80CHbZ70gYIIXCNMw3JRwB/0E4u
uYuYvBHRGkFYnHbZJwWHZr9G1Ooh3Lu350yjOYe1co01hnEEYZNWIjHkaV/xCBY1
rGIav0/rQAavZaYOQnjfeBo9vUHYfZr1xnrxZq+dM9QW20FkiQxQB9J0857EBmnC
MWcl85C9r56LxgFA9mjPn45mOJlIygejEZU2svhs+JXaxgiFAEkcjqW+2xOcN4ON
6MFJc8DX4ShTs83cWSanaGM4/m2FonZ354HnEUkUzlr/kSSYTAQteXO0lf6qAann
OYY0PxuEln8n/gG8jZTCGjQjSY/HRm0rH/ZkYml0XjMjM6A=
-----END CERTIFICATE-----