Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rZwz1D8BQ26RpbwLa-X_3Heca4c.roa
File:                     rZwz1D8BQ26RpbwLa-X_3Heca4c.roa (raw, json)
Hash identifier:          RjDSq6i11gJ+a5aIPgxxgvVIF//fykmISy3OCKd8++c=
Subject key identifier:   AD:9C:33:D4:3F:01:43:6E:91:A5:BC:0B:6B:E5:FF:DC:77:9C:6B:87
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018926BD59B41E4841ACD2C0E1ACF08FA1F2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rZwz1D8BQ26RpbwLa-X_3Heca4c.roa
Signing time:             Wed 05 Jul 2023 15:48:10 +0000
ROA not before:           Wed 05 Jul 2023 15:48:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.242.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:26:bd:59:b4:1e:48:41:ac:d2:c0:e1:ac:f0:8f:a1:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  5 15:48:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad9c33d43f01436e91a5bc0b6be5ffdc779c6b87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:74:da:de:a2:75:33:f3:0c:32:cb:ed:b1:70:
                    a2:28:71:03:be:1e:98:6b:ca:10:4f:a1:4d:d3:45:
                    e4:d9:39:1a:04:15:a8:96:f3:ff:08:a8:ab:8d:78:
                    a9:5d:82:97:09:98:64:c1:be:f4:91:ff:59:f4:c5:
                    db:b0:0b:89:5d:9b:64:06:ef:41:c6:4d:13:3e:15:
                    fb:f9:7c:79:6e:95:85:63:5b:73:9c:7b:b8:23:da:
                    82:1c:a0:c7:c7:84:19:e0:8f:e3:4f:fa:90:58:d2:
                    b5:87:13:0f:67:ce:c1:95:42:44:be:86:0a:b9:47:
                    01:72:e0:09:a3:ad:a3:84:10:ee:f0:5a:80:c9:e8:
                    18:39:52:f5:97:6c:4e:9f:1e:24:59:37:ec:ad:9a:
                    e7:c3:b2:d7:f7:11:75:cf:6b:4e:9f:12:1b:82:7a:
                    d6:81:bc:39:44:c6:90:37:c1:99:0f:52:00:ef:1b:
                    a4:a1:e4:6c:6a:f5:2c:34:91:7f:61:fa:c3:e1:dc:
                    5b:a9:92:66:7b:7b:75:17:e6:5d:93:d8:cc:2a:b1:
                    03:d4:fe:de:e9:98:50:9a:d9:cd:49:3b:73:02:b3:
                    e9:e0:58:ea:ad:b6:4c:10:1e:74:04:68:fc:68:d7:
                    5b:b6:cb:03:d7:d9:e8:fd:31:21:ef:9f:fc:3b:93:
                    19:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9C:33:D4:3F:01:43:6E:91:A5:BC:0B:6B:E5:FF:DC:77:9C:6B:87
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rZwz1D8BQ26RpbwLa-X_3Heca4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.253.0/24
                  82.153.4.0/24
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.242.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:b3:68:16:9c:e8:56:da:ce:f2:96:f1:8d:f8:30:03:9b:79:
         5f:a2:12:ee:7e:2f:68:7e:df:e9:0b:2b:3a:e3:ab:d0:cd:02:
         6f:88:bb:07:11:a8:47:43:25:96:4d:6b:8c:f9:04:c6:4e:6f:
         50:1b:32:8d:35:fe:f6:61:42:ca:00:12:92:99:ee:df:42:b2:
         cf:c8:7c:ff:40:86:f8:fb:5a:4d:45:c6:4d:83:cf:39:06:ee:
         dd:4c:c3:55:52:37:ad:84:52:8f:83:86:3e:80:0f:cd:b7:a8:
         34:05:42:d0:4a:9a:97:ad:b7:8a:a1:a3:6d:00:8d:75:a5:06:
         58:fc:2f:42:ec:ca:7c:a9:7d:46:98:ee:b7:4e:88:3d:40:0d:
         e5:57:8e:bb:6f:82:4a:3b:14:48:9e:36:70:e4:75:e5:c5:1a:
         85:90:58:49:49:19:91:9a:87:65:e6:22:23:44:c4:a2:33:79:
         bd:e9:98:4d:51:5e:7e:44:33:6a:93:a9:8f:14:91:36:84:60:
         46:b0:a7:ec:eb:d5:6a:75:a7:5f:78:b0:37:c8:48:ab:50:45:
         76:d9:4c:e2:6c:38:2b:92:ae:f3:fb:12:52:db:25:25:2d:67:
         24:6a:49:0d:79:27:e1:e9:23:40:90:8d:9b:d3:5b:b8:52:57:
         5e:bb:dc:91
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYkmvVm0HkhBrNLA4azwj6HyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA1MTU0ODEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDljMzNkNDNmMDE0MzZlOTFhNWJjMGI2YmU1ZmZkYzc3OWM2Yjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHTa3qJ1M/MMMsvtsXCiKHEDvh6Y
a8oQT6FN00Xk2TkaBBWolvP/CKirjXipXYKXCZhkwb70kf9Z9MXbsAuJXZtkBu9B
xk0TPhX7+Xx5bpWFY1tznHu4I9qCHKDHx4QZ4I/jT/qQWNK1hxMPZ87BlUJEvoYK
uUcBcuAJo62jhBDu8FqAyegYOVL1l2xOnx4kWTfsrZrnw7LX9xF1z2tOnxIbgnrW
gbw5RMaQN8GZD1IA7xukoeRsavUsNJF/YfrD4dxbqZJme3t1F+Zdk9jMKrED1P7e
6ZhQmtnNSTtzArPp4FjqrbZMEB50BGj8aNdbtssD19no/TEh75/8O5MZ5wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFK2cM9Q/AUNukaW8C2vl/9x3nGuHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvclp3ejFEOEJRMjZScGJ3TGEtWF8zSGVjYTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAUah3AwQA
Uah7AwQAUphsAwQAUphvAwQAUpj9AwQAUpkEAwQAUplJAwQCUpmIAwQAUpnfAwQA
UpnyAwQAUpn2AwQBUpn4MA0GCSqGSIb3DQEBCwUAA4IBAQAcs2gWnOhW2s7ylvGN
+DADm3lfohLufi9oft/pCys646vQzQJviLsHEahHQyWWTWuM+QTGTm9QGzKNNf72
YULKABKSme7fQrLPyHz/QIb4+1pNRcZNg885Bu7dTMNVUjethFKPg4Y+gA/Nt6g0
BULQSpqXrbeKoaNtAI11pQZY/C9C7Mp8qX1GmO63Tog9QA3lV467b4JKOxRInjZw
5HXlxRqFkFhJSRmRmodl5iIjRMSiM3m96ZhNUV5+RDNqk6mPFJE2hGBGsKfs69Vq
dadfeLA3yEirUEV22UzibDgrkq7z+xJS2yUlLWckakkNeSfh6SNAkI2b01u4Ulde
u9yR
-----END CERTIFICATE-----