Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/u69U-mrz3zO7EmOgD31G3CyoMmM.roa
File:                     u69U-mrz3zO7EmOgD31G3CyoMmM.roa (raw, json)
Hash identifier:          gCCaUKBL3oVFobHTyk/nOQoNSWfp/ZUjqs31EE5buJM=
Subject key identifier:   BB:AF:54:FA:6A:F3:DF:33:BB:12:63:A0:0F:7D:46:DC:2C:A8:32:63
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018870D8ECE4EBB0ED3ADA1C10B68F7CBED4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/u69U-mrz3zO7EmOgD31G3CyoMmM.roa
Signing time:             Wed 31 May 2023 08:07:24 +0000
ROA not before:           Wed 31 May 2023 08:07:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.174.0/23 maxlen: 23
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.249.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.222.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:70:d8:ec:e4:eb:b0:ed:3a:da:1c:10:b6:8f:7c:be:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 31 08:07:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bbaf54fa6af3df33bb1263a00f7d46dc2ca83263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1f:64:75:65:34:57:44:73:e8:1c:26:61:44:
                    ef:cd:21:4d:73:1f:e9:44:ed:ff:09:b5:a6:59:19:
                    20:ba:c6:ae:22:96:1a:ed:4b:9a:f7:48:cf:89:df:
                    eb:1f:a6:a6:72:97:91:81:cb:12:b5:b2:46:86:9e:
                    fb:06:cc:8b:f0:1c:9e:22:ef:a3:72:9d:5e:d1:ec:
                    05:81:8a:eb:75:31:5d:4b:9f:70:23:7d:92:e7:cf:
                    07:08:b2:99:a4:ea:31:68:3e:8a:7a:ab:f7:f2:b3:
                    79:1d:42:44:fd:24:a3:2f:d0:f8:9a:45:ad:da:fa:
                    ff:16:33:df:f2:8f:92:2c:2f:4a:78:85:06:17:cd:
                    3f:d0:b7:e0:30:ca:44:f7:f5:2c:e5:a0:fb:80:8c:
                    d7:b8:82:9f:4d:3c:3b:8f:3f:25:44:c0:7b:0a:16:
                    90:cb:54:c1:13:ae:04:1d:94:a3:ac:0f:bb:cf:69:
                    1e:18:d6:c5:30:52:2d:84:99:54:62:9e:c8:a3:3f:
                    08:33:ef:55:83:cb:70:24:9a:70:01:ec:b5:6e:c0:
                    1c:1c:67:f8:46:fd:08:83:d7:bf:b3:e9:9d:bd:5c:
                    9b:6b:61:0a:ec:62:d6:0c:45:17:05:31:32:13:e6:
                    f9:82:b5:6a:ba:06:83:d1:6c:ca:ad:73:77:12:dd:
                    da:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:AF:54:FA:6A:F3:DF:33:BB:12:63:A0:0F:7D:46:DC:2C:A8:32:63
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/u69U-mrz3zO7EmOgD31G3CyoMmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.174.0/23
                  82.152.249.0/24
                  82.152.251.0/24
                  82.152.253.0/24
                  82.152.255.0/24
                  82.153.64.0/24
                  82.153.73.0/24
                  82.153.222.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:48:e6:52:59:3f:5e:0d:86:f0:be:e5:df:18:05:84:ed:c9:
         d5:ee:5e:79:1e:cd:0c:96:43:bd:90:5b:6a:f1:a9:27:11:2d:
         b1:9d:ed:dc:a4:45:41:0a:cf:97:3d:aa:52:bf:57:35:57:93:
         00:81:05:e4:64:9d:e5:80:dd:61:7d:7e:0e:7a:8a:b9:1a:18:
         1a:8b:f7:62:77:be:c3:7f:d5:47:0c:19:ef:bd:5c:e9:2c:9b:
         56:9b:a0:24:b0:0a:a4:b0:67:3a:36:bc:9c:dc:8e:26:e4:ae:
         18:b6:a8:10:4d:99:19:c4:f7:89:2c:a2:4e:4b:be:d8:12:ca:
         88:8d:ce:33:f3:64:f5:c1:32:c0:81:71:84:46:00:01:31:e2:
         89:82:43:69:bb:b2:de:3e:ff:35:4a:a4:ad:ba:bb:81:a9:c5:
         61:26:c5:b4:80:41:4c:88:af:b5:2c:4d:cc:76:27:2f:df:6b:
         27:f3:0d:9a:6f:e1:03:a7:5d:74:84:9c:bf:d7:dc:89:6a:6d:
         b3:c1:83:8e:61:95:b2:3f:19:96:1c:dd:12:04:c8:4b:8a:7b:
         4f:99:58:62:bb:04:86:d8:66:a0:36:95:9d:75:ad:46:a5:77:
         ff:bc:72:6f:6a:e2:7d:1d:35:e4:e4:ed:5f:a1:d8:89:53:70:
         d6:7c:ce:e9
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYhw2Ozk67DtOtocELaPfL7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTMxMDgwNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmFmNTRmYTZhZjNkZjMzYmIxMjYzYTAwZjdkNDZkYzJjYTgzMjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzB9kdWU0V0Rz6BwmYUTvzSFNcx/p
RO3/CbWmWRkgusauIpYa7Uua90jPid/rH6amcpeRgcsStbJGhp77BsyL8ByeIu+j
cp1e0ewFgYrrdTFdS59wI32S588HCLKZpOoxaD6Keqv38rN5HUJE/SSjL9D4mkWt
2vr/FjPf8o+SLC9KeIUGF80/0LfgMMpE9/Us5aD7gIzXuIKfTTw7jz8lRMB7ChaQ
y1TBE64EHZSjrA+7z2keGNbFMFIthJlUYp7Ioz8IM+9Vg8twJJpwAey1bsAcHGf4
Rv0Ig9e/s+mdvVyba2EK7GLWDEUXBTEyE+b5grVqugaD0WzKrXN3Et3aFQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFLuvVPpq898zuxJjoA99RtwsqDJjMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdTY5VS1tcnozek83RW1PZ0QzMUczQ3lvTW1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAUah3AwQA
Uah7AwQBUpiuAwQAUpj5AwQAUpj7AwQAUpj9AwQAUpj/AwQAUplAAwQAUplJAwQA
UpneAwQBUpn4MA0GCSqGSIb3DQEBCwUAA4IBAQBXSOZSWT9eDYbwvuXfGAWE7cnV
7l55Hs0MlkO9kFtq8aknES2xne3cpEVBCs+XPapSv1c1V5MAgQXkZJ3lgN1hfX4O
eoq5Ghgai/did77Df9VHDBnvvVzpLJtWm6AksAqksGc6Nryc3I4m5K4YtqgQTZkZ
xPeJLKJOS77YEsqIjc4z82T1wTLAgXGERgABMeKJgkNpu7LePv81SqSturuBqcVh
JsW0gEFMiK+1LE3Mdicv32sn8w2ab+EDp110hJy/19yJam2zwYOOYZWyPxmWHN0S
BMhLintPmVhiuwSG2GagNpWdda1GpXf/vHJvauJ9HTXk5O1fodiJU3DWfM7p
-----END CERTIFICATE-----