Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wANrmpfmUhVrIkqsDBUkNZmR3SE.roa
File:                     wANrmpfmUhVrIkqsDBUkNZmR3SE.roa (raw, json)
Hash identifier:          tZDbhybuuceOVFuYP72rxvCYFPpt9ohVi+O3TB0KSdw=
Subject key identifier:   C0:03:6B:9A:97:E6:52:15:6B:22:4A:AC:0C:15:24:35:99:91:DD:21
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018ACC175B88BC2DD68DBDCD386A5967C835
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wANrmpfmUhVrIkqsDBUkNZmR3SE.roa
Signing time:             Mon 25 Sep 2023 11:26:37 +0000
ROA not before:           Mon 25 Sep 2023 11:26:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.68.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          89.213.40.0/22 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:cc:17:5b:88:bc:2d:d6:8d:bd:cd:38:6a:59:67:c8:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 25 11:26:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c0036b9a97e652156b224aac0c1524359991dd21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:99:90:f6:e9:d5:e1:23:69:c0:1c:b8:d7:12:
                    9e:9b:6c:e7:4e:50:a9:0c:68:fc:04:34:81:be:3d:
                    37:28:63:4d:9d:61:38:fb:02:b9:69:de:3b:8f:ef:
                    66:4c:eb:07:04:be:fa:ac:28:4e:8d:73:72:66:d2:
                    32:25:88:b2:b3:58:b5:d1:b8:ed:22:b0:84:c0:17:
                    40:d9:67:35:8f:58:34:7b:c3:4c:1e:66:7e:42:b4:
                    40:b7:a4:bf:00:09:a6:5c:57:9d:78:fe:64:3f:39:
                    f5:41:58:c0:e8:30:12:07:96:eb:dc:43:94:6d:ef:
                    87:54:cb:3d:a8:b7:b9:54:e1:47:4d:0a:4f:e2:25:
                    38:4a:6d:33:48:d6:ca:6b:ce:0b:cf:48:8b:fc:b3:
                    57:bd:50:31:e0:ce:bd:5f:88:2e:69:69:b8:de:08:
                    59:9a:6c:2a:7d:43:74:6e:b8:5e:c3:6c:5a:ae:24:
                    06:79:56:7e:65:28:88:4b:94:ff:98:cf:1c:56:4d:
                    71:fb:09:41:8a:4d:89:65:e7:e3:a3:38:9e:77:99:
                    a8:b8:c8:fa:5d:a7:66:db:3f:ef:57:d8:b1:ba:bf:
                    39:ed:3a:98:84:6e:66:12:f0:d7:23:d9:85:6a:d1:
                    fa:c0:90:ad:97:c5:60:df:85:00:c4:6a:c5:bd:7e:
                    0d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:03:6B:9A:97:E6:52:15:6B:22:4A:AC:0C:15:24:35:99:91:DD:21
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wANrmpfmUhVrIkqsDBUkNZmR3SE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  81.168.126.0/24
                  82.153.68.0/24
                  82.153.71.0/24
                  82.153.136.0/22
                  89.213.40.0/22
                  89.213.145.0-89.213.146.255
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:91:b1:42:2b:22:34:77:1a:89:c0:d2:b6:b9:fe:51:79:ae:
         ca:f4:3a:12:7d:4c:ef:e5:de:0d:55:a4:9a:ab:50:5f:be:6e:
         2f:bf:dd:dd:08:a6:4e:17:eb:c4:49:da:87:fa:d8:10:5c:2c:
         23:37:eb:b4:68:d7:c1:fe:1b:c2:07:ed:60:cc:8c:30:e6:aa:
         7c:f7:af:a5:4b:38:da:02:e5:3c:d1:5d:16:09:e7:d3:18:66:
         f1:dc:be:29:f1:ec:86:78:6c:5b:ea:74:ca:1d:24:f4:24:da:
         0c:c2:77:21:1a:2b:55:ea:73:a1:ff:97:d7:c9:2f:41:27:05:
         8c:43:bb:3b:ba:2f:aa:1e:49:1a:c4:e0:3a:42:79:2b:7a:a0:
         ad:20:63:2a:27:4d:d0:9e:b7:5d:bc:00:ac:cb:aa:70:6b:4a:
         bd:84:04:c8:51:76:10:d1:26:4e:6c:5f:b3:a9:0b:f5:27:e1:
         d1:81:53:f4:5a:03:c5:da:a8:bf:85:df:ae:eb:ff:4a:2e:41:
         59:cd:ca:0d:7e:31:44:f6:ed:47:77:bd:df:4c:66:14:19:fb:
         de:61:78:19:0f:11:4e:51:df:f7:94:1c:80:5a:96:22:ea:57:
         ca:78:81:56:dd:33:20:ce:2b:3f:73:e5:8f:35:2f:3c:b1:f5:
         96:a4:f6:6b
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYrMF1uIvC3Wjb3NOGpZZ8g1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTI1MTEyNjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDAzNmI5YTk3ZTY1MjE1NmIyMjRhYWMwYzE1MjQzNTk5OTFkZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZmQ9unV4SNpwBy41xKem2znTlCp
DGj8BDSBvj03KGNNnWE4+wK5ad47j+9mTOsHBL76rChOjXNyZtIyJYiys1i10bjt
IrCEwBdA2Wc1j1g0e8NMHmZ+QrRAt6S/AAmmXFedeP5kPzn1QVjA6DASB5br3EOU
be+HVMs9qLe5VOFHTQpP4iU4Sm0zSNbKa84Lz0iL/LNXvVAx4M69X4guaWm43ghZ
mmwqfUN0brhew2xariQGeVZ+ZSiIS5T/mM8cVk1x+wlBik2JZefjozied5mouMj6
Xadm2z/vV9ixur857TqYhG5mEvDXI9mFatH6wJCtl8Vg34UAxGrFvX4NYQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFMADa5qX5lIVayJKrAwVJDWZkd0hMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd0FOcm1wZm1VaFZySWtxc0RCVWtOWm1SM1NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUagjAwQA
Uah3AwQAUah7AwQAUah+AwQAUplEAwQAUplHAwQCUpmIAwQCWdUoMAwDBABZ1ZED
BABZ1ZIDBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAC6RsUIrIjR3GonA
0ra5/lF5rsr0OhJ9TO/l3g1VpJqrUF++bi+/3d0Ipk4X68RJ2of62BBcLCM367Ro
18H+G8IH7WDMjDDmqnz3r6VLONoC5TzRXRYJ59MYZvHcvinx7IZ4bFvqdModJPQk
2gzCdyEaK1Xqc6H/l9fJL0EnBYxDuzu6L6oeSRrE4DpCeSt6oK0gYyonTdCet128
AKzLqnBrSr2EBMhRdhDRJk5sX7OpC/Un4dGBU/RaA8XaqL+F367r/0ouQVnNyg1+
MUT27Ud3vd9MZhQZ+95heBkPEU5R3/eUHIBaliLqV8p4gVbdMyDOKz9z5Y81Lzyx
9Zak9ms=
-----END CERTIFICATE-----