Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wqBQRPB82xq7P9pIfU7wm2-k1-Q.roa
File:                     wqBQRPB82xq7P9pIfU7wm2-k1-Q.roa (raw, json)
Hash identifier:          c6jhZ40L+HC6Omk+s2LRcTKOumrHI0iXvr/ur5fJ1Fk=
Subject key identifier:   C2:A0:50:44:F0:7C:DB:1A:BB:3F:DA:48:7D:4E:F0:9B:6F:A4:D7:E4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01897415B50431384C265885E628A44C3344
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wqBQRPB82xq7P9pIfU7wm2-k1-Q.roa
Signing time:             Thu 20 Jul 2023 16:15:26 +0000
ROA not before:           Thu 20 Jul 2023 16:15:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.191.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:74:15:b5:04:31:38:4c:26:58:85:e6:28:a4:4c:33:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 20 16:15:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c2a05044f07cdb1abb3fda487d4ef09b6fa4d7e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:93:15:d4:c1:6e:f2:0a:91:8f:c6:46:6f:80:
                    1d:74:e2:be:3c:3d:bd:57:9d:d3:10:8a:d8:e4:fd:
                    df:5b:9b:4c:a2:47:18:07:29:b7:7a:8f:6b:fb:bf:
                    28:ba:99:b2:76:c4:4e:6f:f6:0b:7c:e7:41:5b:ac:
                    60:98:5f:84:71:0a:87:d5:2f:00:66:12:16:aa:59:
                    cb:b3:2e:11:38:85:f1:20:ab:b5:81:6b:9d:ed:b0:
                    f1:ea:05:7d:ea:d6:a6:b6:a3:7c:44:bf:67:dd:f3:
                    89:75:17:ab:f9:6f:0a:08:9f:12:2b:ad:3d:44:a2:
                    78:1c:b6:e7:f0:f5:df:a9:14:b9:08:ef:bb:5e:49:
                    c5:3f:9b:2b:b3:37:75:2b:d3:62:3e:92:12:88:2a:
                    22:95:11:ba:c9:57:cb:05:17:2e:95:07:96:bd:5f:
                    6f:f0:49:14:85:1b:60:ee:83:55:57:73:56:0f:24:
                    da:2a:ad:30:87:7c:39:b9:fd:de:db:e9:1c:f3:00:
                    87:23:00:ac:3a:cb:8e:6b:f6:c8:4a:1e:0d:a7:d3:
                    8f:4b:a1:46:3f:e0:cc:9d:bb:0d:bf:80:95:dc:5c:
                    87:9a:2d:99:1f:f3:1b:90:0b:7f:ce:23:e0:51:19:
                    54:55:2f:44:db:c7:15:6e:81:9b:0c:93:1a:2a:7e:
                    8c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A0:50:44:F0:7C:DB:1A:BB:3F:DA:48:7D:4E:F0:9B:6F:A4:D7:E4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wqBQRPB82xq7P9pIfU7wm2-k1-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.249.0/24
                  89.213.131.0/24
                  89.213.191.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:35:2a:5a:4e:f1:12:f5:60:3a:f3:d4:bd:c8:53:8a:b0:31:
         d0:22:af:79:e2:97:27:0e:59:1a:99:d0:ff:41:52:61:f5:83:
         13:e7:dc:b7:1a:55:d6:af:a6:02:2a:ee:86:dd:96:bf:e5:b1:
         ff:45:72:1e:3f:3a:9e:44:b6:b9:1c:78:9d:65:fb:0f:e9:bd:
         da:e3:ed:d6:8e:33:85:3a:0e:8a:63:f8:18:3d:df:24:eb:2e:
         71:e7:d2:75:70:2a:ce:e0:6b:d2:fa:65:6f:b0:be:49:86:d6:
         88:df:8e:a7:54:2c:20:d8:03:50:13:1a:58:e9:a4:85:23:f5:
         af:fe:e6:fe:a7:6a:a3:7b:ab:b2:b5:2e:3b:3d:0a:8d:5a:dc:
         9c:88:34:c6:62:4f:ed:14:f4:d9:8d:f2:47:35:5b:9d:be:1f:
         07:73:04:f6:dc:a2:9a:ce:4e:db:ac:9d:d1:3d:a0:c2:73:8d:
         41:b8:07:f6:7e:97:76:8c:16:d9:6a:ad:f6:9a:75:7a:51:96:
         be:10:77:df:ac:f4:75:21:b9:fe:e8:9e:68:0f:b9:52:72:fd:
         bf:79:95:e4:42:06:f0:80:5b:44:38:a1:4e:b5:3f:c4:68:51:
         94:e5:ca:ad:c2:26:a4:91:80:3d:c4:3f:d2:ef:41:2b:69:e7:
         54:91:76:bc
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYl0FbUEMThMJliF5iikTDNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzIwMTYxNTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmEwNTA0NGYwN2NkYjFhYmIzZmRhNDg3ZDRlZjA5YjZmYTRkN2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJMV1MFu8gqRj8ZGb4AddOK+PD29
V53TEIrY5P3fW5tMokcYBym3eo9r+78oupmydsROb/YLfOdBW6xgmF+EcQqH1S8A
ZhIWqlnLsy4ROIXxIKu1gWud7bDx6gV96tamtqN8RL9n3fOJdRer+W8KCJ8SK609
RKJ4HLbn8PXfqRS5CO+7XknFP5srszd1K9NiPpISiCoilRG6yVfLBRculQeWvV9v
8EkUhRtg7oNVV3NWDyTaKq0wh3w5uf3e2+kc8wCHIwCsOsuOa/bISh4Np9OPS6FG
P+DMnbsNv4CV3FyHmi2ZH/MbkAt/ziPgURlUVS9E28cVboGbDJMaKn6MDQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFMKgUETwfNsauz/aSH1O8JtvpNfkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd3FCUVJQQjgyeHE3UDlwSWZVN3dtMi1rMS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphsAwQAUphvAwQBUpj8AwQAUpj/AwQAUplJAwQAUplOAwQC
UpmIAwQAUpnfAwQAUpn5AwQAWdWDAwQAWdW/AwQA1ZgqMA0GCSqGSIb3DQEBCwUA
A4IBAQAtNSpaTvES9WA689S9yFOKsDHQIq954pcnDlkamdD/QVJh9YMT59y3GlXW
r6YCKu6G3Za/5bH/RXIePzqeRLa5HHidZfsP6b3a4+3WjjOFOg6KY/gYPd8k6y5x
59J1cCrO4GvS+mVvsL5JhtaI346nVCwg2ANQExpY6aSFI/Wv/ub+p2qje6uytS47
PQqNWtyciDTGYk/tFPTZjfJHNVudvh8HcwT23KKazk7brJ3RPaDCc41BuAf2fpd2
jBbZaq32mnV6UZa+EHffrPR1Ibn+6J5oD7lScv2/eZXkQgbwgFtEOKFOtT/EaFGU
5cqtwiakkYA9xD/S70EraedUkXa8
-----END CERTIFICATE-----