Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PTSRKhwT8eCsH-ocsjaKerxTyqE.roa
File:                     PTSRKhwT8eCsH-ocsjaKerxTyqE.roa (raw, json)
Hash identifier:          CI+ySgtVZ+Z4KP8n03e2cpiigMVBB4jIf033h6uXebg=
Subject key identifier:   3D:34:91:2A:1C:13:F1:E0:AC:1F:EA:1C:B2:36:8A:7A:BC:53:CA:A1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018926B9B152619AA452507E9E6A45DD8F99
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PTSRKhwT8eCsH-ocsjaKerxTyqE.roa
Signing time:             Wed 05 Jul 2023 15:44:11 +0000
ROA not before:           Wed 05 Jul 2023 15:44:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     397563
IP address blocks:        89.213.44.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          89.213.45.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:26:b9:b1:52:61:9a:a4:52:50:7e:9e:6a:45:dd:8f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  5 15:44:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3d34912a1c13f1e0ac1fea1cb2368a7abc53caa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8f:44:89:6b:ff:d6:2c:cb:b7:70:00:84:b9:
                    77:1c:ec:98:cb:8c:d9:f8:e5:72:6a:2b:10:1c:62:
                    82:71:6e:df:52:c3:eb:71:11:52:7d:72:9d:83:ef:
                    3b:7f:26:8b:5f:b1:e4:04:dc:ec:6e:44:77:39:ea:
                    9b:6c:0e:aa:5d:43:80:3d:c8:2d:4c:9a:66:b3:6d:
                    ff:d7:37:02:0a:d0:2c:9d:b2:ec:ee:9a:32:f3:17:
                    32:59:d1:95:89:b7:fc:fd:d6:1e:a2:d3:50:ab:db:
                    0f:b1:1e:e3:1a:8f:1a:fd:1d:fd:1f:a0:42:59:91:
                    90:46:23:ba:54:e7:94:30:0a:90:a2:5d:ff:33:45:
                    35:c0:ec:3f:ea:a1:e4:3f:86:d0:4d:d1:30:10:a7:
                    a7:9c:e5:83:2a:26:b2:4c:e3:08:d4:7e:41:85:39:
                    c6:75:75:3f:fb:ce:7e:b8:df:2a:f3:cf:2c:57:cc:
                    46:e5:96:17:d4:94:93:2b:6b:33:bb:86:1f:b0:54:
                    f8:82:14:3b:6f:50:9f:e3:c8:f3:bf:69:b8:b6:aa:
                    52:79:66:ae:61:88:17:b5:87:16:1c:7e:a9:57:4b:
                    b6:17:3c:51:7e:c1:37:30:82:cb:6f:1e:7c:3d:e4:
                    ff:ef:3e:6c:61:c5:61:ae:96:ab:2f:f9:08:8e:da:
                    03:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:34:91:2A:1C:13:F1:E0:AC:1F:EA:1C:B2:36:8A:7A:BC:53:CA:A1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PTSRKhwT8eCsH-ocsjaKerxTyqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.221.0/24
                  89.213.42.0/24
                  89.213.44.0/23
                  89.213.145.0/24
                  89.213.148.0/23
                  89.213.155.0/24
                  89.213.160.0/24
                  89.213.177.0/24
                  89.213.183.0/24
                  109.176.243.0/24
                  185.49.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:4e:f7:21:0d:07:e2:49:d2:f1:17:4c:0f:01:9a:bd:3b:40:
         0b:4b:61:d7:6a:1f:de:6a:a5:26:e5:e7:9a:46:8d:f6:0e:f0:
         5e:76:a8:d5:92:f2:82:89:42:24:6b:92:11:63:99:85:ab:51:
         08:ca:30:28:6e:b2:43:a2:06:31:89:e9:a0:f1:89:34:5c:0b:
         ae:87:08:46:45:59:72:91:a5:b3:52:36:a8:15:74:21:be:8e:
         c5:66:c4:a0:ad:7c:7d:74:79:ae:4b:5d:cf:83:54:08:8e:0a:
         fe:62:7e:f4:4b:e6:dd:38:48:b3:f1:c2:73:62:d5:7d:36:48:
         ef:76:ad:00:cf:39:6b:12:4b:28:3b:47:e8:51:04:5e:9b:29:
         cf:09:81:ce:ee:86:20:86:0a:9f:2d:3b:35:80:73:3e:6a:36:
         57:a0:19:6a:4e:c8:3f:d8:13:49:a2:de:61:7d:bb:36:0a:d3:
         c3:d0:33:11:ad:ee:a6:92:0c:6d:d1:2a:c4:53:69:91:df:f8:
         d2:a3:3f:ee:bc:4f:fa:76:b1:d9:67:6f:b8:48:66:68:a7:96:
         fe:44:80:62:7e:ed:9a:9d:0b:36:88:79:44:0a:32:fd:83:9f:
         de:f4:2d:78:34:9a:2f:02:c2:8d:0d:d0:fe:05:c6:6e:80:d4:
         cb:97:d7:c5
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYkmubFSYZqkUlB+nmpF3Y+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA1MTU0NDExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDM0OTEyYTFjMTNmMWUwYWMxZmVhMWNiMjM2OGE3YWJjNTNjYWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo9EiWv/1izLt3AAhLl3HOyYy4zZ
+OVyaisQHGKCcW7fUsPrcRFSfXKdg+87fyaLX7HkBNzsbkR3OeqbbA6qXUOAPcgt
TJpms23/1zcCCtAsnbLs7poy8xcyWdGVibf8/dYeotNQq9sPsR7jGo8a/R39H6BC
WZGQRiO6VOeUMAqQol3/M0U1wOw/6qHkP4bQTdEwEKennOWDKiayTOMI1H5BhTnG
dXU/+85+uN8q888sV8xG5ZYX1JSTK2szu4YfsFT4ghQ7b1Cf48jzv2m4tqpSeWau
YYgXtYcWHH6pV0u2FzxRfsE3MILLbx58PeT/7z5sYcVhrparL/kIjtoDawIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFD00kSocE/HgrB/qHLI2inq8U8qhMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUFRTUktod1Q4ZUNzSC1vY3NqYUtlcnhUeXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAUpndAwQA
WdUqAwQBWdUsAwQAWdWRAwQBWdWUAwQAWdWbAwQAWdWgAwQAWdWxAwQAWdW3AwQA
bbDzAwQAuTF9MA0GCSqGSIb3DQEBCwUAA4IBAQAVTvchDQfiSdLxF0wPAZq9O0AL
S2HXah/eaqUm5eeaRo32DvBedqjVkvKCiUIka5IRY5mFq1EIyjAobrJDogYxiemg
8Yk0XAuuhwhGRVlykaWzUjaoFXQhvo7FZsSgrXx9dHmuS13Pg1QIjgr+Yn70S+bd
OEiz8cJzYtV9Nkjvdq0AzzlrEksoO0foUQRemynPCYHO7oYghgqfLTs1gHM+ajZX
oBlqTsg/2BNJot5hfbs2CtPD0DMRre6mkgxt0SrEU2mR3/jSoz/uvE/6drHZZ2+4
SGZop5b+RIBifu2anQs2iHlECjL9g5/e9C14NJovAsKNDdD+BcZugNTLl9fF
-----END CERTIFICATE-----