Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YDSF2mJe3OwcBWf1tfgFMukYmGk.roa
File:                     YDSF2mJe3OwcBWf1tfgFMukYmGk.roa (raw, json)
Hash identifier:          1lQNt+sNKqwTYDn2kKf1WJhfJE0Itlo1O7+E07ifYP0=
Subject key identifier:   60:34:85:DA:62:5E:DC:EC:1C:05:67:F5:B5:F8:05:32:E9:18:98:69
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018921BF44CDA60FDB111DFE075BDEFFF324
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YDSF2mJe3OwcBWf1tfgFMukYmGk.roa
Signing time:             Tue 04 Jul 2023 16:32:10 +0000
ROA not before:           Tue 04 Jul 2023 16:32:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.242.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:21:bf:44:cd:a6:0f:db:11:1d:fe:07:5b:de:ff:f3:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  4 16:32:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=603485da625edcec1c0567f5b5f80532e9189869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b8:f6:2a:5a:91:5a:b0:5a:49:22:59:8f:94:
                    6a:ff:48:65:17:ea:30:b4:17:48:9e:16:ab:17:d3:
                    76:f1:b8:53:bb:45:15:d2:90:be:ee:f2:f0:c6:f4:
                    c7:a6:69:46:e1:51:c8:33:db:93:10:bd:e3:43:3a:
                    9d:c8:db:0c:21:ef:a6:d1:6f:a8:da:a9:d0:99:4c:
                    e7:de:5f:8e:05:b9:59:d4:e1:e4:89:b1:a2:0c:18:
                    5e:f8:99:02:57:36:86:6c:b9:f4:d8:52:31:06:84:
                    65:21:06:2c:50:f9:5b:89:02:84:04:a9:5e:c9:94:
                    2e:b6:fc:56:6b:27:7b:75:2e:29:6f:61:1c:4c:d0:
                    7f:3e:72:0f:be:a7:32:a2:08:18:1f:8a:b0:a1:13:
                    2e:f7:66:35:66:fe:f1:08:32:5d:37:a1:b5:46:28:
                    40:55:be:76:a8:28:1a:e0:a8:a3:ae:e3:cf:e4:ad:
                    d9:80:49:98:f3:f1:16:32:98:13:69:77:af:c3:11:
                    36:fd:22:69:32:f2:92:b8:60:fa:c6:1f:d8:aa:68:
                    6c:36:3a:7d:4c:84:bd:6c:e3:b5:3f:dd:a6:71:79:
                    e4:00:e8:af:c7:b0:ee:b2:17:7f:ba:54:59:52:d9:
                    88:e5:e1:97:d0:b8:4f:26:a5:76:35:aa:e0:94:98:
                    75:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:34:85:DA:62:5E:DC:EC:1C:05:67:F5:B5:F8:05:32:E9:18:98:69
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YDSF2mJe3OwcBWf1tfgFMukYmGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.253.0/24
                  82.153.73.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.242.0/24
                  82.153.246.0/24
                  82.153.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:c1:20:65:d2:80:7d:8d:32:bb:06:01:d6:b8:fc:4d:8a:25:
         04:8b:db:bb:9b:11:90:ea:da:32:96:ab:92:92:68:74:32:64:
         fb:e0:9c:4a:18:e5:70:e7:b7:20:3f:7c:89:0d:43:7b:4e:bd:
         c7:78:67:05:d8:44:af:39:18:c0:47:e3:4f:45:3c:22:d0:ce:
         88:a2:18:e0:4f:86:b4:04:e3:0b:d8:8e:24:83:01:53:3f:ee:
         3b:da:6c:32:20:43:5e:d1:fe:cd:36:37:4d:44:e8:9a:47:c9:
         ae:77:68:62:d2:a3:54:b7:b0:5b:20:94:77:c0:a3:7c:87:68:
         6e:d2:32:33:d5:b1:9a:99:80:e8:e7:8d:bb:ce:94:cb:67:72:
         4c:d4:ac:2a:62:4d:69:08:ad:dd:45:cf:57:e7:61:f2:3c:8f:
         7f:9c:6e:6c:c6:9a:22:36:b7:d9:1c:ab:fd:88:56:0d:61:af:
         d4:7e:33:67:8d:d6:89:40:06:d5:2d:8f:10:44:8f:85:5b:b4:
         ca:99:e0:d1:5f:34:46:67:26:22:7b:2a:fb:e6:20:1d:aa:14:
         3e:b7:e8:50:6a:1b:48:7d:0b:4d:f3:b8:08:7f:eb:82:92:22:
         20:a0:db:9b:4f:03:a5:32:e5:db:f9:0d:01:8e:cb:a8:55:04:
         51:4c:bc:c1
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYkhv0TNpg/bER3+B1ve//MkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA0MTYzMjEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDM0ODVkYTYyNWVkY2VjMWMwNTY3ZjViNWY4MDUzMmU5MTg5ODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7j2KlqRWrBaSSJZj5Rq/0hlF+ow
tBdInharF9N28bhTu0UV0pC+7vLwxvTHpmlG4VHIM9uTEL3jQzqdyNsMIe+m0W+o
2qnQmUzn3l+OBblZ1OHkibGiDBhe+JkCVzaGbLn02FIxBoRlIQYsUPlbiQKEBKle
yZQutvxWayd7dS4pb2EcTNB/PnIPvqcyoggYH4qwoRMu92Y1Zv7xCDJdN6G1RihA
Vb52qCga4KijruPP5K3ZgEmY8/EWMpgTaXevwxE2/SJpMvKSuGD6xh/YqmhsNjp9
TIS9bOO1P92mcXnkAOivx7Dushd/ulRZUtmI5eGX0LhPJqV2NarglJh1PwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFGA0hdpiXtzsHAVn9bX4BTLpGJhpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWURTRjJtSmUzT3djQldmMXRmZ0ZNdWtZbUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAUah3AwQA
Uah7AwQAUphsAwQAUphvAwQAUpj9AwQAUplJAwQCUpmIAwQAUpnfAwQAUpnyAwQA
Upn2AwQBUpn4MA0GCSqGSIb3DQEBCwUAA4IBAQA8wSBl0oB9jTK7BgHWuPxNiiUE
i9u7mxGQ6toylquSkmh0MmT74JxKGOVw57cgP3yJDUN7Tr3HeGcF2ESvORjAR+NP
RTwi0M6IohjgT4a0BOML2I4kgwFTP+472mwyIENe0f7NNjdNROiaR8mud2hi0qNU
t7BbIJR3wKN8h2hu0jIz1bGamYDo5427zpTLZ3JM1KwqYk1pCK3dRc9X52HyPI9/
nG5sxpoiNrfZHKv9iFYNYa/UfjNnjdaJQAbVLY8QRI+FW7TKmeDRXzRGZyYieyr7
5iAdqhQ+t+hQahtIfQtN87gIf+uCkiIgoNubTwOlMuXb+Q0BjsuoVQRRTLzB
-----END CERTIFICATE-----