Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fMSE2PQa-jaYtW0cMfDtDKbl22c.roa
File:                     fMSE2PQa-jaYtW0cMfDtDKbl22c.roa (raw, json)
Hash identifier:          4MsbntnWbIG8NxI1x80wFhbykkals8J0I4/X7j5zNB8=
Subject key identifier:   7C:C4:84:D8:F4:1A:FA:36:98:B5:6D:1C:31:F0:ED:0C:A6:E5:DB:67
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01890CD476F9992E484B12E12ADA0B541A83
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fMSE2PQa-jaYtW0cMfDtDKbl22c.roa
Signing time:             Fri 30 Jun 2023 15:03:17 +0000
ROA not before:           Fri 30 Jun 2023 15:03:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.68.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24
                          82.153.224.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:0c:d4:76:f9:99:2e:48:4b:12:e1:2a:da:0b:54:1a:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 30 15:03:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7cc484d8f41afa3698b56d1c31f0ed0ca6e5db67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:74:57:4d:c0:3d:60:c0:e9:a7:88:d7:5f:c3:
                    f8:38:1a:18:80:89:53:4d:f1:e2:d6:fe:1a:b0:27:
                    0b:7e:6f:36:74:3e:ac:1b:c3:ec:3e:dc:3e:e6:16:
                    1b:e1:cc:8b:62:36:f6:09:b1:ba:e3:8c:cf:a9:a4:
                    f8:69:f4:51:cb:f1:68:88:e5:06:39:61:9e:70:41:
                    41:f6:43:88:49:ed:c1:90:1e:2f:d4:83:d0:93:c4:
                    d9:dd:cc:e3:15:48:90:7e:b6:23:4b:5a:91:1a:0a:
                    03:eb:68:09:05:7d:41:b6:68:91:2b:c5:2e:24:8c:
                    c7:07:d6:3b:cf:ef:ac:9a:82:0d:ce:f2:45:72:52:
                    81:88:e0:35:c2:eb:69:af:08:81:fb:82:e4:a9:cb:
                    25:b6:49:5f:e3:20:ed:f2:32:f3:46:5e:20:2e:17:
                    f1:e7:18:cf:a4:23:fc:29:38:f5:11:a4:0a:c3:01:
                    9e:fe:88:90:cd:af:e6:85:c7:87:21:3a:50:0c:0e:
                    c4:61:43:d8:c7:25:ee:cb:f6:8f:d7:22:dd:c9:02:
                    3c:ad:69:54:c3:e5:4b:e4:9e:8f:68:60:fd:a9:bd:
                    8d:8f:e8:0e:b1:a5:7d:4e:f6:f3:94:0b:71:d7:8b:
                    f5:19:06:24:a0:ed:0c:7d:36:a6:14:e7:fe:3b:6f:
                    0c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:C4:84:D8:F4:1A:FA:36:98:B5:6D:1C:31:F0:ED:0C:A6:E5:DB:67
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fMSE2PQa-jaYtW0cMfDtDKbl22c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.254.0/23
                  82.153.1.0/24
                  82.153.68.0/23
                  82.153.71.0-82.153.72.255
                  82.153.79.0/24
                  82.153.132.0/24
                  82.153.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:71:40:7e:59:76:66:04:c5:d3:31:ad:cb:69:76:67:0e:82:
         88:d7:c1:3b:5d:ec:e9:03:82:4f:82:02:bd:fa:97:5b:a9:d4:
         ee:e8:bd:aa:3e:9c:c1:77:61:8a:60:46:26:ff:3a:ca:a9:c8:
         de:1e:ce:ff:86:73:18:1b:e9:ce:b6:27:ef:f7:b6:06:bd:cb:
         fe:27:34:60:55:50:3d:7c:cb:b1:c1:e6:88:df:db:74:3b:22:
         e4:b6:ec:3a:dd:04:71:fc:c4:da:b1:c3:3c:d1:1d:96:99:62:
         18:fa:59:3e:cf:19:fc:60:9d:16:f6:bc:74:e3:07:08:cb:4f:
         f0:c9:d7:2d:23:8e:54:1f:a9:9a:e7:90:9a:6f:a4:ab:a7:27:
         6e:84:ae:65:c7:38:67:a8:18:9b:0b:6e:a9:70:fe:01:8e:6b:
         2b:8c:de:59:5e:f6:b6:31:17:67:e9:6e:95:f7:74:76:24:8e:
         fa:49:e0:06:86:af:07:9a:11:30:1f:dd:0b:07:ff:5a:85:db:
         f9:05:76:42:2e:09:9c:84:fd:95:22:73:9f:a3:80:96:82:d3:
         33:3a:3a:5c:4d:86:82:de:56:c8:a0:82:ea:a3:37:69:13:31:
         32:54:dc:f8:fe:93:94:b0:d6:a9:53:1d:91:3a:35:9b:61:b5:
         e3:4d:73:63
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYkM1Hb5mS5ISxLhKtoLVBqDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNjMwMTUwMzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2M0ODRkOGY0MWFmYTM2OThiNTZkMWMzMWYwZWQwY2E2ZTVkYjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3RXTcA9YMDpp4jXX8P4OBoYgIlT
TfHi1v4asCcLfm82dD6sG8PsPtw+5hYb4cyLYjb2CbG644zPqaT4afRRy/FoiOUG
OWGecEFB9kOISe3BkB4v1IPQk8TZ3czjFUiQfrYjS1qRGgoD62gJBX1BtmiRK8Uu
JIzHB9Y7z++smoINzvJFclKBiOA1wutprwiB+4Lkqcsltklf4yDt8jLzRl4gLhfx
5xjPpCP8KTj1EaQKwwGe/oiQza/mhceHITpQDA7EYUPYxyXuy/aP1yLdyQI8rWlU
w+VL5J6PaGD9qb2Nj+gOsaV9TvbzlAtx14v1GQYkoO0MfTamFOf+O28MyQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFHzEhNj0Gvo2mLVtHDHw7Qym5dtnMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZk1TRTJQUWEtamFZdFcwY01mRHRES2JsMjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQAUagjMAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmPgDBABSmPsDBAFSmP4DBABSmQED
BAFSmUQwDAMEAFKZRwMEAFKZSAMEAFKZTwMEAFKZhAMEAFKZ4DANBgkqhkiG9w0B
AQsFAAOCAQEAQnFAfll2ZgTF0zGty2l2Zw6CiNfBO13s6QOCT4ICvfqXW6nU7ui9
qj6cwXdhimBGJv86yqnI3h7O/4ZzGBvpzrYn7/e2Br3L/ic0YFVQPXzLscHmiN/b
dDsi5LbsOt0EcfzE2rHDPNEdlpliGPpZPs8Z/GCdFva8dOMHCMtP8MnXLSOOVB+p
mueQmm+kq6cnboSuZcc4Z6gYmwtuqXD+AY5rK4zeWV72tjEXZ+lulfd0diSO+kng
BoavB5oRMB/dCwf/WoXb+QV2Qi4JnIT9lSJzn6OAloLTMzo6XE2Ggt5WyKCC6qM3
aRMxMlTc+P6TlLDWqVMdkTo1m2G1401zYw==
-----END CERTIFICATE-----