Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a1TqqA-86Uw3DMSJE3WR575BxQ8.roa
File:                     a1TqqA-86Uw3DMSJE3WR575BxQ8.roa (raw, json)
Hash identifier:          pHlaMdDDbY0by5tqo7FYDbEn9+fuTyOl4dpYjtQxABc=
Subject key identifier:   6B:54:EA:A8:0F:BC:E9:4C:37:0C:C4:89:13:75:91:E7:BE:41:C5:0F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BB8224BABA3C7F748D93CF24ED40485CC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a1TqqA-86Uw3DMSJE3WR575BxQ8.roa
Signing time:             Fri 10 Nov 2023 07:28:57 +0000
ROA not before:           Fri 10 Nov 2023 07:28:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.153.220.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b8:22:4b:ab:a3:c7:f7:48:d9:3c:f2:4e:d4:04:85:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 10 07:28:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6b54eaa80fbce94c370cc489137591e7be41c50f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:26:7c:58:fd:38:73:71:ff:5b:83:43:eb:4a:
                    ae:56:e6:04:22:d9:95:d0:4f:27:a0:79:2e:91:f3:
                    fb:c8:8e:6e:82:e0:cd:09:f1:df:f9:10:4e:60:1b:
                    c0:c0:ed:bb:ae:d5:8a:60:69:f7:38:55:e6:82:92:
                    42:0e:7c:01:9c:8b:5e:84:96:6a:ee:d3:63:b0:de:
                    2d:e9:ad:4f:dd:82:c2:20:52:ee:cc:1d:d6:52:6f:
                    81:56:91:e1:08:bc:23:7d:f2:a1:eb:2e:35:33:9e:
                    64:0d:e6:43:97:31:23:95:0b:58:a4:7a:a5:5f:7a:
                    b9:42:82:0b:eb:2b:8e:9b:fe:ce:28:26:cb:b6:97:
                    9b:a7:7a:05:69:34:95:90:3e:f3:b3:4f:6e:79:4a:
                    d4:0c:c4:55:5b:f6:91:ca:7e:1c:cf:0c:45:36:0c:
                    ea:8b:c7:32:d0:d5:b5:0a:46:60:ef:4d:49:dd:2d:
                    12:51:10:56:cf:8a:d3:54:1f:88:5f:b5:bc:6b:2d:
                    b3:88:9e:e5:d0:84:e3:71:37:fa:29:1c:8c:b6:25:
                    b0:8e:6f:4c:e1:cd:5f:eb:18:7f:76:53:22:dd:ac:
                    43:fb:11:5b:a4:b7:a7:8e:37:50:b0:c8:44:49:a3:
                    fb:b7:63:98:1f:bc:d3:93:1f:cb:b5:f9:fe:de:8a:
                    e4:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:54:EA:A8:0F:BC:E9:4C:37:0C:C4:89:13:75:91:E7:BE:41:C5:0F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a1TqqA-86Uw3DMSJE3WR575BxQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  82.153.220.0/24
                  89.213.148.0-89.213.159.255
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:a7:af:11:93:28:a9:33:38:26:29:6a:7c:c1:91:f8:94:fd:
         f9:b6:c1:de:24:23:67:ca:7b:5d:5b:70:cd:48:de:d9:70:93:
         f5:b4:b3:b6:50:e0:b7:24:dc:77:7e:dd:9b:51:b1:f9:f8:52:
         e9:af:f6:bb:e1:de:57:35:9e:e9:78:74:0d:75:39:56:a8:48:
         67:e7:2f:61:35:57:c9:c6:56:e2:cc:86:31:ca:78:01:2c:ef:
         94:86:db:c3:bc:62:35:5f:1c:b9:3e:1f:52:ea:bc:fb:e3:f9:
         ed:9c:a5:ef:56:e1:7d:e9:60:c7:46:ea:08:47:40:c4:4e:76:
         fa:93:b4:20:af:e1:5a:56:5c:94:a3:a4:6d:bd:68:86:c5:95:
         b9:09:48:74:a1:d2:e1:da:a2:92:a4:99:e3:bc:52:4f:7b:c8:
         bb:b1:2d:a9:9d:3c:41:91:3e:6e:08:5f:45:d0:12:eb:29:33:
         8e:7e:e8:8b:a1:a0:8b:4e:7c:17:4e:96:1c:a3:7d:c3:7d:71:
         1c:8d:0d:c6:65:24:d0:4a:1b:dc:b6:da:f1:c2:43:17:de:cb:
         84:d7:c3:07:10:9a:40:26:e6:91:25:e2:55:97:7c:59:a9:48:
         da:df:a0:9e:a0:30:00:6f:65:ab:2e:af:15:07:6e:33:03:74:
         e3:1a:cf:23
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYu4Ikuro8f3SNk88k7UBIXMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTEwMDcyODU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjU0ZWFhODBmYmNlOTRjMzcwY2M0ODkxMzc1OTFlN2JlNDFjNTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniZ8WP04c3H/W4ND60quVuYEItmV
0E8noHkukfP7yI5uguDNCfHf+RBOYBvAwO27rtWKYGn3OFXmgpJCDnwBnItehJZq
7tNjsN4t6a1P3YLCIFLuzB3WUm+BVpHhCLwjffKh6y41M55kDeZDlzEjlQtYpHql
X3q5QoIL6yuOm/7OKCbLtpebp3oFaTSVkD7zs09ueUrUDMRVW/aRyn4czwxFNgzq
i8cy0NW1CkZg701J3S0SURBWz4rTVB+IX7W8ay2ziJ7l0ITjcTf6KRyMtiWwjm9M
4c1f6xh/dlMi3axD+xFbpLenjjdQsMhESaP7t2OYH7zTkx/Ltfn+3orkNQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGtU6qgPvOlMNwzEiRN1kee+QcUPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYTFUcXFBLTg2VXczRE1TSkUzV1I1NzVCeFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQA
Uah7AwQCUpmIAwQAUpncMAwDBAJZ1ZQDBAVZ1YADBAJZ1bQDBABtsPgDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBAEOnrxGTKKkzOCYpanzBkfiU/fm2wd4k
I2fKe11bcM1I3tlwk/W0s7ZQ4Lck3Hd+3ZtRsfn4Uumv9rvh3lc1nul4dA11OVao
SGfnL2E1V8nGVuLMhjHKeAEs75SG28O8YjVfHLk+H1LqvPvj+e2cpe9W4X3pYMdG
6ghHQMROdvqTtCCv4VpWXJSjpG29aIbFlbkJSHSh0uHaopKkmeO8Uk97yLuxLamd
PEGRPm4IX0XQEuspM45+6IuhoItOfBdOlhyjfcN9cRyNDcZlJNBKG9y22vHCQxfe
y4TXwwcQmkAm5pEl4lWXfFmpSNrfoJ6gMABvZasurxUHbjMDdOMazyM=
-----END CERTIFICATE-----