Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/82dENzOtXl5L_EiVbGCuX0vCLak.roa
File:                     82dENzOtXl5L_EiVbGCuX0vCLak.roa (raw, json)
Hash identifier:          rgE2UY+SIrstGJbiDubFT7gz9lb/Yx0f8SYqk+G1q+s=
Subject key identifier:   F3:67:44:37:33:AD:5E:5E:4B:FC:48:95:6C:60:AE:5F:4B:C2:2D:A9
Certificate issuer:       /CN=34077b41e98873e7f06fb1df3f5d39c721b1343f
Certificate serial:       01856CEF1210DCE0A2E4B4884E34CAE4B97A
Authority key identifier: 34:07:7B:41:E9:88:73:E7:F0:6F:B1:DF:3F:5D:39:C7:21:B1:34:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAd7QemIc-fwb7HfP105xyGxND8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/82dENzOtXl5L_EiVbGCuX0vCLak.roa
Signing time:             Sun 01 Jan 2023 10:44:44 +0000
ROA not before:           Sun 01 Jan 2023 10:44:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42837
IP address blocks:        212.42.105.0/24 maxlen: 24
                          212.42.103.0/24 maxlen: 24
                          212.42.124.0/24 maxlen: 24
                          212.42.125.0/24 maxlen: 24
                          212.42.126.0/24 maxlen: 24
                          212.42.127.0/24 maxlen: 24
                          77.95.56.0/24 maxlen: 24
                          77.95.57.0/24 maxlen: 24
                          77.95.58.0/24 maxlen: 24
                          77.95.61.0/24 maxlen: 24
                          31.192.252.0/24 maxlen: 24
                          31.192.253.0/24 maxlen: 24
                          31.192.255.0/24 maxlen: 24
                          31.192.254.0/24 maxlen: 24
                          94.143.196.0/24 maxlen: 24
                          94.143.198.0/24 maxlen: 24
                          94.143.197.0/24 maxlen: 24
                          94.143.199.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ef:12:10:dc:e0:a2:e4:b4:88:4e:34:ca:e4:b9:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34077b41e98873e7f06fb1df3f5d39c721b1343f
        Validity
            Not Before: Jan  1 10:44:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f367443733ad5e5e4bfc48956c60ae5f4bc22da9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7b:a2:0b:f7:99:08:95:6b:02:8f:45:2f:39:
                    c6:88:0c:9f:34:99:5e:00:f1:29:ce:59:b1:09:e7:
                    a9:61:02:b0:ae:20:41:b9:17:14:b5:98:ed:62:57:
                    f9:0d:83:fb:51:4b:5f:5c:8c:35:a7:97:b3:06:91:
                    2e:fb:01:cd:f8:de:8d:b5:cd:af:54:82:24:d9:99:
                    72:83:b7:31:e7:4b:a1:b1:d9:7b:a8:d9:55:e3:31:
                    23:18:9d:7e:0c:8e:e9:f2:e3:9d:ab:a6:d8:ea:c9:
                    45:3b:f9:91:3d:58:fb:76:55:2e:16:9e:da:a0:95:
                    00:55:7f:23:a7:5f:bb:80:b1:fb:d3:23:6f:95:04:
                    61:57:59:24:9b:e4:2e:1e:3d:78:ac:04:e3:7b:c6:
                    8d:b0:43:dc:87:31:ec:4e:fa:40:88:45:40:5d:4a:
                    08:af:3a:25:1f:e6:a4:b0:d9:5a:65:68:00:c0:21:
                    7b:27:ab:f0:64:21:f3:0c:c7:85:28:4a:7f:88:97:
                    25:cc:d0:08:4b:30:c9:e2:fb:23:fb:7b:b3:b6:81:
                    7c:c3:8d:c4:3f:66:cb:31:5d:3d:63:53:14:11:39:
                    a4:f1:f3:fd:2c:02:c7:52:ac:b0:29:b5:9a:e1:92:
                    22:7d:cb:87:a6:77:5b:df:3a:9b:ad:d3:4e:a4:5c:
                    77:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:67:44:37:33:AD:5E:5E:4B:FC:48:95:6C:60:AE:5F:4B:C2:2D:A9
            X509v3 Authority Key Identifier:
                keyid:34:07:7B:41:E9:88:73:E7:F0:6F:B1:DF:3F:5D:39:C7:21:B1:34:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAd7QemIc-fwb7HfP105xyGxND8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/82dENzOtXl5L_EiVbGCuX0vCLak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/448800-829e-4b7a-92c4-cb7cbca7c1e0/1/NAd7QemIc-fwb7HfP105xyGxND8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.252.0/22
                  77.95.56.0-77.95.58.255
                  77.95.61.0/24
                  94.143.196.0/22
                  212.42.103.0/24
                  212.42.105.0/24
                  212.42.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:6c:5f:f1:11:5b:56:5f:a3:7e:71:6a:e1:63:df:25:73:22:
         19:15:52:c3:da:fc:69:b8:bf:e3:3d:2d:d4:1e:f1:42:fd:30:
         7b:bb:65:f5:96:e9:8e:7c:94:b1:25:d7:d4:c5:2a:9b:46:64:
         53:92:1d:6b:5c:5d:f3:b2:55:25:c6:7b:2e:d3:d3:5e:84:7d:
         4f:ce:ee:b1:1f:76:65:36:71:d6:a2:c2:e0:ca:ee:41:31:8c:
         99:67:2a:2f:73:53:8a:fb:dd:7d:77:e6:1e:ae:b4:4d:91:c8:
         c8:5d:28:71:03:f1:fd:20:e0:7d:d3:d4:6a:6b:a7:d4:3a:17:
         7d:c4:ae:d8:38:57:08:88:3e:48:5d:21:b7:27:4a:3e:fe:44:
         a0:9b:dc:27:c7:87:02:6a:3f:7a:c0:d4:cd:82:0e:3b:87:62:
         05:2f:0b:0f:75:fb:57:e5:c7:b5:77:11:ee:f9:c6:0a:92:48:
         96:6f:50:f1:6a:32:07:25:8b:6b:71:17:67:21:bd:0f:1c:13:
         45:ff:4d:82:ca:28:fe:ac:a1:d7:eb:57:dc:d4:83:49:06:6a:
         eb:43:4d:f7:0c:90:46:03:ef:d0:16:e3:66:54:8a:e7:88:ac:
         9c:7e:ca:cd:5a:26:95:6e:02:2d:c2:89:f7:d4:82:d1:d6:9e:
         2a:83:3f:48
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYVs7xIQ3OCi5LSITjTK5Ll6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MDc3YjQxZTk4ODczZTdmMDZmYjFkZjNmNWQzOWM3MjFi
MTM0M2YwHhcNMjMwMTAxMTA0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzY3NDQzNzMzYWQ1ZTVlNGJmYzQ4OTU2YzYwYWU1ZjRiYzIyZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXuiC/eZCJVrAo9FLznGiAyfNJle
APEpzlmxCeepYQKwriBBuRcUtZjtYlf5DYP7UUtfXIw1p5ezBpEu+wHN+N6Ntc2v
VIIk2Zlyg7cx50uhsdl7qNlV4zEjGJ1+DI7p8uOdq6bY6slFO/mRPVj7dlUuFp7a
oJUAVX8jp1+7gLH70yNvlQRhV1kkm+QuHj14rATje8aNsEPchzHsTvpAiEVAXUoI
rzolH+aksNlaZWgAwCF7J6vwZCHzDMeFKEp/iJclzNAISzDJ4vsj+3uztoF8w43E
P2bLMV09Y1MUETmk8fP9LALHUqywKbWa4ZIifcuHpndb3zqbrdNOpFx3swIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFPNnRDczrV5eS/xIlWxgrl9Lwi2pMB8GA1UdIwQY
MBaAFDQHe0HpiHPn8G+x3z9dOcchsTQ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkFkN1FlbUljLWZ3YjdIZlAxMDV4eUd4TkQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC80NDg4MDAtODI5ZS00YjdhLTkyYzQt
Y2I3Y2JjYTdjMWUwLzEvODJkRU56T3RYbDVMX0VpVmJHQ3VYMHZDTGFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC80NDg4MDAtODI5ZS00YjdhLTkyYzQtY2I3Y2JjYTdjMWUw
LzEvTkFkN1FlbUljLWZ3YjdIZlAxMDV4eUd4TkQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCH8D8MAwD
BANNXzgDBABNXzoDBABNXz0DBAJej8QDBADUKmcDBADUKmkDBALUKnwwDQYJKoZI
hvcNAQELBQADggEBAB9sX/ERW1Zfo35xauFj3yVzIhkVUsPa/Gm4v+M9LdQe8UL9
MHu7ZfWW6Y58lLEl19TFKptGZFOSHWtcXfOyVSXGey7T016EfU/O7rEfdmU2cdai
wuDK7kExjJlnKi9zU4r73X135h6utE2RyMhdKHED8f0g4H3T1Gprp9Q6F33Ertg4
VwiIPkhdIbcnSj7+RKCb3CfHhwJqP3rA1M2CDjuHYgUvCw91+1flx7V3Ee75xgqS
SJZvUPFqMgcli2txF2chvQ8cE0X/TYLKKP6sodfrV9zUg0kGautDTfcMkEYD79AW
42ZUiueIrJx+ys1aJpVuAi3CiffUgtHWniqDP0g=
-----END CERTIFICATE-----