Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0LS3Zh4OV9Z3icaljpUWS37Yy-Q.roa
File:                     0LS3Zh4OV9Z3icaljpUWS37Yy-Q.roa (raw, json)
Hash identifier:          0U5cAuIHbfBH9MnYlaDWBfz3hF+G6ertT6yfLAerG6E=
Subject key identifier:   D0:B4:B7:66:1E:0E:57:D6:77:89:C6:A5:8E:95:16:4B:7E:D8:CB:E4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F108EC790AEA6952E91581477D13AFDAC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0LS3Zh4OV9Z3icaljpUWS37Yy-Q.roa
Signing time:             Wed 24 Apr 2024 14:42:23 +0000
ROA not before:           Wed 24 Apr 2024 14:42:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          82.163.16.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.130.149.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 26 Apr 2024 07:26:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:8e:c7:90:ae:a6:95:2e:91:58:14:77:d1:3a:fd:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 24 14:42:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0b4b7661e0e57d67789c6a58e95164b7ed8cbe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9a:86:ee:2b:53:19:0b:a2:dd:8c:98:09:eb:
                    5c:7b:b8:85:1e:8e:b1:ed:58:a2:04:1d:36:2c:a3:
                    64:11:99:01:bd:d1:c1:7f:11:e7:4e:2a:3e:d6:fc:
                    6b:ce:61:78:6c:b1:d5:e1:6e:d9:c4:85:ad:39:7f:
                    bd:fd:8c:61:9e:cf:70:31:90:1e:86:13:35:1a:07:
                    a9:fe:20:42:e8:f1:92:62:9c:58:5c:6c:9d:e5:0e:
                    5e:14:98:1b:4a:7d:61:69:4b:34:56:56:58:0e:c4:
                    5a:4a:38:c3:5d:58:75:63:b3:da:e2:46:07:37:a1:
                    28:ff:44:de:08:bf:df:bd:94:8b:57:4d:1d:44:1f:
                    b1:0c:ff:02:6e:c6:11:05:f7:cf:06:a8:34:4c:2c:
                    74:bd:9a:29:d7:22:28:92:72:25:3b:44:34:00:16:
                    01:57:71:33:e8:d3:d7:b7:40:a4:10:79:5f:c8:95:
                    77:25:ca:ef:16:a3:e3:95:37:37:20:3f:fc:1a:62:
                    ed:4e:fc:78:37:6c:c1:17:67:c3:f5:53:99:70:ca:
                    1e:9d:0b:59:40:99:e0:f8:7a:a4:6a:cd:52:b2:47:
                    d5:8c:47:b4:30:6d:01:47:32:28:c2:a8:5f:03:30:
                    34:81:e5:10:63:94:5f:46:a8:bb:c0:eb:4a:28:4e:
                    26:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:B4:B7:66:1E:0E:57:D6:77:89:C6:A5:8E:95:16:4B:7E:D8:CB:E4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0LS3Zh4OV9Z3icaljpUWS37Yy-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  82.163.16.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.130.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:91:32:52:0e:4a:1d:98:df:2b:a0:9e:99:c7:f0:37:34:0b:
         6c:e9:87:2c:84:22:30:b3:fe:81:0b:fc:07:3a:2d:1a:55:77:
         76:9a:d3:00:b1:c0:50:42:7c:a1:04:b5:eb:6f:ec:7f:dd:01:
         2a:51:17:09:5c:18:62:d5:9a:70:71:26:87:79:1c:82:9f:57:
         a1:b1:0b:4e:7b:e5:89:95:74:6e:c9:cf:1c:96:fe:90:03:dd:
         17:eb:c2:18:75:cc:40:50:05:57:11:a7:91:a4:e5:d3:1b:00:
         4d:80:e2:f2:65:c8:84:08:19:e0:b4:c3:94:5a:fd:74:de:59:
         92:2b:37:62:7a:40:22:45:0e:40:84:12:ac:78:87:05:c4:32:
         7d:5d:e1:32:aa:40:f5:5d:c6:3f:3f:99:73:e1:76:bf:c6:76:
         9d:9f:61:09:2b:51:bc:44:9e:17:0b:66:37:7e:a8:75:e4:b9:
         fe:69:d0:74:95:74:03:ab:72:88:04:83:9e:f1:b6:0c:c9:50:
         a1:c8:a3:3e:39:7d:04:97:7e:e7:84:16:1a:5d:42:6c:b4:84:
         6a:92:d0:75:36:e4:d3:20:0e:df:1d:21:10:93:72:bc:74:ca:
         e9:2e:6e:69:48:fe:df:36:7a:0a:35:c3:09:41:84:d8:bd:b7:
         85:72:c2:70
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY8QjseQrqaVLpFYFHfROv2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDI0MTQ0MjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGI0Yjc2NjFlMGU1N2Q2Nzc4OWM2YTU4ZTk1MTY0YjdlZDhjYmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpqG7itTGQui3YyYCetce7iFHo6x
7ViiBB02LKNkEZkBvdHBfxHnTio+1vxrzmF4bLHV4W7ZxIWtOX+9/Yxhns9wMZAe
hhM1Ggep/iBC6PGSYpxYXGyd5Q5eFJgbSn1haUs0VlZYDsRaSjjDXVh1Y7Pa4kYH
N6Eo/0TeCL/fvZSLV00dRB+xDP8CbsYRBffPBqg0TCx0vZop1yIoknIlO0Q0ABYB
V3Ez6NPXt0CkEHlfyJV3JcrvFqPjlTc3ID/8GmLtTvx4N2zBF2fD9VOZcMoenQtZ
QJng+Hqkas1SskfVjEe0MG0BRzIowqhfAzA0geUQY5RfRqi7wOtKKE4mCQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNC0t2YeDlfWd4nGpY6VFkt+2MvkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMExTM1poNE9WOVozaWNhbGpwVVdTMzdZeS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBUpiwAwQC
UpmIAwQAUpn1AwQAUqMQAwQAWdWFMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQD
BAG5MX4DBADVgpUwDQYJKoZIhvcNAQELBQADggEBAJeRMlIOSh2Y3yugnpnH8Dc0
C2zphyyEIjCz/oEL/Ac6LRpVd3aa0wCxwFBCfKEEtetv7H/dASpRFwlcGGLVmnBx
Jod5HIKfV6GxC0575YmVdG7JzxyW/pAD3Rfrwhh1zEBQBVcRp5Gk5dMbAE2A4vJl
yIQIGeC0w5Ra/XTeWZIrN2J6QCJFDkCEEqx4hwXEMn1d4TKqQPVdxj8/mXPhdr/G
dp2fYQkrUbxEnhcLZjd+qHXkuf5p0HSVdAOrcogEg57xtgzJUKHIoz45fQSXfueE
FhpdQmy0hGqS0HU25NMgDt8dIRCTcrx0yukubmlI/t82ego1wwlBhNi9t4VywnA=
-----END CERTIFICATE-----