Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0cKqJwd4VBjSr6HAB4tn5iKK7fA.roa
File:                     0cKqJwd4VBjSr6HAB4tn5iKK7fA.roa (raw, json)
Hash identifier:          BgRVwFg4I5Eq8CxH5kOjB0UZwEf0McZF/6wxHFmlw6g=
Subject key identifier:   D1:C2:AA:27:07:78:54:18:D2:AF:A1:C0:07:8B:67:E6:22:8A:ED:F0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E1E1DED6A6B8806915A39A14A61695BA1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0cKqJwd4VBjSr6HAB4tn5iKK7fA.roa
Signing time:             Fri 08 Mar 2024 12:51:01 +0000
ROA not before:           Fri 08 Mar 2024 12:51:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.161.0/24 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Mar 2024 14:25:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:1d:ed:6a:6b:88:06:91:5a:39:a1:4a:61:69:5b:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  8 12:51:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1c2aa2707785418d2afa1c0078b67e6228aedf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:61:a0:02:a8:48:52:92:39:ae:7c:46:8f:be:
                    93:68:39:2f:a9:ef:58:7f:35:5c:76:25:20:b3:ab:
                    91:a8:ff:31:c9:c2:2a:db:1b:a6:09:8f:1f:b5:aa:
                    e8:87:d6:10:d9:a1:7d:76:f3:14:de:aa:f2:f6:b7:
                    92:3f:75:c5:33:28:74:f6:51:df:f8:5a:b6:32:20:
                    a9:3a:60:3a:a5:0e:a7:37:26:23:a3:bf:5d:53:1d:
                    3f:e2:b9:c8:e3:b9:9d:48:ea:33:e0:5e:94:2d:9d:
                    b9:f3:47:2a:29:be:36:1a:60:36:f4:6e:53:f1:ef:
                    52:cc:5a:57:e6:25:ee:d7:dc:2b:1d:9e:5d:1d:88:
                    64:ce:dc:f7:71:be:7a:2a:32:c4:c2:be:f3:c0:8e:
                    68:8c:bd:fb:b3:30:0c:9f:9e:fb:c7:77:a3:4f:64:
                    b2:b4:34:59:cf:9b:c2:af:27:70:50:d5:1f:6e:cb:
                    3a:e0:e2:e0:f2:fd:89:8c:92:5a:3d:f2:1c:d8:0a:
                    35:62:91:59:fd:9e:a8:6a:68:11:78:07:d9:d6:ae:
                    ff:12:27:1d:2b:c0:17:93:73:7b:0e:1b:76:02:a1:
                    05:64:d0:33:e1:18:63:d6:7c:ed:3d:7d:31:47:c8:
                    98:d7:30:d0:7d:2f:0c:07:43:b3:70:3d:3e:b7:20:
                    18:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:C2:AA:27:07:78:54:18:D2:AF:A1:C0:07:8B:67:E6:22:8A:ED:F0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0cKqJwd4VBjSr6HAB4tn5iKK7fA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.161.0/24
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.245.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:a2:72:f4:58:89:ac:b4:88:ef:af:c0:19:4f:30:74:9d:6d:
         71:54:b3:08:93:81:59:3f:58:0e:fb:f5:94:ad:74:f4:92:a0:
         f0:72:5c:21:19:ac:4b:5f:43:d7:fc:d4:eb:56:e1:b6:76:3e:
         14:d3:b1:3c:cf:3f:d2:0e:99:0f:83:05:9d:bc:3f:44:1e:1c:
         bd:6c:14:e5:c3:18:87:b8:75:55:6f:e4:85:fb:9e:39:77:3f:
         bd:ff:4f:c5:ba:ea:f3:8d:59:84:42:9e:a2:60:2e:f7:9c:06:
         c3:3a:cd:f9:4b:8b:f5:8a:b3:21:fe:48:aa:f2:fe:35:4c:7a:
         b0:c8:a3:98:4e:1b:f7:a5:34:5e:bf:7b:ee:2b:3f:40:54:4b:
         b8:89:b2:4e:84:ff:00:ca:3f:41:c3:52:48:56:ec:00:7e:d2:
         09:80:66:03:e7:62:c3:24:13:fd:91:43:ae:a8:8f:d2:84:71:
         df:71:58:b2:a1:c2:6e:92:0b:ca:86:3e:d2:91:da:93:e2:bb:
         2f:e1:45:50:67:05:45:66:e7:f2:40:7d:1c:00:7e:93:93:cd:
         5e:ae:77:b3:7d:9b:a4:36:72:f5:97:a7:a0:9f:a8:83:f9:44:
         09:d9:ee:c1:10:ff:71:12:2b:f1:c4:5b:c7:f7:4b:ef:24:92:
         e0:d5:e5:34
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY4eHe1qa4gGkVo5oUphaVuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzA4MTI1MTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWMyYWEyNzA3Nzg1NDE4ZDJhZmExYzAwNzhiNjdlNjIyOGFlZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGGgAqhIUpI5rnxGj76TaDkvqe9Y
fzVcdiUgs6uRqP8xycIq2xumCY8ftaroh9YQ2aF9dvMU3qry9reSP3XFMyh09lHf
+Fq2MiCpOmA6pQ6nNyYjo79dUx0/4rnI47mdSOoz4F6ULZ2580cqKb42GmA29G5T
8e9SzFpX5iXu19wrHZ5dHYhkztz3cb56KjLEwr7zwI5ojL37szAMn577x3ejT2Sy
tDRZz5vCrydwUNUfbss64OLg8v2JjJJaPfIc2Ao1YpFZ/Z6oamgReAfZ1q7/Eicd
K8AXk3N7Dht2AqEFZNAz4Rhj1nztPX0xR8iY1zDQfS8MB0OzcD0+tyAYiQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNHCqicHeFQY0q+hwAeLZ+Yiiu3wMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMGNLcUp3ZDRWQmpTcjZIQUI0dG41aUtLN2ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCUpmIMAwD
BAJZ1ZQDBAVZ1YADBABZ1aEDBABZ1aUDBAJZ1awDBABZ1bQDBABtsPUDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBAIqicvRYiay0iO+vwBlPMHSdbXFUswiT
gVk/WA779ZStdPSSoPByXCEZrEtfQ9f81OtW4bZ2PhTTsTzPP9IOmQ+DBZ28P0Qe
HL1sFOXDGIe4dVVv5IX7njl3P73/T8W66vONWYRCnqJgLvecBsM6zflLi/WKsyH+
SKry/jVMerDIo5hOG/elNF6/e+4rP0BUS7iJsk6E/wDKP0HDUkhW7AB+0gmAZgPn
YsMkE/2RQ66oj9KEcd9xWLKhwm6SC8qGPtKR2pPiuy/hRVBnBUVm5/JAfRwAfpOT
zV6ud7N9m6Q2cvWXp6CfqIP5RAnZ7sEQ/3ESK/HEW8f3S+8kkuDV5TQ=
-----END CERTIFICATE-----