Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-wMiHdoERHEZkaYOCa6fMtf4GKM.roa
File:                     1-wMiHdoERHEZkaYOCa6fMtf4GKM.roa (raw, json)
Hash identifier:          iQH+d0UYQSu+D3EKsYbRavXdix7aKI7dLYNtEK+G7n0=
Subject key identifier:   FB:03:22:1D:DA:04:44:71:19:91:A6:0E:09:AE:9F:32:D7:F8:18:A3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D1C71C911DE297FEB8F18B63469DBBAC8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-wMiHdoERHEZkaYOCa6fMtf4GKM.roa
Signing time:             Thu 18 Jan 2024 12:00:35 +0000
ROA not before:           Thu 18 Jan 2024 12:00:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.119.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          89.213.164.0/24 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.250.0/24 maxlen: 24
                          109.176.253.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 19 Jan 2024 09:11:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:71:c9:11:de:29:7f:eb:8f:18:b6:34:69:db:ba:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 18 12:00:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb03221dda0444711991a60e09ae9f32d7f818a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e9:a4:36:73:b9:6c:1c:16:ce:1f:a2:49:18:
                    44:17:b5:db:53:c9:f2:7f:7d:69:e8:b1:63:19:2e:
                    1a:59:b4:a9:32:20:93:0c:8a:cf:e9:8d:32:62:79:
                    b7:27:45:52:1d:5d:a5:28:2a:10:37:43:f7:f6:21:
                    6e:45:21:85:e7:43:dd:b7:ef:47:44:da:a7:fb:6d:
                    88:97:93:4b:a7:05:68:ab:bd:b6:14:16:2f:e1:4d:
                    ce:3c:c6:3a:33:f9:db:33:5f:36:3c:29:bb:f7:01:
                    19:3e:14:e2:b3:60:b5:4c:2d:b6:b0:51:58:ec:6b:
                    18:6a:b2:9d:53:b1:6c:06:4c:df:04:5a:a5:50:4f:
                    8b:40:39:2a:64:41:ce:8c:12:9f:8a:55:62:82:16:
                    92:bd:07:6f:38:5d:4e:27:37:91:d0:0b:d8:00:60:
                    7f:4a:9e:a8:aa:3f:01:57:f3:b7:39:67:2f:47:18:
                    82:b1:97:b0:8e:eb:52:d6:ed:3d:4e:7b:2c:65:f8:
                    8e:d7:da:e9:ad:06:dc:26:62:a4:5b:7d:4e:61:93:
                    d0:3b:78:6a:9c:98:07:4b:89:f3:44:31:f7:39:cb:
                    47:95:5f:1d:c4:f7:1f:ac:96:f8:0d:19:25:a0:84:
                    b4:4b:e4:18:b3:c5:53:34:cb:3b:95:46:da:43:7e:
                    31:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:03:22:1D:DA:04:44:71:19:91:A6:0E:09:AE:9F:32:D7:F8:18:A3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-wMiHdoERHEZkaYOCa6fMtf4GKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.160.255
                  89.213.164.0/23
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.250.0/24
                  109.176.253.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:b0:d0:33:db:f5:d8:42:c6:66:8b:37:1d:62:ed:fb:c1:dd:
         a8:26:46:47:a3:42:39:64:33:10:ca:f3:74:a8:06:0b:0d:b7:
         c8:d9:18:e6:25:87:26:f4:48:bf:8e:df:c6:08:07:5c:b2:9b:
         11:b4:ef:1f:b0:f2:ed:1b:a9:73:8c:3a:7f:65:7e:74:b7:c8:
         99:a1:6c:dc:b0:6c:e1:0c:37:80:19:33:72:0b:b1:e9:5a:2b:
         2e:22:18:e5:0a:e4:be:77:7f:b5:2a:2f:6e:fa:3a:5d:7b:27:
         72:4f:03:30:dd:f9:c4:c4:46:cb:93:42:63:0c:0f:e9:1c:7b:
         d2:2b:77:f0:75:35:ca:6f:64:63:25:e7:d9:19:93:8d:89:b1:
         11:d1:6e:f1:ae:ac:5f:39:0a:09:f0:8b:64:2e:ec:08:3d:1d:
         5e:00:82:af:05:1b:bf:ac:db:00:36:cb:3f:6b:c2:3c:62:25:
         03:83:4b:f9:6a:bd:85:14:87:d9:11:7b:24:46:ec:54:03:8a:
         fe:22:c0:08:44:40:b8:6e:ca:15:b8:e8:bf:40:8b:45:44:77:
         13:55:44:51:5b:e0:0b:2b:d8:38:d2:05:a4:61:8c:95:cc:d4:
         e2:68:29:42:38:0c:1c:2d:f6:73:86:53:3b:96:29:7a:23:a4:
         3c:db:37:4e
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAY0ccckR3il/648YtjRp27rIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTE4MTIwMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjAzMjIxZGRhMDQ0NDcxMTk5MWE2MGUwOWFlOWYzMmQ3ZjgxOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhumkNnO5bBwWzh+iSRhEF7XbU8ny
f31p6LFjGS4aWbSpMiCTDIrP6Y0yYnm3J0VSHV2lKCoQN0P39iFuRSGF50Pdt+9H
RNqn+22Il5NLpwVoq722FBYv4U3OPMY6M/nbM182PCm79wEZPhTis2C1TC22sFFY
7GsYarKdU7FsBkzfBFqlUE+LQDkqZEHOjBKfilVighaSvQdvOF1OJzeR0AvYAGB/
Sp6oqj8BV/O3OWcvRxiCsZewjutS1u09TnssZfiO19rprQbcJmKkW31OYZPQO3hq
nJgHS4nzRDH3OctHlV8dxPcfrJb4DRkloIS0S+QYs8VTNMs7lUbaQ34xkQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPsDIh3aBERxGZGmDgmunzLX+BijMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS13TWlIZG9FUkhFWmthWU9DYTZmTXRmNEdLTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBdBggrBgEFBQcBBwEB/wROMEwwSgQCAAEwRAMEAFGodwME
AlKZiDAMAwQCWdWUAwQAWdWgAwQBWdWkAwQCWdWsAwQAWdW0AwQAbbD6AwQAbbD9
AwQBuTF+AwQA1ZgqMA0GCSqGSIb3DQEBCwUAA4IBAQBysNAz2/XYQsZmizcdYu37
wd2oJkZHo0I5ZDMQyvN0qAYLDbfI2RjmJYcm9Ei/jt/GCAdcspsRtO8fsPLtG6lz
jDp/ZX50t8iZoWzcsGzhDDeAGTNyC7HpWisuIhjlCuS+d3+1Ki9u+jpdeydyTwMw
3fnExEbLk0JjDA/pHHvSK3fwdTXKb2RjJefZGZONibER0W7xrqxfOQoJ8ItkLuwI
PR1eAIKvBRu/rNsANss/a8I8YiUDg0v5ar2FFIfZEXskRuxUA4r+IsAIREC4bsoV
uOi/QItFRHcTVURRW+ALK9g40gWkYYyVzNTiaClCOAwcLfZzhlM7lil6I6Q82zdO
-----END CERTIFICATE-----