Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1tkpU0LKuFEvCgxmUvA7JDt3jeM.roa
File:                     1tkpU0LKuFEvCgxmUvA7JDt3jeM.roa (raw, json)
Hash identifier:          SAIkiW5jJaaWxxi/QI0EvcgGOgGXgu02y728Z9wg7EY=
Subject key identifier:   D6:D9:29:53:42:CA:B8:51:2F:0A:0C:66:52:F0:3B:24:3B:77:8D:E3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E51ED22C67B825C0F01B2EA8D61F7294A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1tkpU0LKuFEvCgxmUvA7JDt3jeM.roa
Signing time:             Mon 18 Mar 2024 14:17:59 +0000
ROA not before:           Mon 18 Mar 2024 14:17:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.126.0/24 maxlen: 24
                          82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 19 Mar 2024 07:37:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:ed:22:c6:7b:82:5c:0f:01:b2:ea:8d:61:f7:29:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 18 14:17:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6d9295342cab8512f0a0c6652f03b243b778de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5d:91:84:31:28:28:09:d4:43:7f:0f:02:dc:
                    0b:5a:3a:e6:7d:dd:5a:6b:05:ab:c0:d4:e7:cc:5d:
                    53:10:35:d9:c2:f3:f1:ae:e2:be:39:ec:37:0b:aa:
                    62:9e:ca:6b:19:f1:78:d1:71:71:70:28:0c:80:0a:
                    33:31:ff:44:fc:ce:38:83:72:c0:b4:c6:81:97:c0:
                    0d:8a:e6:01:2f:ab:cc:b5:f6:b9:32:57:f0:60:cc:
                    be:7f:40:0d:ea:a9:06:ef:e8:b9:5b:59:5f:1d:3f:
                    71:06:80:a2:83:f3:1e:fb:0d:c9:20:d6:2e:d6:d7:
                    d3:c8:2c:09:30:b0:0d:a2:1a:50:ed:34:28:77:ef:
                    9e:93:15:af:0c:8e:9e:1b:98:36:7d:8c:5c:79:e9:
                    5d:b4:82:39:cb:3c:60:e5:a7:d5:7a:e8:04:23:ab:
                    7b:41:0b:b9:4f:df:ff:c2:73:7e:af:d1:bb:b4:c5:
                    b5:c7:7c:33:8a:b2:c0:b4:bc:f6:1b:0b:81:d2:26:
                    27:31:8c:dc:be:67:55:f7:a4:45:a4:35:e5:7c:e8:
                    2c:a0:13:a2:26:54:88:d6:c4:22:5b:bc:4a:34:9d:
                    2c:6f:76:4e:62:08:eb:c1:89:84:c4:ca:36:50:d4:
                    0f:50:89:ee:44:fd:22:63:e5:ad:5e:c0:76:fe:ef:
                    c1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D9:29:53:42:CA:B8:51:2F:0A:0C:66:52:F0:3B:24:3B:77:8D:E3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1tkpU0LKuFEvCgxmUvA7JDt3jeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  82.152.176.0/23
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.245.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:ff:6a:c0:3b:c5:a8:59:12:a9:bd:4b:49:3c:41:5c:9a:26:
         f2:4f:dc:74:7e:9b:88:ed:69:58:27:6b:d6:46:a5:45:b0:5c:
         6d:08:d2:b2:04:34:97:cb:ce:91:25:27:16:5b:af:9e:3e:fd:
         1a:7c:71:68:d8:3f:bc:93:75:2f:23:72:1d:15:3c:da:c8:98:
         35:e6:3c:42:b8:7c:65:88:1c:d9:2b:9a:8d:78:d7:5b:12:1a:
         33:58:b1:d1:bf:99:20:19:24:33:19:d8:8d:d6:89:47:09:47:
         92:00:c4:84:f5:9a:1f:9d:11:5d:6f:c8:a4:91:f4:af:af:fa:
         02:59:21:ab:56:6e:9d:ac:1c:0c:e0:b5:6a:9f:89:82:2c:85:
         47:a9:5d:2d:61:d9:7d:f3:d1:ec:c5:e0:ca:22:20:2f:36:94:
         01:e2:51:a3:ef:42:1b:9e:32:fb:d1:e9:6b:2d:f8:00:26:54:
         73:af:06:d5:ba:71:8d:20:90:d3:d7:d5:9c:17:1c:45:d6:ff:
         30:58:d2:a7:50:4a:a9:63:96:ca:bc:29:d7:af:ff:a0:c7:b2:
         00:1b:39:87:b1:db:52:39:7d:9b:d9:18:d9:2a:c7:78:ef:8c:
         12:dd:54:22:b2:c5:b6:05:21:f9:05:3d:49:4d:48:c5:ba:56:
         9f:05:e0:53
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY5R7SLGe4JcDwGy6o1h9ylKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzE4MTQxNzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQ5Mjk1MzQyY2FiODUxMmYwYTBjNjY1MmYwM2IyNDNiNzc4ZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmF2RhDEoKAnUQ38PAtwLWjrmfd1a
awWrwNTnzF1TEDXZwvPxruK+Oew3C6pinsprGfF40XFxcCgMgAozMf9E/M44g3LA
tMaBl8ANiuYBL6vMtfa5MlfwYMy+f0AN6qkG7+i5W1lfHT9xBoCig/Me+w3JINYu
1tfTyCwJMLANohpQ7TQod++ekxWvDI6eG5g2fYxceeldtII5yzxg5afVeugEI6t7
QQu5T9//wnN+r9G7tMW1x3wzirLAtLz2GwuB0iYnMYzcvmdV96RFpDXlfOgsoBOi
JlSI1sQiW7xKNJ0sb3ZOYgjrwYmExMo2UNQPUInuRP0iY+WtXsB2/u/BEQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNbZKVNCyrhRLwoMZlLwOyQ7d43jMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMXRrcFUwTEt1RkV2Q2d4bVV2QTdKRHQzamVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAUah+AwQB
UpiwAwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBABtsPUD
BAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAEr/asA7xahZEqm9S0k8QVya
JvJP3HR+m4jtaVgna9ZGpUWwXG0I0rIENJfLzpElJxZbr54+/Rp8cWjYP7yTdS8j
ch0VPNrImDXmPEK4fGWIHNkrmo1411sSGjNYsdG/mSAZJDMZ2I3WiUcJR5IAxIT1
mh+dEV1vyKSR9K+v+gJZIatWbp2sHAzgtWqfiYIshUepXS1h2X3z0ezF4MoiIC82
lAHiUaPvQhueMvvR6Wst+AAmVHOvBtW6cY0gkNPX1ZwXHEXW/zBY0qdQSqljlsq8
Kdev/6DHsgAbOYex21I5fZvZGNkqx3jvjBLdVCKyxbYFIfkFPUlNSMW6Vp8F4FM=
-----END CERTIFICATE-----