Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/20aLlheZ73dK07a_iBavAQKxiEw.roa
File:                     20aLlheZ73dK07a_iBavAQKxiEw.roa (raw, json)
Hash identifier:          +0Y3Shxv/xVhDJXDE4QbbZYLXnSHDRYZC9XjZ1YsY64=
Subject key identifier:   DB:46:8B:96:17:99:EF:77:4A:D3:B6:BF:88:16:AF:01:02:B1:88:4C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01885337C95692D09D6890B5ECAEBDB6B1DE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/20aLlheZ73dK07a_iBavAQKxiEw.roa
Signing time:             Thu 25 May 2023 14:02:24 +0000
ROA not before:           Thu 25 May 2023 14:02:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.68.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 26 May 2023 11:49:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:53:37:c9:56:92:d0:9d:68:90:b5:ec:ae:bd:b6:b1:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 25 14:02:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=db468b961799ef774ad3b6bf8816af0102b1884c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:69:a8:ec:db:72:66:37:a5:20:fb:78:a6:cf:
                    24:2f:19:b4:00:92:97:f8:19:8a:d0:8a:ae:ac:f1:
                    76:dd:65:7c:b1:51:04:17:ea:e9:60:06:ed:f6:50:
                    c7:f2:dc:19:9f:a2:59:66:27:f2:91:81:ae:57:7d:
                    bb:84:d6:8f:ad:d3:9d:21:ff:69:dc:69:5c:93:f0:
                    7a:78:0f:24:b7:bf:71:1b:d8:ec:62:52:a9:57:ce:
                    83:15:22:36:35:2d:13:bf:50:ae:75:f5:03:a6:26:
                    1a:a3:15:2b:3c:d3:a4:a6:85:e2:bd:e2:a4:e3:cb:
                    4e:48:fb:d2:04:c4:35:a2:fb:b8:97:e5:7d:2c:4d:
                    50:76:a7:ec:58:4d:ea:97:78:dc:33:ce:85:c5:3b:
                    f6:6a:13:9c:50:1e:53:72:cb:70:41:76:af:64:99:
                    af:d9:93:bd:b1:e0:3c:62:a4:7a:69:b9:29:d6:4b:
                    b7:b4:9f:a3:04:1d:38:ab:c8:51:80:bb:d4:0e:8c:
                    bc:7b:e3:2a:da:d4:c4:df:25:f9:88:74:a9:e6:12:
                    e6:99:73:b4:bc:73:bc:db:2c:a2:08:6c:9d:6f:03:
                    2f:96:d8:b3:1c:ee:cb:e1:2f:b9:25:f9:a8:e5:0e:
                    6a:52:b9:74:5d:ec:2b:62:20:4e:3e:38:0a:c0:d7:
                    fc:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:46:8B:96:17:99:EF:77:4A:D3:B6:BF:88:16:AF:01:02:B1:88:4C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/20aLlheZ73dK07a_iBavAQKxiEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.153.1.0/24
                  82.153.68.0/24
                  82.153.71.0-82.153.72.255
                  82.153.78.0/24
                  82.153.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:1a:ac:c8:da:09:d4:d8:71:00:bc:5b:5c:27:0c:b6:8e:a1:
         b4:28:9b:7a:09:da:2d:15:79:be:25:36:88:c4:9e:48:04:7d:
         ae:f0:66:15:37:a4:da:62:21:0e:ee:0a:46:c7:77:3e:92:56:
         d7:1c:53:24:62:dc:e3:6e:0c:58:65:ae:fa:d2:fe:28:a4:78:
         e3:e4:13:b8:fb:ac:61:02:59:56:ed:0b:eb:5a:f0:c3:f0:85:
         90:da:09:c9:10:6d:cd:80:ac:99:88:d0:9e:73:ee:c4:64:14:
         59:76:67:84:c3:56:28:71:24:78:6e:ea:bd:ad:67:17:94:70:
         7c:15:c0:85:26:e2:9e:fb:e8:a5:96:0f:83:c3:88:9a:d7:e7:
         0d:c7:71:e5:2d:70:0b:1d:4f:1b:8c:b8:90:39:06:3d:db:41:
         a3:cc:29:21:1d:24:aa:75:e1:99:04:f8:42:5a:37:21:a2:21:
         77:08:90:e9:29:68:90:63:68:08:bb:a6:31:05:df:5a:b8:97:
         60:db:6e:0a:d8:23:ce:ff:96:ed:ce:6f:c6:e0:ec:cf:d9:0f:
         8a:41:ab:32:af:29:aa:94:23:a4:9c:8a:ae:5f:17:cf:32:54:
         8a:cf:a9:90:27:87:ea:21:e1:72:dc:2b:cb:e8:c8:e7:36:7f:
         96:d0:b6:b5
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYhTN8lWktCdaJC17K69trHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTI1MTQwMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjQ2OGI5NjE3OTllZjc3NGFkM2I2YmY4ODE2YWYwMTAyYjE4ODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGmo7NtyZjelIPt4ps8kLxm0AJKX
+BmK0IqurPF23WV8sVEEF+rpYAbt9lDH8twZn6JZZifykYGuV327hNaPrdOdIf9p
3Glck/B6eA8kt79xG9jsYlKpV86DFSI2NS0Tv1CudfUDpiYaoxUrPNOkpoXiveKk
48tOSPvSBMQ1ovu4l+V9LE1QdqfsWE3ql3jcM86FxTv2ahOcUB5TcstwQXavZJmv
2ZO9seA8YqR6abkp1ku3tJ+jBB04q8hRgLvUDoy8e+Mq2tTE3yX5iHSp5hLmmXO0
vHO82yyiCGydbwMvltizHO7L4S+5Jfmo5Q5qUrl0XewrYiBOPjgKwNf88wIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFNtGi5YXme93StO2v4gWrwECsYhMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMjBhTGxoZVo3M2RLMDdhX2lCYXZBUUt4aUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAUagjMAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmQEDBABSmUQwDAMEAFKZRwMEAFKZ
SAMEAFKZTgMEAFKZhDANBgkqhkiG9w0BAQsFAAOCAQEAmBqsyNoJ1NhxALxbXCcM
to6htCibegnaLRV5viU2iMSeSAR9rvBmFTek2mIhDu4KRsd3PpJW1xxTJGLc424M
WGWu+tL+KKR44+QTuPusYQJZVu0L61rww/CFkNoJyRBtzYCsmYjQnnPuxGQUWXZn
hMNWKHEkeG7qva1nF5RwfBXAhSbinvvopZYPg8OImtfnDcdx5S1wCx1PG4y4kDkG
PdtBo8wpIR0kqnXhmQT4Qlo3IaIhdwiQ6SlokGNoCLumMQXfWriXYNtuCtgjzv+W
7c5vxuDsz9kPikGrMq8pqpQjpJyKrl8XzzJUis+pkCeH6iHhctwry+jI5zZ/ltC2
tQ==
-----END CERTIFICATE-----