Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2DVuagiYpJdjY7bDh6N8FMrSmFU.roa
File:                     2DVuagiYpJdjY7bDh6N8FMrSmFU.roa (raw, json)
Hash identifier:          L0jk3/azXpZaL+gdILoAr2LnBf0ghAc4GQA+kE6uHAg=
Subject key identifier:   D8:35:6E:6A:08:98:A4:97:63:63:B6:C3:87:A3:7C:14:CA:D2:98:55
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C90A4575C837736E5A663BB49810F93B5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2DVuagiYpJdjY7bDh6N8FMrSmFU.roa
Signing time:             Fri 22 Dec 2023 08:28:58 +0000
ROA not before:           Fri 22 Dec 2023 08:28:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.173.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.172.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 22 Dec 2023 13:30:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:90:a4:57:5c:83:77:36:e5:a6:63:bb:49:81:0f:93:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 22 08:28:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d8356e6a0898a4976363b6c387a37c14cad29855
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ed:81:5c:98:df:b3:2c:ab:6e:fc:8d:31:e1:
                    7a:62:5f:88:0c:ca:a3:05:aa:b4:b9:3c:b7:1c:91:
                    31:ba:d9:ec:7f:d6:22:85:f3:32:5e:53:b4:a4:3d:
                    12:aa:58:4f:b4:30:31:1a:b7:92:28:55:48:67:76:
                    c5:9f:c9:82:70:a6:f6:03:13:cd:27:08:e4:c8:87:
                    cf:1e:2c:e6:52:96:7e:5e:ff:03:b8:d7:7d:c7:61:
                    d0:2c:d0:fb:1f:b6:72:40:b0:6a:6b:3f:58:0b:06:
                    d7:96:06:0a:8f:13:cc:4f:ae:29:76:5f:bc:87:44:
                    3c:d4:91:5e:34:27:e8:81:6e:2e:2a:5f:1e:fe:40:
                    5b:75:03:89:6b:5f:30:22:e4:17:41:4f:d8:f8:1d:
                    e9:c0:8c:7e:cf:04:ef:34:83:23:4d:a6:b6:f8:e5:
                    a2:8a:bd:f7:71:a0:e3:fb:86:54:c5:91:c5:3d:5f:
                    68:1c:f5:fe:37:ae:f5:b7:78:92:34:b8:7a:db:50:
                    f7:4b:09:01:dd:14:bf:b7:89:dd:43:9d:fc:4f:68:
                    14:a0:c2:07:e6:e3:74:0e:43:5e:45:37:04:d4:e6:
                    ae:d2:2a:1c:93:3d:ee:b0:fb:83:de:d0:ff:1f:8e:
                    9d:a0:58:21:7f:23:90:ba:cc:46:db:df:47:44:f1:
                    b6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:35:6E:6A:08:98:A4:97:63:63:B6:C3:87:A3:7C:14:CA:D2:98:55
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2DVuagiYpJdjY7bDh6N8FMrSmFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.126.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:69:b4:c6:7d:49:dc:7b:e1:4d:e5:11:c0:39:53:6e:be:9f:
         59:0a:0a:10:64:4d:1c:7b:ed:70:6a:7e:e4:d4:ad:dc:47:1c:
         ef:29:0a:fc:94:ef:5e:da:fe:36:d2:f4:b5:6a:c0:88:98:9e:
         81:b0:67:3e:50:d2:c1:9a:ae:59:a2:93:1c:7a:5f:a1:b7:e6:
         e1:b1:0b:48:a2:e6:64:c3:6e:f4:d4:c5:46:5a:ac:c5:2b:27:
         87:17:d0:b6:5a:5f:d5:c7:99:ed:0d:8a:f1:5e:c8:44:6d:51:
         0b:90:30:15:28:ac:c7:48:04:bc:6c:9b:af:5a:24:b8:33:e3:
         07:c6:63:96:67:62:da:5a:c3:12:25:04:7c:54:d9:72:45:40:
         f5:29:64:99:16:6b:24:5b:73:65:9e:ae:87:2b:9b:d4:d4:4f:
         61:73:87:65:cc:9a:10:ef:52:c0:14:33:67:d5:34:67:10:69:
         8b:b0:c8:8e:5f:47:09:82:4a:f8:d8:18:a2:d9:e2:46:73:d9:
         46:6d:5e:8b:71:c8:6c:be:17:40:03:e9:3c:c8:8c:c6:62:9c:
         e9:b9:a0:de:b6:26:d8:13:34:03:27:0f:ab:72:66:00:69:56:
         f2:ec:e6:9b:8a:c2:3e:65:f2:20:7c:92:96:f0:5e:57:3b:1d:
         5a:ae:2e:5d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYyQpFdcg3c25aZju0mBD5O1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjIyMDgyODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODM1NmU2YTA4OThhNDk3NjM2M2I2YzM4N2EzN2MxNGNhZDI5ODU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO2BXJjfsyyrbvyNMeF6Yl+IDMqj
Baq0uTy3HJExutnsf9YihfMyXlO0pD0SqlhPtDAxGreSKFVIZ3bFn8mCcKb2AxPN
JwjkyIfPHizmUpZ+Xv8DuNd9x2HQLND7H7ZyQLBqaz9YCwbXlgYKjxPMT64pdl+8
h0Q81JFeNCfogW4uKl8e/kBbdQOJa18wIuQXQU/Y+B3pwIx+zwTvNIMjTaa2+OWi
ir33caDj+4ZUxZHFPV9oHPX+N671t3iSNLh621D3SwkB3RS/t4ndQ538T2gUoMIH
5uN0DkNeRTcE1Oau0iockz3usPuD3tD/H46doFghfyOQusxG299HRPG2MQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNg1bmoImKSXY2O2w4ejfBTK0phVMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMkRWdWFnaVlwSmRqWTdiRGg2TjhGTXJTbUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQA
Uah+AwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBACBptMZ9Sdx74U3lEcA5U26+n1kKChBkTRx77XBq
fuTUrdxHHO8pCvyU717a/jbS9LVqwIiYnoGwZz5Q0sGarlmikxx6X6G35uGxC0ii
5mTDbvTUxUZarMUrJ4cX0LZaX9XHme0NivFeyERtUQuQMBUorMdIBLxsm69aJLgz
4wfGY5ZnYtpawxIlBHxU2XJFQPUpZJkWayRbc2Werocrm9TUT2Fzh2XMmhDvUsAU
M2fVNGcQaYuwyI5fRwmCSvjYGKLZ4kZz2UZtXotxyGy+F0AD6TzIjMZinOm5oN62
JtgTNAMnD6tyZgBpVvLs5puKwj5l8iB8kpbwXlc7HVquLl0=
-----END CERTIFICATE-----