Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2jeRnJf1RMRB69fOrTei0zePD8w.roa
File:                     2jeRnJf1RMRB69fOrTei0zePD8w.roa (raw, json)
Hash identifier:          6TCIBHddKweh45CzDzHn5FhD8pWUhA47De7j2yoEZCk=
Subject key identifier:   DA:37:91:9C:97:F5:44:C4:41:EB:D7:CE:AD:37:A2:D3:37:8F:0F:CC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BADF15B07E0E7381A1C75FF4064D1D305
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2jeRnJf1RMRB69fOrTei0zePD8w.roa
Signing time:             Wed 08 Nov 2023 07:59:17 +0000
ROA not before:           Wed 08 Nov 2023 07:59:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.245.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 08 Nov 2023 08:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ad:f1:5b:07:e0:e7:38:1a:1c:75:ff:40:64:d1:d3:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  8 07:59:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da37919c97f544c441ebd7cead37a2d3378f0fcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:63:6b:86:25:4e:a5:88:5a:5a:0a:5f:8c:dd:
                    27:24:ec:04:4f:33:02:e6:d6:98:c3:06:d0:e4:cf:
                    2c:45:3c:2e:c6:3f:06:87:df:fc:71:d1:40:ba:da:
                    ce:d6:19:4d:6d:a3:c8:17:85:1b:91:d9:0d:42:7c:
                    fa:83:9a:ef:01:67:41:2d:ff:02:f8:43:ca:82:25:
                    88:b8:47:b7:8f:06:6f:ac:d1:37:62:c3:a6:95:ba:
                    d5:da:de:20:fc:3e:dc:ba:f8:49:f8:d3:43:4e:1a:
                    35:95:74:b1:e2:f6:af:4d:2d:23:a8:dc:6c:47:37:
                    90:17:af:49:d5:3e:47:77:22:32:1c:d3:4a:b6:cd:
                    57:1c:26:6d:d6:30:02:bd:b3:10:86:62:0a:43:4e:
                    42:0d:67:91:fb:7b:57:30:6e:8e:57:5f:1f:df:5a:
                    30:75:46:a4:6f:61:ff:8d:b9:8c:4e:33:c9:2d:e1:
                    79:4f:2f:7d:f1:98:23:28:76:46:30:79:c8:5e:83:
                    9f:4e:68:24:64:65:c6:ae:c2:e8:8d:b8:f8:c7:3e:
                    a0:9d:18:4a:e8:8e:d0:17:1b:40:ad:58:58:83:48:
                    9f:02:cd:f9:d1:a4:cb:20:27:1f:db:a5:88:4b:a6:
                    5e:d0:7a:e4:ff:e6:e5:fa:95:de:6c:42:0b:eb:34:
                    62:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:37:91:9C:97:F5:44:C4:41:EB:D7:CE:AD:37:A2:D3:37:8F:0F:CC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2jeRnJf1RMRB69fOrTei0zePD8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.148.0-89.213.159.255
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:ea:a9:21:7e:b5:9c:9c:19:c6:ca:43:f1:c8:67:10:a6:c9:
         e4:70:00:f8:17:8b:1a:05:34:d7:e1:46:8d:e7:48:f1:71:84:
         0a:12:b4:66:97:6e:25:f6:e6:94:d6:a9:da:65:b7:25:3b:af:
         6f:f1:76:40:d6:42:5e:92:c0:8e:67:ce:b8:61:b4:cb:c6:a9:
         f9:6b:31:56:db:04:ef:f5:d7:0d:90:3d:16:ee:1c:60:19:e3:
         e2:60:c9:4f:a6:33:03:c2:f3:7a:41:ef:52:f8:96:67:76:5d:
         66:3a:e3:40:ac:bf:c6:9d:53:0b:83:99:08:0e:70:5d:cd:66:
         12:43:6e:c9:e0:1d:87:46:cc:a5:b5:26:4f:65:5f:aa:40:e8:
         e2:d4:b2:d0:d5:7a:14:92:80:1f:e4:af:b5:7f:ef:3c:ee:17:
         f4:6b:a2:d2:a3:58:ed:a6:ed:47:46:59:8e:00:9f:36:c9:c3:
         1a:55:f3:48:6d:aa:9c:cc:16:af:73:bf:c6:8d:0c:57:56:36:
         66:b7:dc:6d:6b:f6:e9:a7:ff:9c:0a:ff:ce:aa:d0:7d:fb:d2:
         82:91:5e:e7:c7:9a:f3:c8:e2:84:3e:ac:42:1a:88:05:4f:f6:
         5d:8e:92:9a:80:d0:6c:af:c7:4c:d7:1f:d8:02:e1:c9:47:9c:
         62:97:8b:b1
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYut8VsH4Oc4Ghx1/0Bk0dMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTA4MDc1OTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTM3OTE5Yzk3ZjU0NGM0NDFlYmQ3Y2VhZDM3YTJkMzM3OGYwZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomNrhiVOpYhaWgpfjN0nJOwETzMC
5taYwwbQ5M8sRTwuxj8Gh9/8cdFAutrO1hlNbaPIF4UbkdkNQnz6g5rvAWdBLf8C
+EPKgiWIuEe3jwZvrNE3YsOmlbrV2t4g/D7cuvhJ+NNDTho1lXSx4vavTS0jqNxs
RzeQF69J1T5HdyIyHNNKts1XHCZt1jACvbMQhmIKQ05CDWeR+3tXMG6OV18f31ow
dUakb2H/jbmMTjPJLeF5Ty998ZgjKHZGMHnIXoOfTmgkZGXGrsLojbj4xz6gnRhK
6I7QFxtArVhYg0ifAs350aTLICcf26WIS6Ze0Hrk/+bl+pXebEIL6zRi/wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNo3kZyX9UTEQevXzq03otM3jw/MMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMmplUm5KZjFSTVJCNjlmT3JUZWkwemVQRDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQA
Uah7AwQCUpmIAwQAUpn1MAwDBAJZ1ZQDBAVZ1YADBAJZ1bQDBABtsPgDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBAA7qqSF+tZycGcbKQ/HIZxCmyeRwAPgX
ixoFNNfhRo3nSPFxhAoStGaXbiX25pTWqdpltyU7r2/xdkDWQl6SwI5nzrhhtMvG
qflrMVbbBO/11w2QPRbuHGAZ4+JgyU+mMwPC83pB71L4lmd2XWY640Csv8adUwuD
mQgOcF3NZhJDbsngHYdGzKW1Jk9lX6pA6OLUstDVehSSgB/kr7V/7zzuF/RrotKj
WO2m7UdGWY4AnzbJwxpV80htqpzMFq9zv8aNDFdWNma33G1r9umn/5wK/86q0H37
0oKRXufHmvPI4oQ+rEIaiAVP9l2OkpqA0Gyvx0zXH9gC4clHnGKXi7E=
-----END CERTIFICATE-----