Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4acl0STKHS2YkEJmVbsKYnzYwkA.roa
File:                     4acl0STKHS2YkEJmVbsKYnzYwkA.roa (raw, json)
Hash identifier:          DaeIIigPBjHPB/xyDxpnJR3XvBtgmufraRKR0GzvVoI=
Subject key identifier:   E1:A7:25:D1:24:CA:1D:2D:98:90:42:66:55:BB:0A:62:7C:D8:C2:40
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D56022D27CE8C54F6906D628D9BB0EB54
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4acl0STKHS2YkEJmVbsKYnzYwkA.roa
Signing time:             Mon 29 Jan 2024 16:16:39 +0000
ROA not before:           Mon 29 Jan 2024 16:16:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.119.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.220.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 Jan 2024 08:39:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:56:02:2d:27:ce:8c:54:f6:90:6d:62:8d:9b:b0:eb:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 29 16:16:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1a725d124ca1d2d9890426655bb0a627cd8c240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:26:4b:ec:de:d0:60:a7:ea:6b:3e:3b:4b:a3:
                    7a:37:b9:26:58:5a:b9:90:ed:2e:2d:0c:d2:12:9f:
                    9e:98:4d:85:63:8d:97:14:77:29:15:7d:a7:00:fe:
                    c3:f2:10:fe:82:e7:2d:e5:a4:d4:de:2e:5a:16:36:
                    e8:2c:ec:d3:e8:a4:fd:81:c7:72:a5:ce:49:67:af:
                    bc:94:df:b7:c9:9d:59:17:72:4f:4f:21:72:d3:33:
                    e9:88:b5:37:ef:21:ab:18:51:58:07:21:bf:f3:b6:
                    c0:2b:c3:29:b2:b5:41:27:e4:81:a5:f0:7d:e5:ac:
                    f3:62:e4:e1:0f:58:73:6d:1d:a4:d4:5d:b3:c4:a8:
                    ad:f8:08:1d:f8:4c:a4:e7:d7:14:a8:ad:b8:85:14:
                    23:cc:e9:0c:06:30:38:b5:21:f0:a4:2a:99:bc:21:
                    cb:fc:c2:2a:a0:2c:fe:69:ac:21:82:63:67:48:64:
                    00:dc:7f:be:e5:35:83:d4:89:a9:bd:b4:c7:ce:65:
                    cb:02:d3:29:6d:fe:e5:34:a7:e2:11:3e:1f:1d:db:
                    6d:be:29:c7:72:26:23:e9:b7:5f:83:02:87:fd:46:
                    5f:f1:4f:5e:cc:4e:b4:95:73:bc:71:d0:bb:ef:f8:
                    d0:19:ee:73:41:54:7d:44:a0:8f:12:5b:b8:77:cc:
                    df:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A7:25:D1:24:CA:1D:2D:98:90:42:66:55:BB:0A:62:7C:D8:C2:40
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4acl0STKHS2YkEJmVbsKYnzYwkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  82.153.220.0/24
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:b9:bf:3b:c4:96:bd:6b:73:70:70:88:b1:77:d1:7d:98:24:
         88:0b:19:a2:f9:e9:00:de:b7:4d:ed:e6:48:e6:d4:19:d3:f0:
         e3:2b:47:30:47:ad:3f:56:a5:64:51:ce:e9:62:3b:5a:7d:d4:
         df:ae:f1:40:9d:cf:6f:57:b6:5e:44:3d:4f:1e:b9:88:6a:c0:
         45:02:d2:af:b7:90:84:82:31:12:fc:49:17:87:7a:d2:ac:50:
         60:a6:56:b8:26:04:d2:11:1f:88:57:d7:a5:51:4b:72:d8:19:
         c9:e3:fb:8f:01:19:de:6f:09:42:3d:46:85:8b:b4:40:90:de:
         3d:bd:99:65:e1:d2:90:dd:7c:5a:f7:9b:14:c8:ff:f3:7a:bc:
         0e:14:2a:6d:8c:7d:84:bb:6e:c5:e0:ec:61:aa:e0:6a:8a:0a:
         b8:14:f7:2c:e5:a9:23:34:99:7b:62:9e:91:89:db:b9:78:4a:
         1e:d3:72:d6:7f:df:20:0c:38:34:74:ac:ea:b9:ef:db:c7:24:
         73:bc:e0:f6:9f:17:de:9f:08:d0:0a:8d:28:14:eb:f5:79:c2:
         ef:90:f7:fd:47:9f:8b:a6:83:83:95:dd:47:eb:9a:09:c1:8a:
         6e:5d:59:64:ad:d0:e8:01:c5:04:d4:80:04:fe:2b:56:a6:63:
         fc:b5:70:a6
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY1WAi0nzoxU9pBtYo2bsOtUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTI5MTYxNjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWE3MjVkMTI0Y2ExZDJkOTg5MDQyNjY1NWJiMGE2MjdjZDhjMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiZL7N7QYKfqaz47S6N6N7kmWFq5
kO0uLQzSEp+emE2FY42XFHcpFX2nAP7D8hD+guct5aTU3i5aFjboLOzT6KT9gcdy
pc5JZ6+8lN+3yZ1ZF3JPTyFy0zPpiLU37yGrGFFYByG/87bAK8MpsrVBJ+SBpfB9
5azzYuThD1hzbR2k1F2zxKit+Agd+Eyk59cUqK24hRQjzOkMBjA4tSHwpCqZvCHL
/MIqoCz+aawhgmNnSGQA3H++5TWD1ImpvbTHzmXLAtMpbf7lNKfiET4fHdttvinH
ciYj6bdfgwKH/UZf8U9ezE60lXO8cdC77/jQGe5zQVR9RKCPElu4d8zfLwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFOGnJdEkyh0tmJBCZlW7CmJ82MJAMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNGFjbDBTVEtIUzJZa0VKbVZic0tZbnpZd2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQC
UpmIAwQAUpncMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBAD65vzvElr1rc3BwiLF30X2YJIgLGaL5
6QDet03t5kjm1BnT8OMrRzBHrT9WpWRRzuliO1p91N+u8UCdz29Xtl5EPU8euYhq
wEUC0q+3kISCMRL8SReHetKsUGCmVrgmBNIRH4hX16VRS3LYGcnj+48BGd5vCUI9
RoWLtECQ3j29mWXh0pDdfFr3mxTI//N6vA4UKm2MfYS7bsXg7GGq4GqKCrgU9yzl
qSM0mXtinpGJ27l4Sh7TctZ/3yAMODR0rOq579vHJHO84PafF96fCNAKjSgU6/V5
wu+Q9/1Hn4umg4OV3UfrmgnBim5dWWSt0OgBxQTUgAT+K1amY/y1cKY=
-----END CERTIFICATE-----