Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4y7HziKxmuDhJMdfRpyXOj8xA8w.roa
File:                     4y7HziKxmuDhJMdfRpyXOj8xA8w.roa (raw, json)
Hash identifier:          kzaS3aoXDbB1uJsqLstR5moRzbXWFNtq0bCVndrL3ho=
Subject key identifier:   E3:2E:C7:CE:22:B1:9A:E0:E1:24:C7:5F:46:9C:97:3A:3F:31:03:CC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CAB1968E15D19F01474454A64420F6A8A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4y7HziKxmuDhJMdfRpyXOj8xA8w.roa
Signing time:             Wed 27 Dec 2023 11:46:58 +0000
ROA not before:           Wed 27 Dec 2023 11:46:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.181.0/24 maxlen: 24
                          89.213.191.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          89.213.147.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 28 Dec 2023 17:10:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ab:19:68:e1:5d:19:f0:14:74:45:4a:64:42:0f:6a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 27 11:46:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e32ec7ce22b19ae0e124c75f469c973a3f3103cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:01:ad:22:d3:41:8a:f4:13:4c:00:cc:ac:77:
                    83:fa:ae:ac:cd:2a:aa:37:8b:cf:c2:1c:91:98:3d:
                    a2:90:94:8d:ff:48:21:72:94:91:12:d0:fc:15:c8:
                    25:e2:5d:48:63:a7:a3:7e:ee:0b:8e:1c:d9:34:ee:
                    e8:cd:11:e3:ef:c1:e8:13:c3:d8:c3:ee:8f:25:ae:
                    e8:f2:24:66:62:0d:f6:0e:83:50:7e:4c:40:8f:90:
                    56:56:fb:02:5d:0c:f1:bc:3b:d9:7b:cc:07:2a:3b:
                    42:f1:55:9e:f3:ea:53:55:6f:a1:08:44:61:e5:b6:
                    b1:86:84:18:dc:b5:ad:07:67:b7:95:5d:01:39:79:
                    5d:e5:7b:c7:5a:16:cd:1b:74:d7:2a:dc:56:48:17:
                    e0:7f:37:7b:c5:17:1e:17:82:5d:99:ad:84:7a:8f:
                    f9:71:b9:65:97:d5:11:30:bc:5d:aa:ca:94:92:b0:
                    d2:c5:26:09:33:6d:b2:7c:0b:0c:2e:85:c6:5e:e3:
                    98:65:9f:d6:69:8e:a8:29:b2:43:16:46:7d:72:86:
                    b1:38:b0:1c:c8:20:dc:77:4b:e0:1e:64:96:43:ca:
                    66:34:b1:d3:22:82:da:e9:7d:9b:0d:d5:77:2f:24:
                    60:a3:99:ae:84:dd:aa:c4:79:55:88:26:cb:ef:b2:
                    06:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:2E:C7:CE:22:B1:9A:E0:E1:24:C7:5F:46:9C:97:3A:3F:31:03:CC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4y7HziKxmuDhJMdfRpyXOj8xA8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  89.213.131.0/24
                  89.213.147.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/23
                  89.213.191.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:65:d5:16:60:00:6b:ab:95:da:9a:cd:9c:ce:51:b1:34:67:
         c0:fe:6a:6a:87:ca:39:76:9e:79:a3:45:d3:bf:84:c3:4d:4a:
         8b:7b:22:6e:57:5e:07:6b:d7:2b:60:c5:ae:a6:e9:ac:8a:69:
         fa:ed:ce:ad:66:87:5b:ce:0e:1c:eb:b5:85:cc:ad:ae:c8:cc:
         83:0f:a7:06:dd:d5:23:16:eb:c0:08:cc:a4:f9:ba:b2:ec:91:
         d9:39:97:18:c6:68:98:97:68:77:a6:fe:bb:79:7b:1e:86:d3:
         3b:c1:74:78:d7:6a:76:0c:36:26:d8:ef:3c:f2:3c:12:24:01:
         5f:45:db:c1:52:7c:cd:8e:fe:d1:d2:5f:c1:42:96:d3:55:ae:
         a7:94:1c:f0:2e:0f:c7:58:e3:6e:34:16:19:3b:c8:38:8f:0d:
         d9:0a:02:5c:ae:b7:cc:a8:c7:b9:1c:35:ed:e7:46:c3:29:95:
         49:9c:af:42:b1:bc:b0:92:f4:a1:9d:4a:3a:33:d0:39:82:1c:
         c1:5b:0a:13:df:97:2c:0b:2c:ae:ef:c7:46:48:3c:12:77:45:
         19:90:a0:95:d4:70:d1:77:ef:3f:6b:0f:1e:7e:ed:ac:82:0a:
         e3:f1:34:9f:63:d7:4a:1c:d0:90:aa:90:a5:e3:98:3b:44:22:
         61:e5:a0:10
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYyrGWjhXRnwFHRFSmRCD2qKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjI3MTE0NjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzJlYzdjZTIyYjE5YWUwZTEyNGM3NWY0NjljOTczYTNmMzEwM2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAGtItNBivQTTADMrHeD+q6szSqq
N4vPwhyRmD2ikJSN/0ghcpSREtD8Fcgl4l1IY6ejfu4LjhzZNO7ozRHj78HoE8PY
w+6PJa7o8iRmYg32DoNQfkxAj5BWVvsCXQzxvDvZe8wHKjtC8VWe8+pTVW+hCERh
5baxhoQY3LWtB2e3lV0BOXld5XvHWhbNG3TXKtxWSBfgfzd7xRceF4Jdma2Eeo/5
cblll9URMLxdqsqUkrDSxSYJM22yfAsMLoXGXuOYZZ/WaY6oKbJDFkZ9coaxOLAc
yCDcd0vgHmSWQ8pmNLHTIoLa6X2bDdV3LyRgo5muhN2qxHlViCbL77IGawIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFOMux84isZrg4STHX0aclzo/MQPMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNHk3SHppS3htdURoSk1kZlJweVhPajh4QTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQC
UpmIAwQAWdWDMAwDBABZ1ZMDBAVZ1YADBAJZ1awDBAFZ1bQDBABZ1b8DBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBABpl1RZgAGurldqazZzOUbE0Z8D+amqH
yjl2nnmjRdO/hMNNSot7Im5XXgdr1ytgxa6m6ayKafrtzq1mh1vODhzrtYXMra7I
zIMPpwbd1SMW68AIzKT5urLskdk5lxjGaJiXaHem/rt5ex6G0zvBdHjXanYMNibY
7zzyPBIkAV9F28FSfM2O/tHSX8FCltNVrqeUHPAuD8dY4240Fhk7yDiPDdkKAlyu
t8yox7kcNe3nRsMplUmcr0KxvLCS9KGdSjoz0DmCHMFbChPflywLLK7vx0ZIPBJ3
RRmQoJXUcNF37z9rDx5+7ayCCuPxNJ9j10oc0JCqkKXjmDtEImHloBA=
-----END CERTIFICATE-----