Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5HCDFK7CyEBmvXPRdJzl030nmo4.roa
File:                     5HCDFK7CyEBmvXPRdJzl030nmo4.roa (raw, json)
Hash identifier:          w3S5grzxvFJcr+RHGIresgz/ejq7VaiZ2HtQGqjqoOA=
Subject key identifier:   E4:70:83:14:AE:C2:C8:40:66:BD:73:D1:74:9C:E5:D3:7D:27:9A:8E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018DD19831B07F35A0A0157A7A4FC1FA5557
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5HCDFK7CyEBmvXPRdJzl030nmo4.roa
Signing time:             Thu 22 Feb 2024 16:13:48 +0000
ROA not before:           Thu 22 Feb 2024 16:13:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.153.242.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 23 Feb 2024 08:42:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:98:31:b0:7f:35:a0:a0:15:7a:7a:4f:c1:fa:55:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb 22 16:13:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4708314aec2c84066bd73d1749ce5d37d279a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:59:93:cb:96:4e:28:62:ef:fe:f3:c8:40:1d:
                    6c:b6:4f:f1:77:35:21:34:ad:2c:d4:53:71:21:18:
                    a0:64:10:ef:63:e1:b4:c1:2b:48:21:df:75:ab:ca:
                    e0:fc:0b:54:88:53:11:c1:50:24:47:87:fc:01:91:
                    94:68:23:a2:8b:a8:cd:98:8c:81:18:85:a0:33:1d:
                    94:99:24:a9:d6:2d:31:78:2f:76:8c:78:4c:07:58:
                    ff:ce:ed:7f:3d:c2:94:1c:4d:81:ec:e9:f7:42:bf:
                    1b:2c:60:aa:03:e6:5b:4e:f5:a7:08:92:40:2b:7a:
                    c7:02:5e:0b:7e:46:72:41:e0:36:e7:e6:8e:d2:02:
                    5c:d7:6e:e7:5d:3f:b8:df:3c:ac:7a:d5:55:b1:96:
                    ae:a9:f6:ca:e7:3b:b2:a4:b7:f7:8a:0b:05:a9:97:
                    f7:f1:9b:91:3a:17:21:b9:ff:5c:6f:70:66:4c:f7:
                    dc:55:19:04:1e:00:2a:00:0a:b7:b6:f5:cb:e5:48:
                    d7:c1:8a:5c:20:c2:cc:b7:a8:89:f3:af:d9:59:16:
                    36:d0:be:01:d0:e1:a8:8e:a9:d7:5a:75:ee:8c:bf:
                    fd:32:f2:3f:50:e4:95:d3:bb:9a:dc:52:45:93:6e:
                    0a:6c:d9:20:d9:2e:a5:aa:54:c0:75:7a:58:16:b4:
                    53:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:70:83:14:AE:C2:C8:40:66:BD:73:D1:74:9C:E5:D3:7D:27:9A:8E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5HCDFK7CyEBmvXPRdJzl030nmo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.136.0/22
                  82.153.242.0/24
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:f5:ef:34:10:3d:c3:e3:99:57:4a:9c:91:32:78:01:1e:da:
         57:e1:6c:d0:47:6c:79:96:ab:0d:ba:41:a3:75:e4:b7:af:ba:
         c7:d7:ad:0a:35:36:f0:76:20:6e:5d:c6:b1:ca:fc:2b:4a:93:
         49:3e:cf:69:e1:cf:fb:b8:82:c0:67:5a:b2:15:5e:ec:94:a1:
         c8:00:9a:5d:53:a1:65:6b:be:b9:de:50:8f:ff:6b:e3:1a:e0:
         77:fb:8c:9e:a9:ad:eb:bf:63:f2:2c:22:b4:87:e0:16:c1:59:
         ae:6f:dc:22:11:2a:f2:e0:7a:51:4b:77:de:8d:31:a6:92:a3:
         e2:41:bd:d6:a2:8c:8e:d9:5f:2d:dd:6a:49:9d:b6:5f:a5:4d:
         2c:a4:16:5f:6e:41:ec:d4:17:0f:33:46:67:c9:11:a4:41:7c:
         0c:60:62:4f:d3:df:ba:cb:ea:11:81:08:26:77:aa:38:42:60:
         50:9b:a2:3d:cf:7b:e2:57:68:6c:56:5d:ce:5f:40:ca:6f:66:
         94:2c:3a:e4:f2:e0:a0:57:c5:4e:89:28:46:ab:3d:1d:94:e4:
         37:d7:4a:e6:ae:9e:92:1b:37:36:11:f6:fd:37:4f:cd:07:0d:
         2e:ec:c2:d7:9e:61:1a:28:07:3c:5c:96:80:f3:97:c0:18:69:
         af:66:8e:d2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY3RmDGwfzWgoBV6ek/B+lVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjIyMTYxMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDcwODMxNGFlYzJjODQwNjZiZDczZDE3NDljZTVkMzdkMjc5YThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFmTy5ZOKGLv/vPIQB1stk/xdzUh
NK0s1FNxIRigZBDvY+G0wStIId91q8rg/AtUiFMRwVAkR4f8AZGUaCOii6jNmIyB
GIWgMx2UmSSp1i0xeC92jHhMB1j/zu1/PcKUHE2B7On3Qr8bLGCqA+ZbTvWnCJJA
K3rHAl4LfkZyQeA25+aO0gJc127nXT+43zysetVVsZauqfbK5zuypLf3igsFqZf3
8ZuROhchuf9cb3BmTPfcVRkEHgAqAAq3tvXL5UjXwYpcIMLMt6iJ86/ZWRY20L4B
0OGojqnXWnXujL/9MvI/UOSV07ua3FJFk24KbNkg2S6lqlTAdXpYFrRTnwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFORwgxSuwshAZr1z0XSc5dN9J5qOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNUhDREZLN0N5RUJtdlhQUmRKemwwMzBubW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCUpmIAwQA
UpnyMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAJj17zQQPcPjmVdKnJEyeAEe2lfhbNBHbHmWqw26
QaN15LevusfXrQo1NvB2IG5dxrHK/CtKk0k+z2nhz/u4gsBnWrIVXuyUocgAml1T
oWVrvrneUI//a+Ma4Hf7jJ6preu/Y/IsIrSH4BbBWa5v3CIRKvLgelFLd96NMaaS
o+JBvdaijI7ZXy3dakmdtl+lTSykFl9uQezUFw8zRmfJEaRBfAxgYk/T37rL6hGB
CCZ3qjhCYFCboj3Pe+JXaGxWXc5fQMpvZpQsOuTy4KBXxU6JKEarPR2U5DfXSuau
npIbNzYR9v03T80HDS7swteeYRooBzxcloDzl8AYaa9mjtI=
-----END CERTIFICATE-----