Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6M-y8GaAfdhq6hNOq3Uhu8ohSmU.roa
File:                     6M-y8GaAfdhq6hNOq3Uhu8ohSmU.roa (raw, json)
Hash identifier:          o7UfHO/48oNVLUIR7OhOMB1BbkacfGG32BGYV7A5mFY=
Subject key identifier:   E8:CF:B2:F0:66:80:7D:D8:6A:EA:13:4E:AB:75:21:BB:CA:21:4A:65
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BFB65E98DA0DD7FCBCADFB25874AB7CBA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6M-y8GaAfdhq6hNOq3Uhu8ohSmU.roa
Signing time:             Thu 23 Nov 2023 08:57:22 +0000
ROA not before:           Thu 23 Nov 2023 08:57:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          82.153.227.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          89.213.182.0/23 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          82.153.10.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 24 Nov 2023 08:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:fb:65:e9:8d:a0:dd:7f:cb:ca:df:b2:58:74:ab:7c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 23 08:57:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e8cfb2f066807dd86aea134eab7521bbca214a65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b7:3f:0e:89:b8:ae:e7:99:64:68:18:84:34:
                    57:22:7d:b7:55:26:4e:a5:5c:91:4d:88:40:53:35:
                    c6:a9:08:66:d2:74:df:23:67:fb:07:43:b1:a9:7d:
                    ab:65:1a:67:d1:62:36:18:f7:5b:bc:4b:d3:f3:94:
                    72:1e:59:c6:98:1f:14:fe:e1:04:59:91:ef:6b:f9:
                    60:4a:c1:f2:04:f9:eb:7d:a2:2e:28:18:ee:3d:bf:
                    73:8c:f2:4b:4b:a8:13:2c:14:31:7d:33:a7:80:e6:
                    db:99:4d:51:89:45:d3:4f:9f:ff:b5:b1:22:93:91:
                    0b:82:0e:62:9d:16:9a:ec:b3:9f:0b:ea:d0:92:f5:
                    53:25:84:22:d3:66:b0:af:67:c9:d5:40:c5:c8:6b:
                    57:c1:81:9e:e8:28:08:17:c9:09:0c:1c:f2:fc:13:
                    c8:25:62:6d:bd:13:0d:bd:2a:14:22:c9:c0:38:fa:
                    b4:fe:26:df:20:64:fb:91:b6:e6:44:7b:7a:40:2e:
                    5c:18:85:4b:39:89:c5:a1:8a:05:f7:e9:ef:41:98:
                    f7:84:05:f5:ee:5f:fb:f1:e8:36:37:10:db:23:96:
                    e2:a8:26:b6:73:f8:4b:8b:04:67:f0:3a:9f:39:dc:
                    82:8f:26:a4:aa:5e:7d:ae:96:bf:2a:1f:31:fc:d5:
                    5e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:CF:B2:F0:66:80:7D:D8:6A:EA:13:4E:AB:75:21:BB:CA:21:4A:65
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6M-y8GaAfdhq6hNOq3Uhu8ohSmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.1.0/24
                  82.153.10.0/24
                  82.153.136.0/22
                  82.153.227.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:02:e8:a4:ce:a3:ca:d0:3b:b8:88:67:85:bf:13:4b:a2:95:
         ac:d3:84:d5:6d:17:a3:f8:c0:68:b2:fb:28:7e:cc:95:42:04:
         a2:3c:41:53:46:a1:69:98:27:b3:b9:4e:2c:6c:21:33:29:52:
         e5:4d:7d:f1:31:52:83:44:1a:4e:93:1c:59:44:9b:f1:79:67:
         3d:80:d8:67:23:56:5a:09:74:d0:a5:8c:d1:93:cb:1a:5c:6b:
         40:c2:7d:7f:5f:25:a5:5b:63:b9:5c:d3:b8:54:a3:15:9b:87:
         13:0b:ad:bd:86:a6:96:7a:ff:5c:b3:d6:c9:71:e3:bb:72:8b:
         b6:82:c2:94:3b:15:55:04:cb:09:ed:89:41:5f:61:cb:00:14:
         66:d3:4e:1a:1e:20:16:8d:35:80:d4:f3:01:84:41:f7:77:0c:
         19:60:e1:20:18:23:04:6d:84:cb:3a:79:2d:ca:d0:4d:03:0b:
         a9:82:6b:d4:41:8c:28:7f:b8:e0:89:90:6e:a7:2a:c0:76:26:
         d3:a1:17:18:15:0d:24:8b:57:4d:4d:24:ee:4e:fb:54:28:77:
         e7:77:24:63:5c:fe:d4:c4:1e:c0:09:78:7a:98:5a:0b:de:4d:
         48:7f:95:ab:98:f4:90:6e:60:ce:e8:e4:96:a8:2a:0e:7f:0a:
         a8:3b:b5:b5
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYv7ZemNoN1/y8rfslh0q3y6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTIzMDg1NzIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGNmYjJmMDY2ODA3ZGQ4NmFlYTEzNGVhYjc1MjFiYmNhMjE0YTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbc/Dom4rueZZGgYhDRXIn23VSZO
pVyRTYhAUzXGqQhm0nTfI2f7B0OxqX2rZRpn0WI2GPdbvEvT85RyHlnGmB8U/uEE
WZHva/lgSsHyBPnrfaIuKBjuPb9zjPJLS6gTLBQxfTOngObbmU1RiUXTT5//tbEi
k5ELgg5inRaa7LOfC+rQkvVTJYQi02awr2fJ1UDFyGtXwYGe6CgIF8kJDBzy/BPI
JWJtvRMNvSoUIsnAOPq0/ibfIGT7kbbmRHt6QC5cGIVLOYnFoYoF9+nvQZj3hAX1
7l/78eg2NxDbI5biqCa2c/hLiwRn8DqfOdyCjyakql59rpa/Kh8x/NVegwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFOjPsvBmgH3YauoTTqt1IbvKIUplMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNk0teThHYUFmZGhxNmhOT3EzVWh1OG9oU21VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAUah3AwQA
Uah7AwQAUpkBAwQAUpkKAwQCUpmIAwQAUpnjMAwDBAJZ1ZQDBAVZ1YADBAJZ1awD
BAJZ1bQDBABtsPgDBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAHEC6KTO
o8rQO7iIZ4W/E0uilazThNVtF6P4wGiy+yh+zJVCBKI8QVNGoWmYJ7O5TixsITMp
UuVNffExUoNEGk6THFlEm/F5Zz2A2GcjVloJdNCljNGTyxpca0DCfX9fJaVbY7lc
07hUoxWbhxMLrb2GppZ6/1yz1slx47tyi7aCwpQ7FVUEywntiUFfYcsAFGbTThoe
IBaNNYDU8wGEQfd3DBlg4SAYIwRthMs6eS3K0E0DC6mCa9RBjCh/uOCJkG6nKsB2
JtOhFxgVDSSLV01NJO5O+1Qod+d3JGNc/tTEHsAJeHqYWgveTUh/lauY9JBuYM7o
5JaoKg5/Cqg7tbU=
-----END CERTIFICATE-----