Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6xsg_tBAk7T7lpBnlCWJZUlx490.roa
File:                     6xsg_tBAk7T7lpBnlCWJZUlx490.roa (raw, json)
Hash identifier:          SR1yp3FRx9GmZtFxIRae2ySusrpsoON5+UN8qhEP04U=
Subject key identifier:   EB:1B:20:FE:D0:40:93:B4:FB:96:90:67:94:25:89:65:49:71:E3:DD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018DD521A4D044BB14DCEACEFC6319F1ADED
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6xsg_tBAk7T7lpBnlCWJZUlx490.roa
Signing time:             Fri 23 Feb 2024 08:42:48 +0000
ROA not before:           Fri 23 Feb 2024 08:42:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 25 Feb 2024 08:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:21:a4:d0:44:bb:14:dc:ea:ce:fc:63:19:f1:ad:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb 23 08:42:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb1b20fed04093b4fb969067942589654971e3dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:25:2f:e8:93:c1:9e:74:fc:ff:8e:aa:d6:d1:
                    9c:8e:43:29:f7:f1:eb:3d:15:93:12:5a:a6:8b:91:
                    41:05:b9:fb:26:29:b4:82:2a:e7:94:20:05:87:90:
                    d5:2e:f7:7d:8b:a3:b0:b7:73:46:26:73:be:c3:87:
                    e6:d5:40:fb:43:75:50:ef:36:fb:28:90:06:ee:1c:
                    22:f7:90:84:20:8d:9c:c8:af:0c:69:af:5e:bd:ac:
                    99:c4:99:6d:f8:5b:76:ec:dc:d8:44:98:b3:c6:e8:
                    23:29:19:92:c2:9a:f5:31:62:ae:a6:83:84:d3:b8:
                    58:a8:6d:b8:b6:92:ab:10:67:3d:39:81:61:0e:6a:
                    4a:ec:02:2b:69:9a:09:00:48:01:23:a4:e4:7e:bf:
                    ac:4d:f8:c2:6a:b3:38:ac:7c:0f:26:7e:79:66:56:
                    d4:de:e6:66:0c:27:aa:e9:fc:9f:17:90:e6:8b:63:
                    e9:70:f4:16:cd:4a:e7:fb:d8:3d:b6:29:01:47:f3:
                    7e:9d:b9:a2:e5:b6:3b:b1:7a:ed:ac:3a:62:f7:06:
                    0a:6e:5d:e8:39:40:74:a7:77:69:97:fb:bd:25:87:
                    63:b3:63:35:e5:85:95:82:0f:17:91:75:fc:83:e7:
                    ea:f9:65:46:dc:75:1c:25:4b:0d:94:5a:43:da:03:
                    ce:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:1B:20:FE:D0:40:93:B4:FB:96:90:67:94:25:89:65:49:71:E3:DD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6xsg_tBAk7T7lpBnlCWJZUlx490.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:ab:60:3d:b0:13:80:79:c7:56:df:63:cf:1a:5e:d8:c3:6c:
         66:ea:6d:b1:2f:49:6a:d8:b7:a6:a6:ca:30:36:3f:bf:02:dc:
         5b:5d:ca:1a:6f:6b:02:40:1e:92:5f:c4:74:ee:26:34:ae:9c:
         01:8e:4d:40:1b:40:7a:2e:77:76:f2:46:6b:21:f5:02:6e:ba:
         db:56:14:54:e6:b7:06:a9:cd:a9:24:7e:51:2a:16:0b:bb:4d:
         ff:a4:6e:fc:d2:73:31:50:ed:13:be:40:1f:ab:41:db:2b:87:
         98:65:18:20:cb:1b:4d:a7:b4:9b:44:9a:b0:51:f2:1f:ea:3e:
         70:86:8b:af:7d:db:60:30:67:17:8e:75:d4:45:9e:cf:68:d8:
         96:04:f6:b3:05:a6:60:a5:d9:4f:95:e1:05:2d:a2:ff:52:f2:
         5a:63:27:ee:4f:6b:20:5a:08:f6:cf:91:21:40:08:bf:0b:8e:
         2b:69:1d:61:30:a1:1c:2a:96:12:83:36:78:fc:35:08:f4:1a:
         47:a1:6e:44:6c:88:32:e3:3c:cc:54:99:a9:c8:95:ee:4a:e5:
         6a:da:69:48:71:7d:6d:29:68:99:ae:55:70:41:74:b3:34:6d:
         cd:d6:0f:4b:67:57:9b:8a:89:c5:b9:6a:44:57:e7:a1:59:5b:
         e2:1c:21:a1
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY3VIaTQRLsU3OrO/GMZ8a3tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjIzMDg0MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjFiMjBmZWQwNDA5M2I0ZmI5NjkwNjc5NDI1ODk2NTQ5NzFlM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSUv6JPBnnT8/46q1tGcjkMp9/Hr
PRWTElqmi5FBBbn7Jim0girnlCAFh5DVLvd9i6Owt3NGJnO+w4fm1UD7Q3VQ7zb7
KJAG7hwi95CEII2cyK8Maa9evayZxJlt+Ft27NzYRJizxugjKRmSwpr1MWKupoOE
07hYqG24tpKrEGc9OYFhDmpK7AIraZoJAEgBI6Tkfr+sTfjCarM4rHwPJn55ZlbU
3uZmDCeq6fyfF5Dmi2PpcPQWzUrn+9g9tikBR/N+nbmi5bY7sXrtrDpi9wYKbl3o
OUB0p3dpl/u9JYdjs2M15YWVgg8XkXX8g+fq+WVG3HUcJUsNlFpD2gPOMQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFOsbIP7QQJO0+5aQZ5QliWVJcePdMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNnhzZ190QkFrN1Q3bHBCbmxDV0paVWx4NDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCUpmIMAwD
BAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4DBADVmCowDQYJKoZI
hvcNAQELBQADggEBAD6rYD2wE4B5x1bfY88aXtjDbGbqbbEvSWrYt6amyjA2P78C
3FtdyhpvawJAHpJfxHTuJjSunAGOTUAbQHoud3byRmsh9QJuuttWFFTmtwapzakk
flEqFgu7Tf+kbvzSczFQ7RO+QB+rQdsrh5hlGCDLG02ntJtEmrBR8h/qPnCGi699
22AwZxeOddRFns9o2JYE9rMFpmCl2U+V4QUtov9S8lpjJ+5PayBaCPbPkSFACL8L
jitpHWEwoRwqlhKDNnj8NQj0GkehbkRsiDLjPMxUmanIle5K5WraaUhxfW0paJmu
VXBBdLM0bc3WD0tnV5uKicW5akRX56FZW+IcIaE=
-----END CERTIFICATE-----