Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7xs3o2inz729vtq93jAtF5iPMrw.roa
File:                     7xs3o2inz729vtq93jAtF5iPMrw.roa (raw, json)
Hash identifier:          2b/QynnijZ7Bbi/E11SV8H1OU+LmwyDEuAwlNrB1fQQ=
Subject key identifier:   EF:1B:37:A3:68:A7:CF:BD:BD:BE:DA:BD:DE:30:2D:17:98:8F:32:BC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018ED13C3271CF2F82258A4F11FDF195088B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7xs3o2inz729vtq93jAtF5iPMrw.roa
Signing time:             Fri 12 Apr 2024 07:36:06 +0000
ROA not before:           Fri 12 Apr 2024 07:36:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 15 Apr 2024 08:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:3c:32:71:cf:2f:82:25:8a:4f:11:fd:f1:95:08:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 12 07:36:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef1b37a368a7cfbdbdbedabdde302d17988f32bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:33:ba:b4:97:78:ac:0b:99:7d:12:16:ef:7f:
                    e5:22:42:0d:ca:2d:a3:57:27:ea:ad:9e:91:9a:63:
                    e0:5f:c4:0e:0f:d0:49:87:ff:fa:3c:aa:14:4a:de:
                    39:d5:4a:9f:6a:34:59:30:6c:e2:46:f8:94:55:d2:
                    de:13:e5:ae:44:31:8e:18:42:f7:9b:9c:67:d0:50:
                    50:72:dd:ac:55:67:6d:9e:44:c0:9d:1a:e9:ed:66:
                    1e:3d:dd:20:f4:a8:d3:4a:94:28:b4:75:f3:27:7e:
                    33:33:1b:e7:a3:61:ad:5d:f5:48:05:83:d9:88:ee:
                    55:f2:6f:86:fc:63:f1:af:1e:9e:ae:a1:89:94:3b:
                    3b:31:e8:37:51:33:ec:1b:2b:2c:eb:a1:68:fc:2b:
                    ef:53:a6:f7:59:6b:10:1e:42:c4:99:8a:a6:66:ab:
                    d6:24:fe:f1:75:fb:0e:a1:3d:0f:82:65:d3:44:e5:
                    e1:b7:0a:47:f9:f0:14:ce:8f:95:7e:86:7f:e0:12:
                    d3:0f:8b:df:a7:e5:82:e7:9b:57:9c:25:92:be:19:
                    6e:0e:0c:f6:11:81:3d:a7:16:61:b9:2e:18:80:9b:
                    2d:76:94:73:8d:dd:49:dc:b8:b0:81:94:c8:f2:d4:
                    dc:a1:67:a6:16:f4:93:14:bf:49:d4:58:a2:f4:bc:
                    f9:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:1B:37:A3:68:A7:CF:BD:BD:BE:DA:BD:DE:30:2D:17:98:8F:32:BC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7xs3o2inz729vtq93jAtF5iPMrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.130.149.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:31:65:c1:f1:fe:ba:38:71:da:2b:74:59:26:e4:58:5e:ac:
         3e:e3:f5:c4:f3:ea:a1:1d:27:c2:d2:ea:40:c7:df:4c:e7:80:
         ae:35:9f:16:04:c9:27:e6:db:7a:43:6a:e1:6d:15:16:de:fe:
         bc:af:5e:5e:09:95:b7:24:04:65:35:a0:51:00:68:41:cc:bd:
         58:07:25:14:ac:53:f3:f1:08:a9:09:8f:f0:b2:eb:a0:72:7e:
         c9:df:06:7d:cc:19:e4:3f:c3:81:4f:f3:6b:e9:95:24:5a:e6:
         94:f8:84:d5:27:8d:02:e2:dd:41:fb:ca:dc:0e:df:f3:49:d8:
         d3:a9:92:92:6f:0a:18:c4:8f:1c:6d:d3:9d:21:9a:10:a3:0e:
         0e:e6:2e:05:6f:81:f0:50:9b:fe:dc:d6:b1:e0:5b:90:6c:bb:
         aa:0a:e8:13:8f:13:1b:0a:67:83:47:ed:71:4b:0c:52:d1:00:
         ed:03:5c:2b:05:59:5b:11:97:22:f1:1e:aa:21:2e:db:85:16:
         3e:50:3c:3d:88:d5:30:c1:71:16:37:23:24:e1:77:ed:b8:44:
         0f:cf:57:82:28:09:c9:47:bb:98:38:59:68:41:dd:d1:39:d4:
         1d:a2:07:6e:fa:3c:1c:61:d7:d8:d7:4a:fb:2d:2c:e9:76:1c:
         c9:05:77:b9
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY7RPDJxzy+CJYpPEf3xlQiLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDEyMDczNjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjFiMzdhMzY4YTdjZmJkYmRiZWRhYmRkZTMwMmQxNzk4OGYzMmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTO6tJd4rAuZfRIW73/lIkINyi2j
VyfqrZ6RmmPgX8QOD9BJh//6PKoUSt451UqfajRZMGziRviUVdLeE+WuRDGOGEL3
m5xn0FBQct2sVWdtnkTAnRrp7WYePd0g9KjTSpQotHXzJ34zMxvno2GtXfVIBYPZ
iO5V8m+G/GPxrx6erqGJlDs7Meg3UTPsGyss66Fo/CvvU6b3WWsQHkLEmYqmZqvW
JP7xdfsOoT0PgmXTROXhtwpH+fAUzo+VfoZ/4BLTD4vfp+WC55tXnCWSvhluDgz2
EYE9pxZhuS4YgJstdpRzjd1J3LiwgZTI8tTcoWemFvSTFL9J1Fii9Lz5jwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFO8bN6Nop8+9vb7avd4wLReYjzK8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN3hzM28yaW56NzI5dnRxOTNqQXRGNWlQTXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBUpiwAwQC
UpmIAwQAUpn1AwQAWdWFMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBAG5MX4D
BADVgpUDBADVmCowDQYJKoZIhvcNAQELBQADggEBAHwxZcHx/ro4cdordFkm5Fhe
rD7j9cTz6qEdJ8LS6kDH30zngK41nxYEySfm23pDauFtFRbe/ryvXl4JlbckBGU1
oFEAaEHMvVgHJRSsU/PxCKkJj/Cy66ByfsnfBn3MGeQ/w4FP82vplSRa5pT4hNUn
jQLi3UH7ytwO3/NJ2NOpkpJvChjEjxxt050hmhCjDg7mLgVvgfBQm/7c1rHgW5Bs
u6oK6BOPExsKZ4NH7XFLDFLRAO0DXCsFWVsRlyLxHqohLtuFFj5QPD2I1TDBcRY3
IyThd+24RA/PV4IoCclHu5g4WWhB3dE51B2iB276PBxh19jXSvstLOl2HMkFd7k=
-----END CERTIFICATE-----