Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8XbLR4u8y9F5hWjWZSnKsZVEfZE.roa
File:                     8XbLR4u8y9F5hWjWZSnKsZVEfZE.roa (raw, json)
Hash identifier:          ol8hDBOrGlThpADye5M8yk4TrW40vaBAS3mURHjsqAg=
Subject key identifier:   F1:76:CB:47:8B:BC:CB:D1:79:85:68:D6:65:29:CA:B1:95:44:7D:91
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F194E021CC771F6EC5536AFC6FF6FC530
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8XbLR4u8y9F5hWjWZSnKsZVEfZE.roa
Signing time:             Fri 26 Apr 2024 07:28:13 +0000
ROA not before:           Fri 26 Apr 2024 07:28:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.16.0/21 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.130.149.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 29 Apr 2024 07:07:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:4e:02:1c:c7:71:f6:ec:55:36:af:c6:ff:6f:c5:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 26 07:28:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f176cb478bbccbd1798568d66529cab195447d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e4:31:b1:8e:a5:a0:a4:1c:74:89:40:f2:3d:
                    93:ca:4a:c4:53:e3:d7:2f:d6:be:37:68:41:70:5e:
                    e0:c1:9b:bf:e1:33:83:99:36:24:23:b0:55:0c:62:
                    1e:7a:9c:ff:c8:3b:cd:75:06:4b:d5:14:23:56:97:
                    66:0e:77:99:b4:1d:a0:48:3e:86:cc:96:f6:53:35:
                    b3:86:26:f1:83:34:0e:e4:86:17:27:1e:b5:c9:ce:
                    04:10:85:9e:17:e6:43:90:f9:30:67:9d:58:cc:2a:
                    c8:04:23:fe:4a:bf:59:ca:2b:a7:9e:38:e7:0b:a6:
                    40:03:45:0a:23:c3:82:65:bc:08:48:15:25:a4:19:
                    2b:5b:77:9f:ee:71:80:eb:4a:df:b3:0d:55:6f:4f:
                    6b:8e:b5:5b:88:d1:78:c0:10:b3:58:a9:fc:a6:18:
                    99:8a:0a:0b:ac:8c:29:50:12:04:9a:9e:3b:d5:0a:
                    c0:39:a8:ae:54:ed:8d:e5:55:2d:2b:0f:a3:56:9b:
                    15:dd:0e:81:51:63:0b:86:c5:3e:73:e6:1e:71:ca:
                    10:51:66:79:80:e5:25:df:52:92:cd:1c:fb:57:73:
                    fa:f4:aa:51:5c:9b:bf:fd:59:da:87:ba:c3:6b:19:
                    51:49:ae:37:32:aa:01:a5:63:e9:48:4f:80:d4:39:
                    ac:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:76:CB:47:8B:BC:CB:D1:79:85:68:D6:65:29:CA:B1:95:44:7D:91
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8XbLR4u8y9F5hWjWZSnKsZVEfZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.16.0/21
                  185.49.126.0/23
                  213.130.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:71:6b:fa:62:49:3f:ab:37:28:f1:df:9f:a7:18:8d:6f:68:
         a4:4d:02:b8:a6:bd:6d:8d:aa:cb:ed:da:12:87:ef:81:bc:16:
         c2:77:60:99:61:3b:c9:c4:8d:2f:6e:34:05:47:54:ee:7f:ea:
         50:08:dd:9a:cd:88:6d:77:9e:75:db:d8:7d:83:81:f7:a2:97:
         7d:6d:cb:18:44:bf:50:30:a3:f2:17:2d:27:2f:14:29:93:c9:
         ff:aa:d8:38:72:fd:15:fa:4f:ca:a4:1a:ab:07:4b:8c:7a:95:
         a2:0b:51:2b:65:fe:b8:e8:e3:27:76:e1:ce:2f:13:cc:0d:95:
         c6:3a:04:46:6a:34:af:b0:24:68:e9:ca:ae:c5:a9:03:56:36:
         4c:aa:72:22:e6:bb:6f:66:4d:0a:4d:1a:e1:8f:e3:0f:36:9b:
         49:6b:58:46:31:fb:1e:99:2f:ee:99:89:e8:de:22:5f:d8:c9:
         05:cf:a4:21:04:7a:35:fd:d1:5b:96:51:6e:06:31:9c:af:f0:
         74:f8:2a:1b:ef:cb:d3:c5:a8:7b:3e:bb:b8:5f:c1:b0:e2:a9:
         6a:2e:a5:a5:68:52:5c:db:ff:7a:fa:d3:d9:95:8a:dc:d8:8e:
         26:a9:d8:c1:21:ac:93:cc:26:61:a7:89:d4:a5:11:21:35:35:
         6d:4e:a5:bb
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY8ZTgIcx3H27FU2r8b/b8UwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDI2MDcyODEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTc2Y2I0NzhiYmNjYmQxNzk4NTY4ZDY2NTI5Y2FiMTk1NDQ3ZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuQxsY6loKQcdIlA8j2TykrEU+PX
L9a+N2hBcF7gwZu/4TODmTYkI7BVDGIeepz/yDvNdQZL1RQjVpdmDneZtB2gSD6G
zJb2UzWzhibxgzQO5IYXJx61yc4EEIWeF+ZDkPkwZ51YzCrIBCP+Sr9Zyiunnjjn
C6ZAA0UKI8OCZbwISBUlpBkrW3ef7nGA60rfsw1Vb09rjrVbiNF4wBCzWKn8phiZ
igoLrIwpUBIEmp471QrAOaiuVO2N5VUtKw+jVpsV3Q6BUWMLhsU+c+YeccoQUWZ5
gOUl31KSzRz7V3P69KpRXJu//Vnah7rDaxlRSa43MqoBpWPpSE+A1Dms9QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFPF2y0eLvMvReYVo1mUpyrGVRH2RMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOFhiTFI0dTh5OUY1aFdqV1pTbktzWlZFZlpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBUpiwAwQC
UpmIAwQAUpn1AwQAWdWFMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBANtsBAD
BAG5MX4DBADVgpUwDQYJKoZIhvcNAQELBQADggEBABBxa/piST+rNyjx35+nGI1v
aKRNArimvW2Nqsvt2hKH74G8FsJ3YJlhO8nEjS9uNAVHVO5/6lAI3ZrNiG13nnXb
2H2Dgfeil31tyxhEv1Awo/IXLScvFCmTyf+q2Dhy/RX6T8qkGqsHS4x6laILUStl
/rjo4yd24c4vE8wNlcY6BEZqNK+wJGjpyq7FqQNWNkyqciLmu29mTQpNGuGP4w82
m0lrWEYx+x6ZL+6ZiejeIl/YyQXPpCEEejX90VuWUW4GMZyv8HT4Khvvy9PFqHs+
u7hfwbDiqWoupaVoUlzb/3r609mVitzYjiap2MEhrJPMJmGnidSlESE1NW1Opbs=
-----END CERTIFICATE-----