Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8iTZp2nn7ZyFFLvnFXGNMwHtLLM.roa
File:                     8iTZp2nn7ZyFFLvnFXGNMwHtLLM.roa (raw, json)
Hash identifier:          SLM2rV6doU1hk42FCXacN9VUjIZhZqUjC7yjfhHJUdU=
Subject key identifier:   F2:24:D9:A7:69:E7:ED:9C:85:14:BB:E7:15:71:8D:33:01:ED:2C:B3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018DEF6373116AD01D99CFEED0E28177C865
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8iTZp2nn7ZyFFLvnFXGNMwHtLLM.roa
Signing time:             Wed 28 Feb 2024 11:04:48 +0000
ROA not before:           Wed 28 Feb 2024 11:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 29 Feb 2024 09:35:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:63:73:11:6a:d0:1d:99:cf:ee:d0:e2:81:77:c8:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb 28 11:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f224d9a769e7ed9c8514bbe715718d3301ed2cb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:3b:c8:d0:29:4d:27:4e:41:df:3f:27:29:ce:
                    ed:a1:23:77:c0:65:86:6a:4e:59:9c:7a:da:e2:12:
                    a2:b6:90:ef:55:34:f0:b3:e4:f1:77:b8:81:b6:45:
                    e4:80:ae:01:24:dc:98:6d:a0:16:bb:fa:a6:06:a9:
                    76:a9:4f:4a:f5:4d:ef:97:4a:62:79:3b:8f:49:68:
                    ee:82:44:0e:d1:bd:56:0e:3a:3a:ba:17:ad:98:6c:
                    af:b1:22:25:a0:e8:63:90:d3:ea:fb:cb:c7:87:a6:
                    d3:78:a6:e3:3b:ae:fd:69:7a:77:99:af:7f:96:e0:
                    89:ce:78:59:ad:94:42:e2:c0:b2:61:a6:c1:a7:e2:
                    91:68:4f:3d:37:0e:cb:46:28:fc:2a:ab:e3:8d:20:
                    89:b1:b2:5f:d3:28:a2:c7:1f:3b:9c:75:5b:9f:51:
                    9a:77:91:5f:09:2d:86:da:de:1d:84:ac:e1:f0:12:
                    3f:15:34:c4:49:b4:77:6f:97:e4:07:0d:ea:62:a4:
                    36:e4:45:3c:49:2e:25:34:5a:c8:26:28:4b:1b:f6:
                    14:7c:e1:0c:5c:35:e4:69:4c:77:b4:82:9c:a1:48:
                    6b:0e:51:d9:ee:c2:09:df:e4:1a:cc:9f:e1:f4:0a:
                    4d:93:ce:61:02:c5:56:6b:15:3f:9a:63:8a:87:90:
                    0d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:24:D9:A7:69:E7:ED:9C:85:14:BB:E7:15:71:8D:33:01:ED:2C:B3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8iTZp2nn7ZyFFLvnFXGNMwHtLLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.50.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:f7:c1:1d:ba:2e:44:00:2a:bc:b8:c6:4b:26:be:92:48:56:
         d5:ba:ce:8e:0e:93:cf:f5:ac:ad:61:c6:42:4d:65:d5:dd:38:
         67:c0:6f:c0:b0:dc:eb:87:4a:ad:b1:43:94:ee:79:fb:05:61:
         1f:e5:71:3d:af:95:a4:7d:68:44:24:d4:a4:a2:93:f2:d7:b6:
         c2:4e:40:2b:9d:6b:53:1f:6d:0d:22:9c:72:48:c3:fc:ec:be:
         a5:64:53:10:da:81:69:7d:92:b3:2c:77:67:56:14:47:ea:89:
         24:59:a7:3c:51:99:6c:43:0c:38:1e:71:2d:f1:62:a0:1f:a9:
         0c:83:5d:94:a2:ef:11:93:13:76:af:a8:93:07:96:c6:67:16:
         30:0e:7b:80:e9:91:e2:50:44:53:b3:d3:0b:8a:b5:71:f4:e7:
         32:bf:49:78:37:eb:78:59:7a:7f:d4:e4:ad:ce:cc:47:6d:84:
         08:7a:9b:52:8a:e7:5b:85:95:e1:10:78:04:36:0d:2a:d3:52:
         6b:13:0f:2e:72:01:1a:40:36:61:3d:c4:23:f2:3c:03:59:14:
         55:c3:81:5a:5c:13:95:85:12:44:79:39:2a:00:37:e6:75:46:
         ab:b3:d6:56:11:fd:07:2d:7c:10:ef:56:5e:48:85:6c:5e:c0:
         18:8b:bc:d0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY3vY3MRatAdmc/u0OKBd8hlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjI4MTEwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjI0ZDlhNzY5ZTdlZDljODUxNGJiZTcxNTcxOGQzMzAxZWQyY2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDvI0ClNJ05B3z8nKc7toSN3wGWG
ak5ZnHra4hKitpDvVTTws+Txd7iBtkXkgK4BJNyYbaAWu/qmBql2qU9K9U3vl0pi
eTuPSWjugkQO0b1WDjo6uhetmGyvsSIloOhjkNPq+8vHh6bTeKbjO679aXp3ma9/
luCJznhZrZRC4sCyYabBp+KRaE89Nw7LRij8KqvjjSCJsbJf0yiixx87nHVbn1Ga
d5FfCS2G2t4dhKzh8BI/FTTESbR3b5fkBw3qYqQ25EU8SS4lNFrIJihLG/YUfOEM
XDXkaUx3tIKcoUhrDlHZ7sIJ3+QazJ/h9ApNk85hAsVWaxU/mmOKh5ANmQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFPIk2adp5+2chRS75xVxjTMB7SyzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOGlUWnAybm43WnlGRkx2bkZYR05Nd0h0TExNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUpkyAwQC
UpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBACL3wR26LkQAKry4xksmvpJIVtW6zo4Ok8/1rK1h
xkJNZdXdOGfAb8Cw3OuHSq2xQ5TuefsFYR/lcT2vlaR9aEQk1KSik/LXtsJOQCud
a1MfbQ0inHJIw/zsvqVkUxDagWl9krMsd2dWFEfqiSRZpzxRmWxDDDgecS3xYqAf
qQyDXZSi7xGTE3avqJMHlsZnFjAOe4DpkeJQRFOz0wuKtXH05zK/SXg363hZen/U
5K3OzEdthAh6m1KK51uFleEQeAQ2DSrTUmsTDy5yARpANmE9xCPyPANZFFXDgVpc
E5WFEkR5OSoAN+Z1Rquz1lYR/QctfBDvVl5IhWxewBiLvNA=
-----END CERTIFICATE-----