Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9AgrENvY-9YufIFGjUc4vNRcwtE.roa
File:                     9AgrENvY-9YufIFGjUc4vNRcwtE.roa (raw, json)
Hash identifier:          rxh5m2uez+M8l14q4BvBWzboWxZzskag0KMdoL7FQEI=
Subject key identifier:   F4:08:2B:10:DB:D8:FB:D6:2E:7C:81:46:8D:47:38:BC:D4:5C:C2:D1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0191D734859FD4ACFDEBD41D29F7823D85F0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9AgrENvY-9YufIFGjUc4vNRcwtE.roa
Signing time:             Mon 09 Sep 2024 14:33:49 +0000
ROA not before:           Mon 09 Sep 2024 14:33:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        81.168.126.0/24 maxlen: 24
                          82.153.255.0/24 maxlen: 24
                          82.163.10.0/23 maxlen: 24
                          89.213.105.0/24 maxlen: 24
                          89.213.127.0/24 maxlen: 24
                          89.213.226.0/24 maxlen: 24
                          109.176.14.0/24 maxlen: 24
                          109.176.30.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          213.218.210.0/24 maxlen: 24
                          213.218.248.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 19 Nov 2024 12:57:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d7:34:85:9f:d4:ac:fd:eb:d4:1d:29:f7:82:3d:85:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  9 14:33:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4082b10dbd8fbd62e7c81468d4738bcd45cc2d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:63:11:35:14:26:c9:cb:85:e7:37:31:5c:ee:
                    db:d3:15:67:4a:ca:0b:d8:5a:0a:de:6c:7a:01:a7:
                    be:cb:e5:c8:bc:c0:d8:e4:98:23:3b:a8:ff:62:ba:
                    ea:83:f2:45:c0:64:8a:88:86:76:29:22:18:7b:72:
                    7f:f7:a5:58:a2:32:c8:b1:eb:85:ef:cd:a5:bf:c6:
                    e0:99:01:d0:2d:2f:24:25:76:39:40:b9:17:9c:1a:
                    d5:8f:60:3d:56:84:5a:65:12:de:2d:90:4d:33:4d:
                    96:05:33:6d:b2:e5:8c:e3:30:38:c8:fe:3e:8e:9c:
                    b7:1d:ec:37:22:3a:81:55:4a:57:06:80:9f:8a:c2:
                    66:25:18:0f:16:de:e1:b4:39:99:c1:1b:36:69:d5:
                    ba:2f:04:7a:c1:51:e4:2e:a8:d0:f6:d3:47:86:51:
                    4f:01:dd:6d:fd:df:87:68:ae:45:46:46:ca:01:1b:
                    ab:67:92:7b:d8:3e:ee:62:77:20:a1:3c:82:f3:07:
                    83:50:8a:08:76:5b:3e:2d:94:c3:36:a2:70:2a:5b:
                    ec:bb:5b:e2:6f:5b:09:10:2a:6b:25:13:98:29:37:
                    7c:c2:98:fd:2e:ac:1f:7d:07:d4:f3:66:0e:87:de:
                    d8:5e:9f:0b:1d:ca:09:3c:f1:09:5b:fa:ee:45:31:
                    c4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:08:2B:10:DB:D8:FB:D6:2E:7C:81:46:8D:47:38:BC:D4:5C:C2:D1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9AgrENvY-9YufIFGjUc4vNRcwtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  82.153.255.0/24
                  82.163.10.0/23
                  89.213.105.0/24
                  89.213.127.0/24
                  89.213.226.0/24
                  109.176.14.0/24
                  109.176.30.0/24
                  109.176.208.0/24
                  213.218.210.0/24
                  213.218.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:6a:b4:96:af:9e:59:88:1a:1f:98:1b:c2:02:59:bd:a5:ea:
         7c:5b:23:48:91:be:a8:7d:34:22:99:96:69:6d:0b:30:24:ef:
         c2:bc:d3:f9:2d:73:52:c5:f7:71:48:d1:f3:db:aa:b8:38:6b:
         bd:6e:83:17:dd:af:0c:59:54:0d:44:59:5a:de:e5:2b:3b:ff:
         cf:bf:58:49:35:d0:85:1f:54:19:56:e6:7f:a6:80:8c:03:28:
         38:f8:07:1c:0e:2f:f9:6b:77:42:a5:08:f1:b0:06:d1:04:ed:
         33:ef:dd:2a:64:91:36:e0:b6:f8:0e:30:82:13:1e:d0:f2:66:
         cf:1d:79:4b:d1:f2:9a:2b:d4:1b:69:99:b7:ce:61:b2:81:3e:
         e8:2e:81:de:fe:da:6a:d2:dc:99:17:d0:83:9a:a2:77:4d:25:
         55:2e:88:af:e2:e0:98:79:33:3c:d2:d7:da:58:89:e4:6e:43:
         5d:c0:89:50:48:db:47:ed:93:10:27:7f:4f:b7:f9:86:aa:4a:
         17:c1:8a:52:f5:25:4a:bb:25:8c:55:0a:33:3e:b5:a6:cd:32:
         c4:cc:ec:f8:e9:15:48:65:10:52:5d:99:44:3d:6d:a7:04:01:
         d4:13:08:df:a1:f0:c6:01:a2:93:87:4c:b0:fd:36:e2:fc:1c:
         82:7c:7a:3d
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZHXNIWf1Kz969QdKfeCPYXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTA5MTQzMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDA4MmIxMGRiZDhmYmQ2MmU3YzgxNDY4ZDQ3MzhiY2Q0NWNjMmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmMRNRQmycuF5zcxXO7b0xVnSsoL
2FoK3mx6Aae+y+XIvMDY5JgjO6j/Yrrqg/JFwGSKiIZ2KSIYe3J/96VYojLIseuF
782lv8bgmQHQLS8kJXY5QLkXnBrVj2A9VoRaZRLeLZBNM02WBTNtsuWM4zA4yP4+
jpy3Hew3IjqBVUpXBoCfisJmJRgPFt7htDmZwRs2adW6LwR6wVHkLqjQ9tNHhlFP
Ad1t/d+HaK5FRkbKARurZ5J72D7uYncgoTyC8weDUIoIdls+LZTDNqJwKlvsu1vi
b1sJECprJROYKTd8wpj9LqwffQfU82YOh97YXp8LHcoJPPEJW/ruRTHEmwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFPQIKxDb2PvWLnyBRo1HOLzUXMLRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOUFnckVOdlktOVl1ZklGR2pVYzR2TlJjd3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAUah+AwQA
Upn/AwQBUqMKAwQAWdVpAwQAWdV/AwQAWdXiAwQAbbAOAwQAbbAeAwQAbbDQAwQA
1drSAwQA1dr4MA0GCSqGSIb3DQEBCwUAA4IBAQClarSWr55ZiBofmBvCAlm9pep8
WyNIkb6ofTQimZZpbQswJO/CvNP5LXNSxfdxSNHz26q4OGu9boMX3a8MWVQNRFla
3uUrO//Pv1hJNdCFH1QZVuZ/poCMAyg4+AccDi/5a3dCpQjxsAbRBO0z790qZJE2
4Lb4DjCCEx7Q8mbPHXlL0fKaK9QbaZm3zmGygT7oLoHe/tpq0tyZF9CDmqJ3TSVV
Loiv4uCYeTM80tfaWInkbkNdwIlQSNtH7ZMQJ39Pt/mGqkoXwYpS9SVKuyWMVQoz
PrWmzTLEzOz46RVIZRBSXZlEPW2nBAHUEwjfofDGAaKTh0yw/Tbi/ByCfHo9
-----END CERTIFICATE-----