Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9_vXEgwrrFTdulOCU8xM4Ahfog8.roa
File:                     9_vXEgwrrFTdulOCU8xM4Ahfog8.roa (raw, json)
Hash identifier:          rYbbGqz+27aImttNdIGs1juvpJLJ5vS28cXfHL9r6Cg=
Subject key identifier:   F7:FB:D7:12:0C:2B:AC:54:DD:BA:53:82:53:CC:4C:E0:08:5F:A2:0F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C81257C0B71A7515C5FDDC7BFCF409021
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9_vXEgwrrFTdulOCU8xM4Ahfog8.roa
Signing time:             Tue 19 Dec 2023 08:16:06 +0000
ROA not before:           Tue 19 Dec 2023 08:16:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          89.213.182.0/23 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Dec 2023 12:20:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:81:25:7c:0b:71:a7:51:5c:5f:dd:c7:bf:cf:40:90:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 19 08:16:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f7fbd7120c2bac54ddba538253cc4ce0085fa20f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bb:99:ef:37:6c:85:cd:db:df:71:95:fd:5c:
                    46:9b:b9:5c:97:82:0d:a6:0d:77:f4:41:e6:53:05:
                    4e:3e:a8:f5:9e:1e:39:3e:ad:b4:ff:43:62:64:1f:
                    dc:1f:3d:cc:ca:7c:d4:6a:68:8b:ac:62:c9:55:3c:
                    73:51:09:56:7e:68:e8:49:ed:1c:2e:7e:bd:8f:4a:
                    21:0d:52:5f:a0:fd:94:e1:6b:e6:eb:9d:5c:4f:59:
                    52:24:b9:94:0c:32:12:2b:e7:9f:29:3c:9d:14:d4:
                    a1:82:f2:34:ca:72:b8:d6:94:92:76:f7:f4:c7:37:
                    d2:a8:b6:10:2c:c8:56:64:f0:d4:e1:3c:85:db:d4:
                    4a:34:87:67:7b:bb:cf:e8:77:f8:68:c9:a7:fa:3e:
                    32:cb:6a:c2:d6:94:0d:17:ac:0d:93:d5:1d:ff:0c:
                    42:63:41:2a:2e:31:9b:3a:21:05:ec:c1:ba:79:0b:
                    b6:3a:47:e9:b0:d8:be:b2:b0:90:c9:96:c6:95:ac:
                    c4:be:33:cf:cb:a3:b9:4d:bd:b7:3c:af:11:a6:02:
                    d7:b1:4c:f0:4f:ed:af:94:bb:00:10:50:2f:51:7f:
                    ef:29:38:fa:8a:8b:b8:d9:1a:09:d3:35:6f:9b:3e:
                    d9:f4:5f:0d:75:cc:db:e5:2f:f7:35:db:09:8f:b2:
                    9b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:FB:D7:12:0C:2B:AC:54:DD:BA:53:82:53:CC:4C:E0:08:5F:A2:0F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9_vXEgwrrFTdulOCU8xM4Ahfog8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.126.0/24
                  82.153.136.0/22
                  82.153.246.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/22
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:a8:44:9a:94:d3:02:61:70:5e:5c:97:42:12:e2:4f:70:3d:
         c1:2e:13:e8:c0:50:70:df:ec:1f:2e:a9:31:93:a5:76:03:83:
         6a:2f:e5:2a:a2:7f:29:6d:60:fb:26:26:95:be:ad:fe:6a:30:
         75:68:c8:d9:65:fd:5e:43:b8:19:2f:9a:73:e8:2d:3a:c7:c0:
         cf:22:d5:95:8d:bd:95:48:e5:9d:63:09:9a:31:b2:34:5e:3f:
         32:18:6d:f3:fe:14:05:1c:08:35:bc:99:89:1b:b1:e8:87:13:
         4f:52:21:5a:13:87:e6:57:83:3b:ea:a0:35:cc:f5:7e:40:aa:
         70:5d:c6:26:aa:51:00:bb:8a:4d:3c:f7:17:10:0b:f9:f8:48:
         a7:1d:33:e3:4d:e7:a1:23:06:9d:62:d8:2f:b9:79:59:45:3c:
         78:d9:d9:cf:2f:a7:a0:e7:b9:fd:91:79:52:9b:9d:7e:30:8f:
         4c:90:f4:23:d9:2f:c3:60:8b:80:48:d9:7b:4b:cc:83:8f:6b:
         32:06:52:a4:8a:af:ba:3c:0b:fb:7e:43:61:c5:e3:bd:2b:48:
         28:b3:ab:36:e5:66:95:ed:4b:ad:75:11:e7:9d:b1:7a:9d:af:
         96:d9:e2:55:18:19:2a:53:47:1c:39:4c:02:5e:ce:0e:c9:11:
         fc:86:aa:ca
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYyBJXwLcadRXF/dx7/PQJAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjE5MDgxNjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2ZiZDcxMjBjMmJhYzU0ZGRiYTUzODI1M2NjNGNlMDA4NWZhMjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLuZ7zdshc3b33GV/VxGm7lcl4IN
pg139EHmUwVOPqj1nh45Pq20/0NiZB/cHz3MynzUamiLrGLJVTxzUQlWfmjoSe0c
Ln69j0ohDVJfoP2U4Wvm651cT1lSJLmUDDISK+efKTydFNShgvI0ynK41pSSdvf0
xzfSqLYQLMhWZPDU4TyF29RKNIdne7vP6Hf4aMmn+j4yy2rC1pQNF6wNk9Ud/wxC
Y0EqLjGbOiEF7MG6eQu2OkfpsNi+srCQyZbGlazEvjPPy6O5Tb23PK8RpgLXsUzw
T+2vlLsAEFAvUX/vKTj6iou42RoJ0zVvmz7Z9F8Ndczb5S/3NdsJj7KbiwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPf71xIMK6xU3bpTglPMTOAIX6IPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOV92WEVnd3JyRlRkdWxPQ1U4eE00QWhmb2c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQA
Uah+AwQCUpmIAwQAUpn2MAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBAJZ1bQDBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBABeoRJqU0wJhcF5cl0IS4k9wPcEuE+jA
UHDf7B8uqTGTpXYDg2ov5SqifyltYPsmJpW+rf5qMHVoyNll/V5DuBkvmnPoLTrH
wM8i1ZWNvZVI5Z1jCZoxsjRePzIYbfP+FAUcCDW8mYkbseiHE09SIVoTh+ZXgzvq
oDXM9X5AqnBdxiaqUQC7ik089xcQC/n4SKcdM+NN56EjBp1i2C+5eVlFPHjZ2c8v
p6Dnuf2ReVKbnX4wj0yQ9CPZL8Ngi4BI2XtLzIOPazIGUqSKr7o8C/t+Q2HF470r
SCizqzblZpXtS611EeedsXqdr5bZ4lUYGSpTRxw5TAJezg7JEfyGqso=
-----END CERTIFICATE-----