Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ATuy-S7HPEkYwYWa5-ss_msPXaM.roa
File:                     ATuy-S7HPEkYwYWa5-ss_msPXaM.roa (raw, json)
Hash identifier:          1NVgyibEbGif4Bn9D0twGyrnKlsbA2hcVzBpdrOZIdo=
Subject key identifier:   01:3B:B2:F9:2E:C7:3C:49:18:C1:85:9A:E7:EB:2C:FE:6B:0F:5D:A3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BB86FA19DCFA18BE4067A8CCF3BBD270F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ATuy-S7HPEkYwYWa5-ss_msPXaM.roa
Signing time:             Fri 10 Nov 2023 08:53:25 +0000
ROA not before:           Fri 10 Nov 2023 08:53:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.152.179.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          82.153.220.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 14 Nov 2023 07:08:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b8:6f:a1:9d:cf:a1:8b:e4:06:7a:8c:cf:3b:bd:27:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 10 08:53:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=013bb2f92ec73c4918c1859ae7eb2cfe6b0f5da3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a6:84:8e:40:03:0a:7d:31:cf:e1:cf:a9:c9:
                    cf:c1:9b:97:1a:e6:31:06:27:d0:f6:d9:9e:9a:0d:
                    f5:7c:6a:3b:35:50:0f:48:8c:cb:83:d2:b4:95:41:
                    b7:57:c3:fa:6d:b3:94:2b:9a:57:75:1d:71:93:64:
                    75:ad:aa:d4:c2:7b:12:61:f6:19:cb:1b:e7:73:66:
                    57:15:e7:2c:e6:87:4b:62:6d:83:15:68:d3:85:d7:
                    75:da:cb:0a:50:15:3d:1f:b5:38:3c:66:19:1a:6a:
                    95:f9:b2:94:fd:78:ee:cf:51:a0:8a:48:d7:d1:a4:
                    5a:a0:cd:70:34:40:1a:7d:7b:74:b2:f2:55:43:0f:
                    e7:30:3c:56:7d:10:91:3c:80:a1:50:24:d3:98:fa:
                    3c:86:90:b1:c5:6e:c9:c7:55:c4:4f:05:bc:55:62:
                    ca:37:e1:2a:5e:32:d2:25:ef:e6:05:5b:a9:68:07:
                    49:5c:f8:88:f1:77:be:4e:2a:94:81:fc:ae:a2:50:
                    fb:e2:d3:be:56:5e:04:ef:ba:70:cc:f7:c3:0f:51:
                    99:cf:86:9d:3b:a3:4e:81:ee:d0:2b:a7:68:cb:81:
                    7c:29:ab:66:0b:e8:9e:74:78:a8:82:5c:7f:95:93:
                    63:8b:cc:17:45:86:fc:2b:56:52:d8:d8:f5:1c:a2:
                    e6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:3B:B2:F9:2E:C7:3C:49:18:C1:85:9A:E7:EB:2C:FE:6B:0F:5D:A3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ATuy-S7HPEkYwYWa5-ss_msPXaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.179.0/24
                  82.153.136.0/22
                  82.153.220.0/24
                  89.213.148.0-89.213.159.255
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:b5:ce:05:d5:0c:67:34:67:71:60:ef:46:23:80:70:30:36:
         c3:75:1c:eb:cb:c5:27:de:0a:8d:6b:15:5a:2f:9b:eb:ca:b8:
         3d:a5:79:14:56:bf:30:87:b7:6a:4a:86:1f:a3:2b:29:a1:3f:
         a8:8a:a4:c0:f2:98:c9:1d:9b:49:49:b0:3c:98:36:f8:d0:71:
         27:38:19:03:23:2d:97:41:e7:c8:63:af:0b:50:62:7c:5e:b4:
         28:de:3d:76:4b:07:f6:e3:0c:3d:d8:72:17:b0:62:a0:4b:49:
         6d:58:76:db:88:6e:95:b8:d9:88:59:a7:1c:7e:bd:e5:f2:47:
         15:da:4a:3a:8c:7c:fd:29:53:32:e8:fe:34:8e:fc:56:ae:e2:
         90:84:c8:12:d5:8d:1d:85:43:7a:9c:2b:f1:a5:83:7d:bd:00:
         2b:fe:c7:8e:51:11:d9:a7:db:fb:ed:c9:ac:48:09:74:7c:ac:
         35:66:3c:23:21:d8:d0:7b:84:52:c8:30:4b:d1:29:e7:46:4e:
         b9:f0:ae:9d:3b:ea:ce:60:0b:05:59:46:f5:f3:84:0c:75:00:
         f2:7c:5f:23:ed:a4:d7:cf:03:89:9b:ee:39:d8:55:e0:db:61:
         4e:4c:b4:f7:eb:f9:63:08:f8:74:85:e0:bc:f8:e9:a8:60:50:
         6c:48:bc:09
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYu4b6Gdz6GL5AZ6jM87vScPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTEwMDg1MzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTNiYjJmOTJlYzczYzQ5MThjMTg1OWFlN2ViMmNmZTZiMGY1ZGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6aEjkADCn0xz+HPqcnPwZuXGuYx
BifQ9tmemg31fGo7NVAPSIzLg9K0lUG3V8P6bbOUK5pXdR1xk2R1rarUwnsSYfYZ
yxvnc2ZXFecs5odLYm2DFWjThdd12ssKUBU9H7U4PGYZGmqV+bKU/Xjuz1GgikjX
0aRaoM1wNEAafXt0svJVQw/nMDxWfRCRPIChUCTTmPo8hpCxxW7Jx1XETwW8VWLK
N+EqXjLSJe/mBVupaAdJXPiI8Xe+TiqUgfyuolD74tO+Vl4E77pwzPfDD1GZz4ad
O6NOge7QK6doy4F8KatmC+iedHioglx/lZNji8wXRYb8K1ZS2Nj1HKLmBQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFAE7svkuxzxJGMGFmufrLP5rD12jMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQVR1eS1TN0hQRWtZd1lXYTUtc3NfbXNQWGFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAUah3AwQA
Uah7AwQAUpizAwQCUpmIAwQAUpncMAwDBAJZ1ZQDBAVZ1YADBAJZ1bQDBABtsPgD
BAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBACq1zgXVDGc0Z3Fg70YjgHAw
NsN1HOvLxSfeCo1rFVovm+vKuD2leRRWvzCHt2pKhh+jKymhP6iKpMDymMkdm0lJ
sDyYNvjQcSc4GQMjLZdB58hjrwtQYnxetCjePXZLB/bjDD3YchewYqBLSW1YdtuI
bpW42YhZpxx+veXyRxXaSjqMfP0pUzLo/jSO/Fau4pCEyBLVjR2FQ3qcK/Glg329
ACv+x45REdmn2/vtyaxICXR8rDVmPCMh2NB7hFLIMEvRKedGTrnwrp076s5gCwVZ
RvXzhAx1APJ8XyPtpNfPA4mb7jnYVeDbYU5MtPfr+WMI+HSF4Lz46ahgUGxIvAk=
-----END CERTIFICATE-----