Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/C3EvT0LVxghjqwlsTE8U6gLyELg.roa
File:                     C3EvT0LVxghjqwlsTE8U6gLyELg.roa (raw, json)
Hash identifier:          Ak0OJmgEItSmZgzkimGXbidmK4/k3DrwSzz4WKv31JI=
Subject key identifier:   0B:71:2F:4F:42:D5:C6:08:63:AB:09:6C:4C:4F:14:EA:02:F2:10:B8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F51E5F958582CB669C0CA250750F282A8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/C3EvT0LVxghjqwlsTE8U6gLyELg.roa
Signing time:             Tue 07 May 2024 07:12:57 +0000
ROA not before:           Tue 07 May 2024 07:12:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        82.152.54.0/24 maxlen: 24
                          82.163.15.0/24 maxlen: 24
                          89.213.98.0/24 maxlen: 24
                          109.176.201.0/24 maxlen: 24
                          109.176.202.0/24 maxlen: 24
                          212.38.84.0/24 maxlen: 24
                          213.130.130.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.130.150.0/24 maxlen: 24
                          213.130.151.0/24 maxlen: 24
                          213.130.156.0/24 maxlen: 24
                          213.210.58.0/24 maxlen: 24
                          213.210.59.0/24 maxlen: 24
                          213.218.227.0/24 maxlen: 24
                          213.218.231.0/24 maxlen: 24
                          217.144.158.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 07 May 2024 19:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:51:e5:f9:58:58:2c:b6:69:c0:ca:25:07:50:f2:82:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  7 07:12:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b712f4f42d5c60863ab096c4c4f14ea02f210b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f6:c2:cc:ee:a9:e3:5c:2c:68:67:4b:3c:61:
                    02:b9:d5:c8:cc:6d:49:1e:3d:d3:a8:4d:90:2a:ea:
                    3c:2f:ba:e5:15:75:a7:cb:fd:ec:82:45:53:12:1a:
                    81:a0:e7:08:b6:82:6e:c6:07:cc:1b:a3:97:7e:c3:
                    21:32:3c:86:01:93:7a:e0:bb:eb:64:6a:7e:2c:13:
                    55:b1:a0:c1:bb:e0:7e:0b:a9:92:d0:59:f3:9d:f1:
                    39:25:e2:ff:f0:c7:b2:c2:c3:3f:3c:c4:a2:64:42:
                    6e:eb:a4:f3:78:52:d3:ec:39:7d:39:02:fc:8c:84:
                    3e:b6:1e:5a:29:dd:e2:d8:fb:84:88:d5:df:e1:88:
                    ab:f9:e2:9a:d9:b9:fb:91:f5:92:2b:9d:0e:ca:4e:
                    cd:cb:d3:c5:ec:2e:bf:c8:32:2b:45:99:ef:01:eb:
                    6c:2e:eb:56:eb:f6:f8:a3:51:57:58:fe:ac:5d:7b:
                    ed:3f:be:a7:72:37:af:8f:07:d6:1a:e8:95:17:04:
                    76:c5:82:e4:91:e9:64:13:d8:7a:44:d1:2a:9f:30:
                    d1:5e:c1:bf:c6:79:a4:3d:48:45:17:18:fe:63:c2:
                    d4:88:29:22:80:d7:b8:4c:13:46:c2:51:20:18:ef:
                    c6:4d:8f:2e:2a:0c:c1:66:91:55:7a:ae:1c:08:ed:
                    6f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:71:2F:4F:42:D5:C6:08:63:AB:09:6C:4C:4F:14:EA:02:F2:10:B8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/C3EvT0LVxghjqwlsTE8U6gLyELg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.54.0/24
                  82.163.15.0/24
                  89.213.98.0/24
                  109.176.201.0-109.176.202.255
                  212.38.84.0/24
                  213.130.130.0/24
                  213.130.149.0-213.130.151.255
                  213.130.156.0/24
                  213.210.58.0/23
                  213.218.227.0/24
                  213.218.231.0/24
                  217.144.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:fa:ee:3e:19:2f:3b:6a:5f:46:b9:d8:58:84:69:40:38:a7:
         79:08:60:52:2d:6c:4f:76:ee:56:05:4e:a1:c6:71:98:ca:b4:
         81:1c:17:0f:25:ed:3a:ed:d8:cb:d9:35:ef:24:2d:5b:ab:f9:
         4e:ee:81:96:79:5b:a8:cb:76:1e:1a:c5:ec:1a:8d:4c:ea:22:
         78:31:6a:b7:22:ca:1d:c8:04:47:a7:ad:6d:3b:51:f7:71:5b:
         6f:24:f3:c9:a0:7b:41:b7:87:ad:70:ec:86:72:f1:e7:22:ff:
         bc:d6:04:db:84:0a:1e:27:3a:c1:cc:12:6c:f2:e0:a0:7f:2a:
         68:09:3f:d2:bd:86:51:48:d8:1d:4a:10:5e:69:2e:7e:e0:1d:
         4d:f6:3f:5e:19:64:a5:6b:af:ff:e0:35:9a:3a:7b:b2:0b:0a:
         59:ea:bf:50:02:21:71:5b:4c:bd:a5:b1:4c:16:09:89:96:3f:
         dc:ce:4e:e1:c7:e1:bf:6c:bd:69:e7:54:af:0a:98:7d:89:be:
         8d:2f:2d:ac:c8:fa:b8:e9:a3:dc:b9:27:d4:cd:08:72:a3:42:
         f8:cf:1b:8c:a1:e7:3a:70:e8:3d:6d:b8:97:56:f9:fa:5a:0d:
         b2:ff:3a:5f:a2:a6:50:a5:38:ce:89:d3:4c:63:15:79:e5:ea:
         ae:a7:37:45
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAY9R5flYWCy2acDKJQdQ8oKoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA3MDcxMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjcxMmY0ZjQyZDVjNjA4NjNhYjA5NmM0YzRmMTRlYTAyZjIxMGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PbCzO6p41wsaGdLPGECudXIzG1J
Hj3TqE2QKuo8L7rlFXWny/3sgkVTEhqBoOcItoJuxgfMG6OXfsMhMjyGAZN64Lvr
ZGp+LBNVsaDBu+B+C6mS0FnznfE5JeL/8MeywsM/PMSiZEJu66TzeFLT7Dl9OQL8
jIQ+th5aKd3i2PuEiNXf4Yir+eKa2bn7kfWSK50Oyk7Ny9PF7C6/yDIrRZnvAets
LutW6/b4o1FXWP6sXXvtP76ncjevjwfWGuiVFwR2xYLkkelkE9h6RNEqnzDRXsG/
xnmkPUhFFxj+Y8LUiCkigNe4TBNGwlEgGO/GTY8uKgzBZpFVeq4cCO1vOQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFAtxL09C1cYIY6sJbExPFOoC8hC4MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQzNFdlQwTFZ4Z2hqcXdsc1RFOFU2Z0x5RUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQAUpg2AwQA
UqMPAwQAWdViMAwDBABtsMkDBABtsMoDBADUJlQDBADVgoIwDAMEANWClQMEA9WC
kAMEANWCnAMEAdXSOgMEANXa4wMEANXa5wMEANmQnjANBgkqhkiG9w0BAQsFAAOC
AQEAG/ruPhkvO2pfRrnYWIRpQDineQhgUi1sT3buVgVOocZxmMq0gRwXDyXtOu3Y
y9k17yQtW6v5Tu6BlnlbqMt2HhrF7BqNTOoieDFqtyLKHcgER6etbTtR93FbbyTz
yaB7QbeHrXDshnLx5yL/vNYE24QKHic6wcwSbPLgoH8qaAk/0r2GUUjYHUoQXmku
fuAdTfY/XhlkpWuv/+A1mjp7sgsKWeq/UAIhcVtMvaWxTBYJiZY/3M5O4cfhv2y9
aedUrwqYfYm+jS8trMj6uOmj3Lkn1M0IcqNC+M8bjKHnOnDoPW24l1b5+loNsv86
X6KmUKU4zonTTGMVeeXqrqc3RQ==
-----END CERTIFICATE-----