Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CBWhn4Ud3gfgr1Y8OqRiqKUfGsQ.roa
File:                     CBWhn4Ud3gfgr1Y8OqRiqKUfGsQ.roa (raw, json)
Hash identifier:          NEQXvjaFhXVmUVMmtJtPMOHeRWJXix58/db57yLL3hU=
Subject key identifier:   08:15:A1:9F:85:1D:DE:07:E0:AF:56:3C:3A:A4:62:A8:A5:1F:1A:C4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01895530D728939A2E81A3E97A721286FBA3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CBWhn4Ud3gfgr1Y8OqRiqKUfGsQ.roa
Signing time:             Fri 14 Jul 2023 16:16:51 +0000
ROA not before:           Fri 14 Jul 2023 16:16:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.242.0/24 maxlen: 24
                          82.153.248.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 16 Jul 2023 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:55:30:d7:28:93:9a:2e:81:a3:e9:7a:72:12:86:fb:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 14 16:16:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0815a19f851dde07e0af563c3aa462a8a51f1ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:60:b2:ad:8b:86:46:8a:48:2c:ce:9d:00:22:
                    b0:29:e7:1b:b5:35:66:74:dc:6a:fa:c3:b9:25:86:
                    f4:6f:94:64:b3:2e:db:e4:54:31:5e:12:58:c3:6d:
                    b9:3c:76:3b:d6:0a:8d:be:1e:55:de:16:10:93:49:
                    e7:05:3c:8d:25:ca:09:c6:7a:96:7d:7a:6f:d5:94:
                    94:d3:d6:94:97:8a:c3:2d:ed:f9:fa:63:1c:03:b9:
                    23:76:3b:86:24:a7:fc:04:a3:c3:d1:4d:b0:39:03:
                    21:0e:77:26:de:a3:b0:b8:4e:db:f6:18:96:bb:6a:
                    e3:39:aa:74:4e:8d:8f:c0:c7:04:2e:4d:53:7e:1f:
                    26:7a:75:36:95:72:9e:55:94:d5:47:d0:ec:96:4b:
                    c1:1b:e1:e9:67:30:4d:0d:87:a3:7c:16:5e:86:1f:
                    0b:49:ef:ca:7c:50:59:cb:f1:a2:a9:8c:91:db:9e:
                    af:ba:e0:c2:7a:7a:ac:ee:34:cb:e1:94:56:a8:dd:
                    95:02:c4:2a:51:92:4d:84:e2:12:5c:78:b8:e7:f4:
                    00:22:9d:74:dd:63:cc:4f:ca:71:10:8e:45:5c:a6:
                    fa:58:82:d6:c9:80:c9:57:e3:c3:9f:46:32:f2:35:
                    ce:65:af:f9:00:f0:85:45:a8:01:e7:06:e4:fb:96:
                    fa:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:15:A1:9F:85:1D:DE:07:E0:AF:56:3C:3A:A4:62:A8:A5:1F:1A:C4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CBWhn4Ud3gfgr1Y8OqRiqKUfGsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.242.0/24
                  82.153.248.0/23
                  89.213.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:8e:b1:6d:4c:1e:b1:54:d7:e3:fa:f4:60:e4:dc:62:30:a6:
         cd:94:50:7f:bd:7f:14:d6:3a:e9:c8:f6:7d:f8:61:dc:be:2b:
         22:1a:30:a7:4e:fd:88:75:e1:ee:e6:18:57:2c:2e:b0:e8:29:
         a4:b8:62:6b:a7:b4:68:55:4c:76:4e:ee:23:f3:19:f2:dd:7a:
         4b:b9:f2:43:f7:5c:0f:39:3d:38:2c:04:89:2e:f6:6d:c1:d6:
         4e:e4:71:8a:42:6c:d6:eb:91:87:f7:86:e5:e5:eb:61:97:aa:
         f2:a1:95:43:bb:4b:75:70:4b:6d:73:5e:9a:8e:19:0e:25:99:
         39:2e:a1:59:68:0b:90:a5:a6:89:84:52:b6:00:c2:5b:32:b9:
         5d:9d:03:b7:a1:2b:73:a5:0e:84:3b:6b:ce:58:c4:4d:b7:37:
         45:f9:7b:64:0a:96:37:4d:e7:df:09:f0:f2:77:f8:ad:8b:9b:
         0d:ee:c0:a3:5e:2e:5f:e6:97:19:fc:f4:b4:9c:33:79:8c:24:
         79:4b:08:34:51:bd:a2:20:c4:8c:0c:d8:cc:9a:92:e7:69:f2:
         31:e1:5c:ed:35:38:23:41:47:02:75:d9:8b:e5:e6:65:71:d5:
         28:aa:f7:49:b1:a8:ec:42:34:92:58:ed:d3:a1:7a:94:f2:30:
         19:a8:97:42
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYlVMNcok5ougaPpenIShvujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzE0MTYxNjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODE1YTE5Zjg1MWRkZTA3ZTBhZjU2M2MzYWE0NjJhOGE1MWYxYWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWCyrYuGRopILM6dACKwKecbtTVm
dNxq+sO5JYb0b5Rksy7b5FQxXhJYw225PHY71gqNvh5V3hYQk0nnBTyNJcoJxnqW
fXpv1ZSU09aUl4rDLe35+mMcA7kjdjuGJKf8BKPD0U2wOQMhDncm3qOwuE7b9hiW
u2rjOap0To2PwMcELk1Tfh8menU2lXKeVZTVR9DslkvBG+HpZzBNDYejfBZehh8L
Se/KfFBZy/GiqYyR256vuuDCenqs7jTL4ZRWqN2VAsQqUZJNhOISXHi45/QAIp10
3WPMT8pxEI5FXKb6WILWyYDJV+PDn0Yy8jXOZa/5APCFRagB5wbk+5b6hQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFAgVoZ+FHd4H4K9WPDqkYqilHxrEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ0JXaG40VWQzZ2ZncjFZOE9xUmlxS1VmR3NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphsAwQAUphvAwQBUpj8AwQAUplJAwQAUplOAwQCUpmIAwQA
UpnfAwQAUpnyAwQBUpn4AwQAWdWDMA0GCSqGSIb3DQEBCwUAA4IBAQBJjrFtTB6x
VNfj+vRg5NxiMKbNlFB/vX8U1jrpyPZ9+GHcvisiGjCnTv2IdeHu5hhXLC6w6Cmk
uGJrp7RoVUx2Tu4j8xny3XpLufJD91wPOT04LASJLvZtwdZO5HGKQmzW65GH94bl
5ethl6ryoZVDu0t1cEttc16ajhkOJZk5LqFZaAuQpaaJhFK2AMJbMrldnQO3oStz
pQ6EO2vOWMRNtzdF+XtkCpY3TeffCfDyd/iti5sN7sCjXi5f5pcZ/PS0nDN5jCR5
Swg0Ub2iIMSMDNjMmpLnafIx4VztNTgjQUcCddmL5eZlcdUoqvdJsajsQjSSWO3T
oXqU8jAZqJdC
-----END CERTIFICATE-----