Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CD64SjEqnJvalj0Cmow5c74uMbE.roa
File:                     CD64SjEqnJvalj0Cmow5c74uMbE.roa (raw, json)
Hash identifier:          jBuOG7DnW/HD7f1CIR5ehS6LCMubLKKZmi0p0QOzGFI=
Subject key identifier:   08:3E:B8:4A:31:2A:9C:9B:DA:96:3D:02:9A:8C:39:73:BE:2E:31:B1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D40D0566DED4FB886985A5D8CDE06578C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CD64SjEqnJvalj0Cmow5c74uMbE.roa
Signing time:             Thu 25 Jan 2024 13:30:11 +0000
ROA not before:           Thu 25 Jan 2024 13:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.119.0/24 maxlen: 24
                          82.153.4.0/24 maxlen: 24
                          82.153.50.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 Jan 2024 17:15:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:40:d0:56:6d:ed:4f:b8:86:98:5a:5d:8c:de:06:57:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 25 13:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=083eb84a312a9c9bda963d029a8c3973be2e31b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:33:df:45:64:32:2c:da:71:0c:8b:fb:a0:0c:
                    64:35:90:53:d1:66:f6:79:00:a5:85:b9:d0:ad:ba:
                    44:5e:28:1b:e1:38:47:19:83:0d:f3:5d:22:22:63:
                    2d:d5:e4:e8:f6:9f:83:c2:5b:0d:af:d2:cc:43:5b:
                    f7:99:fd:85:22:f6:17:f4:bf:c5:4b:34:05:7f:63:
                    7b:b7:58:d4:83:d8:14:db:47:73:94:ce:2e:e2:ae:
                    c2:00:77:aa:1f:e6:a5:73:41:7a:13:da:f1:52:91:
                    ca:bb:fb:e8:76:ca:4e:96:da:34:ae:49:69:88:28:
                    05:44:fd:f3:5f:37:db:77:89:44:69:9a:30:3b:af:
                    10:d1:33:ad:bc:22:1c:3c:da:7c:32:f2:eb:0d:b0:
                    77:99:77:bd:58:7e:9c:7d:65:ba:ec:0f:30:06:70:
                    1d:3f:cd:7f:f8:f1:32:3d:21:9d:21:c2:5e:f7:51:
                    1a:e5:5a:40:88:f8:bc:bb:49:63:4c:98:bb:bf:ac:
                    07:5b:b6:19:88:9f:8d:7e:47:f2:6c:49:e7:0d:12:
                    a0:96:61:17:ac:e5:9c:eb:05:86:6f:25:a4:0f:cc:
                    2e:90:24:23:31:60:03:d1:8e:c5:a4:5d:db:4a:06:
                    9d:56:79:82:6c:dc:4e:d5:8d:5e:88:23:40:8f:82:
                    f8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:3E:B8:4A:31:2A:9C:9B:DA:96:3D:02:9A:8C:39:73:BE:2E:31:B1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CD64SjEqnJvalj0Cmow5c74uMbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.4.0/24
                  82.153.50.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:9d:99:72:1a:e0:eb:b2:8b:9e:6c:49:86:1a:5f:24:64:b3:
         bb:fa:23:04:50:c7:80:bc:e5:3e:ba:ad:9f:71:1c:2b:aa:a9:
         60:e6:cb:6e:54:5b:de:28:b0:48:fc:b4:dc:3a:0c:e3:72:bc:
         28:44:29:99:fa:92:76:06:b2:9b:8d:5d:b7:fb:4d:31:98:ca:
         2c:86:fc:36:41:11:a9:6a:c1:ea:d6:38:8c:d1:d1:e8:41:69:
         38:2e:e0:04:d4:7f:9a:ac:5c:66:5c:fc:bf:60:48:89:4f:72:
         89:1c:d1:f9:0d:cb:b3:95:84:12:d3:59:38:de:50:6e:5a:0b:
         a7:3b:75:7e:46:23:14:7a:60:22:08:f3:15:bf:e0:d5:0b:1e:
         e1:27:fa:80:4c:ab:ff:b5:7d:b8:71:ac:64:0e:6b:20:1f:a3:
         f4:90:90:45:f6:92:69:20:8a:92:bb:59:16:a9:ae:a3:cf:0d:
         48:e5:a7:4d:98:0b:15:48:9e:3f:12:4c:c4:ee:bf:d2:6c:7b:
         0f:8d:9a:a7:2f:ac:4a:70:f8:30:df:9d:e5:72:00:f6:86:20:
         b6:1a:b8:28:88:6b:68:71:f0:c7:3e:48:cf:f3:54:52:20:59:
         d5:86:1e:0a:27:f0:22:79:53:a3:ef:e7:12:6b:76:92:bc:04:
         66:a8:48:22
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY1A0FZt7U+4hphaXYzeBleMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTI1MTMzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODNlYjg0YTMxMmE5YzliZGE5NjNkMDI5YThjMzk3M2JlMmUzMWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDPfRWQyLNpxDIv7oAxkNZBT0Wb2
eQClhbnQrbpEXigb4ThHGYMN810iImMt1eTo9p+DwlsNr9LMQ1v3mf2FIvYX9L/F
SzQFf2N7t1jUg9gU20dzlM4u4q7CAHeqH+alc0F6E9rxUpHKu/vodspOlto0rklp
iCgFRP3zXzfbd4lEaZowO68Q0TOtvCIcPNp8MvLrDbB3mXe9WH6cfWW67A8wBnAd
P81/+PEyPSGdIcJe91Ea5VpAiPi8u0ljTJi7v6wHW7YZiJ+NfkfybEnnDRKglmEX
rOWc6wWGbyWkD8wukCQjMWAD0Y7FpF3bSgadVnmCbNxO1Y1eiCNAj4L4pQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFAg+uEoxKpyb2pY9ApqMOXO+LjGxMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ0Q2NFNqRXFuSnZhbGowQ21vdzVjNzR1TWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAUah3AwQA
UpkEAwQAUpkyAwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQD
BAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAGydmXIa4Ouyi55sSYYaXyRk
s7v6IwRQx4C85T66rZ9xHCuqqWDmy25UW94osEj8tNw6DONyvChEKZn6knYGspuN
Xbf7TTGYyiyG/DZBEalqwerWOIzR0ehBaTgu4ATUf5qsXGZc/L9gSIlPcokc0fkN
y7OVhBLTWTjeUG5aC6c7dX5GIxR6YCII8xW/4NULHuEn+oBMq/+1fbhxrGQOayAf
o/SQkEX2kmkgipK7WRaprqPPDUjlp02YCxVInj8STMTuv9Jsew+NmqcvrEpw+DDf
neVyAPaGILYauCiIa2hx8Mc+SM/zVFIgWdWGHgon8CJ5U6Pv5xJrdpK8BGaoSCI=
-----END CERTIFICATE-----