Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Cqr15t0xBt6QLcm7GSCpx9hY80I.roa
File:                     Cqr15t0xBt6QLcm7GSCpx9hY80I.roa (raw, json)
Hash identifier:          FC0LTBhkyliU6n+GFB7OQdhQ+kwZkhf8oDeFtqsvJp4=
Subject key identifier:   0A:AA:F5:E6:DD:31:06:DE:90:2D:C9:BB:19:20:A9:C7:D8:58:F3:42
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E65EAB8B0F201D66644BF9850F5A12326
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Cqr15t0xBt6QLcm7GSCpx9hY80I.roa
Signing time:             Fri 22 Mar 2024 11:27:45 +0000
ROA not before:           Fri 22 Mar 2024 11:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.178.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 09:05:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:ea:b8:b0:f2:01:d6:66:44:bf:98:50:f5:a1:23:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 22 11:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0aaaf5e6dd3106de902dc9bb1920a9c7d858f342
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:44:c4:4b:a7:f7:67:02:63:bf:3c:7b:25:6f:
                    c1:a6:f7:87:0a:1c:ac:79:ed:85:c5:72:56:78:f2:
                    08:04:da:3c:89:ae:39:06:ac:5a:e1:4f:93:35:86:
                    50:65:00:a2:d6:e5:1e:d7:38:6b:82:11:67:96:0a:
                    f3:a2:1e:3c:0e:3a:b5:e8:e1:1a:d3:14:53:69:60:
                    bf:91:64:78:d9:be:8f:55:42:73:d1:e6:a2:a0:a3:
                    c9:54:ae:36:ea:a8:6a:12:cf:d0:75:30:9a:97:bf:
                    9c:44:14:eb:0e:49:33:d8:7f:22:2c:8f:2d:4a:bc:
                    db:68:94:68:e5:34:cd:0d:74:a0:d7:70:bc:da:c3:
                    e6:b7:c4:44:74:68:6a:be:59:95:4d:cd:7c:2d:eb:
                    6a:f2:83:e9:d4:bb:e4:9d:06:45:f4:c8:fa:c8:a2:
                    5e:f1:61:ee:00:b5:24:8f:01:5e:4d:0f:5b:72:1f:
                    57:82:4a:95:76:c4:29:45:01:db:3c:53:0f:9a:77:
                    bb:4e:d4:50:a2:6f:39:2f:dd:38:fc:5a:4a:43:ab:
                    46:ce:06:44:3c:81:20:1b:2d:d7:0f:87:52:83:fe:
                    13:36:db:56:27:5d:51:97:dd:4c:e5:c6:74:8b:51:
                    38:4a:6d:69:f1:1b:73:8a:6c:87:30:38:7e:31:48:
                    e7:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:AA:F5:E6:DD:31:06:DE:90:2D:C9:BB:19:20:A9:C7:D8:58:F3:42
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Cqr15t0xBt6QLcm7GSCpx9hY80I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.178.0/24
                  89.213.180.0/24
                  109.176.245.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:10:e8:ce:a4:64:75:62:13:da:1c:d0:b0:12:de:1e:26:ab:
         99:6e:72:46:03:b6:58:f4:b1:a3:e9:2e:db:67:94:65:f6:30:
         a1:01:e9:d9:29:9d:92:37:b1:8b:62:68:8c:c5:95:70:1f:9f:
         3a:f6:e7:76:41:79:8d:92:97:b6:80:f8:80:ed:80:d2:60:5f:
         c2:94:a0:0d:5a:c4:81:52:e4:a1:d0:b3:ab:ca:6e:12:56:fc:
         67:22:ae:8d:b2:83:0f:ad:09:a7:eb:82:16:5e:bd:5e:47:ef:
         12:3d:72:ce:ca:fb:23:95:1c:2d:65:86:2c:62:d6:a8:4d:94:
         68:cd:69:2e:9b:54:b7:0c:22:b9:71:6b:94:eb:25:09:b3:13:
         3e:a5:76:6a:b6:ab:42:04:f8:1f:06:80:78:e1:31:8a:95:6b:
         d6:ea:f1:34:79:aa:3b:29:21:29:7c:a9:7c:75:96:bf:a6:a8:
         ed:2e:45:eb:47:a8:c0:26:e8:f9:eb:a3:39:73:8e:2a:b1:ee:
         a1:3e:c5:88:e9:5d:90:86:88:2a:65:72:f7:91:cd:c2:dd:8f:
         1c:c7:49:8e:53:37:8c:1a:87:12:60:69:ef:cd:bb:49:d8:1a:
         d3:42:86:20:5b:a1:cf:dd:40:45:b9:51:07:37:bf:b5:e1:9f:
         cc:05:01:51
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY5l6riw8gHWZkS/mFD1oSMmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzIyMTEyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWFhZjVlNmRkMzEwNmRlOTAyZGM5YmIxOTIwYTljN2Q4NThmMzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoETES6f3ZwJjvzx7JW/BpveHChys
ee2FxXJWePIIBNo8ia45Bqxa4U+TNYZQZQCi1uUe1zhrghFnlgrzoh48Djq16OEa
0xRTaWC/kWR42b6PVUJz0eaioKPJVK426qhqEs/QdTCal7+cRBTrDkkz2H8iLI8t
SrzbaJRo5TTNDXSg13C82sPmt8REdGhqvlmVTc18Letq8oPp1LvknQZF9Mj6yKJe
8WHuALUkjwFeTQ9bch9XgkqVdsQpRQHbPFMPmne7TtRQom85L904/FpKQ6tGzgZE
PIEgGy3XD4dSg/4TNttWJ11Rl91M5cZ0i1E4Sm1p8RtzimyHMDh+MUjn6QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFAqq9ebdMQbekC3JuxkgqcfYWPNCMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ3FyMTV0MHhCdDZRTGNtN0dTQ3B4OWhZODBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBUpiwAwQC
UpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bIDBABZ1bQDBABtsPUD
BAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAG8Q6M6kZHViE9oc0LAS3h4m
q5luckYDtlj0saPpLttnlGX2MKEB6dkpnZI3sYtiaIzFlXAfnzr253ZBeY2Sl7aA
+IDtgNJgX8KUoA1axIFS5KHQs6vKbhJW/Gciro2ygw+tCafrghZevV5H7xI9cs7K
+yOVHC1lhixi1qhNlGjNaS6bVLcMIrlxa5TrJQmzEz6ldmq2q0IE+B8GgHjhMYqV
a9bq8TR5qjspISl8qXx1lr+mqO0uRetHqMAm6Pnrozlzjiqx7qE+xYjpXZCGiCpl
cveRzcLdjxzHSY5TN4wahxJgae/Nu0nYGtNChiBboc/dQEW5UQc3v7Xhn8wFAVE=
-----END CERTIFICATE-----