Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ezzb541LhJh82-MLCzUWJPMsVGw.roa
File:                     Ezzb541LhJh82-MLCzUWJPMsVGw.roa (raw, json)
Hash identifier:          1t1np2fNHL+R0Ps9UY3nyewuxMzSVrvxYQnqOxzoTzQ=
Subject key identifier:   13:3C:DB:E7:8D:4B:84:98:7C:DB:E3:0B:0B:35:16:24:F3:2C:54:6C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CCE8A4B1D8C3CC8392D3FC66437EABD05
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ezzb541LhJh82-MLCzUWJPMsVGw.roa
Signing time:             Wed 03 Jan 2024 08:56:58 +0000
ROA not before:           Wed 03 Jan 2024 08:56:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.241.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.70.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 04 Jan 2024 12:06:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:8a:4b:1d:8c:3c:c8:39:2d:3f:c6:64:37:ea:bd:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  3 08:56:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=133cdbe78d4b84987cdbe30b0b351624f32c546c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:73:46:7e:8a:c4:e0:5b:b0:57:0e:2d:c3:72:
                    e6:80:8c:b0:19:7d:24:78:f2:64:d4:9d:e4:0c:c8:
                    46:7c:0d:d2:9e:26:00:8b:e9:5a:62:a9:04:4d:d1:
                    ed:e7:e5:79:18:62:9e:1a:12:6a:4b:27:7d:18:ba:
                    2d:3d:e3:95:24:04:96:c6:48:3d:fd:ad:df:d6:9d:
                    43:b1:74:d9:06:76:dd:93:67:ba:20:6e:32:4e:3a:
                    15:4c:a3:46:11:3b:85:4e:c8:a7:fc:53:fb:ac:cc:
                    9e:62:b7:de:21:01:1e:75:66:ae:c9:59:ba:e4:a2:
                    0a:75:22:21:d4:8e:cc:e4:f4:8c:ad:00:75:0e:60:
                    1d:94:3a:e8:d7:a6:06:90:ea:91:81:3a:cb:2c:d3:
                    70:d9:69:03:14:9b:bb:4a:67:b0:0f:38:f0:6e:c2:
                    3c:c6:4d:54:aa:5d:fa:71:d1:1a:7e:42:b0:46:ff:
                    ac:de:00:ec:e5:cc:b3:1f:35:c3:62:34:f4:47:69:
                    16:11:9e:46:b9:6b:31:a2:99:24:82:be:73:da:69:
                    da:2f:2d:ae:3e:45:a5:21:8d:1e:62:cc:c7:06:f6:
                    35:67:1b:08:fd:63:f6:ca:04:10:05:d6:7c:e6:e1:
                    fb:81:08:7a:8f:98:70:51:95:d1:f0:e8:2f:fa:98:
                    8f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:3C:DB:E7:8D:4B:84:98:7C:DB:E3:0B:0B:35:16:24:F3:2C:54:6C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ezzb541LhJh82-MLCzUWJPMsVGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.70.0/24
                  82.153.136.0/22
                  82.153.241.0/24
                  82.153.246.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:41:ef:ae:f6:9b:54:a6:59:5e:9b:bd:95:63:29:8b:f7:b7:
         64:f4:38:a5:78:c7:b6:2c:55:4c:74:14:5d:75:f3:32:75:52:
         51:a3:73:65:6c:56:de:18:c1:d8:6d:ac:24:4a:5e:14:46:36:
         36:0e:39:28:32:9d:ee:4b:e5:df:10:ff:8c:4f:03:68:02:4d:
         6e:62:1e:b4:60:d4:9d:f1:0d:c0:f3:84:43:e7:34:de:7e:e0:
         3a:ac:c3:60:48:51:e9:3c:07:72:37:2e:48:4b:c3:70:93:85:
         25:1e:40:76:db:e8:c0:33:01:1a:63:c3:a1:f1:53:a5:a2:c1:
         b4:eb:02:b8:c7:cb:99:b1:ed:a1:0d:98:67:85:53:d7:3a:db:
         d0:3a:b7:18:35:46:64:ad:bd:36:9e:e4:19:a4:e9:da:03:3a:
         ea:00:78:ce:0a:ae:e7:58:93:0c:27:f5:fd:79:07:7f:fe:ff:
         57:c5:fb:08:87:c5:79:52:ce:b7:fc:c1:c8:8c:e5:8f:88:c8:
         fa:84:2f:18:38:35:14:32:a7:98:62:c8:d8:da:12:dd:0b:06:
         26:1a:f5:a3:b9:f9:c1:6d:51:a7:5a:c9:b8:b3:5a:e3:e6:5e:
         0f:bd:32:cd:8e:d4:03:a7:16:38:9f:d6:4a:c7:f9:96:ab:00:
         d8:5a:3c:02
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYzOiksdjDzIOS0/xmQ36r0FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAzMDg1NjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzNjZGJlNzhkNGI4NDk4N2NkYmUzMGIwYjM1MTYyNGYzMmM1NDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3NGforE4FuwVw4tw3LmgIywGX0k
ePJk1J3kDMhGfA3SniYAi+laYqkETdHt5+V5GGKeGhJqSyd9GLotPeOVJASWxkg9
/a3f1p1DsXTZBnbdk2e6IG4yTjoVTKNGETuFTsin/FP7rMyeYrfeIQEedWauyVm6
5KIKdSIh1I7M5PSMrQB1DmAdlDro16YGkOqRgTrLLNNw2WkDFJu7SmewDzjwbsI8
xk1Uql36cdEafkKwRv+s3gDs5cyzHzXDYjT0R2kWEZ5GuWsxopkkgr5z2mnaLy2u
PkWlIY0eYszHBvY1ZxsI/WP2ygQQBdZ85uH7gQh6j5hwUZXR8Ogv+piPAwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFBM82+eNS4SYfNvjCws1FiTzLFRsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRXp6YjU0MUxoSmg4Mi1NTEN6VVdKUE1zVkd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAUah3AwQA
UplGAwQCUpmIAwQAUpnxAwQAUpn2MAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQD
BAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAJtB7672m1SmWV6bvZVjKYv3
t2T0OKV4x7YsVUx0FF118zJ1UlGjc2VsVt4YwdhtrCRKXhRGNjYOOSgyne5L5d8Q
/4xPA2gCTW5iHrRg1J3xDcDzhEPnNN5+4Dqsw2BIUek8B3I3LkhLw3CThSUeQHbb
6MAzARpjw6HxU6WiwbTrArjHy5mx7aENmGeFU9c629A6txg1RmStvTae5Bmk6doD
OuoAeM4KrudYkwwn9f15B3/+/1fF+wiHxXlSzrf8wciM5Y+IyPqELxg4NRQyp5hi
yNjaEt0LBiYa9aO5+cFtUadaybizWuPmXg+9Ms2O1AOnFjif1krH+ZarANhaPAI=
-----END CERTIFICATE-----