Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/F35Zym8B_IfJYs1RFljAMXeSSe0.roa
File:                     F35Zym8B_IfJYs1RFljAMXeSSe0.roa (raw, json)
Hash identifier:          ieKUo+fSZEzlJr/B9e0T8BjDwF8+5VFcSV33E72Wp28=
Subject key identifier:   17:7E:59:CA:6F:01:FC:87:C9:62:CD:51:16:58:C0:31:77:92:49:ED
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01896DCD231EB8F2952E2FF6EAF0D968C414
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/F35Zym8B_IfJYs1RFljAMXeSSe0.roa
Signing time:             Wed 19 Jul 2023 10:58:27 +0000
ROA not before:           Wed 19 Jul 2023 10:58:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.152.108.0/24 maxlen: 24
                          82.152.111.0/24 maxlen: 24
                          82.153.73.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          82.153.242.0/24 maxlen: 24
                          89.213.191.0/24 maxlen: 24
                          82.153.249.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.252.0/24 maxlen: 24
                          81.5.156.0/24 maxlen: 24
                          82.152.255.0/24 maxlen: 24
                          82.153.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 20 Jul 2023 15:15:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6d:cd:23:1e:b8:f2:95:2e:2f:f6:ea:f0:d9:68:c4:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 19 10:58:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=177e59ca6f01fc87c962cd511658c031779249ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c3:bd:4d:c0:6e:31:a6:9c:7e:8c:a1:1b:ea:
                    e5:23:50:e1:2b:96:55:d4:fc:db:c6:3c:de:84:d2:
                    53:2f:37:39:76:d4:4c:f1:0c:98:df:9b:04:87:fe:
                    36:5a:95:bf:24:d7:42:78:64:78:80:8c:d7:a9:66:
                    2b:75:e9:1c:f9:7b:db:fa:93:37:2a:79:4b:6a:4c:
                    af:ba:db:f5:c7:08:1f:b1:2b:d9:48:e8:60:ca:de:
                    a1:c7:60:ec:0f:3a:47:4c:17:6d:e3:7c:63:df:ff:
                    94:a3:fa:56:88:02:f9:fe:ef:32:29:21:8c:80:6e:
                    b5:65:96:df:b8:23:01:21:80:0c:44:97:5d:d8:78:
                    02:94:65:3e:71:17:a9:f8:49:8b:24:11:64:2d:b7:
                    05:65:be:ba:4e:98:db:93:65:19:ea:b7:b8:0d:0e:
                    36:a9:be:1f:d3:5b:e6:36:8c:f4:a7:59:a0:99:48:
                    4e:40:ab:eb:ec:76:a3:ac:03:7e:99:24:d3:0f:09:
                    f6:3f:f3:40:24:d6:48:cb:98:f1:9b:53:08:0c:a6:
                    8f:51:ef:98:fe:93:62:4e:ca:dc:36:3e:6c:8d:ed:
                    d1:ea:95:29:c1:f1:04:ab:80:90:bd:53:33:8c:2f:
                    d0:60:fa:fa:e2:1c:ec:c8:80:e8:d4:03:1e:24:30:
                    9e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:7E:59:CA:6F:01:FC:87:C9:62:CD:51:16:58:C0:31:77:92:49:ED
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/F35Zym8B_IfJYs1RFljAMXeSSe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.156.0/24
                  81.168.119.0/24
                  81.168.123.0/24
                  82.152.108.0/24
                  82.152.111.0/24
                  82.152.252.0/23
                  82.152.255.0/24
                  82.153.73.0/24
                  82.153.78.0/24
                  82.153.136.0/22
                  82.153.223.0/24
                  82.153.242.0/24
                  82.153.249.0/24
                  89.213.131.0/24
                  89.213.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:9e:90:68:f2:52:e0:fc:80:05:08:30:17:a6:90:8d:56:98:
         a4:9c:d8:de:82:01:51:93:67:62:bd:0a:da:f3:c3:1b:43:db:
         47:df:36:17:25:1e:87:cc:3f:f8:36:d8:6a:d3:1e:f5:1a:3a:
         cb:fb:7e:63:46:eb:e1:aa:ec:f2:ce:be:cc:ca:b0:8d:4a:43:
         68:ba:bc:9d:fc:66:0d:80:f2:76:db:cf:7f:11:86:a5:b8:bd:
         0c:01:87:0c:52:32:25:be:71:f7:7f:ff:6f:d8:d8:a0:91:26:
         4c:23:ca:f8:ee:85:1d:ba:e1:a6:82:df:d3:7a:2e:6f:4f:ce:
         20:f3:db:4d:57:59:80:a7:2d:70:bc:67:2f:d9:b4:cb:12:e6:
         da:37:dd:84:60:3c:ca:cb:64:6c:79:cc:ad:a2:87:e1:11:98:
         03:16:93:d4:79:e9:e9:3b:11:16:bc:f9:99:7a:07:46:73:42:
         a9:dd:b5:dd:be:48:ff:0f:86:4c:0b:95:6a:e0:50:fd:b0:f0:
         3d:3d:b6:fb:c8:47:7d:f2:12:9a:c3:b3:ba:56:41:f2:4e:8d:
         55:cf:93:e5:22:cf:b1:a1:df:a9:a3:13:f8:09:68:7f:ea:20:
         a0:af:4a:3f:fd:56:86:1c:29:11:99:e8:bd:60:33:31:74:24:
         bf:b0:46:39
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYltzSMeuPKVLi/26vDZaMQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzE5MTA1ODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzdlNTljYTZmMDFmYzg3Yzk2MmNkNTExNjU4YzAzMTc3OTI0OWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysO9TcBuMaacfoyhG+rlI1DhK5ZV
1PzbxjzehNJTLzc5dtRM8QyY35sEh/42WpW/JNdCeGR4gIzXqWYrdekc+Xvb+pM3
KnlLakyvutv1xwgfsSvZSOhgyt6hx2DsDzpHTBdt43xj3/+Uo/pWiAL5/u8yKSGM
gG61ZZbfuCMBIYAMRJdd2HgClGU+cRep+EmLJBFkLbcFZb66Tpjbk2UZ6re4DQ42
qb4f01vmNoz0p1mgmUhOQKvr7HajrAN+mSTTDwn2P/NAJNZIy5jxm1MIDKaPUe+Y
/pNiTsrcNj5sje3R6pUpwfEEq4CQvVMzjC/QYPr64hzsyIDo1AMeJDCeqQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFBd+WcpvAfyHyWLNURZYwDF3kkntMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRjM1WnltOEJfSWZKWXMxUkZsakFNWGVTU2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAUQWcAwQA
Uah3AwQAUah7AwQAUphsAwQAUphvAwQBUpj8AwQAUpj/AwQAUplJAwQAUplOAwQC
UpmIAwQAUpnfAwQAUpnyAwQAUpn5AwQAWdWDAwQAWdW/MA0GCSqGSIb3DQEBCwUA
A4IBAQATnpBo8lLg/IAFCDAXppCNVpiknNjeggFRk2divQra88MbQ9tH3zYXJR6H
zD/4Nthq0x71GjrL+35jRuvhquzyzr7MyrCNSkNouryd/GYNgPJ2289/EYaluL0M
AYcMUjIlvnH3f/9v2NigkSZMI8r47oUduuGmgt/Tei5vT84g89tNV1mApy1wvGcv
2bTLEubaN92EYDzKy2RsecytoofhEZgDFpPUeenpOxEWvPmZegdGc0Kp3bXdvkj/
D4ZMC5Vq4FD9sPA9Pbb7yEd98hKaw7O6VkHyTo1Vz5PlIs+xod+poxP4CWh/6iCg
r0o//VaGHCkRmei9YDMxdCS/sEY5
-----END CERTIFICATE-----