Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IHtrOX2H1h0b9XbEY-eDqOaJFyw.roa
File:                     IHtrOX2H1h0b9XbEY-eDqOaJFyw.roa (raw, json)
Hash identifier:          17Wrdd5nRG0GTwZlmL3pzt1JIdik4kZnSsNFOBC5XKE=
Subject key identifier:   20:7B:6B:39:7D:87:D6:1D:1B:F5:76:C4:63:E7:83:A8:E6:89:17:2C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C100795C95C481968E572CAFB7D35F9C7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IHtrOX2H1h0b9XbEY-eDqOaJFyw.roa
Signing time:             Mon 27 Nov 2023 09:06:21 +0000
ROA not before:           Mon 27 Nov 2023 09:06:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          82.153.70.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          89.213.182.0/23 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          82.153.10.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 27 Nov 2023 23:07:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:10:07:95:c9:5c:48:19:68:e5:72:ca:fb:7d:35:f9:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 27 09:06:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=207b6b397d87d61d1bf576c463e783a8e689172c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f2:a1:62:fe:d9:a2:55:e0:21:3b:7c:44:b2:
                    46:80:1c:c2:28:40:ab:52:2b:f7:af:1a:b3:64:95:
                    b1:fc:59:77:3c:f5:f1:96:6e:65:79:49:a3:06:34:
                    38:75:19:2d:e4:ea:c5:e2:f1:6f:ca:33:1e:4d:75:
                    22:77:e4:3a:ea:c4:d5:bc:61:c0:e7:94:82:37:4e:
                    a5:03:f1:a5:44:c9:06:21:7f:77:36:65:ab:2d:3e:
                    6f:af:c0:0e:95:23:78:e2:ea:6d:ee:c9:bd:29:dc:
                    b9:2e:de:4a:f8:aa:57:c3:06:fc:b4:eb:46:9c:0e:
                    86:a3:2a:f8:95:bc:9f:b5:6d:ed:5e:a6:f0:96:9f:
                    4d:7d:0f:97:ce:d5:54:1b:f6:76:a3:01:d4:75:08:
                    e5:19:0e:fa:b2:32:f9:c8:cc:59:e5:1e:16:f6:d3:
                    7f:0d:32:0c:9c:05:ed:07:67:b4:79:10:15:5b:c4:
                    14:7a:8b:db:c1:00:8e:3d:6c:8a:df:92:bd:c9:68:
                    a8:81:d7:06:b7:7d:c4:9c:24:ad:6b:35:17:0b:e0:
                    34:14:c0:58:0e:71:1b:bd:ec:f9:11:1f:e1:d4:d1:
                    f3:6b:cb:5b:17:d6:e8:2d:7d:82:59:f2:7f:79:68:
                    74:b6:6d:5f:52:e7:36:93:bc:49:b8:db:14:bd:fa:
                    c7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:7B:6B:39:7D:87:D6:1D:1B:F5:76:C4:63:E7:83:A8:E6:89:17:2C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IHtrOX2H1h0b9XbEY-eDqOaJFyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.10.0/24
                  82.153.70.0/24
                  82.153.136.0/22
                  89.213.42.0/24
                  89.213.140.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/22
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:ae:1f:d8:44:b4:8f:e5:fa:a5:2a:b9:30:44:1b:4d:3f:81:
         f6:2a:66:5f:a8:d5:16:e6:63:cc:e5:33:89:61:85:ee:41:7a:
         50:c6:7b:63:2f:f8:92:78:e7:5d:00:fa:3a:f8:07:8c:48:ff:
         54:27:42:8d:55:7d:5d:ab:62:01:2b:23:f4:2d:ed:91:1d:0f:
         45:d3:b7:a9:45:65:e8:cb:59:2c:25:c0:bc:be:2c:7f:3c:bf:
         c4:f9:34:61:75:81:3c:cb:a3:00:01:70:ac:4e:36:2a:c6:59:
         8e:25:f7:27:5b:a6:1a:95:40:23:11:ca:4e:0f:ac:d9:53:22:
         2b:c3:87:3e:50:29:7f:ba:aa:38:b7:a2:ca:84:c2:12:31:41:
         65:72:79:2c:db:4c:10:81:84:a9:54:48:3b:a4:bd:2c:81:2c:
         a8:fa:a6:46:4b:5e:e5:23:6c:10:83:76:ca:a7:37:ff:fc:e9:
         0e:b7:a1:15:68:e8:55:be:f6:f4:25:76:0a:23:41:45:82:82:
         21:d7:af:2b:7c:f3:dc:43:d9:69:79:79:a1:fd:3d:0c:12:6a:
         f6:83:88:96:62:fc:81:61:67:91:76:d2:b1:b4:d7:21:bf:3f:
         7e:40:b2:30:b0:f7:65:80:f5:bf:f2:bf:a9:6c:fd:c6:66:1c:
         e8:cf:01:2d
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYwQB5XJXEgZaOVyyvt9NfnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTI3MDkwNjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDdiNmIzOTdkODdkNjFkMWJmNTc2YzQ2M2U3ODNhOGU2ODkxNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfKhYv7ZolXgITt8RLJGgBzCKECr
Uiv3rxqzZJWx/Fl3PPXxlm5leUmjBjQ4dRkt5OrF4vFvyjMeTXUid+Q66sTVvGHA
55SCN06lA/GlRMkGIX93NmWrLT5vr8AOlSN44upt7sm9Kdy5Lt5K+KpXwwb8tOtG
nA6Goyr4lbyftW3tXqbwlp9NfQ+XztVUG/Z2owHUdQjlGQ76sjL5yMxZ5R4W9tN/
DTIMnAXtB2e0eRAVW8QUeovbwQCOPWyK35K9yWiogdcGt33EnCStazUXC+A0FMBY
DnEbvez5ER/h1NHza8tbF9boLX2CWfJ/eWh0tm1fUuc2k7xJuNsUvfrHEQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFCB7azl9h9YdG/V2xGPng6jmiRcsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSUh0ck9YMkgxaDBiOVhiRVktZURxT2FKRnl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAUah3AwQA
Uah7AwQAUpkKAwQAUplGAwQCUpmIAwQAWdUqAwQAWdWMMAwDBAJZ1ZQDBAVZ1YAD
BAJZ1awDBAJZ1bQDBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAIGuH9hE
tI/l+qUquTBEG00/gfYqZl+o1RbmY8zlM4lhhe5BelDGe2Mv+JJ4510A+jr4B4xI
/1QnQo1VfV2rYgErI/Qt7ZEdD0XTt6lFZejLWSwlwLy+LH88v8T5NGF1gTzLowAB
cKxONirGWY4l9ydbphqVQCMRyk4PrNlTIivDhz5QKX+6qji3osqEwhIxQWVyeSzb
TBCBhKlUSDukvSyBLKj6pkZLXuUjbBCDdsqnN//86Q63oRVo6FW+9vQldgojQUWC
giHXryt889xD2Wl5eaH9PQwSavaDiJZi/IFhZ5F20rG01yG/P35AsjCw92WA9b/y
v6ls/cZmHOjPAS0=
-----END CERTIFICATE-----