Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/It7S0b-lMzzuCi3M41_53rn5cDY.roa
File:                     It7S0b-lMzzuCi3M41_53rn5cDY.roa (raw, json)
Hash identifier:          9qg650irE6VtSguM3sF+SNOk3YhOs9zbnCBQaK8uf/c=
Subject key identifier:   22:DE:D2:D1:BF:A5:33:3C:EE:0A:2D:CC:E3:5F:F9:DE:B9:F9:70:36
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC472AB14B1C077B9E67BA40A297BC558
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/It7S0b-lMzzuCi3M41_53rn5cDY.roa
Signing time:             Mon 01 Jan 2024 09:54:58 +0000
ROA not before:           Mon 01 Jan 2024 09:54:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Mon 01 Jan 2024 17:14:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:72:ab:14:b1:c0:77:b9:e6:7b:a4:0a:29:7b:c5:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:54:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22ded2d1bfa5333cee0a2dcce35ff9deb9f97036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:80:5a:cb:60:f2:95:c3:32:24:70:31:d2:1d:
                    85:ac:a7:05:94:c7:43:1c:eb:f7:64:08:79:b8:f0:
                    f1:24:94:cf:ee:96:ce:08:8d:a8:3d:fe:ff:5a:d6:
                    8f:4e:45:c4:af:a1:c1:60:e5:b0:13:6f:37:14:2a:
                    36:71:89:83:e3:a8:2f:4a:70:bb:7b:f3:ba:75:d3:
                    4b:48:bf:86:63:b0:56:ea:6c:eb:a4:e7:21:fd:f5:
                    86:c8:60:96:88:c3:1d:5f:38:b4:c3:d4:7f:3e:fd:
                    12:ad:fa:32:7f:13:24:8d:1d:aa:09:5c:01:df:e3:
                    29:81:bc:0d:d8:6d:a7:a7:84:b4:a2:f4:c0:92:6d:
                    4f:4a:06:af:21:b9:57:b3:1f:12:b6:13:f3:96:5b:
                    48:f9:dd:0f:cd:18:9d:33:89:88:75:87:22:19:b4:
                    65:2f:f2:3b:3f:45:4f:3a:60:cc:ff:08:d6:81:0e:
                    9a:88:e3:f8:c8:13:d3:a2:f8:85:5e:3d:57:56:ec:
                    af:c5:3b:95:39:04:5d:3a:f6:a0:5a:f7:79:52:4c:
                    94:3a:48:49:e2:47:96:35:d4:8d:b6:cd:ca:c6:37:
                    fc:60:6f:78:86:06:da:e0:69:5f:e0:10:7b:32:46:
                    5d:98:b9:cc:1e:82:59:95:6a:99:28:9f:55:0a:35:
                    a2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:DE:D2:D1:BF:A5:33:3C:EE:0A:2D:CC:E3:5F:F9:DE:B9:F9:70:36
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/It7S0b-lMzzuCi3M41_53rn5cDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  82.153.246.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:af:15:ee:be:1a:e9:79:99:a6:b4:b0:db:48:31:bf:32:19:
         62:2a:c1:7e:5f:c6:48:06:1a:df:d5:10:08:b9:f8:a9:a1:bf:
         be:8a:92:24:64:e7:0c:75:7a:50:a0:86:35:71:b0:08:c8:d7:
         5d:a5:ef:24:df:05:66:a9:cf:4b:da:33:25:af:19:cd:b2:97:
         4b:92:36:b5:51:d1:db:bd:9a:6e:0d:47:3a:75:cc:f5:74:4d:
         fd:c3:82:9e:1b:27:17:45:04:5e:be:6e:8a:38:43:32:52:fc:
         e7:c8:16:1d:04:8c:9d:60:c5:ec:9e:aa:6c:ee:6e:cf:43:c8:
         1d:5c:aa:24:6d:a8:84:ca:45:a2:cd:b2:8c:3e:b8:04:f9:2b:
         ea:a6:a7:09:8e:ce:be:d5:e9:14:94:65:13:d8:6b:35:3e:4a:
         01:08:f1:93:39:75:a9:9e:e7:58:86:e2:be:52:ed:0f:17:61:
         b6:7f:61:03:1c:3a:ba:b4:48:98:48:2d:fe:80:9b:1a:4d:2b:
         51:16:12:09:b3:55:1f:f0:25:57:ef:cf:b4:fe:2a:ee:0b:29:
         93:31:02:37:86:c9:5c:fe:ba:a7:bd:e1:ac:64:0d:56:e0:3f:
         2e:61:59:73:c9:28:96:f4:29:eb:4e:a8:ce:b7:60:fb:64:72:
         31:28:3a:45
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzEcqsUscB3ueZ7pAope8VYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDk1NDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmRlZDJkMWJmYTUzMzNjZWUwYTJkY2NlMzVmZjlkZWI5Zjk3MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIBay2DylcMyJHAx0h2FrKcFlMdD
HOv3ZAh5uPDxJJTP7pbOCI2oPf7/WtaPTkXEr6HBYOWwE283FCo2cYmD46gvSnC7
e/O6ddNLSL+GY7BW6mzrpOch/fWGyGCWiMMdXzi0w9R/Pv0SrfoyfxMkjR2qCVwB
3+MpgbwN2G2np4S0ovTAkm1PSgavIblXsx8SthPzlltI+d0PzRidM4mIdYciGbRl
L/I7P0VPOmDM/wjWgQ6aiOP4yBPToviFXj1XVuyvxTuVOQRdOvagWvd5UkyUOkhJ
4keWNdSNts3Kxjf8YG94hgba4Glf4BB7MkZdmLnMHoJZlWqZKJ9VCjWitQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFCLe0tG/pTM87gotzONf+d65+XA2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSXQ3UzBiLWxNenp1Q2kzTTQxXzUzcm41Y0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQC
UpmIAwQAUpn2MAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAGCvFe6+Gul5maa0sNtIMb8yGWIqwX5fxkgGGt/V
EAi5+Kmhv76KkiRk5wx1elCghjVxsAjI112l7yTfBWapz0vaMyWvGc2yl0uSNrVR
0du9mm4NRzp1zPV0Tf3Dgp4bJxdFBF6+boo4QzJS/OfIFh0EjJ1gxeyeqmzubs9D
yB1cqiRtqITKRaLNsow+uAT5K+qmpwmOzr7V6RSUZRPYazU+SgEI8ZM5dame51iG
4r5S7Q8XYbZ/YQMcOrq0SJhILf6AmxpNK1EWEgmzVR/wJVfvz7T+Ku4LKZMxAjeG
yVz+uqe94axkDVbgPy5hWXPJKJb0KetOqM63YPtkcjEoOkU=
-----END CERTIFICATE-----