Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JS1M0c9K6OSrpwzgY3eU7FcgMC4.roa
File:                     JS1M0c9K6OSrpwzgY3eU7FcgMC4.roa (raw, json)
Hash identifier:          TpJ+r+btMYMPjIebG5nFAencxBxSySWtTF4Nycr5XSM=
Subject key identifier:   25:2D:4C:D1:CF:4A:E8:E4:AB:A7:0C:E0:63:77:94:EC:57:20:30:2E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EA9D68D5432E9C6C51532A81F178A13B7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JS1M0c9K6OSrpwzgY3eU7FcgMC4.roa
Signing time:             Thu 04 Apr 2024 15:59:54 +0000
ROA not before:           Thu 04 Apr 2024 15:59:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 05 Apr 2024 14:44:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:d6:8d:54:32:e9:c6:c5:15:32:a8:1f:17:8a:13:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  4 15:59:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=252d4cd1cf4ae8e4aba70ce0637794ec5720302e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:6d:17:ca:7a:b0:ee:ed:97:51:eb:46:da:23:
                    f5:bb:0f:7a:00:b8:ee:8e:a6:fd:76:a9:d6:30:05:
                    4a:b6:af:b2:a6:70:04:4e:18:af:35:52:bf:bc:c8:
                    09:8c:0b:e7:01:84:b2:1e:27:d7:bd:e3:09:f1:5c:
                    73:c5:6a:20:fb:f1:a4:7e:07:2d:6f:41:ac:e2:18:
                    1b:c9:ff:d0:20:8c:34:5e:68:72:29:6f:57:2b:6b:
                    39:35:a7:35:54:df:23:29:3b:79:67:c4:b4:bd:76:
                    2f:7e:38:49:c3:76:a8:d8:52:63:30:b3:56:6c:cd:
                    38:29:ac:d0:06:25:01:18:a5:1a:13:f3:ea:3f:37:
                    35:e1:04:16:7b:05:77:50:c5:a4:24:e2:0d:c8:e0:
                    5d:5b:bb:c2:73:e1:39:55:72:b5:52:44:7e:31:3c:
                    8a:31:e4:4c:d0:da:d4:8b:5a:57:50:98:d8:2d:12:
                    5f:6a:72:1b:0a:17:7c:dd:d1:26:ac:4b:47:88:99:
                    38:66:42:c5:88:13:67:e9:b5:e7:d2:d3:b5:f1:83:
                    72:6f:35:04:d7:01:51:ec:bf:fc:35:e0:9b:f5:4a:
                    3a:fe:50:62:38:23:1e:30:53:40:1f:8a:3c:f5:fb:
                    d3:9c:61:5a:98:91:aa:00:01:b7:b2:72:ab:61:6d:
                    ec:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:2D:4C:D1:CF:4A:E8:E4:AB:A7:0C:E0:63:77:94:EC:57:20:30:2E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JS1M0c9K6OSrpwzgY3eU7FcgMC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  109.176.245.0/24
                  185.49.126.0/23
                  213.130.149.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:62:6f:7a:a4:13:f9:f2:5b:43:1d:98:67:3b:3e:10:33:09:
         fe:c4:54:26:5e:b5:03:0e:b4:7d:f9:13:49:0e:1a:29:56:20:
         f2:85:40:ec:b4:af:53:75:31:11:c2:79:08:01:b4:15:85:98:
         cb:ac:e7:3c:80:30:69:c5:91:b1:04:44:87:8c:28:a5:92:5b:
         63:a7:45:fa:f6:2a:8b:33:42:be:3b:1a:a7:03:e1:af:9d:20:
         9d:c4:db:89:dc:8b:c6:5c:a8:7f:fc:01:8a:3b:ca:36:8e:f7:
         78:37:3b:17:3a:7e:39:65:ba:2b:dc:7f:e5:01:2f:33:6d:43:
         77:a2:18:2f:b7:06:14:10:63:8b:9a:42:6b:3b:b2:7c:f0:43:
         af:de:fa:5a:c4:b4:10:1b:06:b8:bf:f4:3d:6a:5b:9c:3b:91:
         92:7a:d4:0d:3b:63:89:19:70:5a:43:dd:d2:0a:82:3d:9d:b8:
         56:fa:c7:53:ee:50:47:98:1b:bf:47:f8:8a:78:ca:ef:c1:bf:
         5e:0d:6a:94:4f:73:d5:49:38:88:30:69:c1:c0:43:52:c3:d9:
         ed:8e:1a:ad:50:8b:eb:d2:a2:16:ca:00:ea:b2:d6:34:0d:4b:
         ab:5e:2b:4e:f5:55:18:18:04:22:3e:18:1e:26:0d:be:7b:22:
         02:9b:ac:fd
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY6p1o1UMunGxRUyqB8XihO3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDA0MTU1OTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTJkNGNkMWNmNGFlOGU0YWJhNzBjZTA2Mzc3OTRlYzU3MjAzMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1G0Xynqw7u2XUetG2iP1uw96ALju
jqb9dqnWMAVKtq+ypnAEThivNVK/vMgJjAvnAYSyHifXveMJ8VxzxWog+/Gkfgct
b0Gs4hgbyf/QIIw0XmhyKW9XK2s5Nac1VN8jKTt5Z8S0vXYvfjhJw3ao2FJjMLNW
bM04KazQBiUBGKUaE/PqPzc14QQWewV3UMWkJOINyOBdW7vCc+E5VXK1UkR+MTyK
MeRM0NrUi1pXUJjYLRJfanIbChd83dEmrEtHiJk4ZkLFiBNn6bXn0tO18YNybzUE
1wFR7L/8NeCb9Uo6/lBiOCMeMFNAH4o89fvTnGFamJGqAAG3snKrYW3s7wIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCUtTNHPSujkq6cM4GN3lOxXIDAuMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSlMxTTBjOUs2T1NycHd6Z1kzZVU3RmNnTUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBUpiwAwQC
UpmIAwQAWdWFMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBABtsPUDBAG5MX4D
BADVgpUDBADVmCowDQYJKoZIhvcNAQELBQADggEBAJtib3qkE/nyW0MdmGc7PhAz
Cf7EVCZetQMOtH35E0kOGilWIPKFQOy0r1N1MRHCeQgBtBWFmMus5zyAMGnFkbEE
RIeMKKWSW2OnRfr2KoszQr47GqcD4a+dIJ3E24nci8ZcqH/8AYo7yjaO93g3Oxc6
fjlluivcf+UBLzNtQ3eiGC+3BhQQY4uaQms7snzwQ6/e+lrEtBAbBri/9D1qW5w7
kZJ61A07Y4kZcFpD3dIKgj2duFb6x1PuUEeYG79H+Ip4yu/Bv14NapRPc9VJOIgw
acHAQ1LD2e2OGq1Qi+vSohbKAOqy1jQNS6teK071VRgYBCI+GB4mDb57IgKbrP0=
-----END CERTIFICATE-----