Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LJ8M5dn7pjr2D88gCJ_wx08fj4k.roa
File:                     LJ8M5dn7pjr2D88gCJ_wx08fj4k.roa (raw, json)
Hash identifier:          arYbt6HXT/vv210vUo4dJV13jhM0VKB2zqaiu8mckxI=
Subject key identifier:   2C:9F:0C:E5:D9:FB:A6:3A:F6:0F:CF:20:08:9F:F0:C7:4F:1F:8F:89
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018926BA9C9ACBE3BDB8AD4BFFD8B2F00619
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LJ8M5dn7pjr2D88gCJ_wx08fj4k.roa
Signing time:             Wed 05 Jul 2023 15:45:11 +0000
ROA not before:           Wed 05 Jul 2023 15:45:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     397563
IP address blocks:        109.176.214.0/24 maxlen: 24
                          89.213.44.0/24 maxlen: 24
                          89.213.42.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          89.213.45.0/24 maxlen: 24
                          185.49.125.0/24 maxlen: 24
                          89.213.177.0/24 maxlen: 24
                          89.213.183.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.148.0/24 maxlen: 24
                          89.213.149.0/24 maxlen: 24
                          89.213.155.0/24 maxlen: 24
                          89.213.160.0/24 maxlen: 24
                          82.153.221.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 03 Aug 2023 09:16:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:26:ba:9c:9a:cb:e3:bd:b8:ad:4b:ff:d8:b2:f0:06:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  5 15:45:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2c9f0ce5d9fba63af60fcf20089ff0c74f1f8f89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1d:03:15:d7:89:ba:ad:bd:da:0c:f9:5c:e3:
                    93:27:a3:f2:33:ac:ad:7c:03:80:47:ea:e3:45:3d:
                    4b:ab:8d:51:14:43:3a:fa:fb:7e:22:40:22:e6:e7:
                    38:38:89:2a:ce:eb:78:e9:12:a1:6c:71:c2:2f:3f:
                    f8:3a:2b:50:d4:0c:73:ff:e6:e4:fa:4a:39:97:34:
                    d3:92:29:2a:da:36:22:ac:1c:b2:41:2a:26:18:71:
                    cc:fa:fd:68:a3:0a:6c:70:63:b0:c1:ff:73:28:f9:
                    49:ea:c4:7f:37:e3:b4:8c:23:06:c1:33:18:da:38:
                    e2:7c:73:49:70:84:95:ec:f8:9f:60:8d:dd:da:fb:
                    04:20:44:75:9b:ee:1a:75:26:ab:1b:cc:0d:70:a2:
                    4e:e5:ec:e3:ac:ce:03:08:c9:d0:8c:b1:7d:14:b7:
                    7d:a4:ce:24:7e:cc:9d:9b:39:c9:5b:17:66:e4:2a:
                    21:dd:4b:cf:77:6e:26:9a:11:01:b8:5b:ca:b1:4f:
                    61:ae:a2:21:7e:b2:8b:68:d7:a9:0e:1d:d2:eb:1f:
                    aa:1f:f0:62:c9:09:65:a2:95:cc:5c:1a:79:bc:b5:
                    46:a7:f5:66:5f:62:ef:f7:b2:18:de:33:2a:ba:d2:
                    30:58:c9:3a:40:1d:3e:72:82:6f:f6:9a:0e:c4:01:
                    c8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:9F:0C:E5:D9:FB:A6:3A:F6:0F:CF:20:08:9F:F0:C7:4F:1F:8F:89
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LJ8M5dn7pjr2D88gCJ_wx08fj4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.221.0/24
                  89.213.42.0/24
                  89.213.44.0/23
                  89.213.145.0/24
                  89.213.148.0/23
                  89.213.155.0/24
                  89.213.160.0/24
                  89.213.177.0/24
                  89.213.183.0/24
                  109.176.214.0/24
                  109.176.243.0/24
                  185.49.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:28:af:12:8e:72:a6:f1:d5:c3:44:27:38:95:b6:f8:fb:61:
         e4:bf:55:87:1c:de:e9:e8:08:c2:95:78:fd:e5:50:6f:78:06:
         b0:ba:eb:1a:81:f6:4d:bd:b7:40:d9:78:8e:88:cd:92:b2:f3:
         a2:55:13:3a:15:be:21:81:27:82:45:13:bc:6b:d7:e6:d2:e8:
         e2:2a:70:d1:82:36:f7:0a:a7:2c:aa:70:b0:92:3c:2e:39:94:
         7b:d3:a9:56:3e:d3:77:2d:42:62:76:de:72:b6:56:97:d2:64:
         36:d0:15:a0:81:3b:fa:2f:a1:6c:9d:ef:18:56:cf:a1:78:b1:
         be:84:f0:6c:96:eb:11:e1:13:4d:b5:51:94:f9:57:f8:9f:9c:
         c9:9a:5c:f0:18:57:4e:01:80:e9:56:e3:bd:00:8b:38:98:1b:
         8c:65:90:79:dd:9c:0f:de:c6:75:7e:78:1f:10:eb:f9:e1:c0:
         75:47:35:ae:93:05:7a:ff:c6:3b:83:98:e1:51:92:58:36:a4:
         bc:5a:1f:36:2a:7d:d9:c5:aa:be:ef:2f:49:3d:70:c8:13:43:
         14:c9:35:de:e9:0d:06:39:64:11:a7:2a:0f:10:4f:46:3b:06:
         c7:d4:25:08:68:67:e1:ac:a5:84:49:e1:88:7d:45:92:66:46:
         1e:08:e3:a5
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYkmupyay+O9uK1L/9iy8AYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzA1MTU0NTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzlmMGNlNWQ5ZmJhNjNhZjYwZmNmMjAwODlmZjBjNzRmMWY4Zjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhh0DFdeJuq292gz5XOOTJ6PyM6yt
fAOAR+rjRT1Lq41RFEM6+vt+IkAi5uc4OIkqzut46RKhbHHCLz/4OitQ1Axz/+bk
+ko5lzTTkikq2jYirByyQSomGHHM+v1oowpscGOwwf9zKPlJ6sR/N+O0jCMGwTMY
2jjifHNJcISV7PifYI3d2vsEIER1m+4adSarG8wNcKJO5ezjrM4DCMnQjLF9FLd9
pM4kfsydmznJWxdm5Coh3UvPd24mmhEBuFvKsU9hrqIhfrKLaNepDh3S6x+qH/Bi
yQllopXMXBp5vLVGp/VmX2Lv97IY3jMqutIwWMk6QB0+coJv9poOxAHIvQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCyfDOXZ+6Y69g/PIAif8MdPH4+JMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTEo4TTVkbjdwanIyRDg4Z0NKX3d4MDhmajRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAUpndAwQA
WdUqAwQBWdUsAwQAWdWRAwQBWdWUAwQAWdWbAwQAWdWgAwQAWdWxAwQAWdW3AwQA
bbDWAwQAbbDzAwQAuTF9MA0GCSqGSIb3DQEBCwUAA4IBAQBJKK8SjnKm8dXDRCc4
lbb4+2Hkv1WHHN7p6AjClXj95VBveAawuusagfZNvbdA2XiOiM2SsvOiVRM6Fb4h
gSeCRRO8a9fm0ujiKnDRgjb3CqcsqnCwkjwuOZR706lWPtN3LUJidt5ytlaX0mQ2
0BWggTv6L6Fsne8YVs+heLG+hPBslusR4RNNtVGU+Vf4n5zJmlzwGFdOAYDpVuO9
AIs4mBuMZZB53ZwP3sZ1fngfEOv54cB1RzWukwV6/8Y7g5jhUZJYNqS8Wh82Kn3Z
xaq+7y9JPXDIE0MUyTXe6Q0GOWQRpyoPEE9GOwbH1CUIaGfhrKWESeGIfUWSZkYe
COOl
-----END CERTIFICATE-----