Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OFdrj9KaKccQx2TtPt8bqDIvIgg.roa
File:                     OFdrj9KaKccQx2TtPt8bqDIvIgg.roa (raw, json)
Hash identifier:          Yb06hRA7Fxgy/DO6hAtCPZxfK+tPYqqYteQpc/xQSVI=
Subject key identifier:   38:57:6B:8F:D2:9A:29:C7:10:C7:64:ED:3E:DF:1B:A8:32:2F:22:08
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018B239344F5DF10DA172E189BFC14D5422F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OFdrj9KaKccQx2TtPt8bqDIvIgg.roa
Signing time:             Thu 12 Oct 2023 11:08:55 +0000
ROA not before:           Thu 12 Oct 2023 11:08:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.176.0/22 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.32.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.167.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 17 Oct 2023 16:10:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:23:93:44:f5:df:10:da:17:2e:18:9b:fc:14:d5:42:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 12 11:08:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38576b8fd29a29c710c764ed3edf1ba8322f2208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4d:2b:93:b6:c7:4c:d8:c0:f4:c3:5a:9c:62:
                    58:ca:fe:9f:ff:35:93:a3:93:01:9d:a4:2a:19:cc:
                    e7:08:2f:e3:fa:31:6e:c2:27:57:80:aa:ef:81:2a:
                    ef:89:11:ae:64:21:cb:5c:50:6c:5f:39:76:33:0d:
                    28:02:0b:1e:ac:37:c3:1f:29:86:89:c1:4f:b9:fe:
                    d9:c9:76:54:fd:6e:71:47:c6:6f:42:5c:68:03:2f:
                    b7:01:f8:12:4b:19:fe:14:3b:60:bd:41:63:55:b0:
                    32:85:7d:d8:ae:16:47:ef:62:b0:bf:6d:c5:85:00:
                    87:df:96:08:3f:cb:21:5e:b6:9b:8d:7c:56:45:af:
                    9b:b8:07:d0:a1:da:a7:20:44:48:3a:41:fd:ac:a7:
                    99:22:e7:d1:ce:db:62:13:81:8d:98:32:a3:21:e8:
                    5c:7e:c6:0c:7c:c0:be:39:de:df:ce:cc:fd:16:e1:
                    8e:7c:c5:52:f7:0d:d1:29:e7:ea:81:56:cd:20:89:
                    5b:09:12:8a:46:d4:4e:23:81:52:58:97:7e:7f:e0:
                    ba:ad:5e:44:42:af:39:bb:95:3f:70:32:9f:69:17:
                    d8:bc:53:75:95:1c:5c:ff:58:74:01:83:95:57:d3:
                    75:d3:63:a7:b8:1e:a9:18:de:d6:00:b5:64:03:f7:
                    5b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:57:6B:8F:D2:9A:29:C7:10:C7:64:ED:3E:DF:1B:A8:32:2F:22:08
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OFdrj9KaKccQx2TtPt8bqDIvIgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.32.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.167.0/24
                  89.213.176.0/21
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:7d:92:27:f6:30:55:6f:a4:dc:7d:49:67:c8:d4:52:c5:05:
         d3:5b:1d:95:02:e9:2f:6b:ca:23:db:d1:dd:38:1a:a7:3a:95:
         c3:67:78:c0:57:77:04:e8:a8:a1:a9:11:a2:a1:9e:3b:58:3a:
         2a:1c:1b:2b:e9:f9:0c:00:9b:4b:ea:d9:9e:4b:6b:cc:df:5f:
         e6:42:50:07:88:57:8d:0a:86:36:33:c6:ad:8b:49:5c:e2:a8:
         1c:e7:42:0e:4c:1f:1c:a3:b6:e7:61:a5:3b:b0:20:d0:d9:0e:
         27:65:58:97:f2:fe:5a:a4:6b:86:9c:3d:6b:43:ba:2e:61:f3:
         80:58:54:a6:9e:cc:40:e3:f3:33:b9:62:7a:ee:3b:6d:db:95:
         ce:d6:8f:ac:31:e6:4f:28:c4:1c:cc:8e:d0:47:36:49:4e:44:
         62:86:31:23:c3:73:f3:24:ed:9e:32:e7:b8:87:0a:c9:c7:d9:
         2e:da:9f:bf:7c:8f:e7:0d:86:eb:9b:50:d2:29:5d:69:f8:a5:
         dd:4e:4b:f3:c0:14:39:e2:2a:0a:bd:7a:45:1e:bb:74:61:61:
         97:ba:f1:48:97:15:bc:c7:00:2c:d3:87:b0:3e:63:57:e9:ad:
         91:35:f0:82:ac:c6:0e:03:b3:46:a7:e7:7b:6e:ed:ab:0f:7d:
         c8:65:e1:ec
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYsjk0T13xDaFy4Ym/wU1UIvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDEyMTEwODU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU3NmI4ZmQyOWEyOWM3MTBjNzY0ZWQzZWRmMWJhODMyMmYyMjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAik0rk7bHTNjA9MNanGJYyv6f/zWT
o5MBnaQqGcznCC/j+jFuwidXgKrvgSrviRGuZCHLXFBsXzl2Mw0oAgserDfDHymG
icFPuf7ZyXZU/W5xR8ZvQlxoAy+3AfgSSxn+FDtgvUFjVbAyhX3YrhZH72Kwv23F
hQCH35YIP8shXrabjXxWRa+buAfQodqnIERIOkH9rKeZIufRzttiE4GNmDKjIehc
fsYMfMC+Od7fzsz9FuGOfMVS9w3RKefqgVbNIIlbCRKKRtROI4FSWJd+f+C6rV5E
Qq85u5U/cDKfaRfYvFN1lRxc/1h0AYOVV9N102OnuB6pGN7WALVkA/dboQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFDhXa4/SminHEMdk7T7fG6gyLyIIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvT0Zkcmo5S2FLY2NReDJUdFB0OGJxREl2SWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQA
Uah7AwQAUpkgAwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1acDBANZ1bADBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBAA99kif2MFVvpNx9SWfI1FLFBdNbHZUC
6S9ryiPb0d04Gqc6lcNneMBXdwToqKGpEaKhnjtYOiocGyvp+QwAm0vq2Z5La8zf
X+ZCUAeIV40KhjYzxq2LSVziqBznQg5MHxyjtudhpTuwINDZDidlWJfy/lqka4ac
PWtDui5h84BYVKaezEDj8zO5YnruO23blc7Wj6wx5k8oxBzMjtBHNklORGKGMSPD
c/Mk7Z4y57iHCsnH2S7an798j+cNhuubUNIpXWn4pd1OS/PAFDniKgq9ekUeu3Rh
YZe68UiXFbzHACzTh7A+Y1fprZE18IKsxg4Ds0an53tu7asPfchl4ew=
-----END CERTIFICATE-----