Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OJ02IePIMk7NgePlB3JTB-fiUek.roa
File:                     OJ02IePIMk7NgePlB3JTB-fiUek.roa (raw, json)
Hash identifier:          HSdPm61Bu+hGq3Capa2N9FgYHNo2803HiFCfKrGHNlU=
Subject key identifier:   38:9D:36:21:E3:C8:32:4E:CD:81:E3:E5:07:72:53:07:E7:E2:51:E9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018872384D28E4139CCBCDD45AA9773D3DF7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OJ02IePIMk7NgePlB3JTB-fiUek.roa
Signing time:             Wed 31 May 2023 14:31:12 +0000
ROA not before:           Wed 31 May 2023 14:31:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.132.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.68.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.152.251.0/24 maxlen: 24
                          82.152.253.0/24 maxlen: 24
                          82.152.248.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24
                          82.152.254.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 31 May 2023 15:24:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:72:38:4d:28:e4:13:9c:cb:cd:d4:5a:a9:77:3d:3d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 31 14:31:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=389d3621e3c8324ecd81e3e507725307e7e251e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a2:96:7a:c7:5a:eb:d6:70:79:11:9c:74:b2:
                    bc:75:e5:31:fc:9a:db:36:95:99:f8:9c:39:8c:03:
                    1b:46:fe:39:a6:e8:7c:f0:91:24:35:72:d6:c7:0d:
                    0c:63:04:ab:98:20:f0:88:e8:61:c8:79:6d:d9:68:
                    39:9e:e0:ca:26:7e:7b:9c:8c:1b:00:95:85:02:b3:
                    21:4f:c2:cd:11:c0:8d:47:41:b2:3e:ba:e5:01:a8:
                    dc:df:4b:6d:c1:dd:0c:f8:b2:de:cd:77:96:1e:42:
                    ea:d1:c2:1f:21:67:b5:40:66:f9:c1:23:e5:14:a7:
                    81:dc:77:b8:12:60:37:d1:09:90:f2:4a:bb:f7:2b:
                    6d:2f:ea:65:b5:d2:22:17:22:5f:c1:de:e6:18:a5:
                    21:12:e1:d6:ae:2e:6c:9e:63:9a:00:01:14:df:2c:
                    81:0c:59:4e:ed:74:a4:fc:47:df:83:fa:fe:1d:32:
                    3c:c9:1b:ef:d3:57:f1:1a:2f:ad:0f:fc:c2:e6:38:
                    e9:a2:26:b7:cb:ea:63:0c:a9:cd:60:c4:df:c0:de:
                    73:c9:49:90:48:25:dc:c8:a3:7c:9b:36:4d:b3:8f:
                    ef:da:55:d2:69:c7:c6:98:f4:ac:67:36:92:df:2a:
                    d1:d7:2c:4f:66:08:c3:28:3d:53:31:f8:79:e8:90:
                    32:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:9D:36:21:E3:C8:32:4E:CD:81:E3:E5:07:72:53:07:E7:E2:51:E9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OJ02IePIMk7NgePlB3JTB-fiUek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.152.248.0/24
                  82.152.251.0/24
                  82.152.253.0-82.152.254.255
                  82.153.1.0/24
                  82.153.68.0/23
                  82.153.71.0-82.153.72.255
                  82.153.78.0/24
                  82.153.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:46:95:c9:73:41:87:1e:e0:5e:34:4d:b1:62:55:a6:2b:3d:
         9a:d4:25:80:85:2f:36:37:f3:69:28:a1:14:14:4e:f0:7d:18:
         58:73:db:c1:d1:01:09:73:ce:0d:8f:e7:be:9f:90:f0:f2:1d:
         45:71:2c:38:ab:43:6f:82:62:59:35:7f:cd:09:ea:ec:44:20:
         88:e5:e1:96:7f:81:c4:97:5b:a3:aa:26:8a:40:25:be:61:3e:
         80:fa:07:48:21:83:3f:e2:89:51:c3:de:34:73:fa:28:1b:27:
         9a:dd:39:c9:70:82:d1:d0:f6:a8:c8:94:e2:6c:ca:36:3f:2a:
         7e:d2:97:8d:f8:f7:84:4a:f2:fe:74:6c:5e:28:ac:10:e3:c3:
         fa:4b:16:20:f9:9a:36:a1:a9:7f:ad:9e:69:4b:7d:1f:54:08:
         ed:c1:45:aa:5b:06:9c:77:85:c3:19:a5:ea:db:d8:08:40:44:
         ab:0d:01:65:04:b7:41:96:c2:9c:3a:a3:98:4b:0c:24:da:d8:
         d8:08:3f:ae:b8:0b:36:c3:ba:0e:7d:64:0b:be:88:5b:08:10:
         e5:fd:18:23:9d:ce:07:8f:ed:b4:1f:e4:0f:f2:b6:21:93:52:
         09:c9:3a:e6:d5:0d:56:13:b7:df:ee:99:33:cb:db:e1:b1:71:
         c9:82:1e:13
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYhyOE0o5BOcy83UWql3PT33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNTMxMTQzMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODlkMzYyMWUzYzgzMjRlY2Q4MWUzZTUwNzcyNTMwN2U3ZTI1MWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKKWesda69ZweRGcdLK8deUx/Jrb
NpWZ+Jw5jAMbRv45puh88JEkNXLWxw0MYwSrmCDwiOhhyHlt2Wg5nuDKJn57nIwb
AJWFArMhT8LNEcCNR0GyPrrlAajc30ttwd0M+LLezXeWHkLq0cIfIWe1QGb5wSPl
FKeB3He4EmA30QmQ8kq79yttL+pltdIiFyJfwd7mGKUhEuHWri5snmOaAAEU3yyB
DFlO7XSk/Effg/r+HTI8yRvv01fxGi+tD/zC5jjpoia3y+pjDKnNYMTfwN5zyUmQ
SCXcyKN8mzZNs4/v2lXSacfGmPSsZzaS3yrR1yxPZgjDKD1TMfh56JAyqwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFDidNiHjyDJOzYHj5QdyUwfn4lHpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvT0owMkllUElNazdOZ2VQbEIzSlRCLWZpVWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAUagjMAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmPgDBABSmPswDAMEAFKY/QMEAFKY
/gMEAFKZAQMEAVKZRDAMAwQAUplHAwQAUplIAwQAUplOAwQAUpmEMA0GCSqGSIb3
DQEBCwUAA4IBAQBZRpXJc0GHHuBeNE2xYlWmKz2a1CWAhS82N/NpKKEUFE7wfRhY
c9vB0QEJc84Nj+e+n5Dw8h1FcSw4q0NvgmJZNX/NCersRCCI5eGWf4HEl1ujqiaK
QCW+YT6A+gdIIYM/4olRw940c/ooGyea3TnJcILR0PaoyJTibMo2Pyp+0peN+PeE
SvL+dGxeKKwQ48P6SxYg+Zo2oal/rZ5pS30fVAjtwUWqWwacd4XDGaXq29gIQESr
DQFlBLdBlsKcOqOYSwwk2tjYCD+uuAs2w7oOfWQLvohbCBDl/Rgjnc4Hj+20H+QP
8rYhk1IJyTrm1Q1WE7ff7pkzy9vhsXHJgh4T
-----END CERTIFICATE-----