Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PG3atxskfd166jEntU0JmNM2m8c.roa
File:                     PG3atxskfd166jEntU0JmNM2m8c.roa (raw, json)
Hash identifier:          UufViVogYpRuqcvmxVdiRY9nLG9WiaLMqJnmA49O6ys=
Subject key identifier:   3C:6D:DA:B7:1B:24:7D:DD:7A:EA:31:27:B5:4D:09:98:D3:36:9B:C7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018BADF330B8E4D3C44A993AC6577C9E35B0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PG3atxskfd166jEntU0JmNM2m8c.roa
Signing time:             Wed 08 Nov 2023 08:01:17 +0000
ROA not before:           Wed 08 Nov 2023 08:01:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.213.180.0/22 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          81.168.123.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          109.176.248.0/24 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 10 Nov 2023 07:28:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ad:f3:30:b8:e4:d3:c4:4a:99:3a:c6:57:7c:9e:35:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  8 08:01:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c6ddab71b247ddd7aea3127b54d0998d3369bc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b5:f3:15:ac:36:37:b1:2b:c4:87:50:fb:2d:
                    b8:72:b8:ed:7b:9b:ef:33:29:3e:bd:45:4e:4a:50:
                    c8:c6:85:84:1c:03:49:84:de:1a:e6:26:cd:ba:e3:
                    33:05:ca:18:2f:1e:51:e9:66:a6:d7:c6:d8:36:4d:
                    a2:ac:d8:fa:96:80:74:5e:7f:34:f2:b0:c0:92:c7:
                    02:1d:55:25:15:33:ca:bb:9c:ad:7d:b3:86:d4:30:
                    ac:60:00:b0:c1:7c:83:df:3c:03:7f:74:3e:47:69:
                    88:e4:75:1b:de:53:9c:27:b8:86:4b:7f:eb:7c:6d:
                    4f:89:0d:f7:d0:9d:c0:60:15:44:d5:7d:a5:16:52:
                    17:5b:dc:78:38:cf:c7:1c:e1:ad:78:ee:da:4b:5d:
                    81:68:ff:e7:eb:d6:97:b3:88:07:82:95:a8:20:89:
                    9a:b2:bd:84:ab:74:36:48:28:ef:ad:20:30:d4:98:
                    97:6d:7e:0d:38:06:79:5c:78:4d:05:28:29:45:0e:
                    13:62:f7:bc:64:90:f8:87:d4:79:26:6a:13:94:bf:
                    dc:ad:7f:5c:17:df:aa:7c:86:95:b7:49:c7:f0:c9:
                    63:86:5a:f0:0c:59:4e:85:f3:d7:e6:23:01:30:15:
                    78:41:5d:b4:45:0f:0b:14:68:dd:ea:a1:2f:ad:87:
                    b9:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:6D:DA:B7:1B:24:7D:DD:7A:EA:31:27:B5:4D:09:98:D3:36:9B:C7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PG3atxskfd166jEntU0JmNM2m8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  81.168.123.0/24
                  82.153.136.0/22
                  89.213.148.0-89.213.159.255
                  89.213.180.0/22
                  109.176.248.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:47:63:f2:d1:c8:03:c3:86:d1:aa:96:35:97:18:e6:4a:e8:
         be:f9:88:75:b4:ed:77:19:36:c9:53:47:6c:1e:96:95:29:93:
         35:2b:22:04:ad:79:4b:73:d1:05:e2:dd:16:2e:2c:aa:eb:1e:
         3a:9e:fc:66:68:31:fb:74:93:5e:cf:24:d1:74:81:dd:03:13:
         63:65:8b:96:ed:32:26:87:d3:7a:83:f2:26:d8:7e:40:f9:e2:
         d6:b3:bc:60:27:96:95:27:51:c1:cd:e8:f3:0a:2e:e6:e4:15:
         82:77:be:9c:a8:50:4b:aa:1c:f0:ae:03:db:5b:fa:db:55:50:
         2a:98:24:c9:c5:00:93:94:ad:db:51:73:5d:a0:6c:b7:84:87:
         3c:bd:56:2c:aa:28:eb:f5:7f:ea:4f:e8:ce:86:fc:84:b5:7e:
         e5:75:b0:49:41:b7:d4:56:db:3b:27:0c:82:56:c3:4d:9a:ca:
         dd:45:95:9e:b4:7d:69:51:b7:4b:0d:48:1f:95:70:32:32:54:
         63:be:62:f6:7a:38:77:15:31:bb:85:a8:64:03:c1:11:64:bf:
         43:6a:86:f3:f2:57:cb:2b:dc:74:75:cf:7b:3f:3f:01:2d:75:
         3e:1c:15:82:40:ef:a5:65:eb:c2:d2:26:92:f4:43:95:45:0c:
         e3:c5:38:6f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYut8zC45NPESpk6xld8njWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTA4MDgwMTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzZkZGFiNzFiMjQ3ZGRkN2FlYTMxMjdiNTRkMDk5OGQzMzY5YmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbXzFaw2N7ErxIdQ+y24crjte5vv
Myk+vUVOSlDIxoWEHANJhN4a5ibNuuMzBcoYLx5R6Wam18bYNk2irNj6loB0Xn80
8rDAkscCHVUlFTPKu5ytfbOG1DCsYACwwXyD3zwDf3Q+R2mI5HUb3lOcJ7iGS3/r
fG1PiQ330J3AYBVE1X2lFlIXW9x4OM/HHOGteO7aS12BaP/n69aXs4gHgpWoIIma
sr2Eq3Q2SCjvrSAw1JiXbX4NOAZ5XHhNBSgpRQ4TYve8ZJD4h9R5JmoTlL/crX9c
F9+qfIaVt0nH8MljhlrwDFlOhfPX5iMBMBV4QV20RQ8LFGjd6qEvrYe5rwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFDxt2rcbJH3deuoxJ7VNCZjTNpvHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUEczYXR4c2tmZDE2NmpFbnRVMEptTk0ybThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQA
Uah7AwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1bQDBABtsPgDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAEdHY/LRyAPDhtGqljWXGOZK6L75iHW07XcZNslT
R2welpUpkzUrIgSteUtz0QXi3RYuLKrrHjqe/GZoMft0k17PJNF0gd0DE2Nli5bt
MiaH03qD8ibYfkD54tazvGAnlpUnUcHN6PMKLubkFYJ3vpyoUEuqHPCuA9tb+ttV
UCqYJMnFAJOUrdtRc12gbLeEhzy9ViyqKOv1f+pP6M6G/IS1fuV1sElBt9RW2zsn
DIJWw02ayt1FlZ60fWlRt0sNSB+VcDIyVGO+YvZ6OHcVMbuFqGQDwRFkv0NqhvPy
V8sr3HR1z3s/PwEtdT4cFYJA76Vl68LSJpL0Q5VFDOPFOG8=
-----END CERTIFICATE-----