Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QEuxnSc-v4eccVye0CYEnBq2x9M.roa
File:                     QEuxnSc-v4eccVye0CYEnBq2x9M.roa (raw, json)
Hash identifier:          rOWmyHYel6QmnILCNi9t3TqWoYxfBEPWQddb5xFDu2w=
Subject key identifier:   40:4B:B1:9D:27:3E:BF:87:9C:71:5C:9E:D0:26:04:9C:1A:B6:C7:D3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018ECD0D083E2A7808F39D91BC76A4F58A29
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QEuxnSc-v4eccVye0CYEnBq2x9M.roa
Signing time:             Thu 11 Apr 2024 12:06:07 +0000
ROA not before:           Thu 11 Apr 2024 12:06:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.152.176.0/23 maxlen: 23
                          82.153.136.0/22 maxlen: 22
                          82.153.245.0/24 maxlen: 24
                          89.213.97.0/24 maxlen: 24
                          89.213.133.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 12 Apr 2024 07:36:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cd:0d:08:3e:2a:78:08:f3:9d:91:bc:76:a4:f5:8a:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 11 12:06:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=404bb19d273ebf879c715c9ed026049c1ab6c7d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:65:a9:61:af:a0:7b:57:5f:58:a5:58:2f:59:
                    25:1a:11:eb:76:bb:69:49:08:f0:ef:26:28:60:c3:
                    c0:cf:1a:8f:6e:0b:2c:7c:00:ca:3b:e6:3b:59:ef:
                    27:68:a3:86:2f:4e:0b:87:1f:9b:6f:05:4e:90:11:
                    95:6a:51:98:89:c7:f9:94:73:27:45:a3:4b:ba:c9:
                    80:21:04:44:64:49:73:fb:55:cb:e2:52:bd:40:d1:
                    a5:f6:f1:95:46:4c:b4:60:79:90:44:6c:52:33:3b:
                    cb:e9:85:37:49:9a:07:81:b6:f8:90:f4:46:c0:e0:
                    15:e0:a0:63:61:5f:40:d2:0a:61:7a:dc:d6:06:d0:
                    c8:65:70:77:67:45:70:cc:56:62:dc:e0:6b:4c:d6:
                    b8:b7:a8:62:3b:83:b7:9b:cd:aa:84:13:08:30:09:
                    12:9e:db:3a:d5:29:2d:93:ee:15:99:e3:b8:a2:17:
                    80:9c:9b:4d:ab:84:9d:50:d4:4e:92:3e:c7:58:f8:
                    6e:f7:1c:71:d5:35:ec:d7:f3:a7:59:5d:d7:82:6a:
                    10:fa:4a:fc:81:09:9e:5d:f4:8c:b9:d4:eb:b0:e0:
                    8c:6b:a8:a7:29:9c:71:6c:1c:2a:92:0a:a9:4d:56:
                    ed:98:fd:ad:5b:24:2c:09:69:46:40:6a:56:96:43:
                    be:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:4B:B1:9D:27:3E:BF:87:9C:71:5C:9E:D0:26:04:9C:1A:B6:C7:D3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QEuxnSc-v4eccVye0CYEnBq2x9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/23
                  82.153.136.0/22
                  82.153.245.0/24
                  89.213.97.0/24
                  89.213.133.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.130.149.0/24
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:40:de:52:9f:32:bf:f3:45:2b:f4:cd:36:e0:b8:3d:69:f6:
         b9:3b:f4:ec:c6:8d:6a:78:01:c5:58:32:36:ab:5a:9e:0e:5a:
         a8:06:9a:0f:8e:8e:14:e9:8d:cc:9f:15:ee:72:f1:60:e9:d3:
         db:72:bc:d9:86:6b:fd:09:94:df:24:b5:33:bd:48:2d:5a:83:
         7d:22:35:49:ce:bc:f6:11:0d:b9:5a:b6:15:d1:79:cb:ee:b6:
         8d:6c:ba:96:57:9a:38:32:30:ff:63:5f:84:cf:89:c6:43:4a:
         eb:b8:71:fd:fd:d3:2d:9a:b9:84:e4:83:af:2c:54:8e:4f:92:
         9b:4d:f2:fa:bf:6d:be:5a:04:59:40:48:d3:0a:fc:04:9f:9b:
         8d:92:3f:b4:4a:3b:e1:59:db:7a:49:2f:e3:c5:2a:ad:59:b1:
         99:72:f8:da:2b:01:04:ea:c7:cb:e6:0e:d9:24:53:62:d2:5b:
         cc:26:f3:38:76:18:8b:2c:2d:04:32:e2:e7:43:84:ef:58:f3:
         1d:ef:65:fc:a3:47:28:0c:ac:c5:ce:e8:64:52:20:4f:ec:e5:
         7a:d9:6a:97:1e:83:ef:d9:2b:27:19:fc:6f:e3:2b:20:23:4f:
         02:ee:fb:3b:4b:70:61:bd:cf:51:dd:e5:95:56:98:07:c1:05:
         12:e3:64:16
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAY7NDQg+KngI852RvHak9YopMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDExMTIwNjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDRiYjE5ZDI3M2ViZjg3OWM3MTVjOWVkMDI2MDQ5YzFhYjZjN2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimWpYa+ge1dfWKVYL1klGhHrdrtp
SQjw7yYoYMPAzxqPbgssfADKO+Y7We8naKOGL04Lhx+bbwVOkBGValGYicf5lHMn
RaNLusmAIQREZElz+1XL4lK9QNGl9vGVRky0YHmQRGxSMzvL6YU3SZoHgbb4kPRG
wOAV4KBjYV9A0gphetzWBtDIZXB3Z0VwzFZi3OBrTNa4t6hiO4O3m82qhBMIMAkS
nts61Sktk+4VmeO4oheAnJtNq4SdUNROkj7HWPhu9xxx1TXs1/OnWV3XgmoQ+kr8
gQmeXfSMudTrsOCMa6inKZxxbBwqkgqpTVbtmP2tWyQsCWlGQGpWlkO+FwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFEBLsZ0nPr+HnHFcntAmBJwatsfTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUUV1eG5TYy12NGVjY1Z5ZTBDWUVuQnEyeDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBUpiwAwQC
UpmIAwQAUpn1AwQAWdVhAwQAWdWFMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQD
BAG5MX4DBADVgpUDBADVmCowDQYJKoZIhvcNAQELBQADggEBAKFA3lKfMr/zRSv0
zTbguD1p9rk79OzGjWp4AcVYMjarWp4OWqgGmg+OjhTpjcyfFe5y8WDp09tyvNmG
a/0JlN8ktTO9SC1ag30iNUnOvPYRDblathXRecvuto1supZXmjgyMP9jX4TPicZD
Suu4cf390y2auYTkg68sVI5PkptN8vq/bb5aBFlASNMK/ASfm42SP7RKO+FZ23pJ
L+PFKq1ZsZly+NorAQTqx8vmDtkkU2LSW8wm8zh2GIssLQQy4udDhO9Y8x3vZfyj
RygMrMXO6GRSIE/s5XrZapceg+/ZKycZ/G/jKyAjTwLu+ztLcGG9z1Hd5ZVWmAfB
BRLjZBY=
-----END CERTIFICATE-----