Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QN1MhsgIqcSIs4o0w9nrye11zuA.roa
File:                     QN1MhsgIqcSIs4o0w9nrye11zuA.roa (raw, json)
Hash identifier:          GNuhQIH/ZKoyNWwcH/yIlHHtrzDjIl5jjDAny0lVzhg=
Subject key identifier:   40:DD:4C:86:C8:08:A9:C4:88:B3:8A:34:C3:D9:EB:C9:ED:75:CE:E0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018C7C42DE9E0AA5012B44EF3269DAF8CDEA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QN1MhsgIqcSIs4o0w9nrye11zuA.roa
Signing time:             Mon 18 Dec 2023 09:30:06 +0000
ROA not before:           Mon 18 Dec 2023 09:30:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        82.153.136.0/22 maxlen: 22
                          81.168.116.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          89.213.180.0/22 maxlen: 24
                          89.213.182.0/23 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          82.153.246.0/24 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          213.152.42.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 18 Dec 2023 10:10:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:7c:42:de:9e:0a:a5:01:2b:44:ef:32:69:da:f8:cd:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 18 09:30:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40dd4c86c808a9c488b38a34c3d9ebc9ed75cee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:7d:1f:db:be:12:e9:18:4f:f4:7c:64:4d:ab:
                    60:d8:2f:e1:46:12:92:9c:c3:78:4f:2f:1f:b9:55:
                    02:54:f7:00:56:5f:d6:92:b7:44:4a:15:94:16:af:
                    b7:2d:1a:b1:f4:bc:ef:7d:c8:22:6e:e5:4d:f9:99:
                    fb:10:a7:56:35:93:96:d4:df:f8:4b:d4:6c:d0:f1:
                    17:e4:ac:8a:39:f9:c8:09:ef:a8:87:67:9a:1f:a1:
                    92:db:06:78:eb:ca:b1:5c:b4:23:65:5f:07:2e:3a:
                    d1:ef:9a:31:b4:66:b6:4e:08:05:5b:72:bd:a8:88:
                    49:51:8b:cd:54:95:a7:fc:f6:90:ae:79:09:1c:0f:
                    95:18:f7:b0:8c:66:cc:80:d3:ff:49:e6:47:f1:e6:
                    06:b2:4e:d0:f4:4c:e4:23:84:3c:47:fc:fa:76:d1:
                    11:f5:58:07:10:6c:4d:ac:83:8b:f7:e0:23:85:d8:
                    36:b7:5e:fa:b7:db:41:c3:de:b6:11:7f:85:49:35:
                    ed:1f:55:1d:44:ea:60:39:59:c7:35:dd:cd:6c:6b:
                    62:09:03:d2:45:1f:f3:a9:d8:d5:09:46:bd:8b:bc:
                    a4:87:9b:c9:65:51:93:61:34:ef:14:6c:ee:f2:33:
                    20:1b:7f:1b:50:a1:ba:a4:eb:1a:8c:62:87:35:75:
                    a8:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:DD:4C:86:C8:08:A9:C4:88:B3:8A:34:C3:D9:EB:C9:ED:75:CE:E0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QN1MhsgIqcSIs4o0w9nrye11zuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  81.168.119.0/24
                  81.168.126.0/24
                  82.153.136.0/22
                  82.153.246.0/24
                  89.213.148.0-89.213.159.255
                  89.213.172.0/22
                  89.213.180.0/22
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:92:6a:72:17:7c:95:52:45:22:86:a3:71:87:7e:3f:30:29:
         ce:98:f4:18:53:c7:ac:eb:31:2e:b8:cd:e9:f0:9b:b9:7e:27:
         34:b7:4a:7b:7e:ce:5b:5e:3c:1f:23:60:d2:29:b6:47:c1:83:
         bd:e4:53:de:bf:de:f9:9b:15:3e:58:49:4c:9b:b5:13:1b:a7:
         18:a8:d4:63:13:e7:2c:ac:22:ed:7b:c9:8b:d4:3a:ec:29:9b:
         2e:18:de:7c:1b:96:fc:ec:8a:15:40:e3:8f:7c:38:0c:13:3e:
         02:d8:9f:1c:ab:40:90:61:a9:85:17:0a:ef:20:10:fd:c1:3e:
         13:e9:de:e8:38:4b:d8:6f:88:41:a3:2f:d8:18:b8:04:dc:93:
         b3:8f:c8:50:2f:a6:ec:80:b9:ee:81:81:b3:94:1d:8e:79:e4:
         0e:b9:be:a4:4d:f8:c2:62:22:18:f7:2d:17:ca:56:37:38:1c:
         89:d7:24:e5:11:ea:6f:11:b7:f2:85:02:69:5a:9c:f3:5b:7a:
         85:af:55:7d:f0:0f:eb:2e:b7:09:aa:67:2c:9f:ef:a2:35:f2:
         4c:80:55:2f:d2:39:3d:e3:1c:d7:32:4b:0b:b5:96:40:0a:f6:
         a4:c9:ae:b8:73:bb:95:38:c9:be:91:f7:d6:35:17:d2:d1:16:
         b5:64:9f:5f
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYx8Qt6eCqUBK0TvMmna+M3qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjE4MDkzMDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGRkNGM4NmM4MDhhOWM0ODhiMzhhMzRjM2Q5ZWJjOWVkNzVjZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh30f274S6RhP9HxkTatg2C/hRhKS
nMN4Ty8fuVUCVPcAVl/WkrdEShWUFq+3LRqx9LzvfcgibuVN+Zn7EKdWNZOW1N/4
S9Rs0PEX5KyKOfnICe+oh2eaH6GS2wZ468qxXLQjZV8HLjrR75oxtGa2TggFW3K9
qIhJUYvNVJWn/PaQrnkJHA+VGPewjGbMgNP/SeZH8eYGsk7Q9EzkI4Q8R/z6dtER
9VgHEGxNrIOL9+Ajhdg2t176t9tBw962EX+FSTXtH1UdROpgOVnHNd3NbGtiCQPS
RR/zqdjVCUa9i7ykh5vJZVGTYTTvFGzu8jMgG38bUKG6pOsajGKHNXWo2wIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFEDdTIbICKnEiLOKNMPZ68ntdc7gMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUU4xTWhzZ0lxY1NJczRvMHc5bnJ5ZTExenVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAUah0AwQA
Uah3AwQAUah+AwQCUpmIAwQAUpn2MAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBAJZ1bQD
BAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBAESSanIXfJVSRSKGo3GHfj8w
Kc6Y9BhTx6zrMS64zenwm7l+JzS3Snt+zltePB8jYNIptkfBg73kU96/3vmbFT5Y
SUybtRMbpxio1GMT5yysIu17yYvUOuwpmy4Y3nwblvzsihVA4498OAwTPgLYnxyr
QJBhqYUXCu8gEP3BPhPp3ug4S9hviEGjL9gYuATck7OPyFAvpuyAue6BgbOUHY55
5A65vqRN+MJiIhj3LRfKVjc4HInXJOUR6m8Rt/KFAmlanPNbeoWvVX3wD+sutwmq
Zyyf76I18kyAVS/SOT3jHNcySwu1lkAK9qTJrrhzu5U4yb6R99Y1F9LRFrVkn18=
-----END CERTIFICATE-----